Blog · May 21, 2026

AML Screening API: 1,300+ Lists at $0.20 per Check

Screen any individual or entity against 1,300+ global watchlists — sanctions, PEPs, criminal records, adverse media — with a two-score match-and-risk model. $0.20 per check, as a workflow step or a standalone API.

By DiditMay 21, 2026Updated May 21, 2026

Knowing who a customer is solves only half of compliance. The other half is knowing whether that person — or the business behind them — sits on a sanctions list, holds a politically exposed position, has a criminal record, or shows up in adverse media. That is what Anti-Money-Laundering (AML) screening does, and regulators expect it on every onboarding and, in most regimes, on an ongoing basis afterwards.

Didit's AML Screening API runs that check against 1,300+ global watchlists and returns a structured, reviewable result in seconds. It uses a two-score model — one score for is this really the same person and one for how risky are they — so your analysts spend their time on real hits instead of name collisions. It runs as a step inside a verification workflow or as a standalone call, and it costs $0.20 per check with no minimums.

Key takeaways

1,300+ watchlists in one call: sanctions (OFAC, EU, UN), politically exposed persons (PEP, four levels including relatives and close associates), criminal records, adverse media, regulatory warnings and enforcement, fitness and probity, and insolvency.
Two-score model. A Match Score (0–100) measures identity confidence; a Risk Score (0–100) measures how risky a confirmed entity is. The two are decided independently.
Configurable thresholds and weights mean you tune false positives down to your own risk appetite — name, date-of-birth, and country weights must sum to 100.
Auditable review states — False Positive, Unreviewed, Confirmed Match, Inconclusive — give compliance a defensible paper trail.
Two modes: a step inside a Didit verification workflow, or a standalone POST /v3/aml/ call against the unified API.
$0.20 per check, pay-per-call. Ongoing daily rescreening is available at $0.07 per user per year.

What AML screening does

AML screening compares the identity you submit — a name, a date of birth, a country, optionally a document number — against curated lists of people and organizations that carry regulatory or reputational risk. A positive comparison is a potential match. The hard part is everything after: confirming the match is actually your customer and not a namesake, then deciding whether the underlying risk is acceptable.

Didit splits those two questions deliberately. First it asks how confident it is that the watchlist record and your customer are the same person. Then, only for records that clear that bar, it asks how risky that person or entity is. Separating identity confidence from entity risk is what keeps a common name from being treated as a sanctions hit.

Why it matters

Every major AML regime — the EU's AML directives and forthcoming Single Rulebook, the FATF recommendations, the US Bank Secrecy Act framework — requires regulated firms to screen customers against sanctions and PEP lists and to act on adverse findings. The penalties for getting it wrong are measured in eight and nine figures, and "we didn't screen" is never an acceptable answer to a regulator.

The operational pain is the inverse problem: screening that is too blunt drowns analysts in false positives. A naive name match against 1,300+ lists produces enormous noise, and every false hit is an analyst-minute spent and an onboarding delayed. A good engine finds the right matches and gives you the controls to suppress the rest — the entire design goal of Didit's two-score model.

Technical details

AML screening runs against the unified /v3/ API. As a standalone check you submit the subject's identifying data and receive a result with both scores and any matched profiles.

curl -X POST https://verification.didit.me/v3/aml/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Maria",
    "last_name": "Gonzalez",
    "date_of_birth": "1984-03-12",
    "country": "ES",
    "save_api_request": true
  }'

The engine returns an overall AML status, the two scores, and the watchlist profiles it surfaced:

{
  "aml_status": "In Review",
  "risk_score": 71,
  "matches": [
    {
      "profile_id": "prf_5a91c2",
      "match_score": 96,
      "match_status": "Unreviewed",
      "categories": ["PEP 2", "Adverse Media"],
      "country": "ES",
      "listed_on": ["EU Most Wanted", "Regional PEP Register"]
    }
  ]
}

The two scores.

