Sanctions & PEP Screening

Sanctions screening is different from everything else in KYC, because it's a hard stop. The U.S.

Office of Foreign Assets Control, or OFAC, maintains the Specially Designated Nationals list — the SDN List — of individuals and entities U.S. persons are prohibited from dealing with.

And OFAC liability is essentially strict: you can violate sanctions even without meaning to. So you screen every customer and every beneficial owner against the SDN List and other sanctions lists. A true sanctions match isn't something you 'keep an eye on' — it means block or reject the transaction, freeze the assets, and report to OFAC.

Get this one wrong and the penalties are severe.

Here's a rule the exam-style questions love, and it connects straight back to the last lecture. Under OFAC's 50 Percent Rule, any entity owned fifty percent or more — directly or indirectly — by one or more blocked persons is itself considered blocked, even if that entity's own name never appears on the SDN List. And ownership aggregates: if two different SDNs each own thirty percent, that's sixty percent combined, and the company is blocked.

This is exactly why you did the beneficial-ownership unwrapping in lecture three. You can't apply the 50 Percent Rule if you don't know who really owns the customer.

Screening engines don't look for perfect matches, because real names rarely match perfectly. Transliteration from other scripts, alternate spellings, swapped word order, nicknames, and aliases all mean the same person can appear a dozen ways. So engines use fuzzy matching to flag near-matches above a similarity threshold.

The consequence: the vast majority of alerts you'll work are false positives — innocent customers who happen to resemble a listed name. That's normal. Your job is disposition: for each alert, gather identifiers like date of birth and place of birth, compare them, and either clear it as a false positive with documented reasoning, escalate it, or confirm a true match.

Clear notes here protect both the customer and the institution. A quick discipline point: never clear an alert just to empty the queue. A single undocumented dismissal of a real match can expose the institution to enormous penalties, so the note you write is doing real protective work.

Now politically exposed persons, or PEPs. Under FATF Recommendation 12, a PEP is an individual entrusted with a prominent public function — a head of state, senior politician, senior government, judicial, or military official, senior executive of a state-owned enterprise, or important political party official. FATF distinguishes foreign PEPs, domestic PEPs, and those at international organizations.

Crucially, the definition extends to family members and close associates, sometimes called relatives and close associates, because that's how a corrupt official often holds wealth. Be clear: PEP status is not an accusation of wrongdoing. It's a higher-risk flag.

The reason it matters is corruption risk — and a PEP relationship triggers enhanced due diligence, which we'll cover in lecture six.

The last screen is adverse media, sometimes called negative news screening. You search reputable news sources and public records for negative information about the customer or its owners — allegations or findings of fraud, corruption, money laundering, sanctions evasion, terrorism, or organized crime. The skill is filtering: you'll get unrelated people with the same name and trivial hits, so you assess relevance, the credibility of the source, and how recent it is.

A serious, credible adverse-media hit raises the customer's risk rating and can trigger enhanced due diligence or escalation. Like everything else, you document what you found, what you concluded, and why. And remember, adverse media is a signal, not a verdict — you weigh it alongside everything else in the file rather than letting one headline decide the outcome.

Let's lock it in. Sanctions screening against the OFAC SDN List is a hard stop, and the 50 Percent Rule extends blocking to entities owned by listed persons. Fuzzy matching produces mostly false positives that you must disposition and document.

PEPs, defined by FATF Recommendation 12, are a higher-risk flag — including family and associates — that triggers deeper diligence, and adverse media adds context to the picture. Every signal you've gathered so far now flows into one decision: how risky is this customer? That's the customer risk rating, and it's next.