Sanctions Screening and PEP Checks: A Compliance Guide

Sanctions screening and politically exposed person (PEP) checks are two fundamental parts of any serious compliance program. Together, they help organizations avoid legally prohibited relationships and identify the heightened risks that certain political and governmental connections create. Any organization in regulated sectors or international markets needs to understand what these checks involve, what their limits are, and how they fit into a broader compliance framework.

Sanctions Screening: What It Is

Sanctions are restrictions on dealings with designated individuals, entities, and jurisdictions. In the United States, the primary sanctions authority is the Office of Foreign Assets Control (OFAC) within the Treasury Department. OFAC administers the Specially Designated Nationals and Blocked Persons (SDN) list, along with many country, sector, and program-specific sanctions lists.

OFAC's jurisdiction covers essentially all U.S. persons and many foreign entities with a U.S. nexus. Those parties are prohibited from any transactions with SDN-designated parties without a specific OFAC license. Violations can result in civil penalties, including strict liability penalties even for unintentional violations. Willful violations can also bring criminal liability.

Other major sanctions regimes include:

• EU sanctions administered through the European External Action Service
• UK sanctions administered through the Office of Financial Sanctions Implementation (OFSI)
• UN Security Council sanctions that member states must implement

What Sanctions Screening Involves

Effective sanctions screening means checking the names and identifiers of counterparties against current lists, which are updated frequently. Key elements of a functional screening program:

Timeliness. Lists are updated continuously. A counterparty who passed screening last year may be designated today. Active relationships need ongoing monitoring, not just point-in-time screening.

Name matching logic. Sanctioned parties use aliases, name variations, and transliterations from other scripts. Screening tools must be set up to detect variations, not just exact matches.

Entity and ownership screening. OFAC's 50 Percent Rule treats entities 50% or more owned by designated persons as blocked, even if they are not directly listed. Effective screening requires understanding ownership structures.

Jurisdictional coverage. Depending on your business, U.S. OFAC screening alone may not be enough. EU, UK, and UN list screening may be required or prudent.

Politically Exposed Persons: What the Classification Means

A politically exposed person (PEP) is an individual who holds or has held a prominent public position. This includes:

• Heads of state and senior government officials
• Senior political party officials
• Senior judicial or military officials
• Senior executives of state-owned enterprises

Close family members and known associates of PEPs are also treated as PEPs for compliance purposes.

PEPs present heightened money laundering risk because their positions give them access to public funds and the chance to misuse them. This is not an accusation of wrongdoing. It is a risk classification that calls for enhanced due diligence, not automatic refusal.

Enhanced Due Diligence for PEPs

Financial institutions regulated under the Bank Secrecy Act must conduct enhanced due diligence for PEP relationships. This includes understanding the nature and purpose of the relationship, getting information about the source of funds, and conducting ongoing monitoring.

For non-financial businesses, PEP identification is a best practice. It reduces the risk of unknowingly helping corruption or money laundering through a relationship with a government-connected individual.

Enhanced due diligence for PEPs typically involves a deeper investigation of the individual's background, their source of wealth, any allegations of corruption or abuse of position, and the specific government positions they hold or have held.

Tools and Limitations

Commercial screening tools from vendors like World-Check (Refinitiv), LexisNexis Risk Solutions, and Dow Jones Risk & Compliance aggregate sanctions lists and PEP databases. These tools significantly reduce the manual effort of screening, but they have limits. PEP coverage varies, list updates have latency, and the tools can produce both false positives (matches on innocent parties with similar names) and false negatives (missed designations due to name variation).

Screening tools are a component of a compliance program, not a substitute for one. Some organizations rely solely on automated screening without a process for reviewing alerts, escalating high-risk relationships, and conducting enhanced due diligence when needed. They are not adequately managing their compliance risk.

Building a Risk-Based Screening Program

Regulators consistently describe sanctions and anti-money-laundering compliance as a risk-based discipline. The depth and frequency of screening should match the risk profile of the relationship, not be applied uniformly to every counterparty. A domestic supplier of office equipment and a foreign joint-venture partner in an extractive industry both warrant screening, but the second warrants substantially more.

A practical risk-based program starts with a written risk assessment. That assessment identifies the countries, industries, product lines, and customer types that present elevated exposure. From there, the program defines tiers of diligence:

• A baseline sanctions check for low-risk counterparties
• A standard due diligence review for medium-risk relationships
• Enhanced investigation for high-risk engagements

Our due diligence investigations for businesses are typically structured around this tiered model, so that resources are concentrated where actual risk resides.

