Sanctions and PEP Screening Explained: Lists, Matching, and Decisions

June 18, 2026• 9 min readsanctions screeningPEP screeningname matchingfalse positives

A practical guide to sanctions and PEP screening — the lists involved, how fuzzy and multi-script name matching works, why every hit needs an explainable reason, and how to run a defensible false-positive workflow at onboarding and on an ongoing basis.

Sanctions and PEP Screening Explained: Lists, Matching, and Decisions

Every regulated institution in East Africa is expected to know who it is dealing with — and to be sure that the people and entities it onboards, pays, and serves are not the ones the world has flagged as off-limits. That assurance comes from screening: comparing the names you handle against lists of sanctioned parties, politically exposed persons, and the adverse-media record, then deciding, name by name, whether a flag is real. Done well, screening is quiet and defensible. Done badly, it buries analysts under thousands of false alarms while the one match that matters slips through.

This article explains what sanctions and PEP screening actually involves — the lists, the matching problem at the heart of it, and the decisions a compliance team has to make and record. It is a companion to the complete AML platform guide, which sets screening in the wider compliance lifecycle. Here we go deep on screening alone: why it is mandatory, why names are so hard to match, and how to run a workflow that an examiner will accept.

What screening is, and why it is mandatory

Screening is the control that checks a name — a customer, a beneficial owner, a counterparty, a payment originator — against curated lists of parties you are either prohibited from dealing with or required to scrutinise more closely. It is not optional. The Financial Action Task Force (FATF) recommendations, mirrored in the laws supervised by Kenya's Financial Reporting Centre, Uganda's Financial Intelligence Authority, Tanzania's Financial Intelligence Unit, and the Financial Intelligence Centres of Zambia and Rwanda, require regulated institutions to identify and act on exposure to sanctioned parties and to apply enhanced scrutiny to higher-risk relationships. Failing to screen, or screening against stale lists, is one of the most common findings in supervisory examinations.

The control answers three distinct questions, and it is worth keeping them separate because they call for different lists, different thresholds, and different responses:

Sanctions screening asks: is this party legally prohibited? A confirmed sanctions match is a hard stop — you generally cannot proceed and may have a freezing or reporting obligation.
PEP screening asks: is this party politically exposed, and therefore higher-risk? A PEP match is not a prohibition; it is a trigger for enhanced due diligence and senior sign-off.
Adverse-media screening asks: is there a credible negative-news record — fraud, corruption, trafficking, terrorism financing — that the formal lists have not yet captured? A media hit is a signal to investigate, not a verdict.

These are three different jobs wearing the same coat. Treating them identically is where many programmes go wrong: a PEP is processed as if they were sanctioned, or an adverse-media rumour is given the weight of a legal listing.

Sanctions vs PEP vs adverse-media

Sanctions screening

Sanctions lists name individuals, entities, vessels, and sometimes whole sectors that designating bodies have placed under restrictions. They are authoritative and binary in spirit: a true match means a legal consequence. Because the cost of missing one is severe, sanctions screening is tuned to be sensitive — it would rather raise a borderline alert than let a designated party through. That sensitivity is exactly why false positives are so common, and why the workflow that follows the alert matters as much as the match itself.

PEP screening

A politically exposed person holds, or has held, a prominent public function — and so do their close associates and family members. PEP status is a risk indicator, not a blacklist. The right response to a genuine PEP match is enhanced due diligence: establishing source of wealth and funds, applying tighter monitoring, and getting senior approval to start or continue the relationship. PEP lists are also more fluid than sanctions lists — people enter and leave public office constantly — which makes keeping them current a discipline in its own right.

Adverse-media screening

The formal lists are always a step behind the news. Someone under investigation for fraud may not appear on any sanctions or PEP list for months, if ever. Adverse-media screening fills that gap by scanning the negative-news record for risk-relevant coverage. It is the noisiest of the three because news is unstructured and names are common, so it demands careful relevance filtering. We cover this in depth in our guide to screening beyond the lists with adverse media; the key point here is that media is an early-warning input, weighed alongside — never instead of — the structured lists.

