PAM allows the inclusion of several applications as TCP/UDP Services to be invoked from within its environment and control the access to the devices through these applications.
This document explains how to add WINSCP as a PAM service.
Layer 7 Privileged Access Management
Most of the external applications configured as PAM TCP/UDP services, do not support session recording.
For WINSCP the session recording is not supported.