Skip to main content Skip to navigation

Sanctions screening guide & best practices

Sanctions Knowledge & Training

Sanctions screening is integral to compliance with global anti-money laundering and counter-terrorist financing (AML/CFT) regulations. When implemented effectively, robust sanctions programs can help prevent enforcement action by regulators, protect reputations, and strengthen the overall integrity of the global financial system.

This guide seeks to help financial institutions (FIs) understand the key challenges associated with sanctions screening and how to make appropriate, risk-sensitive decisions in response.

Outline:

  1. What is sanctions screening?
  2. How does sanctions screening work?
  3. Who issues sanctions?
  4. What are the challenges of sanctions screening?
  5. Sanctions screening best practices

What is sanctions screening?

Sanctions screening is a process governments and FIs use to identify and prevent transactions with individuals or entities subject to economic sanctions. It involves checking names, businesses, and other identifiers against lists of sanctioned parties to ensure compliance with international laws and regulations. This helps prevent illicit activities such as terrorism financing, money laundering, and other financial crimes.

How does sanctions screening work?

Sanctions screening typically involves the following steps:

  • Information gathering: Obtain and maintain up-to-date lists of sanctioned entities from relevant governmental and international sources.
  • Data matching: Compare the names, aliases, and other identifiers of customers or counterparties against the sanctions lists. This can be done using automated sanctions screening software and algorithms
  • Risk scoring: Assign risk scores to matches based on name similarity, location, and other relevant information. High-risk matches may require further investigation depending on a firm’s risk appetite. 
  • Investigation and review: Conduct manual reviews for high-risk matches to determine if they are sanctioned parties. This may involve additional research and communication with various sources.
  • Decision-making: Based on the investigation, decide whether the match is a false positive (a non-sanctioned entity with a similar name) or a true match (a sanctioned party).
  • Automated alerts: Set up automated alerts to notify relevant personnel of potential matches or high-risk activities in real-time.
  • Ongoing monitoring: Regularly update and re-screen existing customers and transactions to ensure ongoing compliance.

Who issues sanctions?

Sanctions regimes differ from one jurisdiction to another. Some countries adopt and enforce the sanctions of global organizations like the United Nations (UN) or the European Union (EU), while others create independent sanctions programs with their own lists. The main sanctions bodies to be aware of include:

  • The Office of Foreign Assets Control (OFAC) is an enforcement agency of the US Treasury Department. It maintains two primary sanctions lists: 
  • The Specially Designated Nationals (SDN) List: A list of companies and individuals currently targeted by US sanctions.
  • The Consolidated Sanctions List: A list containing sanctions information not included in the SDN list. 
  • European Union sanctions are imposed through the EU’s Common Foreign and Security Policy (CFSP). The EU also implements restrictive measures adopted by the United Nations Security Council under Chapter VII of the UN Charter.
  • The Office of Financial Sanctions Implementation (OFSI) implements the UK’s financial sanctions on behalf of His Majesty’s Treasury (HMT). After leaving the EU, the UK established its own sanctions system, which OFSI and HMT enforce.

In October 2022, OFAC and OFSI entered into an “enhanced partnership” to collaborate further on economic sanctions implementation and enforcement. Specifically, the agencies will strengthen working relationships, combine expertise, and align sanctions implementation to better support compliance through jointly issued guidance and products.

Penalties for non-compliance with sanctioning regulators

Sanctions breaches constitute severe offenses and can result in heavy penalties. In the UK, OFSI can impose fines of up to £1,000,000 or 50 percent of the estimated value of funds per breach. In March 2023, OFSI also updated its guidance on enforcement and monetary penalties for breaches of financial sanctions. The guidance outlines the expected due diligence firms should perform to determine if an entity is owned or controlled by designated persons for sanctions purposes. 

In the US, OFAC can similarly impose civil penalties, the value of which varies by sanctions program and the Federal Civil Penalties Inflation Adjustment Act of 1990. To determine the appropriate penalty amount, OFAC considers some or all of the following “General Factors”:

  • The person or entity willfully or recklessly violated, attempted to violate, or conspired to violate the law. 
  • The subject had actual knowledge or reason to know about the conduct constituting an apparent violation. 
  • The actual or potential harm to the objectives of the sanctions program.
  • The particular circumstances and characteristics of the subject.
  • The existence, nature, and adequacy of the entity’s risk-based OFAC compliance program at the time of the apparent violation.
  • The person’s corrective action taken in response to the apparent violation.
  • The nature and extent of the subject’s cooperation with OFAC
  • The timing of the apparent violation in relation to adopting the applicable prohibitions, particularly if the apparent violation occurred immediately after relevant changes in the sanctions program regulations or adding a new name to OFAC’s SDN List.
  • Other enforcement actions taken by federal, state, or local agencies against the entity for the apparent violation or similar apparent violations.
  • The impact administrative action may have on promoting future compliance with US economic sanctions by the subject and similar subjects, particularly those in the same industry.

