Your Global Remittance Business Starts Here — Launch Across the US, UK, Canada, Australia & Eurozone. Explore details →
✦ Compliance & Regulation · UK AML Guide

Payment Screening Process in the UK
Complete Guide for AML Compliance in 2026

How UK banks, EMIs, PIs, MSBs, and remittance firms screen payments against sanctions, PEPs, and fraud risk before funds move — and what the FCA expects to see.

⏱ 12 min read Abhishek Agarwal 🏢 RemitSo

Every second, thousands of payments move through the UK's financial system — a customer sending money to Europe, a business settling an overseas invoice, a fintech clearing hundreds of cross-border transfers, a remittance company reconciling positions across currencies. Each of those payments happens in seconds, but each one also carries a question regulators expect every firm to answer before the funds move: is this beneficiary sanctioned, is this sender who they claim to be, and could this transaction breach UK sanctions law? For UK-regulated firms, payment screening is no longer a back-office nicety — it is a core regulatory obligation, and getting it wrong carries real consequences. This guide explains how the payment screening process works in the UK, what regulators expect, where firms most often struggle, and how modern technology is changing what "good" looks like.

AI Overview

Payment screening is one of the most important AML controls for UK financial institutions, payment firms, Electronic Money Institutions (EMIs), Money Service Businesses (MSBs), banks, fintechs, and remittance companies. It involves screening every payment transaction — including the sender, beneficiary, intermediaries, payment messages, and destination countries — against sanctions lists, politically exposed persons (PEPs), adverse media, and internal watchlists before the payment is processed. In the UK, this activity sits within a framework that includes the Money Laundering Regulations 2017, the Proceeds of Crime Act, the Terrorism Act 2000, the Sanctions and Anti-Money Laundering Act 2018, OFSI guidance, and the FCA's Financial Crime Guide. Modern systems combine real-time sanctions screening, transaction monitoring, risk scoring, and fuzzy name matching to detect sanctions violations, money laundering, and suspicious transactions before funds leave the financial system.

Quick Answer
  • Payment screening checks every payment — sender, beneficiary, banks, and message data — against sanctions, PEP, and watchlist data before the payment is processed.
  • UK obligations are shaped by the Money Laundering Regulations 2017, POCA, the Terrorism Act 2000, the Sanctions and AML Act 2018, OFSI guidance, and the FCA Financial Crime Guide.
  • Banks, EMIs, Payment Institutions, MSBs, remittance firms, fintechs, and regulated cryptoasset firms are all expected to maintain payment screening controls.
  • The process typically runs through six stages: data capture, name screening, country risk assessment, transaction analysis, risk scoring, and investigation/decision.
  • False positives, false negatives, name transliteration, and ISO 20022 migration are the most common operational challenges firms face today.
⚠ A note on the regulatory references in this guide: UK AML and sanctions law does not define a single statute called "payment screening." The obligation to screen payments is inferred from a combination of the Money Laundering Regulations 2017, the Sanctions and Anti-Money Laundering Act 2018, OFSI's general guidance on financial sanctions, and the FCA's supervisory expectations set out in its Financial Crime Guide. This article describes how firms commonly interpret and operationalise those obligations. It is not legal advice — firms should confirm current requirements with their legal and compliance advisers, the FCA, and OFSI directly.

What Is Payment Screening?

Payment screening is the real-time assessment of a payment transaction, and every party connected to it, before that payment is executed. It differs from customer onboarding screening, which typically checks a customer once or on a periodic review cycle — payment screening evaluates every individual transaction as it happens, regardless of how long the customer relationship has existed. The objective is straightforward: prevent illicit funds from entering or leaving the financial system before they actually move.

A payment screening engine typically analyses the originator, the beneficiary, intermediary and correspondent banks, payment references, SWIFT MT and ISO 20022 message content, the stated purpose of payment, the countries involved, the transaction amount, the customer's risk profile, and internal watchlists alongside external sanctions databases. When a payment matches a sanctions list entry or otherwise appears suspicious, the transaction is automatically held for manual review rather than allowed to settle.

Why Payment Screening Matters in the UK

The UK remains one of the world's largest financial centres, and billions of pounds move daily through banks, challenger banks, EMIs, Payment Institutions, PSPs, fintechs, FX providers, money transfer operators, and remittance companies. That sheer volume is exactly what makes UK payment rails attractive to criminals attempting to launder illicit funds, evade sanctions, finance terrorism, commit fraud, move proceeds of cybercrime, or circumvent international financial restrictions.

