How UK banks, EMIs, PIs, MSBs, and remittance firms screen payments against sanctions, PEPs, and fraud risk before funds move — and what the FCA expects to see.
Every second, thousands of payments move through the UK's financial system — a customer sending money to Europe, a business settling an overseas invoice, a fintech clearing hundreds of cross-border transfers, a remittance company reconciling positions across currencies. Each of those payments happens in seconds, but each one also carries a question regulators expect every firm to answer before the funds move: is this beneficiary sanctioned, is this sender who they claim to be, and could this transaction breach UK sanctions law? For UK-regulated firms, payment screening is no longer a back-office nicety — it is a core regulatory obligation, and getting it wrong carries real consequences. This guide explains how the payment screening process works in the UK, what regulators expect, where firms most often struggle, and how modern technology is changing what "good" looks like.
Payment screening is one of the most important AML controls for UK financial institutions, payment firms, Electronic Money Institutions (EMIs), Money Service Businesses (MSBs), banks, fintechs, and remittance companies. It involves screening every payment transaction — including the sender, beneficiary, intermediaries, payment messages, and destination countries — against sanctions lists, politically exposed persons (PEPs), adverse media, and internal watchlists before the payment is processed. In the UK, this activity sits within a framework that includes the Money Laundering Regulations 2017, the Proceeds of Crime Act, the Terrorism Act 2000, the Sanctions and Anti-Money Laundering Act 2018, OFSI guidance, and the FCA's Financial Crime Guide. Modern systems combine real-time sanctions screening, transaction monitoring, risk scoring, and fuzzy name matching to detect sanctions violations, money laundering, and suspicious transactions before funds leave the financial system.
In This Article
Payment screening is the real-time assessment of a payment transaction, and every party connected to it, before that payment is executed. It differs from customer onboarding screening, which typically checks a customer once or on a periodic review cycle — payment screening evaluates every individual transaction as it happens, regardless of how long the customer relationship has existed. The objective is straightforward: prevent illicit funds from entering or leaving the financial system before they actually move.
A payment screening engine typically analyses the originator, the beneficiary, intermediary and correspondent banks, payment references, SWIFT MT and ISO 20022 message content, the stated purpose of payment, the countries involved, the transaction amount, the customer's risk profile, and internal watchlists alongside external sanctions databases. When a payment matches a sanctions list entry or otherwise appears suspicious, the transaction is automatically held for manual review rather than allowed to settle.
The UK remains one of the world's largest financial centres, and billions of pounds move daily through banks, challenger banks, EMIs, Payment Institutions, PSPs, fintechs, FX providers, money transfer operators, and remittance companies. That sheer volume is exactly what makes UK payment rails attractive to criminals attempting to launder illicit funds, evade sanctions, finance terrorism, commit fraud, move proceeds of cybercrime, or circumvent international financial restrictions.
Payment screening obligations in the UK are not set out in a single piece of legislation. Instead, they emerge from several overlapping legal and regulatory frameworks that together shape what regulators expect a firm's screening controls to look like.
| Regulation / Guidance | Purpose |
|---|---|
| Money Laundering Regulations 2017 (as amended) | Customer due diligence and AML controls |
| Proceeds of Crime Act (POCA) | Criminal property reporting obligations |
| Terrorism Act 2000 | Terrorist financing prevention |
| Sanctions and Anti-Money Laundering Act 2018 | UK's post-Brexit sanctions regime |
| OFSI Guidance | Implementation of financial sanctions |
| FCA Financial Crime Guide | Supervisory AML expectations |
| JMLSG Guidance | Industry-recognised best practice |
| UK Financial Sanctions Regulations | Asset freezes and sanctions compliance |
Figure 1: The overlapping UK frameworks that together inform payment screening obligations. No single statute uses the term "payment screening" — the requirement is assembled from these sources.
Payment screening is expected across a wide range of UK-regulated sectors: banks, Electronic Money Institutions, Payment Institutions, Money Service Businesses, remittance companies, foreign exchange providers, fintech companies, challenger banks, building societies, correspondent banking providers, cryptoasset firms regulated under the Money Laundering Regulations, and wealth management firms. The common thread across all of these sectors is that each one moves customer funds across accounts, currencies, or borders — and each one is therefore exposed to the risk of facilitating a prohibited or suspicious transaction if screening controls are inadequate.
