By: Money Navigator Research Team
Last Reviewed: 21/01/2026
FACT CHECKED
Quick Summary
A “flag” during PEP or sanctions screening is usually an alert that requires checks to confirm whether the match is real and relevant – not a conclusion about wrongdoing.
A PEP flag commonly leads to enhanced due diligence steps being applied proportionately, while a sanctions match is treated far more strictly because it can create legal restrictions on dealing with funds and services.
During review, some firms may pause onboarding, restrict certain activity, or hold payments while they resolve the match and document decisions.
This article is educational and not financial advice.
PEP vs sanctions flags: why they behave differently
PEP flags are risk-based
PEP (politically exposed person) status is about whether someone holds (or held) a prominent public function, or is a family member / known close associate.
UK rules require firms to identify PEPs and apply enhanced measures that are proportionate to the assessed risk, with a lower-risk starting point in law for domestic PEPs where no other enhanced risk factors are present.
For practical context on how firms are expected to apply this proportionately, see the FCA’s published guidance on the treatment of politically exposed persons (Finalised Guidance FG25/3): FCA guidance on the treatment of politically exposed persons (FG25/3).
Sanctions flags are rules-based
Sanctions screening is different because it is tied to legal restrictions (for example, asset freezes) rather than a risk assessment alone. If a firm believes a person or entity may be designated, controls can become strict quickly while the match is resolved.
For the baseline framework, see: UK financial sanctions general guidance (OFSI, HM Treasury).
Why directors and PSCs are screened
Banks and payment firms screen not just the business – they screen the people who control it. That includes directors and PSCs because they are key to ownership and control, and the rules cover customers and beneficial owners for PEP purposes.
If your PSC details change (or ownership is restructured), that often triggers re-checks and re-verification. Related background: Beneficial ownership and PSC changes: bank re-verification.
What “flagged” usually means in real terms
Most screening systems generate alerts on partial matches (similar names, aliases, incomplete identifiers). A flag usually means one of these:
Potential match: the system found something similar enough to review.
Insufficient identifiers: the firm needs more data points to confirm or clear the alert.
Policy routing: the case moves into a structured workflow (triage > evidence > decision > monitoring).
This fits into the broader restrictions/review cycle described here: Bank compliance reviews explained: why UK business accounts get restricted.
What happens after a director/PSC is flagged: the typical workflow
1) Triage: is it PEP, sanctions, or a data collision?
PEP triage typically asks: does the person meet the definition, and if so is it domestic or non-domestic, and are there other enhanced risk factors?
Sanctions triage asks: could this be a designated person or closely connected entity, based on identifiers and list data?
2) Identity resolution: confirm or clear the match
Common checks include:
Full name variants and aliases
Date of birth and nationality
Address history
Corporate role details (director vs PSC vs authorised user)
Documentary or reliable corroboration
3) Enhanced due diligence or sanctions control escalation
If PEP is confirmed, enhanced measures are applied proportionately (for example, senior approval and deeper source-of-funds / source-of-wealth context, depending on risk).
If sanctions risk cannot be cleared, controls may tighten while the firm ensures it is not dealing contrary to restrictions.
4) Operational outcome
Outcomes generally fall into:
Cleared alert (false positive)
Confirmed PEP with proportionate enhanced measures and monitoring
Sanctions match cleared (data collision resolved)
Sanctions match confirmed leading to restrictions consistent with sanctions controls and any relevant reporting/licensing pathways
For sanctions list data context, see: The UK Sanctions List (GOV.UK publication).
Scenario Table
| Scenario | Outcome | Practical impact |
|---|---|---|
| Director name similar to a PEP profile | Alert reviewed; match cleared or confirmed | Onboarding can slow; extra questions or evidence requests |
| PSC confirmed as a domestic PEP | Enhanced measures applied proportionately | Relationship may continue with additional monitoring and documentation |
| Director is a family member / known close associate of a PEP | Enhanced measures applied proportionately | Ownership/control context may be scrutinised more closely |
| Sanctions alert triggered on a director/PSC | Match-resolution escalated | Payments or features may be paused while identifiers are verified |
| Confirmed designation under a sanctions regime | Restrictions applied consistent with sanctions controls | Transactions may be blocked or frozen in line with legal restrictions |
What firms may ask for after a PEP flag (and why)
A confirmed PEP status commonly triggers enhanced measures that look like “EDD” in practice. That can include more detailed questions about:
The business model and expected activity
Ownership and control
Why funds are moving through the account in certain patterns
The context behind larger or unusual flows
Two useful internal explainers for how banks frame this information are:
For typical onboarding verification material that may be reused during reviews, see: What documents banks check for business bank accounts.
Sanctions screening: a specific change on 28 January 2026
From 9am (UK time) on Wednesday 28 January 2026, the UK government’s publication approach changes so the UK Sanctions List becomes the only list that details sanctions designations, and the OFSI consolidated list/search tool stops being updated. This is described here: Moving to a single list for UK sanctions designations (28 January 2026).
For data/format specifics used by screening systems, see: Format guide for the UK Sanctions List.
