Part of our complete guide to negative news screening for Swiss banks. This post is the deep dive on how sanctions, PEP, adverse media, and negative news screening differ; the guide covers the end-to-end picture.
A procurement deck lands in the inbox of a Swiss compliance officer. The vendor offers "sanctions, PEP, and adverse media screening". Underneath that is a check-box for "negative news". The four labels suggest four distinct things. They are not exactly four distinct things. They are not the same thing either. And under FINMA examination, mixing them up costs real money.
This post separates the four categories on the dimensions that matter: what list or source they draw from, who is required to do them, how often, and what the evidentiary bar is when an examiner asks to see the work three years later.
Why these terms get conflated
The conflation has commercial and historical roots. Vendor marketing sells "screening" as a single product surface, because that is how the buying decision is structured. Within an institution, the same analyst team often runs all four checks back-to-back as part of onboarding. And the lists themselves overlap: a sanctioned individual may also be a PEP, and a PEP often surfaces in adverse media reporting.
The cost of conflation appears in two places. The first is at audit time: an examiner asks why a particular high-risk PEP cleared screening in 2023, and the institution discovers its evidence trail does not distinguish between "no sanctions hit" (a binary list check) and "no adverse media on the day of capture" (a probabilistic search across unstructured sources). The second is at vendor evaluation: procurement compares two products on a single line item called "screening" without realising that one vendor's PEP coverage is a community-curated dataset and the other's adverse media is a keyword filter over a news index.
The four categories sit on a spectrum from rule-bound and binary to judgement-bound and probabilistic. Knowing which end of the spectrum a given check sits at is the basis of every other operational decision around it.
Sanctions screening: list-based, binary, mandatory
Sanctions screening is the only one of the four with a hard legal floor. In Switzerland, the framework is the Federal Act on the Implementation of International Sanctions (Embargo Act, EmbA, SR 946.231), implemented through specific sanction ordinances adopted by the Federal Council. The State Secretariat for Economic Affairs (SECO) maintains a consolidated list of all sanctioned individuals and entities, and Swiss financial intermediaries are required to freeze assets, prohibit making funds available, and report frozen assets to SECO.
The list ecosystem a Swiss FI typically screens against:
- SECO consolidated list (Switzerland): the legal reference under the Embargo Act and the specific sanction ordinances. Updated as ordinances change.
- EU Consolidated Financial Sanctions List (FSF): published by the European Commission via the Financial Sanctions Files. Updated daily on the data.europa.eu portal. Note the operational caveat: the FSF database can lag the EU Official Journal by days, so institutions exposed to EU jurisdictions often track the Journal directly.
- OFAC Specially Designated Nationals (SDN) list (US): maintained by the US Treasury. OFAC's own FAQ states there is no fixed schedule; updates are issued "as necessary and appropriate", and enforcement actions have made daily screening a practical baseline.
- UN Security Council Consolidated List: covers UN sanctions including the 1267/1989/2253 ISIL/Al-Qaida regime and the 1988 Taliban regime. Updated when committees publish changes; press releases accompany each amendment.
- Country-specific lists where exposure exists (UK OFSI, Canada, etc.).
The screening question for a sanctions list is binary in principle: is this name on the list, yes or no. In practice, fuzzy matching produces near-hits (transliteration variants, alias collisions, common-name false positives), and resolving those near-hits is where most of the analyst time goes. But the underlying obligation is rule-bound: if a match is confirmed, freezing and reporting are not optional.
The FATF anchors are Recommendations 6 and 7 on targeted financial sanctions related to terrorism and proliferation, which require freezing "without delay". Whichever data provider an institution uses, the obligation sits with the institution.
PEP screening: definition-bound, risk-based
PEP screening is rule-bound about who counts as a PEP, but risk-based about what to do once one is identified.
The FATF guidance on Recommendations 12 and 22 sets out three categories:
- Foreign PEPs: individuals entrusted with prominent public functions by a foreign country (heads of state, senior politicians, senior judicial or military officials, senior executives of state- owned corporations, important political party officials).
- Domestic PEPs: the same definitional pattern, applied to the institution's own jurisdiction.
- International organisation PEPs: senior management of international organisations (directors, deputy directors, members of the board, or equivalent functions).