In 2022, OFAC issued 16 public enforcement actions related to violations of 11 different sanctions programs, resulting in settlements totaling over $42.7 million. While fewer actions were undertaken in 2022 than in 2021, the penalty settlements were more than double the previous year’s total of $20.9 million.

What are the challenges of sanctions screening?

Managing sanctions risk is increasingly complex. Russia’s invasion of Ukraine in February 2022 – and the subsequent imposition of thousands of sanctions on Russian entities – reminded firms of the challenges associated with implementing a robust sanctions program in a volatile economic and political environment. These include:

  • Keeping up with constantly evolving sanctions lists: Sanctions lists maintained by various governments and regional enforcement agencies are subject to frequent updates, additions, and removals. This dynamic nature can make it challenging for firms to ensure real-time compliance. To combat this, firms must promptly establish efficient mechanisms to track and incorporate these changes into their screening processes. Failure to do so could result in unintentional violations.
  • Navigating a complex regulatory landscape: The global sanctions landscape involves multiple jurisdictions, each with its own rules and requirements. Firms must navigate these complex regulations, leading to potential inconsistencies and confusion. Compliance teams need a comprehensive understanding of diverse sanctions regimes and should harmonize their screening efforts to ensure consistent adherence across different regions.
  • Ensuring data accuracy and minimizing false positives: Sanctions screening involves comparing vast amounts of data against sanctions lists to identify potential matches. This process can result in false positives, where legitimate transactions or entities are flagged incorrectly. To mitigate this, a balance must be struck between thorough screening and minimizing false positives, as excessive alerts can lead to operational inefficiencies and delays in legitimate business activities.
ComplyAdvantage Guide to Sanctions

The Evolving Use of Sanctions

From the war in Ukraine to Afghanistan and Myanmar, learn about key regimes, geopolitical trends, and sanctions evasion risks.

Download now

Sanctions screening best practices

Given the importance of sanctions and the potential cost of noncompliance, firms should be familiar with sanctions screening best practices to ensure their AML/CFT programs deliver the required results.

Integrate sanctions screening with transaction screening and wider AML processes

The AML/CFT process aims to curb money laundering, terrorist financing, proliferation financing, and the various predicate crimes that may feed into them. Good AML programs are nuanced – holistic, yet tailored to a firm’s risks. This approach involves integrating various disciplines that work together beyond simple compliance. It aims to create a truly risk-based strategy for addressing criminal activity in the financial system. To work effectively, no part of financial crime risk management should be isolated from the whole. Thus, sanctions screening and risk management should integrate with the whole system and be included wherever relevant. This is especially true in the following areas:

  • Enterprise-wide risk assessments (EWRAs) – As firms regularly update these comprehensive assessments, they should consider their unique sanctions risks and obligations. From here, the company will be able to review the whole AML/CFT process to ensure each piece addresses sanctions in line with the company’s risks.
  • Customer due diligence (CDD)CDD forms the backbone of any solid AML framework and covers onboarding and ongoing screening and monitoring. Specifically, firms should ensure their know your customer (KYC) process screens against rapidly-updated sanctions lists. They should monitor customer accounts continuously for information that might indicate they’ve become sanctioned or are facilitating sanctioned activity.
  • Transaction screening – As part of ongoing CDD, firms should ensure their transaction screening solution can access and screen against current sanctions lists. In addition to monitoring lists specific to a firm’s jurisdiction, firms may also choose to prioritize monitoring reputable global datasets such as the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals (SDN) and Blocked Persons List and the United Nations Security Council Consolidated List.
  • Transaction monitoringTransaction monitoring partners with transaction screening to form a large part of ongoing CDD. It screens transactions that have already been processed and is therefore essential for catching missed sanctions evasion activity. 
  • Reporting – Reporting relies heavily on the reliability of the data analysts can access in their investigations. If separate, the team responsible for issuing suspicious activity reports (SARs) should also be able to access all relevant sanctions screening information to complete their report.
  • Training – Teams working with sanctions risks must be trained using real sanctions information relevant to the firm. This is vital for screening and monitoring customers and transactions. Training should include historical sanctions screening data and the company’s sanctions risks as determined by their EWRA. This process should not primarily rely on generalized information.
  • Audits – When a firm’s AML/CFT processes are audited, the effectiveness of managing sanctions risks, including sanctions screening and data, should be accounted for. This will ensure firms can benchmark their program against their regulatory requirements and EWRA.

Sanctions screening technology reviews

Technology is a key component of a well-integrated AML/CFT program. A robust sanctions screening solution will be able to seamlessly integrate with the wider process – from transaction screening to broader CDD. But outdated or ill-suited tech will hobble a firm’s ability to conduct effective screening.

Firms wishing to enhance their existing screening technology often start with a gap analysis. What are the areas that struggle to meet robust AML/CFT standards? For example, can their tools rapidly implement the most current sanctions lists? Do they seamlessly integrate with the rest of the compliance function?

