Sanctions screening vs AML vs fraud
Sanctions screening, AML monitoring, and fraud detection answer different questions on different clocks — and confusing them causes real design mistakes.
L0 Explain simply
An everyday analogy: a nightclub runs three different checks. At the door, a bouncer compares each face against a short banned list — if you are on it, you do not come in, full stop. Inside, cameras watch how people behave over the evening and flag suspicious patterns for review tomorrow. Meanwhile, staff watch for pickpockets stealing from guests right now. Sanctions screening is the door check: a comparison against a list, with an immediate stop. Anti-money-laundering monitoring is the camera review: pattern analysis after the fact. Fraud detection is catching the pickpocket: protecting victims from theft in real time. The three share data but they are different jobs, done by different systems, on different clocks.
L1 Core concepts
Screening compares data — customer records, payment messages — against lists of names and indicators. Sanctions screening enforces a legal prohibition: a confirmed match stops the relationship or the payment, so it runs before or during processing. AML transaction monitoring looks for behaviour consistent with money laundering across many transactions and typically produces a report to authorities rather than an immediate stop. Fraud detection protects the customer and the bank from theft and manipulation. Related screening types sit alongside sanctions: politically exposed person (PEP) screening identifies customers who need enhanced due diligence — being a PEP is not prohibited — and adverse media screening surfaces negative news as a risk input. Only the sanctions match carries a hard legal stop.
L2 Practitioner view
The design consequences of the differences are concrete. Sanctions screening must sit in the payment path, which means latency budgets, hold queues, and staff available to clear alerts while payments wait; AML monitoring can run overnight on a data warehouse. False-positive economics differ too: a sanctions filter tuned too tight delays every payment, while an over-sensitive monitoring scenario wastes investigator time but delays nothing. Disposition rules differ — a PEP or adverse-media hit feeds a risk review and hardly ever stops a payment, whereas a potential sanctions match must hold the payment until resolved. Institutions vary in how they organise this: some run one screening utility for all list types, others keep sanctions separate precisely because its legal stakes and timing are unlike everything else.
L3 Technical details
The two controls occupy different points in the stack. Sanctions screening is a pre-execution gate: it intercepts each payment in flight, matches party fields and free text against list records, and answers pass-or-hold within a tight latency budget; an unresolved hit parks the payment in a hold queue, and a confirmed match ends in a freeze or reject disposition. AML transaction monitoring is a post-event pipeline: transactions accumulate in a data store, detection scenarios run across that history, and an alert that survives investigation ends in a suspicious activity or transaction report (SAR/STR) — the payment itself has usually long settled. Screening needs clean party data in each message; monitoring needs aggregates, counterparty links, and history. Banks run both: the gate sees no patterns, and the pattern engine cannot stop a prohibited payment before it leaves.
Sources & standards2
- Market practice
Wolfsberg Group Sanctions Screening Guidance ↗ — The Wolfsberg Group · Sanctions screening distinguished from transaction monitoring
Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.
- Official requirement
The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation ↗ — Financial Action Task Force · Reporting of suspicious transactions
Adopted in 2012 and updated regularly since; the June 2025 FATF plenary agreed revisions to Recommendation 16 on payment transparency. Consult the live consolidated text for the current wording.
Sources for this topic2
- Market practice
Wolfsberg Group Sanctions Screening Guidance ↗ — The Wolfsberg Group · Definition of sanctions screening and its place among financial-crime controls
Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.
- Simplified educational illustration
Payments Signal editorial teaching models — Payments Signal
What this simplifies: The nightclub analogy sharpens the contrast between controls; in practice the boundaries blur — some AML scenarios run near-real-time, some fraud controls block payments, and organisational structures vary widely between institutions.
Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.
Deepest material on this page: L3 — Technical details. Where a topic stops short of implementation depth, that is a deliberate coverage decision, not an oversight — see coverage.