The category extends to family members (consanguinity or marriage) and close associates (social or professional connection), as set out in FATF's R.12 guidance.
Under Swiss law, the Anti-Money Laundering Act (AMLA, SR 955.0) and the FINMA Anti-Money Laundering Ordinance (AMLO-FINMA, SR 955.033.0) operationalise this. Foreign PEPs are categorised as high-risk by default; relationships with domestic PEPs and international organisation PEPs are assessed on a case-by-case basis. Enhanced clarification under AMLA Art. 6 applies to high-risk relationships, which means more documentation, more sign-off, and a heavier evidentiary trail.
PEP data is typically sourced from commercial or open data providers rather than a single official list:
- Dow Jones Risk & Compliance, LSEG World-Check One, and Moody's KYC (formerly Bureau van Dijk + Regulatory DataCorp) are the established commercial providers.
- OpenSanctions publishes a public PEP dataset with a documented methodology, representing individuals as PEPs while they hold a position or for up to five years after they leave it (subject to position type and data quality).
- National open data: parliament rosters, government appointments, party officer lists. Useful for verification against vendor data rather than as a primary source.
The boundary differences between providers are real and matter operationally. Two providers can agree on a head of state and disagree on a sub-national mayor. We wrote about provider boundaries in more depth here.
Adverse media screening: probabilistic and broad
Adverse media (sometimes "negative media" or "adverse news") is the broadest of the four categories. The Wolfsberg Group, an association of thirteen global banks, published its FAQs on Negative News Screening on 11 May 2022. Although Wolfsberg uses "negative news" as the umbrella term in those FAQs, in practitioner usage adverse media tends to refer to the broader monitoring of any unfavourable mentions in public sources. That includes financial crime, but also reputational risk, litigation, regulatory disputes, and material business news.
Inputs are unstructured: news articles, regulatory press releases, court filings, regulator enforcement notices, NGO reports. The screening engine is typically a combination of named-entity recognition, language models, and category classifiers that try to disambiguate "person of interest" from "common-name homonym" and classify the relevance of any hit.
There is no FATF Recommendation that names "adverse media" by that title, but the obligation traces through FATF Recommendation 10 on customer due diligence and ongoing monitoring. CDD requires understanding the nature and purpose of the relationship, and detecting material changes; adverse media is one of the practical mechanisms that produces those triggers.
The probabilistic nature of adverse media is the source of most operational complaints. Two reasonable analysts looking at the same article can disagree about whether it constitutes negative information, and a screening engine is making that call thousands of times a day at scale.
Negative news screening: the narrower subset
Wolfsberg's 2022 FAQs define "negative news" specifically as "information available in the public domain which financial institutions would consider relevant to the management of financial crime risk". That is narrower than adverse media in general use. Reputational issues, contractual disputes, and material business news are out; credible reporting on illicit activity, regulatory action, criminal proceedings, and similar financial-crime-relevant signals are in.
In practice, "negative news screening" is often used as a pragmatic umbrella term that covers everything from a Google search at onboarding to a continuous-monitoring feed across a structured news index. The Wolfsberg FAQs are explicit that NNS is not a zero-tolerance process and that financial institutions may conclude it is not necessary in all circumstances; the level of NNS applied should be proportionate to the risk profile of the relationship.
The difference between negative news and adverse media is therefore mostly one of scope and intent: adverse media casts wider, negative news (in the Wolfsberg sense) is the financial-crime-relevant subset that maps directly to AML risk decisions.
