AML, Sanctions & PEP Screening¶
UAE and Saudi regulated firms must screen their clients against sanctions and politically-exposed-person (PEP) lists and keep an auditable record of having done so. Scroll builds that into the platform: it screens a name against global lists, surfaces scored matches, lets you record a determination, assigns a risk rating, and keeps a tamper-evident audit record, with a Compliance inbox and automatic re-screening so nothing goes stale.
How it works¶
Screen a subject (the client, or a named owner / director you add)
→ match against global sanctions + PEP lists (OpenSanctions)
→ scored matches, each with the list it came from and why (sanction, PEP, ...)
→ status: clear | needs review | flagged risk: low | medium | high
→ you review the matches and record a decision (cleared / true match / false positive)
→ the result is stored as a dated, hashed audit record
→ re-screened automatically on a schedule, because the lists change constantly
It is decision-support: Scroll surfaces the matches and records your determination, a human always decides whether a hit is a true match or a false positive.
Screening a client and its owners¶
On a client's page, the Sanctions & PEP screening panel lets you:
- Screen now (the client entity or person), and
- Screen another name for beneficial owners, directors, or signatories, matching real AML practice where the firm screens the people behind an entity, not just the entity.
Each result shows the matched entries with a confidence score and the list and topics they came from, links to verify at the source, and Confirm match / False positive actions that record your decision and who made it.
| Status | Meaning |
|---|---|
| Clear | No significant match. |
| Needs review | A possible match or a PEP hit, a human should look. |
| Flagged | A strong sanctions match, or a match you confirmed. |
New clients are screened automatically when you add them, and a client can carry a risk rating (low, medium, high) derived from the result.
The Compliance inbox¶
A dedicated Compliance view lists every client by screening status, with flagged and needs-review clients first, plus a count of those overdue for re-screening (never screened, or last screened over 90 days ago). It is jurisdiction-scoped by the topbar selector, and a sidebar badge shows how many clients are currently flagged. A daily job re-screens stale clients so the lists you are checked against are always current.
Data source and privacy¶
Screening uses OpenSanctions, a consolidated, continuously-updated dataset of global sanctions, watchlists, and PEPs. Screening sends the subject's name to the matching service, a name check, which is standard for screening tools. For firms with strict data-residency requirements, the same matching engine can be self-hosted so no names leave your own infrastructure, configured with a single setting and no code change.
Every screening is kept as a hashed, dated audit record showing what was checked, what matched, the determination, and who made it, the evidence a regulator expects.