An effective payment screening framework typically runs through six stages, from the moment payment data is captured through to a final investigation decision.
Figure 2: The six stages most UK payment screening frameworks follow, from initial data capture through to a documented decision.
Payments should be screened before settlement, not after, so that a prohibited transaction can actually be stopped rather than merely flagged retrospectively once the funds have already moved.
This means screening against OFSI's lists, the UK sanctions regime, UN sanctions, and other relevant international sanctions regimes where the payment's parties or corridor warrant it.
Identifying politically exposed persons and their close associates allows firms to apply the enhanced due diligence regulators expect for higher-risk relationships.
Checking for customers or counterparties linked to corruption, fraud, organised crime, or terrorist financing in public reporting adds a layer of risk detection that static sanctions lists alone do not provide.
Payment screening works best as one layer within a broader control framework — it should complement, not replace, ongoing transaction monitoring of customer behaviour over time.
Every screening decision, escalation, and resolution should be fully documented, since this is precisely the evidence the FCA and other UK authorities will ask to see during a supervisory visit or thematic review.
Even well-resourced compliance teams run into recurring operational difficulties. Poor matching logic generates excessive false positives, which drives up operational cost and slows down legitimate payments for customers. The opposite failure — false negatives caused by weak matching algorithms that miss genuinely sanctioned entities — creates significant regulatory exposure that is far more serious than alert fatigue.
Cross-border payments add further complexity, since each transaction can touch multiple jurisdictions, different sanctions regimes, varying messaging standards, and currency conversions, with every additional layer compounding the screening challenge. Name transliteration is a related and persistent problem: Arabic, Russian, Chinese, and other non-Latin names often have multiple valid spellings in Latin script, and only modern fuzzy matching meaningfully improves detection rates in these cases. The ongoing industry migration from SWIFT MT messages to ISO 20022 XML messages means screening systems now need to support both formats reliably during the transition period, and firms that generate thousands of alerts daily without effective prioritisation risk alert fatigue, where analysts become overwhelmed and genuinely high-risk cases get lost in the volume.
Leading firms continuously improve their screening capabilities through risk-based screening thresholds rather than one-size-fits-all rules, AI-assisted alert prioritisation, continuous sanctions list updates, behavioural analytics layered on top of static matching, real-time transaction monitoring, independent model validation, regular tuning exercises, comprehensive audit logging, ongoing staff training, and clear governance and oversight structures. The objective is never to eliminate alerts entirely — that would simply mean the controls are too loose — but to improve the accuracy and quality of the alerts that are generated, so that compliance resources go toward genuinely risky payments rather than noise.
Although the two terms are often used interchangeably, payment screening and transaction monitoring serve different functions within the same AML framework.
| Payment Screening | Transaction Monitoring |
|---|---|
| Happens before payment execution | Happens during or after transactions |
| Screens sanctions and counterparties | Detects suspicious behavioural patterns |
| Focuses on individual payments | Focuses on customer activity over time |
| Prevents prohibited payments | Detects money laundering typologies |
| Supports sanctions compliance | Supports AML investigations |
Figure 3: Payment screening and transaction monitoring are complementary, not interchangeable — most mature AML programmes run both side by side.
Modern RegTech platforms improve payment screening by offering real-time screening with API integration, automated sanctions list updates, machine learning-assisted name matching, explainable risk scoring that compliance teams can defend to a regulator, workflow automation, integrated case management, dashboard reporting, comprehensive audit trails, and regulatory reporting support. Together, these capabilities reduce the manual effort required from compliance analysts while measurably improving detection outcomes — a combination that purely manual or rules-only screening approaches struggle to deliver at scale.
For UK-regulated payment firms, remittance providers, and fintechs, building payment screening as a bolt-on to an existing platform often creates exactly the kind of fragmented controls that regulators flag during supervisory review. RemitSo's white-label remittance platform builds real-time sanctions screening directly into the payment flow, covering more than 40,000 records across eight or more global watchlists with fuzzy matching and alias detection designed to catch the transliteration and spelling-variation issues described earlier in this guide.
Risk-calibrated transaction monitoring across 55-plus indicators works alongside that screening layer, while tiered KYC and eKYC workflows, structured case management, and audit-ready documentation give compliance teams the evidence trail UK regulators expect to see during a review. Firms evaluating their current payment screening setup can review RemitSo's AML consulting services for a tailored assessment.