How they interact in a Swiss workflow
In a Swiss FI's onboarding flow, the four categories typically run in sequence and feed different decisions:
| Category | Source type | Mandate basis | Typical frequency | Evidentiary bar | |---|---|---|---|---| | Sanctions screening | Defined lists (SECO, EU FSF, OFAC SDN, UN) | Embargo Act (SR 946.231); FATF R.6/R.7 | Continuous; daily SLA is a common baseline | Binary match or no match; freezing and reporting on confirmed hit | | PEP screening | Vendor and open data PEP datasets | AMLA Art. 6 (enhanced clarification); AMLO-FINMA; FATF R.12/R.22 | At onboarding; on event-driven re-check; periodic refresh | Identification of PEP status and category; tier-appropriate due diligence | | Adverse media | Unstructured public media | Implied via FATF R.10 (ongoing CDD); institutional risk policy | Onboarding plus ongoing monitoring | Documented review and disposition of relevant hits | | Negative news (Wolfsberg sense) | Subset of adverse media: financial-crime-relevant | Wolfsberg 2022 FAQs (industry guidance, not regulation) | Risk-based; not zero-tolerance | Documented risk-based assessment per institution's NNS policy |
A few things follow from this matrix:
- Sanctions is the only mandatory binary check. Failing it is a legal violation (asset freezing not performed). Failing PEP, adverse media, or negative news is a control deficiency, which is serious but different.
- PEP is the only one with a structured taxonomy. Foreign vs domestic vs international, plus family and close associates. Adverse media has no analogous taxonomy.
- Adverse media and negative news are the categories where vendor comparison is hardest. Two vendors with similar coverage claims can return wildly different hit sets on the same name, because the underlying entity recognition and relevance models differ.
- All four feed the same evidentiary obligation. AMLO-FINMA Art. 22 requires that documents and supporting evidence be prepared so that a knowledgeable third party can reconstruct the decision. That applies equally to a SECO list miss, a PEP tier assignment, and an adverse-media disposition decision. We have written about what reconstruction actually means in practice.
A common operational anti-pattern: an institution treats sanctions hits as auditable by default (because they are binary) and adverse media as auditable on a best-effort basis (because they are judgement-bound). Five years later, an examiner asks for the reasoning behind an adverse-media disposition, and the trail is sparse. The examiner's question does not change because the input was probabilistic; the bar is still "show me a third party can reconstruct this".
Where NNSFlow fits
NNSFlow integrates with OpenSanctions through the open-source Yente matching engine for sanctions and PEP screening. The platform records PEP tier assignments (PEP, RCA, Associate, Not PEP) on the entity profile and enforces 4-eyes approval overrides for PEP-flagged relationships even when the global 4-eyes policy is otherwise relaxed. Match metadata, the dataset that triggered a hit, and the captured view at the moment of decision are stored against the investigation.
For adverse media and negative news, the platform captures evidence snapshots from web-search results into the investigation record at the time the analyst reviewed them; what survives in the audit trail is what the analyst actually saw, not a re-rendered version of today's content. The architectural reasoning behind that capture model is in a separate post.
What the product does not do, and we want to be honest about: it does not maintain a proprietary adverse-media index. Adverse media sourcing in NNSFlow is via the configured search integrations and captured into the evidence trail; institutions that want a purpose-built adverse-media feed bring their own (Dow Jones Factiva, LexisNexis, vendor APIs) and we capture the outputs into the same evidence model. That separation is intentional: the evidence-and-reconstruction layer is what we own; the upstream adverse-media data is a procurement decision the bank makes separately, and discussed during procurement rather than baked into the platform.
Bottom line
Sanctions, PEP, adverse media, and negative news screening look like four flavours of the same thing because vendor marketing groups them that way and analyst workflows run them in sequence. Underneath, they sit on different points of a spectrum:
- Sanctions: rule-bound, list-based, binary, mandatory under the Embargo Act.
- PEP: rule-bound on the definition, risk-based on the response, driven by AMLA Art. 6 and AMLO-FINMA.
- Adverse media: probabilistic, broad, anchored in the ongoing-CDD obligation under FATF R.10.
- Negative news: the financial-crime-relevant subset of adverse media, framed by Wolfsberg's 2022 FAQs as a risk-based, not zero-tolerance, process.
The evidentiary bar (AMLO-FINMA Art. 22 reconstruction) applies equally to all four. An institution that treats sanctions hits as audit-grade and adverse-media decisions as best-effort will discover the asymmetry the next time an examiner asks about a five-year-old disposition.
If your team is mid-procurement and the vendor pitch deck collapses all four into "we do screening", the productive next step is to unpack each category against the matrix above. The right product may do all four. The right contract makes clear which list it is checking, on what cadence, with what metadata, and how the output gets into your evidence model. We are easy to reach if comparing notes is useful.
