A client passes their identity check, their documents look legitimate, and everything seems fine, until you discover they’ve been named in a fraud investigation reported six months ago. That’s the gap adverse media screening is designed to close. It picks up risk signals that standard document verification and database checks miss, drawing from publicly available news sources, regulatory actions, and legal proceedings to flag individuals or entities tied to financial crime, sanctions, or other serious concerns.
For accounting firms, legal practices, and other regulated businesses in Australia, adverse media screening isn’t optional, it’s a core part of meeting your KYC and AML obligations. Whether you’re operating under current TPB requirements or preparing for the upcoming AUSTRAC AML/CTF regime, you need a structured process to screen clients against negative news before and during the engagement.
This article breaks down what adverse media screening actually involves, how it fits into a broader risk-based due diligence process, and why it matters for compliance. We’ll also cover practical implementation, because screening only works if it’s embedded into your actual workflow, not bolted on as an afterthought. That’s exactly the problem StackGo’s integration platform solves: identity verification and compliance checks run directly inside your existing software, so screening steps like these become part of your normal operations rather than a separate, manual process your team has to remember to do.
What adverse media screening covers
Adverse media screening draws from a wide range of publicly available sources to build a picture of reputational and financial crime risk. It goes beyond what a sanctions list or PEP database can tell you, because not every bad actor is formally listed, and not every risk shows up in structured data. News articles, court records, regulatory enforcement actions, and government publications all feed into a comprehensive check, giving you a fuller view of who you’re actually dealing with before you take them on as a client.
What counts as adverse media
The term "adverse media" covers any negative news or publicly reported information that suggests a person or entity may pose a risk. That includes coverage of financial crimes such as fraud, money laundering, bribery, and corruption, as well as involvement in organised crime, drug trafficking, terrorism financing, or sanctions evasion. Regulatory enforcement notices, court judgements, and insolvency proceedings also qualify. So does reporting that links an individual to a company under investigation, even if that person hasn’t been personally charged.
Not every risk subject appears on a formal sanctions database, which is why adverse media screening fills a critical gap in your due diligence process.
Sources typically used include:
- National and international news outlets
- Government and regulatory body publications (for example, AUSTRAC, ASIC, and equivalent overseas regulators)
- Court and tribunal records
- Law enforcement press releases
- PEP databases with linked adverse media coverage
What adverse media screening doesn’t replace
Adverse media screening is one layer in a broader compliance framework, not a standalone solution. It doesn’t replace sanctions list screening, which checks whether a person or entity is subject to formal government restrictions, and it doesn’t replace PEP screening, which identifies individuals in positions of public trust who carry inherently elevated risk. Each check serves a distinct purpose, and your due diligence process needs all three working together.
Think of the three checks as complementary layers rather than alternatives. A person might clear a sanctions list entirely, show no PEP connections, and still appear in news reports linking them to financial misconduct. That’s exactly the gap adverse media screening is designed to catch.
Why adverse media screening matters for KYC and AML
KYC and AML compliance requires you to understand who your clients are and what risk they bring to your business. Standard identity verification tells you that a person is who they claim to be, but it says nothing about what they may have been involved in. Adverse media screening fills that gap, giving you a documented, evidence-based view of reputational and financial crime risk that structured databases alone cannot provide.
Your obligations under Australia’s AML/CTF framework
AUSTRAC requires regulated businesses to apply a risk-based approach to customer due diligence. That means your screening process needs to be proportionate to the level of risk each client presents, and it needs to be defensible if AUSTRAC ever reviews your records. Adverse media checks contribute directly to that risk assessment by surfacing publicly reported concerns that would be impossible to uncover through document verification alone. For accounting firms preparing for the expanded AML/CTF regime, embedding this step into your onboarding process is not a best practice, it is a compliance requirement.
If a client later turns out to be connected to financial crime, and you had no adverse media check on file, your entire due diligence process comes into question.
The business risk of skipping the check
Beyond regulatory penalties, taking on a high-risk client without a proper adverse media check exposes your firm to reputational damage, legal liability, and the cost of unwinding an engagement mid-way through. Regulated businesses in professional services face heightened scrutiny precisely because they handle sensitive financial information, which makes thorough upfront screening a practical necessity, not just a compliance formality.
How adverse media screening works in practice
Adverse media screening runs as a structured search process, not a single database lookup. You submit a name, and the system searches multiple source categories simultaneously, returning publicly reported information that matches or closely matches that individual or entity. The quality of results depends heavily on how many sources the check covers and how current those sources are kept.
