Sanctions Screening vs PEP Screening: Why The Difference Between Block vs. Scrutinize Is Everything

It’s a well-known fact by compliance officials that both sanctions screening and PEP screening are required for a strong compliance program. However, recognizing the differences and why those differences matter is known by fewer professionals.

Sanctions screening and PEP screening both involve checking a person against pre-made lists that frequently come from official regulatory bodies. What the response should be once a match occurs and how a wrong decision affects the company is not always clear. In this blog post, we’ll be detailing what sanctions screening and PEP screening are, how they are different, what to do if someone is both sanctioned and a PEP, why both sanctions screening and PEP screening are needed, the mistakes compliance teams commonly make, and more.

The Fundamental Difference: Block vs. Scrutinize

The biggest indicator that shows the difference between sanctions screening and PEP screening is the action that needs to be taken after a match. Block vs scrutinize is the common way compliance teams describe the actions that need to be taken in case of a sanctions screening match vs a PEP screening match.

Sanctions: A Legal Prohibition

The only right action to take after a successful sanctions screening match is to block the transaction. If needed, assets need to be frozen as well. Afterwards, a report needs to be filled and submitted to the relevant regulatory body, these can be OFAC in the U.S., HM Treasury in the UK, or the corresponding regulatory body for that particular EU member state. This prohibition is unnegotiable since it uses legislation and executive orders that make it a criminal offense to complete transactions with sanctioned parties.

OFAC violations lead to civil penalties of up to hundreds of millions of dollars and criminal prosecution of individuals. The relevant regulator does not care about the details that led to the violation when making the penalty decision, the institution only cares about the violation actually occurring. The compliance team’s actions lead to penalties even if they didn’t let the violation slip without knowing. For example, the FCA has fined app-based Starling Bank £29m for “shockingly lax” failures related to financial sanctions screening.

PEP Screening: A Risk Management Obligation

PEP screening is widely different from sanctions screening when thinking of legal obligations. A Politically Exposed Person (PEP) isn’t necessarily someone who is prohibited, since these people are PEPs just because they are or were an important figure in society. PEP lists are made to show people who have political influence, access to public funds, connections to state power which make it more possible for them to be involved with corruption, bribery, and other financial crimes.

The appropriate response after a confirmed PEP match is to conduct Enhanced Due Diligence (EDD). EDD involves additional checks like verifying the source of funds and wealth, ongoing monitoring of transactions, senior management approval for continuing the relationship with the said customer. This match usually doesn’t lead to the termination of the relationship but the customer and their transactions are watched by the company more closely.

Basically, a PEP screening match shouldn’t automatically lead to blocking the customer. This is unnecessary and may lead to loss of customers for no apparent reason. On the other hand, acting like this when a sanctions match appears will lead to severe penalties.

What is Sanctions Screening?

Sanctions screening is the process of checking people, counterparties, transactions, beneficial owners and more against lists that include people, companies, jurisdictions that financial institutions are prohibited from interacting, establishing a relationship, or allowing transactions from. These sanctions lists are issued by government bodies. Sanctions screening is a process that should be continuous, however, many companies use this process only during onboarding, leading to missed matches that may occur later, and potential penalties.

OKX, one of the world’s largest cryptocurrency exchange platforms, was also given penalties because of their sanctions screening failures. Since 2017, OKX has had an official policy preventing U.S. persons from transacting on its exchange. But contrary to this official policy, OKX sought out customers in the United States. In connection with their guilty plea and sentencing, OKX agreed to pay monetary penalties totaling more than $504 million.

There are many government-issued sanctions lists companies can rely on during sanctions screening. These lists vary in scope and maintenance style; because of this, using only one or limited lists during sanctions screening may lead to some missed matches within the company. Below, some of the most well-established sanctions lists are listed:

• OFAC Specially Designated Nationals and Blocked Persons List (SDN List)
• OFAC Sectoral Sanctions Identifications List (SSI List)
• EU Consolidated Financial Sanctions List
• HM Treasury Financial Sanctions Targets (FST)
• UN Security Council Consolidated List
• SECO (Switzerland)
• DFAT (Australia)
• MAS (Singapore)

What is PEP Screening?

PEP screening checks to see if a customer is identified as a Politically Exposed Person (PEP), and if they are, applies enhanced due diligence (EDD) measures for that specific customer. PEP screening is needed to create an overall strong AML compliance program for your company. PEP screening is also recommended under FATF Recommendation 12.

