How AML screening and monitoring work

Explore AML screening and monitoring algorithms in Sumsub.

At Sumsub, we offer a comprehensive AML/KYC compliance software solution designed to help businesses automate and optimize their entire compliance flow—from customer onboarding to continuous monitoring and reporting.

Our AML solution features include:

  1. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) for individuals.
    • Collection and verification of customer identity documents, such as passports and ID cards, with the help of advanced OCR (Optical Character Recognition) technology and biometric checks to confirm that the document is authentic and belongs to the applicant.
    • Validation of the extracted data, such as name, address, date of birth, or other identifying details, against trusted databases.
  2. Business verification (KYB) services.
    • Corporate document verification. Analyzing official documents such as certificates of incorporation, business licenses, and tax identification numbers to verify the legitimacy of a business.
    • Ownership structure analysis. Mapping out the ownership structure of a company to identify beneficial owners and assess potential risks associated with them.
    • Cross-referencing with databases. Checking business entities against global databases to ensure they are not listed on sanctions lists or involved in fraudulent activities.
  3. Automated screening against global sanctions, watchlists, and PEP databases.
    • Real-time screening. Automated systems continuously check customer data against a wide array of global sanctions lists, watchlists including OFAC and EU sanctions, and Politically Exposed Persons (PEP) databases.
    • Ongoing monitoring. Screening algorithms are regularly updated to include the latest sanctions and watchlist entries to ensure compliance with evolving regulations.
    • Case management system. A unified platform that lets you assign, investigate, escalate, and resolve AML cases in a few clicks.
  4. A dynamic risk scoring system that evaluates customers based on various parameters such as AML screening results, transaction history, geographic risk factors, and behavioral patterns.
  5. Ongoing transaction monitoring with customizable risk scenarios.
    • Automated monitoring. Continuous surveillance of customer transactions to detect unusual patterns or behaviors that may indicate potential money laundering or fraud.
    • Customizable risk scenarios. Specific risk scenarios tailored to your operations, such as thresholds for transaction amounts or frequency of transactions that trigger alerts.
    • Alerts. Notifications sent to your compliance team when a transaction meets predefined risk criteria.
    • Reporting. Detailed reports generated for audit purposes or regulatory submissions.
    • Applicant actions. Customizable actions for all or groups of customers based on the triggered rules, including sending questionnaires to PEPs to help you fulfill your EDD obligations.
  6. Non-Doc Verification that eliminates the need for applicants to upload any documents, as the verification is performed based on the document number.
  7. Compliance reporting. Generation of detailed AML screening reports that include:
    • Sanctions, PEP, and adverse media results,
    • Risk categorization and status (e.g., True Positive, Potential Match, False Positive),
    • Decision history and actions taken.
      Reports are automatically stored and can be exported in PDF or JSON formats for audit purposes.
  8. Workflow automation that quickly adapts to changing risk levels. Compliance officers can review flagged matches in the Dashboard and take actions such as:
    • Approve, escalate, or decline applicants based on risk assessment,
    • Request additional documentation if necessary.
  9. Detailed audit trails for complete transparency and accountability. The system logs all review decisions and updates status changes for full auditability.
  10. Dashboard analytics that provides compliance teams with real-time insights into verification performance and applicant activity.
    • Key Metrics. Tracks checked applicants, median processing time, rejections, and country distribution.
    • Visual Data Representation. Includes pie charts, line/bar graphs, and interactive breakdowns of verification trends.
    • Customization. Allows filtering by time periods, data types, and visualization formats.
    • Audit & Compliance. Logs user activity, applicant document uploads, and review history.
      Your team can also request a custom graph or table by contacting your customer success manager.

The following types of watchlist screening are available:

  • Information-based. Textual data, such as the applicant name and date of birth received from the applicant, is matched against a comprehensive set of watchlists in order to find/exclude a match.
  • Document-based. The name and date of birth are extracted from the identity document that was uploaded by the applicant.

In both cases, fuzzy logic is involved to ensure that no spelling variations of the applicant’s name are overlooked.