Gathering and searching source data
Most tools use a combination of automated web crawling and curated data feeds to pull relevant content. Searches apply fuzzy matching logic, which captures name variations, alternate spellings, and associated entities rather than requiring an exact character match. This matters because individuals connected to financial crime frequently operate under different names or through related companies, so a rigid search will miss them entirely.
Source categories typically covered include national and international news media, government and regulatory enforcement publications, court and tribunal records, and law enforcement announcements. Broader source coverage directly reduces the gaps in your results.
A screening tool that only returns exact name matches will miss a significant portion of the risks you actually need to find.
Reviewing and acting on results
Once the system surfaces results, a human reviewer needs to assess each match to determine whether it is genuinely connected to your client or a false positive. You record your decision, document your rationale, and update the client’s risk profile accordingly. If the result confirms a serious concern, you escalate through your internal risk process, which may include filing a suspicious matter report with AUSTRAC where your obligations require it.
Your records of each review decision carry real weight. Documenting why you dismissed a match or why you escalated a result demonstrates that your firm applied genuine judgement, which is precisely what a risk-based compliance framework requires you to show.
How to run adverse media checks in a risk-based way
A risk-based approach means your screening intensity reflects the actual risk level of each client. Low-risk clients might need a standard check at onboarding and annual re-screening, while high-risk clients require more detailed investigation, shorter re-screening intervals, and thorough documentation at each stage. Matching your effort to the risk level is both a compliance requirement and a practical way to allocate your team’s time without creating unnecessary friction for straightforward engagements.
Calibrate screening to your client risk tiers
Before running any check, assign each client a risk tier based on measurable factors. Your tier determines how deep your adverse media screening goes and how frequently you repeat it. Clients in higher-risk industries like crypto, gaming, or international trade warrant significantly more thorough checks than a straightforward domestic services client.
Key factors to weigh when assigning a risk tier include:
- Industry and business type
- Country of operation or incorporation
- Whether the client is a PEP or connected to a high-risk entity
- Transaction volumes and complexity
Set a re-screening schedule
Onboarding is not the only point where screening matters. Risk profiles change, and a client who was clean at the start of an engagement can become a concern if news breaks midway through. Build a re-screening schedule tied directly to your risk tiers, with higher-risk clients reviewed more frequently than lower-risk ones.
Your re-screening frequency should also respond to trigger events, such as a major news story involving your client’s sector, a change in their business structure, or an unusual transaction pattern. Trigger-based reviews sit alongside your scheduled checks and keep your risk assessment current between formal review dates.
Screening a client once at onboarding and never again is one of the most common compliance gaps regulators identify during reviews.
Common pitfalls and how to reduce false positives
Adverse media screening generates false positives regularly, and how you handle them shapes the quality of your entire compliance process. The most common mistake is treating every flagged result as confirmed without reviewing the context, which creates unnecessary friction for legitimate clients and wastes your team’s time on noise.
Over-relying on automated results
Automated screening tools do the heavy lifting on source coverage and initial matching, but they cannot replace human review and contextual judgement. A common name like "David Williams" will return dozens of results, most of which have no connection to your client. Without a structured review process, your team either dismisses everything quickly to move on, or escalates every result out of caution, and both responses undermine the value of screening entirely.
Build a consistent review framework that checks each result against your client’s known details: location, date of birth, business type, and associated entities. Document each decision clearly, including the specific reason you ruled a match out.
Calibrating your match thresholds
Tools that apply overly broad fuzzy matching will surface far more results than you can reasonably review. Tighten your match settings so results reflect a genuine similarity rather than any loose name resemblance. Most screening platforms allow you to adjust sensitivity, and finding the right setting for your client base reduces review volume without increasing your actual risk exposure.
A false positive you document and dismiss properly is evidence of due diligence. A false positive you ignore entirely is a compliance gap.
Your goal is a repeatable, documented process where every result gets a recorded decision, and your team applies the same standard each time. Consistency is what regulators look for when they review your records.
Final thoughts
Adverse media screening is not a compliance add-on you bolt onto your process when regulators ask for it. It is a core part of understanding who your clients actually are, and it works best when it runs inside your normal onboarding and ongoing review workflow rather than as a separate manual step your team has to remember. Done properly, it gives you a defensible, documented audit trail at every stage of the client relationship.
Firms that handle this well share one common trait: their screening runs directly inside the software they already use, so nothing falls through the gaps. Getting there means choosing tools that fit your existing stack, apply a consistent risk-based process, and record every decision your team makes along the way.
If you want to see how that looks in practice, explore how IdentityCheck handles AUSTRAC Tranche 2 AML/CTF compliance inside your current software.