Score	Range	What it measures	Default decision
Match Score	0–100	Identity confidence — is this really the same person?	Below threshold 93 → `False Positive`; at or above → `Unreviewed`
Risk Score	0–100	Entity risk — how dangerous is a confirmed match?	Below 80 → `Approved`; 80–100 → `In Review`; above 100 → `Declined`

AML statuses. A screening resolves to one of: Not Started, In Progress, Approved, In Review, Declined, Abandoned, or Kyc Expired.

Match review statuses. Each surfaced profile carries a reviewable state: False Positive, Unreviewed, Confirmed Match, or Inconclusive — the audit trail your regulator will ask for.

Price. $0.20 per check, billed per call, no minimums. Setting save_api_request: true is what makes a record eligible for ongoing daily rescreening at $0.07 per user per year.

What's in the 1,300+ lists

The watchlist coverage spans every category a regulated firm has to screen for:

Sanctions — OFAC, EU, UN, and national consolidated lists.
Politically exposed persons (PEPs) — four levels (PEP 1–4), where the lower numbers are senior officials and higher levels include Relatives and Close Associates (RCA).
Criminal records — wanted persons and convictions where published.
Adverse media — negative news tied to financial crime, fraud, corruption, and related conduct.
Warnings and regulatory enforcement — actions and notices from financial regulators.
Fitness and probity — registers used to assess suitability for regulated roles.
SIP / SIE — special-interest persons and entities.
Insolvency — bankruptcy and insolvency registers where available.

Each matched profile reports which categories and which underlying lists it appeared on, so an analyst can see why a record surfaced before deciding what to do with it.

Use cases

Fintech. Screen every new account at onboarding and re-screen continuously, so a customer who later appears on a sanctions list is caught the next day, not at the next audit.
Crypto / Web3. Combine AML screening of the human or entity with on-chain wallet screening of their addresses for a complete picture of counterparty risk.
Lending. Run sanctions and PEP checks on borrowers and guarantors before disbursing, and keep them under ongoing monitoring for the life of the loan.
Marketplaces. Screen sellers and high-value buyers, suppressing namesake noise so legitimate sign-ups are not blocked by a common name.
iGaming. Meet sanctions and PEP obligations on player onboarding in age-gated, heavily regulated markets without adding manual review queues you can't staff.

How to integrate with Didit

Choose the mode. Add AML Screening as a step in a Console-built verification workflow so it runs automatically after identity is established, or call POST /v3/aml/ directly when you only need the screening.
Submit the subject. Pass the name, date of birth, and country; include a document number when you have one to unlock the higher-confidence match path.
Tune your thresholds. Adjust the match weights and the match and risk thresholds in the Console to match your risk appetite before going live.
Work the hits. Review surfaced profiles in the Console, set each to its correct review status, and let confirmed risk flow into your decisioning. Enable ongoing monitoring to rescreen daily.

Because it lives on the unified /v3/ API, a Business Verification (KYB) session can screen the company entity and the individual KYC sessions of its beneficial owners — one platform, one audit trail, end to end.

Frequently asked questions

How much does AML screening cost?

$0.20 per check, billed per call with no minimums. Ongoing daily rescreening is available separately at $0.07 per user per year.

How many lists do you screen against?

More than 1,300 global watchlists, covering sanctions, PEPs, criminal records, adverse media, regulatory warnings and enforcement, fitness and probity, special-interest persons and entities, and insolvency.

Why two scores instead of one?

Because identity confidence and entity risk are different questions. The Match Score asks whether a hit is really your customer; the Risk Score asks how dangerous a confirmed hit is. Separating them is what keeps namesakes from being treated as sanctions matches.

Can I run it without a full identity verification?

Yes. AML Screening works as a standalone POST /v3/aml/ call, or as a step inside a Didit workflow after KYC. You choose per use case.

How do I keep customers under monitoring after onboarding?

Set save_api_request: true on the check and enable ongoing monitoring. Didit rescreens daily and updates the status — firing webhooks — when a new hit crosses your thresholds. It can be disabled per user from the Console.

Ready to get started?

Read the AML Screening overview in the docs, see how it fits the platform on the AML Screening product page, and check transparent per-check pricing on the pricing page. When you're ready, start free — 500 free KYC checks every month, with AML screening at $0.20 per check.