Back
Guide · KYC Automation

How to automate sanctions checks, PEP screening, and adverse media searches for new clients

Manual compliance checks on new clients are slow, inconsistent, and leave gaps in the audit trail. This guide explains what each check actually covers, where automation makes the most difference, and how a compliance agent runs all three end-to-end.

What sanctions checks, PEP screening, and adverse media actually cover

These three checks are often bundled together under “screening,” but each answers a different question, draws on different sources, and carries a different regulatory obligation.

Sanctions checks match a client’s identity against designated-person lists — the OFAC Specially Designated Nationals list, the UN Consolidated List, the EU Consolidated List, HM Treasury’s list, and applicable local lists. This is a binary, list-based check: a confirmed match against a designated person prohibits onboarding outright. A name that matches but whose identifying details (date of birth, nationality, address) point to a different individual is a false positive — and false positives still require documented review, not a silent dismissal.

PEP screening identifies whether the client, or a person connected to them, holds or has held a position of public trust — a politician, senior government official, judge, or senior military officer. Public office does not itself indicate wrongdoing, but it elevates money-laundering risk because of the access to public funds and the exposure to bribery. FATF Recommendations 12 and 13 require enhanced due diligence for PEPs, which typically means senior management approval, a deeper source-of-wealth inquiry, and closer ongoing monitoring.

Adverse media screening searches structured and unstructured media — news archives, regulatory press releases, court records, and other public sources — for negative coverage linked to the client: financial crime, fraud, corruption, or regulatory sanction. It is required under FATF Recommendation 10 and reflected in most national AML rulebooks as part of ongoing customer due diligence, not a one-off search.

Each check produces a different kind of evidence, and each requires its own documentation trail. Bundling them operationally does not mean treating them as equivalent or interchangeable.

Why manual processes break down at scale

Manual screening was workable when client volumes were low and each analyst could give a case the time it needed. It breaks down as volume grows, for reasons that are structural rather than a matter of individual effort.

Human researchers miss sources. Not all adverse media is published in English, and not all of it is indexed by the search tools an analyst has access to. A search that covers only English-language, well-indexed outlets will systematically miss coverage relevant to clients connected to non-English-speaking jurisdictions.

There is no consistent methodology across cases. Different analysts apply different thresholds for what counts as a relevant hit, different lookback windows, and different standards of evidence — so two files on comparable clients can reach different conclusions for reasons that have nothing to do with the underlying risk.

Results are frequently not cited to their source in a way that survives review. An analyst’s note that says “checked, no issues found” is not evidence; it is an assertion. When a regulator later asks what was searched, over what period, and against which sources, a file without citations is difficult to defend.

Re-screening for ongoing monitoring is the first task deprioritised under workload pressure. Initial onboarding checks get done because a file cannot be opened without them; periodic re-screening of existing clients competes with new business and routinely loses.

And the time cost is real: a thorough manual adverse media search for a single client, done properly across multiple sources and languages, takes roughly two to four hours. Multiplied across a client book, that is not a cost most compliance teams can sustain at the depth the obligation actually requires.

What automated screening actually does (and what it doesn't)

Automated platforms run structured database matches — sanctions lists, PEP lists — in seconds rather than hours, because these are lookups against defined, structured data sets. This part of automation is mature and widely available.

Adverse media automation is harder. It runs across indexed news sources, but distinguishing a relevant negative story about the actual client from an irrelevant namesake, an outdated story, or a neutral mention requires natural-language processing that reasons about context — not just keyword matching. A tool that simply returns every article containing the client’s name produces noise, not evidence.

Automation does not replace the MLRO’s judgment. It produces evidence that the MLRO reviews, weighs, and signs off on. The regulatory obligation to make a reasoned, risk-based decision sits with the firm and its compliance officer — automation changes how the evidence is gathered, not who is accountable for the conclusion.