The Financial Action Task Force (FATF) counts PEPs as people that were or are involved in prominent public functions. Since these responsibilities come with a lot of power, the risk of abuse of that power increases. Some examples for PEPs can be seen below:

• Heads of state, heads of government, ministers, deputy ministers
• Members of parliament or similar legislative bodies
• Members of supreme courts, constitutional courts, high-level judicial bodies
• Members of courts of auditors and central banks boards of governors
• Senior military officers
• Senior executives of state-owned enterprises
• Senior officials of major international or supranational organizations

Other than these people, relatives and close associates within their life should be watched closely as well. Relatives and close associates (also known as RCAs) can be listed as immediate family members like partner, children, parents, siblings, also close business associates and people that are the beneficial owner of any property or entity that may benefit the PEP. PEPs that are interested in committing financial crime often use people close to them in order to go undetected for longer periods of time, and RCAs should also be checked closely by financial companies for this reason.

Side-by-Side Comparison

Sanctions screening and PEP screening is compared below to make sure that companies grasp the similarities and differences between these two processes better.

The Overlap: When Someone is Both Sanctioned and a PEP

An individual may appear both on sanctions lists and PEP lists, making them a dangerous entity to work with. When this occurs, financial firms have legal and operational obligations they need to fulfill.

If there’s both a sanctions and PEP screening match for the same person, companies may get confused about which process’ decision they should follow. In this case, sanctions screening wins once again. The transaction must be blocked. Assets are also frozen. It’s also generally recommended to file a report like SAR or STR to make sure regulatory bodies are informed about this person’s transaction attempt. Since sanctions screening match orders blocking and cutting the relationship off with the customer, the enhanced due diligence that’s recommended in the case of PEP matches doesn’t help at all.

For example, Vladimir Putin has been put into OFAC’s SDN list in 2022. Since he’s been the Head of State of Russia for many years, he is also considered a PEP. Similarly, Kim Jong-un, the Supreme Leader of North Korea, counts as a PEP. He is also on most major sanctions lists because of his past actions as a leader.

For these people and similar ones that hold a position of power while also being designated, no action other than blocking the customer is acceptable or needed.

The Gray Area: PEPs from Sanctioned Countries Who Are Not Individually Designated

One other scenario is about the PEPs that are from sanctioned countries. Since they are not designated on sanctions lists by themselves but as part of a country or jurisdiction, this scenario may be harder to analyze.

For this gray area, advanced screening and risk assessment is needed. The analysis for the individual’s case should involve questions like “Is this person on any sanctions lists?”, “Do their transactions involve the sectoral restrictions, even if they’re not personally designated?”, “Is their position related to the reason why the jurisdiction or the country was blocked?”, “Is this person being used as an intermediary for a sanctioned entity or government?”.

Since these are complex questions to answer by only screening ways, a member of the company’s compliance team should analyse and decide for the person. Getting legal advice about this particular issue may help as well.

Since how important sanctions screening and PEP screening are for overall compliance level of a company was previously discussed, these facts will have strong implications for the system design a firm requires. Sanctions matches and PEP matches return as alerts to their respective systems. Unifying sanctions screening and PEP screening in one system will help companies reduce double alerts for the same person. However, it should be remembered that a sanctions match is always more urgent than a PEP match. Making sure that in the case of a sanctions and PEP match, sanctions matches are prioritized should be a feature of the company’s compliance program by itself.

Why You Need Both Screenings in One Unified Workflow

Creating a compliance program that understands the difference between sanctions screening and PEP screening while keeping them both within a single workflow should be crucial for companies.

Using entirely separate systems for both sanctions screening and PEP screening may be costly for companies. The compliance team may face duplicate alerts from sanctions screening and PEP screening if a high-profile person is in multiple lists.

Inconsistent risk scoring is another problem separate systems bring. The sanctions screening and PEP screening systems may score the same customer differently since they have different thresholds. This may lead to different scores, and therefore, confusion during processes like onboarding, ongoing monitoring, regulatory examinations.

Using different systems for these two processes will also lead to fragmented audit trails. These two systems will be producing separate audit trails and bringing these together may become a problem for the company and compliance team.

Sanctions screening and PEP screening being managed by two different systems is inefficient, leading to operational problems, more work, duplicate alerts, and more.

A strong compliance system should be able to take both screenings’ results into account to deliver one final action for the compliance teams to complete. There are several steps to achieving a strong compliance program.