To adapt to evolving business requirements, savvy firms will prioritize technology that can scale with an expanding customer base and transaction volumes. 

Sanctions at onboarding

At the onboarding stage, firms must be able to establish and verify the identities of their customers to understand the sanctions risks they present. This means collecting sufficient identifying information about a customer, including their name, address, date of birth, and social security or ID number.

Since the targets of international sanctions often have similar-sounding names or may be deliberately deceptive about their identities, the screening process should, where necessary, include an enhanced identification process. Enhanced due diligence (EDD) measures involve greater customer identity scrutiny. In some cases, they also mandate an investigation. To enrich a customer’s risk profile during onboarding, firms may seek to collect supplementary biometric information, such as voice print, fingerprint, and face scans, to verify customers during future transactions.

Double-check sanctions data: Is it accurate – and relevant?

Governments and international authorities issue, update, and withdraw sanctions regularly.  By monitoring public announcements from the relevant authorities, firms can stay abreast of the latest sanctions developments. Reliable screening and monitoring tools should have ongoing access to updated lists, facilitating this process. 

For verification of any changes, firms should ensure all updates are checked against a verified control list. Generally, the authorities that issue sanctions also host up-to-date sanctions lists online, such as the UN sanctions list, the OFAC sanctions list, HM Treasury sanctions list, and the EU consolidated sanctions list.

Sanctions screening geographic relevance

Depending on the territories in which a firm operates, not all sanctions lists will be relevant to that firm’s AML/CFT obligations. Similarly, some sanctions are comprehensive, meaning they are issued against countries, while others are selective, meaning they are issued against entities or individuals. To improve sanction screening efficiency and better focus their AML/CFT programs, firms should build screening processes that factor in their unique risks as determined by their updated EWRA.

Prepare customer data

Sanctions screening can only be effective if a FI’s customer information is relevant, accurate, and accessible. This means that firms must perform CDD basics and ensure that the identifying data they collect on their customers is sufficient and up-to-date. Firms should also enrich their customer profiles with secondary identifiers to add certainty and avoid false positives.

Combine experts & tech to interpret sanctions data firms accurately

Firms should rely on a mixture of human talent and robust technology to ensure their data is accurately interpreted. Aside from ensuring their tools integrate into a holistic AML process, firms should ensure knowledgeable analysts perform the investigative work. This entails robust training regularly updated – and should not rely on automated, generic programs as these are less effective.

In addition, firms are advised to consider specific issues that may impact their sanctions screening programs, including naming conventions and the potential for misidentification.

Naming conventions in sanctions screening

One of the most challenging aspects of sanctions screening is the diversity of naming conventions across languages and cultures. That diversity manifests in various ways, from missing vowels and contractions to word order and using non-Latinate characters. In Arabic, for example, an individual’s second name is their father’s name, and 99 suffixes may be used to describe “God” following first names such as “Abdul” or “Ahmed.” Beyond cultural naming conventions, sanctions screening must also consider the use of aliases and alternative names.

Accordingly, screening processes should be set up to accommodate the numerous naming conventions, protocols, formats, and aliases that might apply to individuals on a sanctions list. That consideration should be global in scope to account for the cultural diversity of a potential customer base.

Resolve misidentification within sanction screening

Names on a sanctions list may be misidentified because of a lack of identifiable or distinguishing features, which can cause irrelevant hits. With that in mind, financial institutions need to be able to avoid misidentifying customers and should have a screening process capable of resolving duplicate results.

Practically, the screening process might start with a standard name search. In the case of a potential misidentification or duplicate, the next stage of the check should move onto another unique identifying feature, such as a passport number. If preliminary screening information is unavailable, firms should move on to manual reviews or seek third-party assistance to identify customers correctly.

Invest in human expertise

Technology and automation are fundamental to sanctions screening, but human expertise and analysis also play an essential role. Beyond training employees to benefit from regtech and navigate sanctions lists effectively fully, the screening process often generates ambiguities that can only be resolved by informed human judgment.

With that in mind, firms should prioritize recruiting and training capable human compliance teams. Those teams should be supported by the best technology available. Similarly, firms should establish a regular schedule of sanctions training updates to ensure their employees’ specific compliance expertise remains relevant and effective.

Sanctions screening and monitoring by ComplyAdvantage

ComplyAdvantage’s category-leading sanctions screening and monitoring solution can help firms implement these best practices aided by its flexible REST API integration and proprietary real-time risk database. Combined with the solution’s AI capabilities and industry-leading search algorithms, customers of the solution benefit from a holistic view of risk based on reliable, up-to-date information that sanctions data experts regularly review. Additionally, firms can benefit from:

Protecting Your Organization With Sanctions Screening Tools

Our watchlist and sanctions screening tools offer real-time insights into your clients’ risk statuses.

Request a Demo

Originally published 05 February 2020, updated 13 May 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).