Note: Regulators assess the adequacy of a firm's screening controls independently of whether any individual payment turns out to be criminal. A firm with thin documentation and inconsistent screening practices can face supervisory action even where no actual sanctions breach occurred — the control failure itself is the finding.

UK Regulations Governing Payment Screening

Payment screening obligations in the UK are not set out in a single piece of legislation. Instead, they emerge from several overlapping legal and regulatory frameworks that together shape what regulators expect a firm's screening controls to look like.

UK Frameworks Shaping Payment Screening
Regulation / GuidancePurpose
Money Laundering Regulations 2017 (as amended)Customer due diligence and AML controls
Proceeds of Crime Act (POCA)Criminal property reporting obligations
Terrorism Act 2000Terrorist financing prevention
Sanctions and Anti-Money Laundering Act 2018UK's post-Brexit sanctions regime
OFSI GuidanceImplementation of financial sanctions
FCA Financial Crime GuideSupervisory AML expectations
JMLSG GuidanceIndustry-recognised best practice
UK Financial Sanctions RegulationsAsset freezes and sanctions compliance

Figure 1: The overlapping UK frameworks that together inform payment screening obligations. No single statute uses the term "payment screening" — the requirement is assembled from these sources.

Which Businesses Must Conduct Payment Screening?

Payment screening is expected across a wide range of UK-regulated sectors: banks, Electronic Money Institutions, Payment Institutions, Money Service Businesses, remittance companies, foreign exchange providers, fintech companies, challenger banks, building societies, correspondent banking providers, cryptoasset firms regulated under the Money Laundering Regulations, and wealth management firms. The common thread across all of these sectors is that each one moves customer funds across accounts, currencies, or borders — and each one is therefore exposed to the risk of facilitating a prohibited or suspicious transaction if screening controls are inadequate.

How the Payment Screening Process Works

An effective payment screening framework typically runs through six stages, from the moment payment data is captured through to a final investigation decision.

The Six-Stage Payment Screening Process
01
Capture payment data
The system collects sender and beneficiary details, account numbers, IBANs, SWIFT codes, payment purpose, currency, country, and reference information. Data quality matters here more than anywhere else in the process — incomplete records are one of the most common causes of false negatives downstream.
02
Name screening
Names are screened against the UK Sanctions List, the OFSI Consolidated List, UN sanctions lists, PEP databases, adverse media, internal blacklists, and law enforcement databases, with fuzzy matching applied to catch spelling variations and aliases.
03
Country risk assessment
The payment is evaluated against high-risk jurisdiction lists, the FATF grey and black lists, sanctions exposure, corruption risk, and broader geographic money laundering or terrorist financing risk. Cross-border payments generally receive a higher level of scrutiny by default.
04
Transaction analysis
The system analyses payment amount, velocity, frequency, historical customer behaviour, counterparty relationships, and unusual payment patterns. Behavioural analytics catch suspicious activity that sanctions screening alone is not designed to detect.
05
Risk scoring
Each payment receives a risk score built from customer risk, country risk, product risk, delivery channel, payment type, and transaction behaviour. Higher-risk payments are automatically escalated for manual review rather than left to clear on their own.
06
Investigation and decision
Compliance analysts review the alert and decide whether to approve the payment, reject it, request further information, freeze funds where legally required, or submit a Suspicious Activity Report to the UK Financial Intelligence Unit where appropriate.

Figure 2: The six stages most UK payment screening frameworks follow, from initial data capture through to a documented decision.

Screening Payments Across Disconnected Tools?

See how RemitSo brings sanctions screening, risk scoring, and case investigation into one workflow.

Talk to Our Compliance Team →

Core Components of an Effective Screening Framework

Real-Time Screening

Payments should be screened before settlement, not after, so that a prohibited transaction can actually be stopped rather than merely flagged retrospectively once the funds have already moved.

Sanctions Screening

This means screening against OFSI's lists, the UK sanctions regime, UN sanctions, and other relevant international sanctions regimes where the payment's parties or corridor warrant it.

PEP Screening

Identifying politically exposed persons and their close associates allows firms to apply the enhanced due diligence regulators expect for higher-risk relationships.

Adverse Media Screening

Checking for customers or counterparties linked to corruption, fraud, organised crime, or terrorist financing in public reporting adds a layer of risk detection that static sanctions lists alone do not provide.

Transaction Monitoring Integration

Payment screening works best as one layer within a broader control framework — it should complement, not replace, ongoing transaction monitoring of customer behaviour over time.