Step-by-step flow

AML screening is usually performed as follows:

  1. Sumsub extracts the applicant data from the provided documents or applicant input.

📘

Note

The AML check is conducted for Applicants that have passed all the other required checks successfully and were approved by the system.

  1. Depending on your settings, Sumsub utilizes Comply Advantage, Quantifind, or World-Check-One to screen the applicant and find the individuals that are:
    • Known or suspected terrorists,
    • Sanctioned persons,
    • Politically exposed persons (PEPs),
    • Persons with a criminal background,
    • Persons mentioned in adverse media.
  2. Data from various sanctions and watchlists is compared against the applicant profile to establish a match. Various matching technologies are involved to ensure that no variations of the applicant’s name or the mention’s sentiment are overlooked.

Below, you will find a list of matches available in Sumsub.

Match typeDescription
True positiveApplicant data exactly matches one or several watchlist records. The full DOB of the applicant, along with their name, matches one or several watchlist records, but the middle name is omitted/abbreviated.
Potential matchThe name of the applicant matches one or several watchlist records, but the age/year of birth data is missing, or the applicant is suspected of committing a crime. When two of three words in the applicant's name match one or several watchlist records, along with their year of birth or age.
False positiveApplicant data doesn't match the source, or it matches, but the context clearly shows the person doesn't pose any threat.
UnknownThe applicant's name in the document contains only one word. There can also be cases with the matching of the applicant's common name and an abundance of matches. In such tricky cases, the Sumsub client makes the final decision regarding the applicant.

Real-life examples:

CaseStatusNext action
The applicant's name is not found in any of the sources.N/AThe applicant is automatically approved.
Applicant data exactly matches in one or several watchlist records.True positiveThe applicant is either declined or assigned the Requires action status and then delegated to the client compliance officers for further processing. The action depends on the customer's settings.
Applicant data matches the watchlist record, but the record does not include criminal or suspicious information about the person. For example, if the applicant is a crime journalist, and their name features on the article as an author.False positiveThe applicant is assigned the Approved status.
Applicant data matches the watchlist record exactly, but additional information clearly shows that the applicant and the person on the record are different people.False positiveThe applicant is assigned the Approved status.
Name of the applicant matches one or several watchlist records, but the age/year of birth data is missing, or the applicant is suspected of committing a crime.Potential matchThe applicant is assigned the Declined status or Requires action status and then delegated to the client compliance officers for further processing.
The applicant name contains just one word.
There can also be cases with the matching applicant common name and an abundance of matches.
UnknownThe applicant is assigned the Declined status or Requires action status and then delegated to the client compliance officers for further processing.

Examples:

  • False positive. The applicant's name matches one or several watchlist records, but their DOB/age is different.
  • True positive. The applicant's name partially matches one or several watchlist records, and DOB/age matches these too, but the middle name is abbreviated.
  • Potential match. Two of three words in the applicant's full name match one or several watchlist records, and their DOB/age matches these too.

If applicants are declined based on a watchlist match, they are assigned a respective rejection tag depending on the source where the match was found:

  • Sanctions
  • PEP
  • Criminal records
  • Adverse Media
  • On demand, the system can be set to delegate borderline cases to the client compliance officers for manual processing.

Adverse Media categories

General tags

Subcategories

FATF & EU AML Directive 22 predicate offences

Adverse Media General

General AML/CFT

  • Bribery

  • Graft

  • Kickbacks

  • Political corruption

  • Organized crime

  • Criminal association

  • Racketeering

  • Smuggling (excl. drugs, money, people or guns/weapons/arms)