RemitSo gives UK-regulated MTOs, EMIs, and fintechs integrated sanctions screening, risk scoring, and case management — without stitching together separate vendors.
Payment screening is the process of checking a payment transaction, and every party connected to it, against sanctions lists, PEP databases, adverse media, internal watchlists, and other AML risk indicators before the payment is processed. It differs from one-off or periodic customer screening because it evaluates every individual transaction at the point of execution rather than relying solely on checks performed when the relationship was opened. The goal is to stop a prohibited or suspicious payment before funds actually move, rather than discovering the issue afterward. For UK-regulated firms, this makes payment screening one of the most operationally important AML controls in daily use.
There is no single UK statute that uses the term "payment screening" and prescribes one specific technical process. However, UK-regulated firms are expected, under the Money Laundering Regulations, sanctions legislation, and FCA supervisory expectations, to have effective controls in place that identify and prevent prohibited or suspicious transactions before they settle. In practice, this means payment screening is treated as a mandatory control by regulators even though it is not named as such in primary legislation. Firms that cannot demonstrate adequate screening controls during a supervisory review are likely to face regulatory findings regardless of the absence of a single named requirement.
A typical screening pass checks the sender, the beneficiary, any intermediary or correspondent banks involved, the countries connected to the payment, and the content of the payment message itself, including references and stated purpose. Each of these elements is checked against sanctions lists, PEP lists, adverse media, and internal watchlists maintained by the firm. The combination matters — a payment can clear sanctions screening individually on the sender and still warrant review if the destination country or counterparty bank raises a separate flag. This is why screening engines evaluate all these data points together rather than checking each one in isolation.
Common triggers include a name match against a sanctions or watchlist entry, exposure to a high-risk country, name similarities that surface through fuzzy matching even without an exact match, suspicious payment patterns, high-risk counterparties, and transaction behaviour that deviates from a customer's established pattern. Not every alert indicates wrongdoing — name similarity alerts in particular are often false positives caused by common names or transliteration variations. The investigation stage exists specifically to separate genuine sanctions or fraud risk from coincidental matches that simply look similar on the surface. Firms that document their reasoning at this stage, rather than clearing alerts with a one-line note, are in a much stronger position if a regulator later asks why a particular payment was released.
Sanctions screening is narrower and focuses specifically on identifying sanctioned individuals, entities, or countries against official lists such as the UK Sanctions List or the OFSI Consolidated List. Payment screening is the broader umbrella term and typically includes sanctions screening as one component, alongside PEP screening, adverse media checks, fraud risk indicators, and other AML controls applied to the same transaction. Put simply, every sanctions screen is part of payment screening, but not every element of payment screening is sanctions-related. Firms generally run both within the same screening engine rather than as separate disconnected checks.
Firms should update their sanctions data promptly whenever OFSI, the UN, or other relevant authorities publish changes, rather than waiting for a scheduled batch update. Automated, near-real-time list updates are widely regarded as best practice precisely because the gap between an official designation and a firm's screening list catching up is itself a window of regulatory exposure. Manual update processes that rely on staff checking for publication changes are increasingly viewed as inadequate by regulators given how quickly sanctions designations can be issued. Most modern screening platforms now handle this through automated data feeds rather than manual intervention.
False positives typically arise from overly broad fuzzy matching thresholds, common names that frequently appear on watchlists by coincidence, name transliteration differences across languages, and poorly calibrated risk scoring that treats too many transactions as high risk by default. While false positives are far less serious than false negatives from a regulatory standpoint, excessive alert volume creates real operational costs by slowing down legitimate payments and contributing to analyst alert fatigue. Risk-based tuning, better fuzzy matching algorithms, and AI-assisted prioritisation are the most common ways firms reduce false positive rates without simply loosening their screening thresholds. The goal is always to improve precision rather than to generate fewer alerts indiscriminately.
Yes. As the industry transitions from SWIFT MT messages to ISO 20022 XML messages, payment screening systems need to be able to parse and screen both formats accurately during what is likely to be an extended transition period across correspondent banking networks. ISO 20022 carries more structured data than legacy MT messages, which can actually improve screening accuracy once systems are fully adapted to use the additional fields. In the interim, firms running screening engines that only reliably parse one format risk either missing data in the other format or generating screening gaps during message translation. Confirming that a screening vendor supports both formats natively is an increasingly important vendor due diligence question.