Sanctions screening workflow: how to route matches to review

A sanctions screening workflow is the controlled process for checking customers, beneficial owners, controllers, and related parties against sanctions lists, then reviewing possible matches and recording the outcome. Screening is not complete when a tool returns a result. It is complete when the firm can show how the result was handled.

What sanctions screening should cover

Depending on the firm and obligation, screening may apply to:

• Individual customers.
• Directors and controllers.
• Beneficial owners.
• Trustees, settlors, protectors, and beneficiaries.
• Companies and related entities.
• Payment parties or transaction counterparties.
• Existing customers during ongoing monitoring.

The screening workflow

1. Collect names, dates of birth, entity names, countries, and identifying details.
2. Run screening through approved sources or providers.
3. Separate no-match results from possible matches.
4. Route possible matches to review.
5. Compare identifiers and supporting evidence.
6. Resolve false positives or escalate true matches.
7. Record reviewer, decision, rationale, and timestamp.
8. Trigger EDD, rejection, reporting, or monitoring where needed.

Why review evidence matters

False positives are common. The firm needs to show why a possible match was dismissed or escalated. That means retaining the match result, comparison evidence, reviewer notes, and decision outcome.

Screening workflow states

A mature sanctions screening process should have clear statuses. Without statuses, possible matches either sit unresolved or disappear into informal judgement. We recommend at least the following states:

Status | Meaning

No match | Screening completed and no relevant result was returned.

Possible match | A result requires review because identifiers may overlap.

False positive | The reviewer documented why the result does not relate to the customer or party.

Escalated | The match requires senior, compliance, or legal review before the firm proceeds.

Confirmed match | The firm has determined that the party is the sanctioned person or entity, or the risk is otherwise unacceptable.

Monitoring required | The relationship may proceed only with defined monitoring, controls, or further review.

Each status should have required evidence. A false positive should not be a checkbox. It should record which identifiers were compared, why the match was dismissed, who reviewed it, and when. An escalation should show the reason for escalation and the decision that followed.

Who and what should be screened

Sanctions screening is often described as customer screening, but AML workflows usually need a broader party set. We should decide, by workflow, which people and entities are screened. For a company, that may include directors, controllers, beneficial owners, authorised representatives, and parent entities. For a trust, it may include trustees, settlors, protectors, beneficiaries, controllers, and relevant corporate parties. For a transaction, it may include counterparties, payers, payees, or representatives depending on the firm's obligations and risk model.

The key is consistency. Staff should not decide manually each time which parties are screened. The workflow should identify relevant parties based on customer type and service context, then route any possible matches into review.

Screening is part of risk, not separate from risk

A sanctions or PEP result should feed the customer risk rating and due diligence path. If a possible match is resolved as a false positive, the firm should retain the rationale. If a PEP match is relevant, the file may require enhanced due diligence, senior management approval, source-of-wealth review, or ongoing monitoring. If a sanctions match is confirmed, the firm may need to stop activity and follow applicable legal and reporting requirements.

This is why exports from standalone screening tools are rarely enough. The screening result needs to sit beside identity evidence, beneficial ownership, source-of-funds information, risk rating, reviewer notes, and the final decision.

Veraxa routes screening outcomes into AML workflows so possible matches are not left in disconnected exports. For connected risk work, read customer risk rating system and AML compliance software.

Frequently asked questions

What is sanctions screening?

Sanctions screening is the process of checking customers and relevant parties against sanctions lists to identify whether a relationship or transaction may be prohibited or high risk.

What is a sanctions screening workflow?

A sanctions screening workflow routes possible matches to review, records the decision, escalates true matches, and keeps evidence of how the firm handled the result.

Is sanctions screening the same as PEP screening?

No. Sanctions screening checks sanctions exposure. PEP screening identifies politically exposed persons and related risk. Both can be part of AML due diligence.