GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX
COMPARE

Customer screening vs transaction screening

Customer screening checks the people and entities an institution banks against sanctions lists; transaction screening checks the payments flowing through it, including parties who are not customers at all. A sound programme needs both.

Customer screening vs transaction screening
DIMENSIONCustomer screeningTransaction screening
What gets screenedCustomer records: names, aliases, dates of birth, addresses, identification numbers, plus connected parties such as beneficial owners, directors, and signatories.Payment messages in flight: debtor, creditor, their agents and banks, addresses, and free-text fields such as remittance information — whatever the message actually carries.
When it runsAt onboarding, then on an ongoing basis — rescreening the whole customer base when lists change and when customer data changes.In real time, while the payment is being processed and before value is released.
Time pressureMeasured in hours or days: an alert queues for review without stopping the relationship in the meantime (unless risk demands it).Measured in seconds to minutes: an alert holds the payment, and on instant rails a slow decision is functionally a rejection.
Data quality availableThis is one reason ISO 20022's structured party fields matter to sanctions teams, and why MT-to-ISO truncation is a compliance issue, not just a formatting one.Relatively rich and structured: verified identity documents and KYC data give secondary identifiers (date of birth, nationality, ID numbers) that help eliminate false positives quickly.Only what the message contains — party data may be truncated, unstructured, or abbreviated, which weakens matching and makes free-text hits harder to assess.
Who it can catchOnly parties the institution has a relationship with and data about.Anyone named in the payment chain — including the counterparty's customer, other banks, and vessels or entities mentioned in remittance text — none of whom appear in the customer base.
What a confirmed hit triggersWhether funds must be rejected or blocked depends on the jurisdiction and sanctions programme involved — this is a legal determination, not a system default.Relationship-level action: refusing onboarding, restricting or freezing accounts, exiting the customer, and regulatory reporting.Payment-level action: rejecting the payment or blocking/freezing the funds, depending on the applicable regime, plus reporting obligations.
Volume and false-positive profileSpiky: a list update against millions of customers produces a large one-off alert batch that teams work through over days.Continuous: every payment generates a screening event, so even a small false-positive rate produces a steady stream of holds that directly delay customers.
Tuning leversIndustry guidance treats both as part of one risk-based programme with documented tuning and testing, but the concrete configuration differs per institution.Match thresholds, secondary-identifier logic, and rescreening scope — tuned against the institution's own customer data.Field-level rules (which message elements to screen), stop-word and free-text handling, and list scoping per rail — tuned against live payment traffic.
Sources for this comparison2
  1. Market practice

    Wolfsberg Group Sanctions Screening GuidanceThe Wolfsberg Group · customer and transaction screening chapters

    Industry guidance on the elements of an effective sanctions screening programme: the risk-based approach, list management, matching technology, alert generation, and alert handling. · Checked 2026-07-12

    Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.

  2. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    What this simplifies: Institutions divide these controls differently — some screen customers transactionally at payment initiation, and hybrid architectures exist. Timings and volume patterns are typical orders of magnitude, not benchmarks.

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.