Why explanations may be limited during a live review
Some customer communications are constrained where disclosure could prejudice an investigation. In the regulated sector, offences can apply around “tipping off” in certain contexts.
Primary legislation reference: Proceeds of Crime Act 2002 – section 333A (tipping off: regulated sector).
This does not mean every restriction relates to a report or investigation. It does help explain why messages can be generic while a case is being resolved and documented.
Scenario Table
| Scenario-level | Process-level | Outcome-level |
|---|---|---|
| Low-confidence match (common name) | Alert > analyst checks identifiers > request missing data (if needed) | Cleared as false positive; activity resumes |
| Confirmed domestic PEP (no other enhanced risk factors) | Risk assessment > proportionate enhanced measures > recorded senior approval | Account continues with additional monitoring consistent with assessed risk |
| Confirmed PEP with additional risk factors | Expanded review (role, geography, connections, flows) > enhanced monitoring | Higher-friction monitoring and potential temporary restrictions during review |
| Sanctions alert cannot be cleared quickly | Pause certain activity > validate against list identifiers/data > escalation | Cleared or treated as match; controls updated accordingly |
| Confirmed sanctions designation | Apply sanctions controls > consider reporting/licensing pathways relevant to facts | Transactions may be blocked/frozen consistent with sanctions restrictions |
For the compliance/enforcement lens that drives conservative controls in sanctions contexts, see: OFSI financial sanctions enforcement and monetary penalties guidance.
Compare Business Bank Accounts
All business account providers in scope for UK AML expectations will run identity, PEP and sanctions screening, but product design, onboarding flows, and support models differ across providers. For a neutral overview of business account options and features, see: Business bank accounts.
Frequently Asked Questions
Not necessarily. A flag is commonly an alert from screening rules that needs verification, including where identifiers are incomplete or where names overlap with other profiles.
A PEP flag in particular is frequently about status (role/connection), and the operational consequence is usually added checks and documentation, not an assumption of misconduct.
A PEP is generally someone entrusted with prominent public functions, excluding middle-ranking or junior officials. The definition also extends to family members and known close associates.
Firms also have to interpret PEP status in a proportionate way, which is why the FCA’s guidance focuses on risk-based treatment rather than blanket outcomes.
The rules require continued enhanced treatment for a minimum period after the person stops being entrusted with a prominent public function, with scope to continue longer where justified by risk.
In practice, that can mean a director/PSC who previously held a public role may still be treated as a PEP during periodic reviews even where current trading looks routine.
A false positive is a screening alert that looks similar on limited data (for example a name match) but is not the same person or entity once identifiers are checked.
False positives can recur where names are common or transliteration creates multiple spellings. Firms often resolve this by collecting stronger identifiers and documenting the rationale for clearing the alert.
Domestic PEPs have a lower-risk starting point in law where no other enhanced risk factors are present. That does not remove enhanced measures; it affects how extensive they are.
Operationally, this often shows up as less intrusive evidence requests where there are no other risk indicators, while still recording senior approval and maintaining monitoring.
Requests vary by provider and risk, but commonly relate to explaining:
- Ownership/control
- Expected account activity
- How funds/wealth relate to the relationship
This can overlap with broader EDD-style checks used during compliance reviews, especially if the account activity pattern does not match what was originally expected.
Sanctions screening can carry legal consequences if a match is real. Firms typically take a cautious stance while resolving identity to avoid dealing contrary to restrictions.
That can translate into paused payments, delayed onboarding, or restricted functionality until identifiers are verified and the firm documents a clear match/no-match decision.
The firm typically looks for distinguishing identifiers (dates of birth, nationality, addresses, aliases, unique IDs where available). If the match is weak, the aim is to clear it as a false positive.
If the match cannot be cleared quickly, controls can remain in place while escalation happens, because acting too early in either direction can create compliance risk.
Some disclosures can be constrained where they might prejudice an investigation, and firms also avoid giving highly specific “rule triggers” that could be misused.
That does not mean a firm cannot say anything. It does help explain why messages can be generic while a case is open and still being resolved.
Outcomes vary. Some reviews are resolved quickly with minimal disruption, while others can involve paused payments or restricted features during the verification window.
The operational impact usually depends on what is being reviewed (PEP vs sanctions), how quickly identity can be confirmed or cleared, and whether the provider can evidence a documented decision.
The hidden mechanism is that PEP and sanctions alerts often arrive via the same tooling (screening “hits”), but they are governed by different logic.
PEP handling is fundamentally about calibrating risk and applying proportionate enhanced measures.
Sanctions handling is fundamentally about avoiding prohibited dealings while the match is resolved and controls are applied.
That difference is why the same word “flagged” can cover everything from routine extra checks to immediate restrictions during identity resolution.
Sources & References
FCA guidance on the treatment of politically exposed persons (FG25/3)
Money Laundering Regulations 2017 – Regulation 35 (PEPs and enhanced due diligence)
Moving to a single list for UK sanctions designations (28 January 2026)
OFSI financial sanctions enforcement and monetary penalties guidance
Proceeds of Crime Act 2002 – section 333A (tipping off: regulated sector)