MCP for AML Screening: Sanctions and PEP Checks via AI Agents
Run AML (Anti-Money Laundering) screening from an AI agent over Didit's Model Context Protocol (MCP) server: check a person or company against 1,300+ sanctions, PEP, and adverse-media lists, interpret hits, clear false positives.
Compliance teams spend a large share of their week doing the same two things: running names against watchlists and deciding whether the hits that come back are real. Both tasks are structured, repetitive, and evidence-heavy — which is exactly the kind of work an AI agent handles well when it has a reliable tool to call. The Didit Model Context Protocol (MCP) server turns Anti-Money Laundering (AML) screening into a tool your agent can invoke in plain language, so an analyst can ask for a screen, read an interpreted result, and record a decision without leaving the chat.
This post walks through how AML screening works over MCP: connecting a client, screening a person or company against 1,300+ lists, reading the hits an agent returns, and clearing false positives with an audit note that stands up to review.
Key takeaways
- Didit's MCP server exposes AML screening as a natural-language tool across 130+ tools in 11 categories, so an AI agent can screen a subject and interpret the result in one conversation.
- AML Screening runs a name against 1,300+ sanctions, Politically Exposed Person (PEP), and adverse-media lists at $0.20 per check, with sub-2-second responses.
- Authentication is OAuth 2.1 with Proof Key for Code Exchange (PKCE) — a "Log in with Didit" flow with no Application Programming Interface (API) key to paste, and the agent inherits your console role and permissions.
- The agent's job is not just to fetch hits: it interprets match strength, distinguishes true matches from name collisions, and drafts the audit note that documents the decision.
- Ongoing AML Monitoring re-screens the subject as lists change, at $0.07 per user per year, so a cleared subject is watched, not forgotten.
- You get 500 free checks per month; the MCP layer itself is free, and you only pay per successful check.
What AML screening actually checks
AML screening answers a specific question: does this person or company appear on a list that would make onboarding or continuing the relationship a risk? Didit's AML Screening module answers it against 1,300+ lists spanning three categories. Sanctions lists cover government and multilateral watchlists — the subject is prohibited or restricted. PEP lists cover people in prominent public functions and their close associates, who carry elevated corruption risk and usually require enhanced due diligence rather than an automatic decline. Adverse-media coverage surfaces credible negative news — fraud, trafficking, financial crime reporting — that may not have reached a formal list yet.
A single screen at $0.20 queries all three at once and returns structured results in under two seconds. Over MCP, your agent calls that module and receives the same structured payload a direct API integration would, then translates it into something an analyst can act on.
Connecting your agent to the MCP server
The Didit MCP server runs at https://mcp.didit.me/mcp over Streamable HTTP. You can use the hosted endpoint or self-host from the open-source repository (MIT licensed). Authentication is OAuth 2.1 with PKCE: the first time your client connects, a "Log in with Didit" flow opens, you approve the connection, and the agent operates with your console role. There is no API key to manage for the hosted server, and the scopes requested — didit:management and didit:verification — mean the agent can only do what your account is already allowed to do.
For Claude Code, add the server in one line and then confirm it with the /mcp command:
claude mcp add --transport http didit https://mcp.didit.me/mcp
Claude Desktop, Cursor, VS Code, Windsurf, and Zed connect through a small JSON configuration pointing at the same URL. ChatGPT Developer Mode can connect via OpenAI's beta MCP support, though that surface is still evolving, so treat it as experimental. The full connection matrix lives in the MCP overview docs.
Screening a person in plain language
Once connected, screening is a sentence. An analyst reviewing a new account can type:
"Run AML screening on Jane Doe, born 1990, nationality ES."
The agent calls the AML Screening tool with those parameters, waits for the sub-2-second response, and comes back with a structured summary: whether there were any hits, which list category each hit came from, and how strong the name and date-of-birth match is. For a company, the phrasing is just as direct:
"Screen Acme Trading Ltd, registered in Malta, against sanctions and adverse-media lists."
Because the agent holds the whole conversation, you can follow up without re-entering context — "widen that to PEP lists too" or "show me only the exact-birthdate matches" — and it re-queries or filters accordingly.
Interpreting hits: real match or name collision
Raw hits are where AML screening goes wrong most often. A common surname will collide with dozens of unrelated list entries, and an analyst who treats every hit as a true match drowns in noise. This is the part an agent is genuinely good at, because interpretation is reasoning over structured evidence.
When the agent returns hits, ask it to reason about them:
"For the three sanctions hits on Jane Doe, tell me which ones share her birth year and nationality, and which are likely name collisions."
The agent lines up each hit's identifiers against the subject's — date of birth, nationality, aliases, list source — and explains which are plausible true matches and which are almost certainly a different person who happens to share a name. It does not make the final legal determination for you; it structures the evidence so a human makes that determination faster and consistently. A high-confidence exact match on name, birth date, and nationality is escalated; a fuzzy surname-only hit against a person born in a different decade is flagged as a likely collision.
Clearing false positives with an audit note
The decision only counts if it is documented. Regulators and auditors want to see not just that a hit was cleared, but why. Over MCP, the agent that interpreted the hit can also draft the record:
"Clear the two name-collision hits as false positives and write an audit note explaining the reasoning."
The agent produces a note that states the subject's identifiers, the specific hits reviewed, the reason each was cleared (mismatched birth date, wrong nationality, no adverse-media corroboration), and the analyst's confirmed decision. You review it, adjust the wording if needed, and record it. Because the same conversation held the screen, the hits, and the interpretation, the note is grounded in the actual evidence rather than reconstructed after the fact — which is exactly what an audit trail is supposed to be.
Keeping cleared subjects under watch
A clean screen today is not a clean screen forever. Lists change: new sanctions land, a customer becomes a PEP after an appointment, adverse media surfaces months into a relationship. Ongoing AML Monitoring re-screens your existing subjects as those lists move, at $0.07 per user per year, and can notify you when a previously cleared subject produces a new hit. Your agent can enroll a subject in monitoring in the same breath as clearing them:
"Add Jane Doe to ongoing AML monitoring and alert me if a new sanctions or PEP hit appears."
That closes the loop between one-time screening and continuous compliance, so the work your agent did at onboarding keeps paying off across the life of the relationship.
Start free
AML screening over MCP means your compliance analysts describe what they need, your agent screens against 1,300+ sanctions, PEP, and adverse-media lists, and the reasoning plus the audit note come back in the same conversation. Didit is used by 1,500+ companies, is backed by $7.5M in funding, is a Y Combinator W26 company, is profitable, and covers 220+ countries and territories. Start free — you get 500 checks per month at no cost, the MCP layer is free, and each AML screen is $0.20 when you go beyond the free tier. Read the MCP overview, explore the developer hub, or clone the open-source server and point your agent at it today.