AML Watchlist Screening: The Definitive 2026 Guide

AML (Anti-Money Laundering) watchlist screening is the automated process of checking an individual or entity against government-maintained sanctions lists, politically exposed person (PEP) registries, and adverse-media databases — before onboarding and continuously afterward. If a name on your platform matches a designated person or a high-risk PEP, you have a legal obligation to know about it and act.

Most regulated businesses screen at onboarding. Fewer screen continuously. The problem is that watchlists change daily — new designations, updated entries, emerging name variations — and a clean check today does not guarantee a clean check tomorrow.

Key takeaways

• Watchlist screening covers three source categories: government sanctions lists (OFAC, EU Consolidated, UN, HMT), PEP registries (levels 1–4 plus RCA — Relatives and Close Associates), and adverse-media databases.
• Didit aggregates 1,300+ watchlists into a single POST /v3/aml/ call priced at $0.20 per check.
• A two-score model separates the matching problem (is this the same person?) from the risk problem (how dangerous is the match?). The match confirmation threshold is 93 — reducing false positives without missing genuine hits.
• Ongoing AML Monitoring rescreens every enrolled person daily at $0.07 per user per year — because watchlists change and today's clean record is not tomorrow's.
• Three statuses come back: Approved, In Review, or Declined — mapping directly to your workflow actions.

What AML watchlist screening is

Watchlist screening compares a name — and supporting identifiers like date of birth and nationality — against lists of individuals and entities that governments, supranational bodies, and enforcement agencies have flagged. The three source categories each catch different risk profiles:

Sanctions lists name individuals and entities subject to asset freezes, trade restrictions, or travel bans. The major programmes are US OFAC (Office of Foreign Assets Control), the EU Consolidated Sanctions List, UN Security Council lists, and UK HMT (His Majesty's Treasury). Transacting with a sanctioned party without a licence is a criminal offence in virtually every jurisdiction.

PEP registries identify Politically Exposed Persons — current and former heads of state, government ministers, senior military and judicial officers, board members of state-owned enterprises, and executives of international organisations. PEPs are not prohibited customers, but they carry heightened corruption and bribery risk, and most AML frameworks require enhanced due diligence on them. The standard classification runs four levels: PEP level 1 (heads of state, senior ministers) down to PEP level 4 (lower-ranking officials). RCAs — Relatives and Close Associates — extend the same scrutiny to a PEP's immediate family and close business associates.

Adverse media surfaces criminal convictions, ongoing investigations, fraud allegations, and regulatory sanctions from public press sources. It fills gaps where a person appears on no formal list but carries documented risk.

Why it matters

Sanctions violations carry penalties that have repeatedly exceeded nine figures. PEP exposure without enhanced due diligence has triggered regulatory actions across Europe, Latin America, and the US. Adverse-media hits surface reputational and fraud risk that no list would ever encode. Regulators in every major jurisdiction treat watchlist screening as a minimum baseline — not an optional layer.

The practical challenge is that watchlists are not static. OFAC alone issues new designations weekly. An individual clean at onboarding may be designated tomorrow. Point-in-time screening at onboarding and ongoing monitoring throughout the lifecycle are both required.

The two-score model: matching versus risk

Screening against 1,300+ lists with millions of records requires a model that separates two distinct questions: is this the same person as the listed entity (a matching problem), and how dangerous is a confirmed match (a risk problem)?

Didit uses a two-score model:

Match score — how closely the subject's name, date of birth, and nationality match a watchlist entry. The weighting is: name 60%, date of birth 25%, country 15%. A consolidated score above 93 is treated as a confirmed match. Below that threshold, the result routes to In Review rather than generating an automatic alert — the primary mechanism for controlling false positives without missing genuine hits.

Risk score — for a confirmed match, how serious is the hit? The weighting is: category 50% (sanctions carry more weight than a PEP level 4), country 30% (FATF grey and black list countries elevate the score), and criminal record 20%.

The two scores together produce the final status:

Status	Meaning
Approved	No confirmed match. The subject cleared all watchlists at the set thresholds.
In Review	A potential match was found below the confirmation threshold, requiring human review.
Declined	A confirmed match was found — the subject is on a sanctions list or a high-risk PEP hit that triggers automatic decline per your workflow settings.