The hard part: matching names

If every name arrived in clean, canonical, English-Latin form and matched a list entry character for character, screening would be a database lookup. It does not. The real difficulty — and the reason screening engines are sophisticated rather than trivial — is that the same person can be written in dozens of legitimate ways, and a naive exact match would miss almost all of them.

Consider the obstacles a screening engine has to clear:

Transliteration. A name originally written in Arabic, Amharic, or another non-Latin script can be romanised several ways. Muhammad, Mohammed, Mohamad, and Muhammed are all the same name; an exact-match check treats them as four different people.
Aliases and variants. Sanctioned parties frequently operate under known aliases, abbreviations, and "also known as" forms. The list may carry several; the name in front of you may be a fifth.
Multi-script data. In a regional book of business you will hold names in Latin, Arabic, and other scripts, sometimes mixed within a single record. The engine has to compare across scripts, not just within one.
Word order and structure. Given name and family name swap places across cultures; honorifics, patronymics, and compound surnames break a position-by-position comparison.
Locale and noise. Diacritics, spacing, hyphenation, and common typos at data entry all shift the literal characters without changing the person.

Fuzzy, multi-script, locale-aware matching

To handle this, screening relies on fuzzy matching: instead of demanding an exact string, the engine measures how close two names are and scores the similarity. Creodata's Screening service applies fuzzy, multi-script, and locale-aware name matching so that transliteration variants, aliases, and reordered components still surface as candidate hits rather than slipping through. The aim is to catch the real match hiding behind a spelling difference — without flagging every common name in the country.

Match scoring with explainable top-3 reasons

Fuzzy matching trades a yes/no answer for a score, and a score on its own is not enough for an analyst to act on or for an examiner to trust. A "78% match" tells you very little; why it scored 78% tells you everything. Creodata's match-scoring engine surfaces SHAP-style top-3 reasons for each hit — the specific factors that drove the score, such as a strong surname match, a date-of-birth alignment, or a shared nationality. That explanation turns a number into a decision an analyst can make quickly and a reviewer can audit later. Every AI-assisted surface in the platform carries the same discipline: the model and version, the top-three reasons, a confidence percentage, and a human Accept, Modify, or Reject control, with the decision logged against the model version and inputs.

Screening at onboarding and on an ongoing basis

Screening is not a single event. A name has to be clean when you take it on and stay clean for as long as you hold the relationship — and the lists change underneath you constantly.

At onboarding

When a customer is created, their name (and the names of beneficial owners and connected parties) is screened before the relationship goes live. A clean result lets onboarding proceed; a hit routes into the workflow below. This is the gate that keeps prohibited parties from ever entering the book, so it sits at the front of the onboarding flow rather than as an afterthought.

Ongoing and batch rescreening

The harder obligation is the continuing one. A customer who was clean at onboarding can be sanctioned or named as a PEP the day after — and the change happens on the list, not in your system. That is why, whenever the underlying lists are updated, the existing book has to be rescreened against the new versions. Creodata's Screening service supports both real-time screening of new names and batch rescreening of the existing population when lists change, so a fresh designation is caught against customers you onboarded long ago.

Ongoing rescreening is only as good as the lists behind it, which is why list freshness is a control in its own right. If a designation is published but your provider sync is days behind, your screening is quietly out of date. Our guide to keeping the lists you screen against current covers how the Watchlist service syncs from commercial providers, accepts manual list uploads, versions every list, and reports freshness and coverage — so you can prove that every rescreen ran against the lists in force at the time.

The false-positive problem and a structured workflow

Sensitive matching catches the real hits, but it also generates a large volume of alerts that turn out to be the wrong person. Across the industry, the great majority of screening alerts are false positives — common names, partial overlaps, and weak fuzzy matches that an analyst clears in seconds. The danger is twofold: analysts drown in noise, and a genuine match can be lost in the crowd or dismissed in haste. The answer is not to loosen the matching until the alerts disappear — that reintroduces the risk you were screening for — but to run a structured, repeatable workflow that disposes of alerts consistently and records why.