Audit Trail

Every screening decision, escalation, and resolution should be fully documented, since this is precisely the evidence the FCA and other UK authorities will ask to see during a supervisory visit or thematic review.

Common Challenges in Payment Screening

Even well-resourced compliance teams run into recurring operational difficulties. Poor matching logic generates excessive false positives, which drives up operational cost and slows down legitimate payments for customers. The opposite failure — false negatives caused by weak matching algorithms that miss genuinely sanctioned entities — creates significant regulatory exposure that is far more serious than alert fatigue.

Cross-border payments add further complexity, since each transaction can touch multiple jurisdictions, different sanctions regimes, varying messaging standards, and currency conversions, with every additional layer compounding the screening challenge. Name transliteration is a related and persistent problem: Arabic, Russian, Chinese, and other non-Latin names often have multiple valid spellings in Latin script, and only modern fuzzy matching meaningfully improves detection rates in these cases. The ongoing industry migration from SWIFT MT messages to ISO 20022 XML messages means screening systems now need to support both formats reliably during the transition period, and firms that generate thousands of alerts daily without effective prioritisation risk alert fatigue, where analysts become overwhelmed and genuinely high-risk cases get lost in the volume.

Best Practices for Payment Screening in 2026

Leading firms continuously improve their screening capabilities through risk-based screening thresholds rather than one-size-fits-all rules, AI-assisted alert prioritisation, continuous sanctions list updates, behavioural analytics layered on top of static matching, real-time transaction monitoring, independent model validation, regular tuning exercises, comprehensive audit logging, ongoing staff training, and clear governance and oversight structures. The objective is never to eliminate alerts entirely — that would simply mean the controls are too loose — but to improve the accuracy and quality of the alerts that are generated, so that compliance resources go toward genuinely risky payments rather than noise.

Note: A screening system that generates very few alerts is not necessarily a well-tuned one. It may simply be under-screening. Regular independent validation against known sanctions test cases is the only reliable way to confirm a low alert volume reflects good tuning rather than a detection gap.

Payment Screening vs. Transaction Monitoring

Although the two terms are often used interchangeably, payment screening and transaction monitoring serve different functions within the same AML framework.

Payment Screening vs. Transaction Monitoring
Payment ScreeningTransaction Monitoring
Happens before payment executionHappens during or after transactions
Screens sanctions and counterpartiesDetects suspicious behavioural patterns
Focuses on individual paymentsFocuses on customer activity over time
Prevents prohibited paymentsDetects money laundering typologies
Supports sanctions complianceSupports AML investigations

Figure 3: Payment screening and transaction monitoring are complementary, not interchangeable — most mature AML programmes run both side by side.

How Modern Technology Improves Payment Screening

Modern RegTech platforms improve payment screening by offering real-time screening with API integration, automated sanctions list updates, machine learning-assisted name matching, explainable risk scoring that compliance teams can defend to a regulator, workflow automation, integrated case management, dashboard reporting, comprehensive audit trails, and regulatory reporting support. Together, these capabilities reduce the manual effort required from compliance analysts while measurably improving detection outcomes — a combination that purely manual or rules-only screening approaches struggle to deliver at scale.

How RemitSo Supports Payment Screening

For UK-regulated payment firms, remittance providers, and fintechs, building payment screening as a bolt-on to an existing platform often creates exactly the kind of fragmented controls that regulators flag during supervisory review. RemitSo's white-label remittance platform builds real-time sanctions screening directly into the payment flow, covering more than 40,000 records across eight or more global watchlists with fuzzy matching and alias detection designed to catch the transliteration and spelling-variation issues described earlier in this guide.

Risk-calibrated transaction monitoring across 55-plus indicators works alongside that screening layer, while tiered KYC and eKYC workflows, structured case management, and audit-ready documentation give compliance teams the evidence trail UK regulators expect to see during a review. Firms evaluating their current payment screening setup can review RemitSo's AML consulting services for a tailored assessment.

Built for Defensible, Real-Time Payment Screening

RemitSo gives UK-regulated MTOs, EMIs, and fintechs integrated sanctions screening, risk scoring, and case management — without stitching together separate vendors.

  • Real-time sanctions screening across 8+ global lists
  • Fuzzy matching and alias detection built in
  • 55+ indicator, risk-calibrated transaction monitoring
  • Tiered KYC/eKYC from standard through full EDD
  • Centralized case workspace with full audit trails
  • White-label platform, fully brand-independent

Frequently Asked Questions

What Compliance Teams Ask About UK Payment Screening

Payment screening is the process of checking a payment transaction, and every party connected to it, against sanctions lists, PEP databases, adverse media, internal watchlists, and other AML risk indicators before the payment is processed. It differs from one-off or periodic customer screening because it evaluates every individual transaction at the point of execution rather than relying solely on checks performed when the relationship was opened. The goal is to stop a prohibited or suspicious payment before funds actually move, rather than discovering the issue afterward. For UK-regulated firms, this makes payment screening one of the most operationally important AML controls in daily use.