False positives and how to manage them

False positives — legitimate customers matched against listed persons with similar names — are the operational headache of AML screening. A name like "Mohammed Abdullah" or "José García" returns many candidates on global lists; without quality matching, your review queue fills with clean customers.

The 93 confirmation threshold is calibrated to pass most legitimate near-misses to In Review rather than auto-decline. Your compliance team confirms or dismisses, and each decision is logged. Over time, confirmed false positives reveal common collision patterns, and you can tune acceptance thresholds per list category.

Adverse-media sources introduce a different false-positive pattern: a person sharing a name with someone mentioned in a news article about financial crime. Context — corroborating identifiers, date ranges, geography — matters. A human review step on adverse-media hits is almost always warranted.

Ongoing AML Monitoring: daily rescreening

A customer who clears screening today may be designated next week. Ongoing AML Monitoring rescreens every enrolled individual against the full watchlist set daily. When a new match appears, an alert fires immediately — you are not waiting for the next manual batch run or scheduled review cycle.

The price is $0.07 per user per year — daily rescreening of 10,000 customers costs $700 annually. It is the cheapest insurance against designation exposure in a live customer base, and it shifts your programme from point-in-time compliance to continuous monitoring.

Use cases

Neobanks and payment processors — account opening and payment release both require sanctions clearance. Real-time screening at account creation blocks a designee before a single transaction clears. Ongoing monitoring catches a designation mid-lifecycle.

Crypto exchanges and on-ramps — FATF Travel Rule obligations require both originator and beneficiary screening. Every on-ramp transaction, and every withdrawal above threshold, runs through watchlist screening as a baseline.

Marketplace platforms — merchant onboarding is a KYB (Know Your Business) process, but individual sellers on consumer marketplaces need PEP and sanctions screening too. A PEP running a high-value seller account raises the same enhanced due diligence obligation as a PEP in a bank.

Lending and BNPL — loan origination in regulated markets requires clearing the borrower against sanctions before disbursement. Ongoing monitoring catches a clean borrower who becomes designated mid-term.

How Didit helps

Didit AML Screening checks against 1,300+ watchlists — sanctions, PEP levels 1–4 plus RCA, and adverse media — in a single call at $0.20 per check. The two-score model runs automatically; confirmed matches generate an alert in the Business Console for your compliance team to action.

curl -X POST https://verification.didit.me/v3/aml/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "vendor_data": "user_7821",
    "first_name": "Maria",
    "last_name": "Garcia",
    "date_of_birth": "1985-04-12",
    "country": "ES"
  }'

The response includes match score, risk score, hit categories (sanctions / PEP level / adverse media), and the final status. Add Ongoing AML Monitoring at $0.07/user/yr to keep every enrolled customer rescreened daily without any further API calls.

AML Screening also composes with the rest of the platform: run it inside a KYC session alongside document verification and liveness, or as a standalone check at any lifecycle event — transaction dispute, address change, or account upgrade.

Frequently asked questions

How much does AML screening cost?

$0.20 per check for a point-in-time screen. Ongoing AML Monitoring — daily rescreening throughout the customer lifecycle — is $0.07 per user per year. Both are billed per call with no minimums.

What watchlists are covered?

1,300+ lists including OFAC, EU Consolidated, UN, HMT, domestic enforcement agencies across 220+ countries, PEP registries at levels 1–4 plus RCA, and adverse-media sources.

Does AML screening replace KYC document verification?

No. Watchlist screening answers "is this person on a prohibited list?" Document and biometric verification answers "is this person who they claim to be?" Both are needed; neither replaces the other. Didit lets you run them in the same session or independently.

What is the 93 confirmation threshold?

It is the minimum match score above which Didit treats a watchlist hit as a confirmed match. Scores below 93 route to In Review rather than auto-decline, giving your compliance team visibility over potential hits without flooding your queue with obvious false positives.

What happens if a customer is designated after onboarding?

Ongoing AML Monitoring rescreens every enrolled person daily. When a designation fires, an alert opens immediately in the Business Console and a webhook notifies your system in real time.

Ready to get started?

Read the AML Screening overview in the docs, see the full product on the AML Screening product page, and review transparent per-call pricing on the pricing page. When you're ready, start free — 500 free checks per month, no minimums, no contract.