Documentation is the backbone of any risk-based program. When a regulator or an acquirer reviews your compliance function, they will not simply ask whether you screened a counterparty. They will ask how you decided what level of screening was appropriate, who reviewed the alerts, and what you did when something surfaced. A screening program that produces decisions without records is effectively undocumented. In a regulatory examination, undocumented is indistinguishable from unperformed.

Handling Alerts and Resolving False Positives

Most sanctions and PEP alerts are false positives. A common name, a shared date of birth, or a transliteration coincidence can generate dozens of apparent matches that, on review, have nothing to do with the actual counterparty. Compliance teams who dismiss alerts too quickly risk missing a genuine hit. Teams who escalate every alert drown their operations in manual review.

A mature alert adjudication process uses secondary identifiers to confirm or rule out matches:

• Date of birth and place of birth
• Nationality
• Government-issued identification numbers
• Physical addresses
• Corporate registration details

When a match cannot be cleared through documentary review, the next step is typically open-source and proprietary-database investigation to determine whether the real individual behind the name is the designated person. Our background investigations team regularly performs this confirmatory work for financial institutions, law firms, and corporate compliance departments. This is especially common when the counterparty is based in a jurisdiction where identity verification is difficult through standard means.

Every alert disposition should be recorded with the reasoning that supported it and the evidence reviewed. If the same counterparty triggers the same alert in a later screening cycle, the prior disposition should be revisited rather than reflexively reused. The underlying list data or the counterparty's circumstances may have changed.

Integrating Screening with Broader Compliance Functions

Sanctions screening and PEP checks do not operate in isolation. They sit alongside other controls, including:

• Customer identification programs
• Beneficial ownership verification
• Adverse media screening
• Source-of-funds and source-of-wealth analysis
• Transaction monitoring
• Anti-bribery controls

A compliance program that treats these as separate silos will miss the connections between them. Those connections are often where the real risk lives.

Consider a common scenario. A prospective distributor in a high-corruption jurisdiction clears sanctions screening and is not listed as a PEP. Adverse media screening, however, reveals that the company's beneficial owner is the brother-in-law of a senior procurement official at a state-owned enterprise that is the distributor's largest customer. No single data point is disqualifying. Taken together, they describe a meaningful Foreign Corrupt Practices Act risk that warrants careful evaluation before onboarding. Our certified fraud examiner engagements frequently surface exactly these patterns. The resulting analysis informs whether the relationship can proceed, proceed with contractual controls, or should be declined.

Integration also matters internally. The compliance team that conducts onboarding screening should share its findings with the business unit that manages the relationship. Red flags identified at onboarding should inform ongoing contract administration, payment approvals, and periodic reviews. Findings that sit in a compliance file and never reach the operators who interact with the counterparty provide limited protection.

Mergers, Acquisitions, and Successor Liability

Sanctions and anti-corruption liability travels with acquired businesses. When a U.S. company acquires a foreign target, it generally inherits the target's exposure to historical sanctions violations, bribery, and money-laundering conduct. Federal enforcement authorities expect pre-acquisition due diligence. They view post-acquisition discovery and voluntary disclosure of inherited violations favorably, while the failure to conduct adequate diligence is viewed as an aggravating factor.

Sanctions and PEP screening in an M&A context is broader than onboarding screening. It extends to the target's customers, suppliers, distributors, agents, consultants, and joint-venture partners. It also reaches back through the target's transaction history to identify dealings that may have created unresolved exposure. Our executive misconduct investigation and transaction diligence work has repeatedly identified undisclosed PEP relationships, sanctioned counterparties buried several tiers down in a distribution network, and beneficial owners whose identities were obscured through layered corporate structures in secrecy jurisdictions.

Acquirers should also plan for post-closing remediation. A target that has been screening inadequately will need to be rescreened against current lists after integration. The acquirer's compliance framework will then need to be extended to the target's operations on a defined timeline. Buyers who assume that the target's existing program is adequate without testing it are accepting risk they have not evaluated.

Training and Cultural Reinforcement

A screening program ultimately depends on the people who operate it and the people who feed information into it. Relationship managers, procurement staff, sales teams, and executives need to understand why certain questions are asked at onboarding, why ownership and control information matters, and why a PEP classification requires additional review rather than quiet workarounds. Without that understanding, the information that reaches the screening engine will be incomplete. No tool can compensate for incomplete input.

Our due diligence investigations include sanctions screening, PEP identification, and enhanced due diligence for high-risk relationships. Our certified fraud examiners build the source-of-wealth and corruption-risk analysis that enhanced due diligence requires, and corporate compliance programs retain us for ongoing counterparty monitoring. Contact us to discuss your compliance and due diligence needs.