Effective Sanctions Screening: Best Practices for Preventing Financial Crime (2025)

In March 2023, the US Federal Reserve and Treasury fined Wells Fargo bank $97,8 million for violating US sanctions regulations. And just recently, in December 2024, Aiotec GmbH, a Germany-headquartered company, agreed to pay $14,550,000 to settle violations of OFAC sanctions on Iran.

With penalties for sanctions violations well into the millions, sanction screening is essential for any company seeking to ensure compliance. The process aims to detect, prevent, and manage risks related to financial crimes by checking individuals and/or entities against national and international sanctions lists. Sanctions screening is also a key component of AML/CFT compliance regulation.

However, surveys including the 2022 Thomson Reuters Anti-Money Laundering Insights show that sanctions screening is a great challenge for many businesses.

Let’s explore what sanction lists are, the types of sanctions out there, who needs to conduct regular screening, and also how to do it effectively.

What is sanctions screening?

Sanctions screening is the process of verifying individuals, entities, or transactions against official lists of sanctioned parties issued by governments or international organizations.

These sanctions usually involve measures such as financial transaction restrictions, travel bans, and asset freezes, and are typically imposed by governments or international bodies like the United Nations and the European Union. They target countries, companies, or individuals involved in activities such as terrorist financing, money laundering, or human rights abuses and violations. The goal is to ensure compliance with laws that prohibit business dealings with sanctioned entities. Screening typically involves matching names, addresses, or other identifying details against various sanctions lists. It is often carried out by financial institutions, corporations, or government agencies to prevent illegal financial transactions.

How does sanctions screening work?

Sanctions screening works by comparing data, such as names, addresses, or other identifying information, against lists of sanctioned individuals, entities, or countries. These lists are maintained by governments or international bodies, such as the US Office of Foreign Assets Control (OFAC), the EU, or the UN. The screening process begins with collecting customer or transaction data and inputting it into a sanctions screening system. This system uses algorithms to identify potential matches between the provided data and entries on the sanctions lists.

Potential matches are flagged as “hits” and require further review to confirm whether they are genuine (true positive) or not (false positive). To reduce false positives, organizations use techniques like fuzzy matching to account for variations in spelling, names, and aliases. Once a true match is confirmed, the transaction is typically blocked, and the suspicion on the entity, organization or individual is reported to the designated person (usually the Compliance/AML officer) by the involved staff member and subsequently the designated person reports to the regulatory authorities. Screening can be applied in various contexts, such as onboarding customers, processing payments, or engaging new suppliers. Automated tools, often integrated with compliance systems, streamline the process, but human oversight is critical for accurate decision-making.

What is a sanction list?

Sanction lists are created by governments or international organizations. They can  include persons, jurisdictions, legal entities, or groups which violate international law or conduct illegal activity such as drug or human trafficking, or are suspected for being involved in terrorist activity—including terrorist financing, proliferation of weapons of mass destruction, and more.

Businesses need to follow sanctions regimes, and are therefore required to screen customers (individuals and legal entities), beneficiaries, and other related persons such as close associates or family members in cases specified by law. Here’s when:

• Prior to onboarding new customers and establishing a business relationship
• Upon KYC reviews or changes to a customer’s information
• Before processing any transaction i.e. accepting a deposit 
• Upon any updates to national and/or international sanctions lists
• When a client is flagged as high-risk, for example due to suspicious behavior.

Conducting business with a sanctioned person or organization may result in serious consequences for a business, such as:

• Security breaches
• Regulatory fines
• Legal action, e.g. imprisonment
• Reputational damage

Other actions, depending on the jurisdiction, e.g. in the UAE it may be banning the violator from working in the sector related to the violation for the period determined by the Supervisory Authority, or license revocation.

Types of sanctions

The subject of sanctions can vary based on different factors. Some sanctions are aimed at entire jurisdictions (i.e. UN sanctions against North Korea), while others are more targeted (EU sanctions against Hurras al-Din, a Syria-based al-Qaeda affiliated group). There are also sanctions against specific individuals and entities, such as those on the US Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List. 

Sanctions also differ by sector. For example, EU restrictive measures in view of Russia’s invasion of Ukraine impose restrictions on the following sectors: 

• Financial sector (e.g., disconnecting key Russian banks from SWIFT)
• Energy sector (e.g., bans on Russian coal and other solid fossil fuels)
• Airspace, maritime and road transport (e.g., a ban on export, sale, supply or transfer of all aircraft, aircraft parts and equipment, along with goods used in the aviation sector to Russia; closure of EU airspace to all Russian-owned, registered or controlled aircraft, including private jets of oligarchs)
• Arms embargo ( a prohibition on selling, supplying, transferring or exporting arms and related materiel of all types to Russia; export bans on civilian firearms)
• Trade restrictions and bans on goods including iron, steel, coal, cement, bitumen and asphalt, carbon and synthetic rubber, seafood, Russian-origin gold and other luxury goods.

Sanctions can also be categorized based on the authority that imposed them:

1. National / government, sanctions. States can impose  both sectoral sanctions and targeted sanctions (lists maintained by individual countries, which include persons or entities subject to sanctions for illegal activities, e.g. terrorist financing). 