• A single API call that can check the customer or transaction against all relevant sanctions lists and PEP databases should be established.
• Consolidated match results should show all list appearances for a person in one alert, distinguishing the different list type that led to this specific match.
• Automated action routing can more easily lead sanctions matches to blocking and PEP matches to EDD measures.
• A single case management to show all the list types checked, all matches identified, the documented reasons for the final decision should be established.
• Unified audit trail is also beneficial for regulatory examinations that are done by OFAC, BSA/AML, EU AMLD requirements.

Common Mistakes Compliance Teams Make

Organizational mishaps, system failures, conceptual shortcomings lead to compliance teams making the mistakes we’ll mention below.

Treating PEP Matches Like Sanctions Matches

This is one of the most costly mistakes a compliance team can make. If compliance teams mistake PEP matches with sanctions matches, PEP matches can get automatically blocked or sanctions matches may only get EDD measures imposed on them.

Denying government officials, heads of states, senior professionals a service just because they were identified as a PEP may lead to negative results regarding the company’s reputation. Blocking people with PEP matches automatically doesn’t mean that the company is compliant, it means that the company is non-compliant in a different way

Not Screening for PEPs at All

The importance of sanctions screening and PEP screening shouldn’t be decided based on the severity of the action taken in case of a match. Even though EDD is the only result of PEP matches, making some companies think that PEP screening isn’t particularly important for their company, the reality couldn’t be more different.

It is correct that the U.S. doesn’t focus the most on PEP requirements, but this stance of the U.S. based regulatory bodies shouldn’t encourage U.S. focused companies to skip PEP screening. On the contrary, BSA/AML obligations require a risk-based CDD program. FATF membership also means that U.S. regulatory expectations are combining with international standards slowly but surely.

It is also important to note that U.S. companies with international activity will most likely be mandated to carry out PEP screening since they work with many jurisdictions that prioritise PEP screening more

Using Different Systems for Sanctions and PEP with No Integration

Many companies still use a fragmented two-system type of framework as their compliance solution as we’ve mentioned above, and this often leads to problems in operations. Some of these problems are duplicate alerts, fragmented audit trails, inconsistent risk scoring, missed overlap cases, and they may lead to further issues within the company as well.

If replacing both systems if costly and seen as unnecessary for the company, integration of the two existing platforms will solve the problem just as well. Running two separate systems shouldn’t be a long-term solution for firms.

Not Monitoring PEP Status Changes

A person who was identified as a PEP during onboarding may have a change in position that no longer places them in the PEP list. Some other PEP status changes are a family member entering politics, the military, or a senior government role, the person moving to a jurisdiction that is seen as higher risk, the person’s state-owned enterprise being nationalized or privatized. Because of this, PEP screening should be continuous or regularly conducted. If PEP screening stays as a process that’s only being used during onboarding, it may lead to the company entering higher-risk scenarios.

Applying the Same Matching Threshold to Both List Types

PEP screening and sanctions screening both need different matching thresholds. Sanctions thresholds typically need to be stricter since a false negative most likely will lead to serious consequences. PEP screening can handle broader thresholds for efficiency. Since a false negative isn’t a legal violation but a risk management failure, companies will use more lenient matching thresholds in order to not overwhelm the compliance system and team.

If a company uses the same matching thresholds for both processes, they are most likely dealing with unnecessary PEP alert volumes if sanctions screening thresholds are used as the main component, or sanctions compliance exposure if PEP screening thresholds are used as the main component.

Failing to Document the EDD Rationale for Ongoing PEP Relationships

Regulators will check regularly to see if EDD was applied for PEP customers and if the relationship between the customer and the company was kept the same by the decision of someone with authority. While many companies apply EDD, not all of them successfully document the process and the findings in an appropriate manner.

EDD should have a record afterwards that should kept by the company for future reviews and regulator requests. Documentation is the evidence a compliance team has against non-compliant team accusations.

Sanctions screening and PEP screening are different disciplines that are grounded in particular legal authorities. These processes require different responses to confirmed matches and they use different data. Companies should be able to understand these differences and manage both processes accordingly.

Sanctions screening and PEP screening should be processes that speak with each other but never decide for one another. Only applying PEP protocols for someone that is also sanctioned leads to non-compliance and heavy fines. Since financial crime is increasing in 2026, companies should pay more attention to how to make their compliance program more efficient, and connect with platforms like Sanction Scanner that can help them achieve perfection.

Pınar Meltem Üstündag

Content Writer

View full profile →