There is no single UK statute that uses the term "payment screening" and prescribes one specific technical process. However, UK-regulated firms are expected, under the Money Laundering Regulations, sanctions legislation, and FCA supervisory expectations, to have effective controls in place that identify and prevent prohibited or suspicious transactions before they settle. In practice, this means payment screening is treated as a mandatory control by regulators even though it is not named as such in primary legislation. Firms that cannot demonstrate adequate screening controls during a supervisory review are likely to face regulatory findings regardless of the absence of a single named requirement.

A typical screening pass checks the sender, the beneficiary, any intermediary or correspondent banks involved, the countries connected to the payment, and the content of the payment message itself, including references and stated purpose. Each of these elements is checked against sanctions lists, PEP lists, adverse media, and internal watchlists maintained by the firm. The combination matters — a payment can clear sanctions screening individually on the sender and still warrant review if the destination country or counterparty bank raises a separate flag. This is why screening engines evaluate all these data points together rather than checking each one in isolation.

Common triggers include a name match against a sanctions or watchlist entry, exposure to a high-risk country, name similarities that surface through fuzzy matching even without an exact match, suspicious payment patterns, high-risk counterparties, and transaction behaviour that deviates from a customer's established pattern. Not every alert indicates wrongdoing — name similarity alerts in particular are often false positives caused by common names or transliteration variations. The investigation stage exists specifically to separate genuine sanctions or fraud risk from coincidental matches that simply look similar on the surface. Firms that document their reasoning at this stage, rather than clearing alerts with a one-line note, are in a much stronger position if a regulator later asks why a particular payment was released.

Sanctions screening is narrower and focuses specifically on identifying sanctioned individuals, entities, or countries against official lists such as the UK Sanctions List or the OFSI Consolidated List. Payment screening is the broader umbrella term and typically includes sanctions screening as one component, alongside PEP screening, adverse media checks, fraud risk indicators, and other AML controls applied to the same transaction. Put simply, every sanctions screen is part of payment screening, but not every element of payment screening is sanctions-related. Firms generally run both within the same screening engine rather than as separate disconnected checks.

Firms should update their sanctions data promptly whenever OFSI, the UN, or other relevant authorities publish changes, rather than waiting for a scheduled batch update. Automated, near-real-time list updates are widely regarded as best practice precisely because the gap between an official designation and a firm's screening list catching up is itself a window of regulatory exposure. Manual update processes that rely on staff checking for publication changes are increasingly viewed as inadequate by regulators given how quickly sanctions designations can be issued. Most modern screening platforms now handle this through automated data feeds rather than manual intervention.

False positives typically arise from overly broad fuzzy matching thresholds, common names that frequently appear on watchlists by coincidence, name transliteration differences across languages, and poorly calibrated risk scoring that treats too many transactions as high risk by default. While false positives are far less serious than false negatives from a regulatory standpoint, excessive alert volume creates real operational costs by slowing down legitimate payments and contributing to analyst alert fatigue. Risk-based tuning, better fuzzy matching algorithms, and AI-assisted prioritisation are the most common ways firms reduce false positive rates without simply loosening their screening thresholds. The goal is always to improve precision rather than to generate fewer alerts indiscriminately.

Yes. As the industry transitions from SWIFT MT messages to ISO 20022 XML messages, payment screening systems need to be able to parse and screen both formats accurately during what is likely to be an extended transition period across correspondent banking networks. ISO 20022 carries more structured data than legacy MT messages, which can actually improve screening accuracy once systems are fully adapted to use the additional fields. In the interim, firms running screening engines that only reliably parse one format risk either missing data in the other format or generating screening gaps during message translation. Confirming that a screening vendor supports both formats natively is an increasingly important vendor due diligence question.

Ready to Strengthen Your Payment Screening Controls?

Get real-time sanctions screening, risk scoring, and case management built into your platform from day one.

Talk to RemitSo →

UAE AML Fines and Penalties 2026: Complete Guide for Financial Institutions & DNFBPs

Continue Reading

AML Investigation and Case Management for MTOs: How to Detect, Investigate, and Report Money Laundering Effectively

Continue Reading

WhatsApp Icon