Here are some country examples of targeted sanctions : 

• The US Treasury Department’s Office of Foreign Assets Control (OFAC) list
• United Kingdom HM Treasury Office of Financial Sanctions Implementation Consolidated List
• DFAT Australia Consolidated Sanctions List
• Sanctions Financieres Internationales of Luxembourg 

2. International sanctions. There can also be sanctions imposed by international organizations, such as the United Nations and the European Union. These can target persons, organizations or countries that pose a threat to international peace and security.

Here are some examples of international sanctions:

• The UN Security Council’s sanctions list, which target individuals or entities associated with weapons proliferation, terrorism, or human rights abuses
• Consolidated list of persons, groups and entities subject to EU financial sanctions

More information about the EU sanctions regime can be found on this map. 

Suggested read: Understanding the FATF Black and Grey Lists in 2024

Which businesses should conduct sanctions screening?

In general, all businesses in all sectors should pay close attention to sanctions regimes and have adequate controls in place. Historically, finance has been the primary industry under regulatory scrutiny for sanctions compliance, but now other industries are also under the radar.

As a rule, the following types of businesses should conduct regular sanctions screening against targeted sanctions (including as a part of AML/CFT compliance):

1. Financial institutions (FIs)
2. Designated Non-Financial Businesses and Professions (DNFBPs):

• Casinos
• Real estate agents
• Dealers in precious metals
• Dealers in precious stones
• Lawyers, notaries, other independent legal professionals and accountants, and 
• Trust and Company Service Providers.

3. Virtual assets service providers (VASPs).

Suggested read: Crypto KYC Guide: How Virtual Assets Are Regulated

What should a business do to comply with AML regulations?

To comply with a targeted sanction regime, businesses should usually conduct the following procedures:

1. Screen all customers, related persons, and transactions. Businesses should check individuals, groups, or legal entities against designated sanction lists where they operate. The currencies traded in should also be checked, along with the  partners of the relevant client. This can take the form of a manual check (i.e. inputting a name into an online search tool), a database check, or an automated screening process of customer  and stakeholder databases on an ongoing basis.

• Conduct analysis to determine matches, true positives, false positives, and more. This is to compare potentially matching data from various sanction lists against applicant profiles to establish an exact match.

If a potential match is identified during sanctions screening, the institution should conduct further due diligence measures to verify if the match is accurate. If there’s a true positive match, the institution should determine which action needs to be taken. Here are some actions that can be taken:

• limiting services to the client 
• freezing assets
• reporting to regulatory authorities.

Choosing the right sanctions screening tool: Challenges and solutions

Sanctions screening is a challenging process for many businesses. The main problems companies face are:

1. Large amounts of data. Sanctions screening involves processing and analyzing large amounts of information, including customer names, transactions, transaction types, and more. This can make it hard to accurately identify potential matches and can result in false positives, which can be difficult to resolve.
2. Language-related complexity. Sanction lists can be complex and may include various alternate spellings, aliases, alphabets, abbreviations and other factors that make it harder to identify sanctioned individuals and organizations. This can lead to false negatives, which can put businesses at risk of sanctions violations. 
3. Limited resources. Businesses may not have enough resources to conduct regular sanctions screening, especially if they do it manually. 
4. Increased regulatory scrutiny.

Sanctions lists can change frequently, even on a daily basis, and regulators are paying extra attention to how accountable institutions comply with sanctions regimes. They are also increasing their expectations around how quickly institutions should implement sanctions changes into their operations.

Solutions:

1. Find a reliable service provider that has a large database of sanctions and AML lists, which are screened automatically.
2. Conduct ongoing monitoring using a reliable solution to immediately get alerted to potential matches. 
3. Get an automated screening tool with “fuzzy matching” algorithms. This is an effective screening system which relies on both exact and inexact name matching for accurate identification, as bad actors often transpose names and other data trying to conceal their true identity.
4. Conduct employee awareness training. Businesses should provide ongoing training for all new employees in relevant departments and annual training for existing staff, particularly when there are legal or regulatory updates. This ensures employees stay up-to-date on the latest sanctions lists, the bodies issuing them, and best practices for sanctions compliance.

FAQ

• What is a sanction list?

  Sanctions lists are lists of individuals and entities subject to restrictive measures under international and/or domestic sanctions regimes.

• Why is sanctions screening important?

  Sanctions screening is important, because it ensures compliance with legal and regulatory requirements, it prevents financial crime, and protects organizations from financial penalties, license suspensions and reputational harm.

• What is sanction screening in money laundering?

  Sanction screening in money laundering involves identifying and preventing transactions or relationships involving sanctioned individuals or entities to disrupt illicit financial activities.

• What is employee sanction screening?

  Employee sanction screening involves checking current or potential employees against sanctions lists to ensure compliance and avoid hiring individuals barred from specific roles or industries.

• What is a sanctions check?

  A sanctions check is the process of verifying whether a person, company, or jurisdiction appears on a government or international sanctions list.