  • Poaching

  • Illegal logging

  • Animal cruelty

  • Corruption

  • Other environmental crime

  • People smuggling

  • Migrant smuggling

  • Smuggling of animals

  • Illegal pollution/waste

  • GMigrant trafficking

  • Sanctions violation/risk/connection

  • Tax-related smuggling

Adverse Media Financial Crime

Financial AML/CFT

  • Money laundering

  • Insider trading

  • Tax-related offenses

  • FTax evasion

  • Market manipulation

Financial Difficulty

  • Bankruptcy

  • Financial difficulty

  • Unexpected resignation of CFO

  • Layoff /retrenchments/furloughs

  • Store closures

  • Late payment to creditors

Other Financial

  • Loan sharking

  • Usury

  • Predatory lending

  • Questionable billing practices

  • Non-specific financial crime

  • Tax avoidance (not illegal)

  • Creative accounting

Adverse Media Narcotics

Narcotics AML/CFT

  • Drug trafficking

  • Drug distribution

  • Drug production

  • Drug dealing

Adverse Media Fraud

Fraud-linked

  • Fraud

  • Scams

  • Swindles

  • Counterfeiting

  • Forgery

  • Identity theft

  • Impersonation

  • Mortgage fraud

  • Identity fraud

  • Corporate fraud

  • Electronic fraud (E-fraud)

  • Misrepresentation

  • VAT fraud

  • Counterfeiting currency

  • Residential fraud

  • Non-specified fraud

Adverse Media Violent crime

Violence AML/CFT

  • Kidnapping

  • Abduction

  • Held against the will

  • Murder (Committed, planned, or attempted)

  • Child pornography

  • People trafficking

  • Organ trafficking

  • Arms trafficking

  • Homicide

  • Assassination

  • Coercion

  • Child sexual abuse

  • Pimping

  • Sex trafficking

  • Human trafficking

  • Slavery

  • Sexual exploitation (incl. of children)

  • Grievous bodily harm/injury

  • Illegal restraint

  • Hostage-taking

  • Extortion

  • Robbery

  • Child trafficking

  • Illegal possession of guns, weapons, or explosives

  • Illegal sale of guns, weapons, or explosives

Adverse Media Violence NON AML/CFT

  • Rape

  • Sexual abuse

  • Pedophilia

  • Assault

  • Battery

  • Domestic abuse

  • Elder child abuse

  • Physical abuse

  • Domestic violence

  • Molestation

  • Sexual harassment

  • Purposeful transmission of HIV

  • Human rights abuses by state and non-state actors

  • Genocide

  • War crimes

  • Massacres

  • Torture

  • Illegal pornography

  • Manslaughter

  • Other violent crime

  • Other sexual crime

Adverse Media Terrorism

Terrorism

  • Terrorist-related

  • Member of a terrorist organization

  • Terrorist attack

  • Terror/terrorist financing

  • Aiding of terrorists/terrorism

  • Cyberterrorism

  • Political terrorism

  • Terroristic oppression

Cybercrime

  • Computer-related cybercrime

  • Illegal access to information systems

  • Illegal system interference

  • Illegal data interference

  • Illegal interception

Other crimes

Adverse Media Other Serious

  • Perjury

  • Obstruction of Justice

  • False filings

  • False statements

  • Fugitive

  • Election interference

  • Escaped from imprisonment

  • Arson

  • Spying

  • Espionage

  • Treason

  • Civil disorder

Adverse Media Other Minor

  • Possession of drugs

  • Possession of drug paraphernalia

  • Illegal prostitution

  • Misconduct

  • Vandalism

  • False advertising

  • Drug possession

  • Labour abuse

  • DUI (Driving under the influence)

  • Health & safety issue

  • Human resource issue/dispute

  • Litigation

  • Security related issue

  • Minor-sounding, difficult-to-classify offences

  • Non-specific crime

  • Conspiracy for a non-specific crime

Adverse Media Regulatory

  • Antitrust

  • Price fixing

  • Illegal gambling

  • Forfeiture

  • Denied entity

  • Anti-competitive issues

  • Product dumping

  • Regulatory issues

  • Regulatory breach

  • Greenmail

  • Churning

  • Regulatory fines

  • Collusion

  • Industry sanctions/fine /discipline

  • Securities violations

The above tags are used for filtering, classifying, and prioritizing applicant reviews. To learn more about applicant tags, refer to this article.