PEP and Sanctions Screening at Account Opening

June 19, 2026• 10 min readPEP screeningsanctions screeningonboardingcompliance

PEP and sanctions screening at account opening — what to screen, how declarations and checks fit the onboarding flow, and how to handle a hit without stalling good customers.

Screening for politically exposed persons (PEPs) and sanctioned parties is one of the few onboarding controls a bank cannot defer to "later". A sanctioned entity or individual must never receive a live account, and a PEP relationship carries obligations that begin the moment you accept the application. For a business account this is harder than it sounds, because the risk is not concentrated in one person. It is spread across the entity, its directors, its authorised signatories, and the individuals who ultimately own or control it. This article explains who and what to screen at account opening, how PEP and FATCA declarations sit alongside the compliance checks, and how the Creodata Business Account Opening System (BAOS) routes a potential hit into review rather than rejecting a good customer by reflex.

Why screening belongs at onboarding, not after it

The Central Bank of Kenya's prudential guidance on account opening, together with the Financial Reporting Centre's AML expectations and the broader FATF and ESAAMLG framework, all point in the same direction: you must know who you are dealing with before you open the relationship, and you must understand the risk they carry. Sanctions screening is the clearest case. Onboarding a party who appears on a sanctions list is not a graded risk you manage over time; it is a line you do not cross. PEP screening is more nuanced. A PEP is not a prohibited customer, but the relationship attracts heightened scrutiny, senior sign-off, and a closer look at source of funds and wealth.

Doing this at the point of application has two advantages. First, it stops a high-risk relationship before money moves, when the bank still has full discretion. Second, it captures the screening as a dated, attributable event in the onboarding record, which is exactly what an examiner expects to see. Screening that happens informally, after the account is already transacting, is far harder to evidence. For the wider onboarding picture this sits within, see the complete guide to business account opening, and for how screening connects to the broader due-diligence discipline, the article on customer due diligence for business accounts.

Who and what to screen for a business account

A natural mistake is to screen only the applicant who happens to be filling in the form. For a corporate or business account, the screening surface is wider. You are assessing several distinct parties, and a clean result on one tells you nothing about the others.

Party	Why they are screened
The entity itself	The company can appear on sanctions or watch lists in its own right.
Directors	They direct the entity and may be PEPs or connected to one.
Authorised signatories	They can operate the account, so their standing matters directly.
Beneficial owners / significant stakeholders	The individuals who ultimately own or control the entity carry the real risk.

BAOS structures the application so this surface is captured cleanly rather than left to a reviewer to reconstruct. The compliance step records PEP and FATCA declarations and gathers the significant stakeholders — directors, shareholders, partners, or the sole proprietor — as named individuals. A separate step captures up to four authorised signatories with identification and a passport photo. Because each party is a discrete, structured record rather than a free-text note buried in a PDF, every one of them can be screened, and the result attached to the right name. Identifying who those owners and controllers actually are is its own discipline; the article on beneficial ownership and significant stakeholders at onboarding covers it in depth, and the practical mechanics of distinguishing a list match from a false positive are handled in the AML cluster's piece on sanctions and PEP screening explained.

How declarations and checks fit the BAOS flow

In the nine-step BAOS application wizard, screening does not appear as a bolt-on. It is woven into the structured data the applicant already provides. The compliance step asks the applicant to make a PEP declaration and a FATCA declaration, and to list the significant stakeholders behind the entity. These declarations matter for two reasons. They put the applicant on record, which has weight if a false answer later surfaces, and they give the bank an explicit signal to test rather than infer.

Around those declarations, BAOS runs a compliance screening service that performs PEP, FATCA, and KYC/AML checks, feeding a compliance review workflow that staff complete. The application auto-saves to a draft between steps, so the data needed for screening accumulates as the applicant progresses rather than arriving in one undifferentiated submission at the end. By the time the application reaches the bank, the entity, its directors, its signatories, and its beneficial owners are all present as structured records ready to be assessed.

A point worth stating plainly: BAOS performs the PEP, FATCA, and KYC/AML checks and drives the review workflow, but it is not bundled with a named commercial sanctions or PEP data vendor. The platform provides the screening service and the workflow that surrounds it; the choice of underlying reference data and how it is supplied is a deployment decision for the bank. FATCA and CRS classification, which the declaration captures, is a related but separate obligation explained in the article on FATCA and CRS for business accounts.

