AML screening: How it works, and why you need it

In October 2024, TD Bank pleaded guilty to Bank Secrecy Act violations and paid more than $1.8 billion to the US Department of Justice for running an inadequate AML programme. The failures were documented. The fix was delayed. Regulators eventually ran out of patience.
Most compliance gaps do not start with bad intent. They start with onboarding processes that check the wrong lists, run screens only at sign-up, or rely on manual workflows that analysts have learned to work around. If your team is performing compliance checks manually or working off outdated systems, the regulatory exposure is real, as a result a good and reliable AML screening process matters. AML screening is how you close those gaps. This guide covers what it is, how the three-layer screening process works, and what a programme regulators will not need to penalise actually looks like.
AML screening is the process of checking customers, clients, and counterparties against sanctions lists, politically exposed person (PEP) registries, and adverse media sources to identify money laundering or financial crime risk before or during a business relationship.

The regulatory case for AML screening

Between 2% and 5% of global GDP passes through the financial system as laundered funds each year, according to the United Nations Office on Drugs and Crime. That is not a range caused by weak research. It reflects how deliberately those flows are hidden from detection.
FATF’s 40 Recommendations are the international framework governments use to structure AML obligations. Regulated entities must identify their customers, assess risk, monitor activity on an ongoing basis, and report suspicious transactions to the relevant authority. AML screening is where those obligations land in practice. It is the mechanism between opening an account and processing a transaction.
The regulated population has grown well beyond banks and insurers. Crypto exchanges, payment processors, wealth managers, accountants, law firms, real estate agents, and dealers in high-value goods all carry AML screening obligations in most jurisdictions. The question for most businesses today is not whether the rules apply. It is whether the programme is fit for the regulatory environment it operates in.

How AML screening works

AML screening runs across three distinct data layers, each checking a different category of risk that collectively is KYC screening. Parts of AML Watchlist screening each catch exposure that the other two miss. Together, they give compliance teams a risk picture no single list can provide on its own.

Sanctions screening

Sanctions lists are issued by governments and international bodies to restrict financial activity involving specific individuals, entities, vessels, and jurisdictions. The main lists include those published by OFAC (US Treasury), the UN Security Council, the European Union, and the UK government.
A sanctions screening check matches the subject’s identifiers against these lists in real time. Name, date of birth, nationality, and national identification number all feed into the matching logic. A positive match does not automatically block a transaction, but it does mean the relationship cannot proceed without a documented review of whether the match is genuine or a false positive. That documentation is what regulators look for when they audit your records.

PEP screening

A politically exposed person holds, or has recently held, a senior public position: head of state, senior politician, senior judiciary, high-ranking military official, or a board member of a state-owned enterprise. Immediate family members and known close associates carry the same classification.
PEPs are not prohibited customers. They are, by definition, high-risk ones. Regulated businesses are required to apply enhanced due diligence when onboarding or maintaining a relationship with a PEP. That means more thorough source-of-wealth checks, more frequent re-screening, and a senior sign-off on the relationship. Without PEP screening, none of those extra steps get triggered.

Adverse media screening

Sanctions lists and PEP databases are backward-looking. They capture what is already known and formally designated. They do not capture the executive named in a fraud investigation last week, or the company director whose assets have been restrained by a national authority pending charges.
Adverse media screening monitors news sources, regulatory announcements, court records, and enforcement filings for negative coverage linked to a subject. The challenge is volume. Without intelligent filtering, the alerts are too numerous to act on. Effective systems use natural language processing to classify coverage by risk category and surface material threats rather than incidental mentions.

Onboarding screening vs. ongoing monitoring

AML screening runs at two distinct points in the customer lifecycle, and regulators expect both.
Onboarding screening runs before a business relationship begins. You check the customer against the relevant lists, confirm their identity, determine their PEP status, and apply the appropriate due diligence level. Every step is documented before the first transaction is processed.
Ongoing monitoring runs throughout the relationship. A customer who was clear at onboarding may be designated under a new sanctions regime six months later. Someone who was not politically exposed when they first became your client may take on a government role. If you only screen at onboarding, you will miss both changes.
Most regulators expect continuous or near-continuous screening for high-risk customers, and periodic re-screening for the rest. The frequency should be proportionate to the risk rating. Your programme documentation should state what those intervals are, how they were set, and who is responsible for reviewing the results.

What a defensible AML screening programme looks like

A programme that would hold up under regulatory scrutiny shares five distinct characteristics along with meeting all the relevant AML screening requirements.
List coverage is where the gaps usually appear first. Your screening must include the watchlists relevant to your operating jurisdiction and your customers’ exposures. A European business serving US-exposed clients needs OFAC coverage alongside EU and domestic lists. Assumptions about which lists matter create the blind spots that enforcement actions get built on.
Match quality determines whether screening is operational or mostly theatrical. Name-matching generates noise. Two people can share a name and a similar date of birth without either appearing on a watchlist. Fuzzy-matching logic calibrated against multiple identifiers keeps false-positive volume manageable without suppressing genuine flags.
Records must document decisions, not just activity. Regulators do not just want to see that screening ran. They want to see what the result was, who reviewed it, and what action was taken. Every match, however it is resolved, needs a traceable decision with a named sign-off.
Speed matters because slow screening introduces friction that creates pressure to skip steps. An automated AML screening solution that returns results in real time means compliance checks finish before the onboarding session ends.
Integration with your identity verification process closes the gap between identity confirmation and risk determination. When both processes share a platform, a single audit trail covers both checks, and there is no handover point where documentation gets lost. Reviewing the watchlist screening components of that integration is a good starting point for any programme gap analysis.
Manual checks and siloed screening tools leave gaps that only become visible during a regulatory review or an incident. Shufti’s AML screening runs real-time checks across 3,500+ global watchlists, 2.6 million PEP profiles, and 50,000+ adverse media sources through a single API, so sanctions hits, PEP flags, and adverse media signals surface before onboarding completes. Request a demo to see the screening workflow on your actual onboarding volumes.