Creodata's Screening service provides exactly that: a structured false-positive workflow. Every hit carries its match score and its top-three reasons, so an analyst can see at a glance whether a flag is plausible. The analyst reviews the candidate against the underlying list entry, makes a decision — confirm the match, or clear it as a false positive — and that decision is captured in the immutable audit log alongside the evidence that supported it. Confirmed matches escalate into the case-management process for sanctions handling or enhanced due diligence; cleared alerts are recorded so the same harmless overlap does not generate the same investigation every time the book is rescreened.

A few principles keep that workflow defensible:

Every decision shows its evidence. The list entry, the score, and the top-three reasons sit one click from the disposition, so a reviewer or examiner can see what the analyst saw.
Confirm-or-clear is a recorded action, not a silent skip. Suppressing an alert without a reason is the gap examiners look for; the workflow makes the reason mandatory and permanent.
Tuning is deliberate, not reactive. Thresholds are adjusted with evidence and review, not nudged down to quiet the queue. Our guide to tuning out screening false positives covers how to lower the noise without lowering the net.

Run this way, screening stops being a firehose of alerts and becomes a controlled process: every name checked against current lists, every hit explained, every decision recorded. That is what the Creodata AML Platform is built to deliver — and where institutions want a hand standing it up, our financial crime compliance advisory team helps tune the controls to the obligations they sit under.

Frequently asked questions

What is the difference between sanctions and PEP screening?

Sanctions screening checks whether a party is legally prohibited; a confirmed match is a hard stop with potential freezing and reporting obligations. PEP screening checks whether a party is politically exposed and therefore higher-risk; a PEP match is not a prohibition but a trigger for enhanced due diligence and senior approval. They use different lists and call for different responses, which is why a good platform handles them as separate jobs rather than one.

Why does screening produce so many false positives?

Sanctions screening is deliberately tuned to be sensitive, because the cost of missing a true match is severe. Combined with fuzzy matching across transliteration variants, aliases, and multiple scripts, that sensitivity surfaces many alerts where the name overlaps but the person is different. The remedy is a structured workflow with explainable scoring and consistent disposition, not loosening the matching — see our guide to tuning out screening false positives for how to reduce noise safely.

How often should we rescreen existing customers?

Whenever the underlying lists change. A customer who was clean at onboarding can be designated or named as a PEP at any time, and that change happens on the list rather than in your records. Creodata's Screening service runs batch rescreening of the existing population each time lists are updated, so new designations are caught against customers you may have onboarded years earlier.

What does "explainable" screening actually mean?

It means every hit comes with the reasons it scored the way it did — SHAP-style top-three factors such as a strong surname match or a date-of-birth alignment — rather than a bare percentage. The analyst sees why the alert fired, makes an Accept, Modify, or Reject decision, and that decision is recorded in the immutable audit log with the evidence behind it. Explainability is what lets a team act quickly and an examiner trust the result.

Screening only works when the lists are current, the matching is sophisticated enough to catch real hits, every flag is explained, and every decision is recorded. To see sanctions, PEP, and adverse-media screening working together against live watchlists — with explainable scoring and a defensible false-positive workflow — book a Creodata demo.

Adverse Media Screening: Catching the Risk Sanctions Lists Miss
Sanctions and PEP lists only show known, designated risk. Adverse media screening surfaces the rest — how negative-news screening works, how to filter for relevance and recency, and where it fits in onboarding, EDD and periodic review.
Audit-Ready AML: Evidence-First Investigations and the Four-Eyes Principle
When an examiner asks you to walk through a single decision, can you? How an append-only audit trail, evidence-first design and the four-eyes principle make every AML decision reconstructable — and inspections far less painful.
AML Case Management: From Alert to Disposition Without Losing the Audit Trail
A walk through the AML case lifecycle — queue assignment, the RFI cycle, SLA management, linked-case investigation, EDD, escalation, and the decision to file or close — built so every step leaves an audit trail.
Why AML Detection Fails Without Data Quality: Ingestion, Mapping, and DQ Rules
No monitoring rule can catch what bad data hides. How disciplined ingestion, field mapping, source certification and data-quality rules give your AML platform the clean, complete data it needs to detect and report accurately.