Handling a hit without rejecting good customers

The hardest part of screening is not catching the genuine match. It is dealing with the far larger volume of possible matches — the common name, the partial overlap, the PEP who is a customer the bank is perfectly entitled to serve. A system that auto-rejects on any signal will turn away legitimate businesses and bury the real risks in noise. A system that waves everything through defeats the control entirely. The right answer is a graded one: a potential hit should pause the application and route it to a human, not terminate it.

This is how BAOS is designed to behave. A flagged result does not auto-reject the applicant. It moves the application into the compliance-review stage of the bank's workflow, where a compliance officer assesses the match, decides whether it is a false positive, and determines whether the relationship can proceed, proceed with conditions, or be declined. BAOS runs a six-stage workflow — Submission, Compliance Check, Document Verification, Internal Review, Approval, and Account Creation — and each stage carries an SLA timer with breach monitoring, so a flagged application is visible and time-bound rather than lost in an inbox. Role-based access control with branch scoping means the officer who reviews the case sees only their own branch and segment, and email notifications keep the applicant and staff informed as the case moves. The screening event, the reviewer's decision, and the reasoning behind it are all captured in the append-only audit log, which is what turns a judgement call into defensible evidence. The audit dimension is explored further in building an audit-ready onboarding trail, and the discipline of separating the decision from the person who made it in the AML cluster's piece on audit-ready AML and four-eyes review.

Screening is a moment; monitoring is a programme

Screening at onboarding is a snapshot. It tells you the standing of the parties on the day the account is opened. People become PEPs, entities are added to lists, and ownership changes, none of which the onboarding screen can anticipate. A sound programme treats account opening as the first screening event in a relationship that will be screened again and again over its life.

BAOS owns the onboarding moment: the declarations, the checks, the review, and the decision to open or decline. Ongoing screening of the customer base after the account is live belongs to a monitoring programme, which is the remit of the Creodata AML Compliance Platform rather than the account-opening system. The clean separation matters — onboarding controls and continuous monitoring are different disciplines with different data and different cadences. How that monitoring programme should be structured, and how risk drives the depth of review, is set out in the complete AML platform guide and the article on the risk-based approach to AML. Treating the two as a continuum — a strong onboarding screen feeding a disciplined monitoring programme — is what keeps a bank's exposure under control over time.

Frequently asked questions

Does a PEP match automatically block a business account from being opened?

No. A PEP is not a prohibited customer, and BAOS does not auto-reject on a match. A potential PEP hit pauses the application and routes it into the compliance-review stage of the six-stage workflow, where a compliance officer assesses it. The relationship may proceed, proceed with added conditions and senior sign-off, or be declined. The decision and its reasoning are recorded in the append-only audit log so the bank can evidence the judgement later if asked.

Whom does BAOS screen on a corporate application — just the applicant?

Not just the applicant. For a business account the screening surface covers the entity itself, its directors, its authorised signatories, and its beneficial owners or significant stakeholders. BAOS captures each of these as a structured record during the application — the compliance step gathers the significant stakeholders and the PEP and FATCA declarations, while a separate step records up to four authorised signatories with identification. Because each party is a discrete record rather than free text in a PDF, every one of them can be screened and the result attached to the right name.

Does BAOS perform the screening itself, and does it monitor customers after the account opens?

BAOS performs PEP, FATCA, and KYC/AML checks through its compliance screening service and drives the staff review workflow around them. It is not bundled with a named commercial sanctions or PEP data vendor; the underlying reference data is a deployment decision for the bank. Ongoing screening after the account is live is a monitoring programme rather than an onboarding control, and that belongs to the Creodata AML Compliance Platform rather than the account-opening system.

Screening done well protects the bank without punishing legitimate customers, and that balance comes from structure: capturing every relevant party cleanly, running the checks where they belong in the flow, and routing the hard cases to a person rather than a rejection. See how Creodata BAOS handles screening end to end on the Business Account Opening System product page, or book a demo to walk through the compliance step and the review workflow with our team.

Account Opening Turnaround Time: Setting and Hitting SLAs in Corporate Onboarding
Account opening turnaround time — how banks set, monitor, and hit SLAs across the onboarding workflow, where applications stall, and how SLA monitoring fixes it.
Authorized Signatories and Signing Mandates: Getting the Account Mandate Right
Authorized signatories and signing mandates explained — mandate types (singly, jointly, either-or-survivor), per-account control, and how to get the account mandate right at onboarding.
Beneficial Ownership and Significant Stakeholders in Business Account Opening
Capturing beneficial ownership and significant stakeholders at account opening — why UBO matters, what to collect, and how to record ownership defensibly.
Board Resolutions for Opening a Company Bank Account
Board resolutions for opening a company bank account — what they are, what banks require, and how digital onboarding captures the resolution and authorised officials.