The quality of the automation matters more than the fact of it. A tool that returns a list of raw hits for a human to triage is doing a fraction of the job. A tool that reasons through each hit, explains why it is or is not relevant to the client under review, and documents that reasoning is doing something categorically different.

How an AI agent runs all three end-to-end

Tarth is built around running sanctions, PEP, and adverse media checks as a single reasoned workflow rather than three disconnected lookups. In practice, the agent receives the client’s identity inputs and then works through each check in turn.

It runs sanctions matching against OFAC, UN, EU, and HM Treasury lists. It runs PEP screening with relationship mapping, so that exposure through a connected person — not just the client directly — is captured. It runs adverse media screening across multilingual sources over a defined lookback window, rather than a single English-language pass.

For each check, the agent states the result, explains any hits it finds — including why a hit was or was not treated as relevant — and cites the source behind that conclusion. The output is a per-person Customer Risk Assessment in which all three checks are documented, cited, and mapped to the applicable regulatory rule, produced in under ten minutes per case.

The practical effect is that the MLRO reviews a complete, evidenced file rather than a queue of raw alerts to triage from scratch. Since August 2025, Tarth has been used to onboard 900 individuals on this basis, across jurisdictions including ADGM, DIFC, the Cayman Islands, the BVI, Singapore, and Mauritius.

What to look for when choosing a screening automation tool

Not all tools described as “automated screening” do the same thing, and the differences matter when a file is later examined. Before adopting one, it is worth testing against a few specific questions.

Does it produce a cited audit file, or just a result? A green checkmark with no supporting evidence does not hold up under regulatory review. Does it cover your jurisdiction’s applicable lists, including local designated-person lists beyond the major international ones? Does it handle adverse media in the languages relevant to your actual client base, not just English?

Is the output MLRO-ready, or does it require significant manual annotation before it can be filed? A tool that shifts most of the documentation burden back onto the compliance team has automated the search but not the compliance work. And does it support re-screening for ongoing monitoring, or only a one-time check at onboarding — given that the regulatory obligation does not end when the client is onboarded?

Tarth is ISO 27001 certified and aligned with GDPR and UAE PDPL, and supports selectable identity verification through third-party providers such as Onfido as part of the same workflow.

Frequently asked questions

Is automated sanctions screening legally sufficient for AML compliance?

Automated screening is a tool, not a substitute for MLRO judgment. Under FATF Recommendation 10 and most national AML frameworks, the obligation is to apply customer due diligence — the method of screening is at the firm’s discretion, provided the evidence is documented. Automated screening that produces a cited, audit-ready file satisfies the documentation requirement. What the MLRO reviews and approves is the compliance decision, not the screening run itself.

How often should sanctions and PEP checks be re-run?

Most regulators require ongoing monitoring of existing clients, not just at onboarding. Best practice is to re-run sanctions and PEP checks whenever a client’s circumstances change materially (new product, new jurisdiction, change in UBO) and on a periodic basis otherwise. ADGM and DIFC AML frameworks require risk-based ongoing monitoring as a condition of continued business relationships.

Does Tarth cover adverse media in languages other than English?

Tarth’s adverse media screening covers multiple languages relevant to the jurisdictions it supports. The output Customer Risk Assessment documents the scope of the search, the lookback period, and the result — including negative findings (no relevant matches) as well as positive hits.

What is the difference between a sanctions hit and a false positive?

A sanctions hit occurs when a name and identifying information match a designated person on a watchlist. A false positive occurs when the name matches but the identifying details (date of birth, nationality, address) confirm it is a different person. Both require documentation: a genuine hit stops onboarding; a false positive must be recorded with the evidence used to clear it. Tarth documents both outcomes in the CRA.

Can Tarth automate ongoing monitoring as well as initial onboarding?

Tarth 1.0 focuses on the initial per-person CDD workflow. Ongoing monitoring and re-screening automation are on the roadmap.

Run your first automated screening today

Tarth runs sanctions, PEP, and adverse media checks end-to-end — with a cited, audit-ready CRA per client. Currently in pre-launch.

Request early access