How PSPs Can Future-Proof Screening with Operationally Intelligent Technology
Executive Summary
Cedric Iggiotti
VP of Screening Product
In November 2024, the European Banking Authority (EBA) introduced guidelines on internal policies, procedures, and controls to ensure compliance with EU and national restrictive measures. These rules mark a significant regulatory shift for payment service providers (PSPs) in the EU—demanding more than just updated policies.
With a firm implementation deadline of December 30, 2025, PSPs must act now to ensure their systems, governance, and controls are operationally ready in time.
For those with cross-border exposure, these guidelines raise the bar: static screening methods, siloed detection systems, and weak auditability are no longer sufficient. The requirement now is for sanctions screening to be dynamic, transparent, integrated—with demonstrable and operationalized governance across systems, and workflows.
This white paper explores:
- The key operational requirements of the EBA guidelines
- Real-world implications for compliance and technology teams
- How ThetaRay’s AI-powered platform supports PSPs in meeting (and exceeding) these expectations
- Key industry enforcement actions that highlight the cost of non-compliance
Table of Contents
The EBA Guidelines apply to all EBA-regulated entities, including fintechs, banks, and payment service providers (PSPs). A separate, tailored set of guidelines was also released for PSPs2, reflecting the high-speed, high-volume nature of their transactions.
The overarching goal? Ensure sanctions compliance is embedded into risk management—not bolted on. Key areas of focus include:
The message is clear: compliance is no longer a documentation exercise—it must be demonstrably embedded in how PSPs operate.
The world’s largest foreign exchange group deployed ThetaRay Transaction Monitoring and Transaction Screening in under 3 months for optimization of domestic and cross-border transactions.
They required a rapid POC and deployment of the screening solutions in less than three weeks. ThetaRay delivered in record time because of its SaaS cloud infrastructure, enabling easy integration and scalability.

After deployment, Travelex experienced:
75% to 95% reduction in the number of hits.
Drastic improvements in efficiency, false positive reduction reaching level of precision superior to
94%
“Using ThetaRay, we can now grow our business by 30 to 40%.”
Celia Pizzi
Chief Compliance Officer Travelex
At ThetaRay, we view the EBA’s guidelines as an essential step toward smarter, scalable, and more defensible compliance. Our AI-powered screening platform was engineered to meet the specific operational demands these rules introduce—without requiring PSPs to sacrifice performance or scalability.
Our Differentiators:
Advanced Matching Engine
A highly configurable, rule-based and AI-powered engine that uses advanced matching techniques to uncover hidden risk—across name cultures, scripts, and conventions.
Model Risk Management (MRM) Ready Infrastructure
Every match is fully traceable, explainable, and documented— with audit logs, version control, and threshold tracking to support both regulatory reviews and internal assurance.
Near Real-Time Delta Screening
Our system responds rapidly to changes in sanctions lists or customer profiles, enabling near real- time rescreening with minimal delay.
Integrated Compliance Ecosystem
Integration with ThetaRay’s Transaction Monitoring and Customer Risk Assessment solutions within a unified platform.
Our platform is built on four foundational pillars:
1 Effectiveness & efficiency, boost effectiveness to catch real risks, and improve efficiency to reduce noise
and workload in watchlist screening.
2 Adaptability, to adjust thresholds and match logic as risks evolve.
3 Transparency, to deliver regulator-ready visibility with supporting audit trails.
4 Performance, to scale across jurisdictions, products, and payment rails.
The EBA’s guidance presents both a challenge and an opportunity. It urges institutions to move beyond legacy approaches—while offering a path to smarter, more scalable, and more defensible compliance.
To meet these expectations, PSPs must adopt screening systems that are:
- Dynamic – able to adapt instantly to regulatory changes
- Explainable – offering end-to-end traceability for every alert
- Integrated – embedded within a broader risk management architecture
- Auditable – enabling confidence in every decision
Those that meet these standards stand to gain far more than compliance alone:
- Lower operational costs through automation and reduced false positives
- Accelerated onboarding and case resolution through faster, more accurate investigations
- Stronger regulatory relationships by demonstrating robust, auditable controls
- Greater customer trust with visible governance and ethics built into the screening process
With the December 30, 2025 deadline approaching, the time to act is now. Institutions that proactively modernize their screening systems won’t just avoid fines—they’ll gain a lasting compliance advantage.
Glossary
EU (European Union)
A political and economic union of 27 member states primarily located in Europe. The EU develops and enforces legislation across a range of sectors, including financial regulation, anti-money laundering (AML), and sanctions enforcement, through harmonized directives and regulations.
UN (United Nations)
An international organization comprising 193 member states, established to promote peace, security, and cooperation. The UN Security Council issues binding sanctions that member countries are obligated to enforce, often forming the basis of national and regional AML and counter-terrorism financing (CTF) frameworks.
OFSI (Office of Financial Sanctions Implementation)
A UK government agency under HM Treasury responsible for enforcing financial sanctions. OFSI maintains the UK sanctions list, provides guidance to financial institutions, and ensures compliance through audits and penalties.
BAFA (Federal Office for Economic Affairs and Export Control – Germany)
Germany’s national authority overseeing export controls and financial sanctions compliance. BAFA ensures that entities operating in or through Germany adhere to national and EU-level restrictive measures.
UBO (Ultimate Beneficial Owner)
The individual(s) who ultimately own or control a legal entity or arrangement, such as a company or trust. UBOs are the natural persons behind layers of ownership or control, and identifying them is a key requirement in AML and KYC regulations to prevent the misuse of corporate structures for money laundering or terrorist financing.
PSP (Payment Service Provider)
A financial entity that enables the execution of payment transactions, including credit transfers, direct debits, and card payments. PSPs can include banks, fintechs, and third-party providers regulated under PSD2 in the EU.
CASP (Crypto Asset Service Provider)
A business or platform that offers services involving crypto-assets, such as exchange, custody, or transfer. CASPs are subject to evolving AML/CFT regulations in the EU under frameworks like MiCA and AMLD6, and are increasingly under direct scrutiny from AMLA.
Sources:
1 EBA/GL/2024/14
2 EBA/GL/2024/15