Effective Sanctions Screening: Step by Step

What is sanctions screening?

Why is sanctions screening required?

Case studies of companies fined by regulatory authorities

What are the sanctions screening requirements?

Which sanctions lists should you screen against and where do you find the data sources?

Setting up a sanctions screening program

Challenges to sanctions screening

With the increasing complexity and scope of international sanctions, companies need to ensure they have effective sanctions screening processes in place to avoid significant legal and financial repercussions of money laundering and terrorist financing. 

However, many businesses struggle with understanding the requirements and challenges of managing sanctions screening and sanctions risk. With different sanctions screening lists to consider, varied regulations to comply with, and the potential for significant financial costs and penalties, businesses are in search of guidance to navigate this complex process. 

This comprehensive guide to sanctions screening provides best practices to ensure your business remains compliant. It covers the regulatory landscape, the importance, requirements, and challenges of sanctions screening and best practices for implementing a sanctions screening program. By the end, you will have a better understanding of how to effectively manage the complexities of sanctions screening and protect your business from financial crime. 

What is sanctions screening?

Sanctions screening is the process of screening individuals and entities against lists of sanctioned parties. Sanctions screening lists are compiled and maintained by governments and international organizations, such as the United States’ Office of Foreign Assets Control (OFAC), the United Kingdom’s Office of Financial Sanctions Implementation (OFSI), the European Union’s Consolidated List of Person, Groups and Entities Subject to EU Financial Sanctions, and the United Nations’ Security Council Consolidated List. These lists identify individuals, companies, and organizations that are subject to sanctions for a variety of reasons, such as involvement in war, money laundering, terrorism, narcotics trafficking, human rights abuses, and weapons proliferation. 

Why is sanctions screening required?

Sanctions screening is a necessary control to prevent illicit transactions by prohibited entities or individuals seeking access to the financial system. It is required by law in many countries, including the US, Canada, the UK, and the EU to name a few. Failure to comply with sanctions regulations can result in significant financial, legal, and reputational risks for businesses. Penalties for non-compliance can include fines, and in the most severe cases, can lead to loss of business licenses and even criminal charges. 

Case studies of companies fined by regulatory authorities

TD Bank: In October 2024, TD Bank was fined $3.09 billion for major anti-money laundering (AML) and sanctions violations. The bank allowed sanctioned individuals to move funds undetected, failed to block suspicious transactions, and neglected to report thousands of activities tied to high-risk entities. These lapses enabled over $670 million in illicit funds—some linked to drug trafficking—to flow through the system. 

Binance: In November 2023, OFAC fined the world’s largest virtual currency exchange $4.3 billion for violating the Bank Secrecy Act (BSA) and multiple sanctions programs. It failed to stop or report transactions involving terrorists, ransomware attackers, and sanctioned jurisdictions—including Iran, North Korea, Syria, and Crimea—while allowing US users to trade with blacklisted entities.  

Microsoft: In April 2023, Microsoft was fined $2.98 million for exporting services and software from the US to sanctioned jurisdictions and Specially Designated Nationals (SDNs) in violation of OFAC’s Cuba, Iran, Syria, and Ukraine/Russia-related sanctions program. By not identifying end users, OFAC found Microsoft to have failed to prevent the use of its products by sanctioned parties.

BitPay, Inc.: In 2021, BitPay, Inc., a bitcoin payment processor based in the US, was fined $507,375 by OFAC for more than 2100 apparent violations of multiple sanctions programs. OFAC found BitPay had processed digital currency transactions on behalf of individuals in sanctioned jurisdictions, including Cuba, North Korea, Iran, Sudan, and Syria, among others. 

Standard Chartered Bank: In 2019, the FCA fined Standard Chartered Bank £102,163,200 for failures in its AML controls and sanctions screening processes. The FCA found Standard Chartered failed to adequately identify and manage the risks associated with customers who may have been involved in sanctioned countries, including Iran, Syria, and Zimbabwe. 

Société Générale: In 2018, Société Générale S.A. was fined nearly $54 million by OFAC for violating US sanctions against Cuba, Iran, and Sudan. OFAC found Société Générale had processed transactions on behalf of sanctioned parties and had failed to implement adequate sanctions compliance policies and procedures.

These examples highlight the importance of effective sanctions screening processes and the serious consequences of non-compliance with sanctions requirements. Companies that operate in multiple jurisdictions must ensure they have effective sanctions screening processes in place that address local and global regulations to avoid legal and financial repercussions. 

What are the sanctions screening requirements?

Businesses are prohibited from conducting business with sanctioned individuals and entities. As such, they are required to screen all customers, vendors, ultimate beneficial owners (UBOs), employees, and other entities they do business with against certain government-maintained sanctions lists, depending on the jurisdiction(s) in which they operate. Sanctions screening, sometimes referred to as name screening, should be conducted during the Know Your Customer (KYC) onboarding process and on a regular basis, and must be documented to ensure compliance. 

In addition, businesses should screen financial transactions for potential sanctions violations, such as payments, loans, and the exchange of goods or services. In addition to screening the sender and recipient of a transaction, businesses must also screen any intermediaries involved in the transaction to ensure they are not subject to sanctions. This process is known as transaction screening or payment screening. 

Which sanctions lists should you screen against and where do you find the data sources? 

To adhere to sanctions regulations, businesses must conduct screenings against all pertinent global sanctions lists and watchlists in all jurisdictions where they conduct operations. It is essential to note that if a business conducts transactions in the US dollar, it falls under US jurisdiction and thus must comply with US sanctions regulations.

For example: 

• In the United States, the primary sanctions list is the Specially Designated Nationals and Blocked Persons List (SDN) provided by the Office of Foreign Assets Control (OFAC). Other relevant lists include the US Department of Commerce’s Bureau of Industry and Security (BIS) Entity List (EL), Denied Persons List (DPL), and Unverified List (UVL). 

• In the European Union, the primary list is the Consolidated List of Sanctions, maintained by the Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA).

• In the United Kingdom, the primary list is the Consolidated List of Financial Sanctions Targets, maintained by the Office of Financial Sanctions Implementation within HM treasury.

• In Canada, the primary list is the Consolidated Canadian Autonomous Sanctions List, published by the Government of Canada.

It is also recommended for businesses to screen against the United Nations Security Council Consolidated List and other lists relevant to their region or industry.

Sanctions list data is typically available on government websites and from data providers like Dow Jones and World-Check. It is crucial to keep up to date with changes to sanctions lists, as newly sanctioned entities are added and removed on a regular basis to avoid any sanctions screening challenges. 

Setting up a sanctions screening program

Setting up a sanctions screening program involves several steps, including: 

1. Determine your sanctions risks and obligations: Identify the risk associated with your business and the sanctions lists relevant to your business based on the jurisdictions in which you operate. Seek guidance from industry experts.

2. Choosing sanctions screening software: Select reliable and efficient AML sanction screening software that can handle all your data and scale as your needs grow.

3. Customizing your sanctions compliance and screening program: Tailor your internal controls and procedures as well as your sanctions screening tools and configurations to effectively identify and manage sanctions risks.

4. Integrating the software: Connect the sanctions screening software with your existing systems and workflows to ensure a smooth and efficient process.

5. Training your staff: Provide training to employees on how to use the screening software and make sure they understand the importance of sanctions compliance.

6. Regularly screening against sanctions lists: Conduct sanctions screening during onboarding and on an ongoing basis for all customers, vendors, and other entities your business interacts with.

7. Keeping up to date with changes: Stay informed of any changes or updates to sanctions lists and adjust your screening program accordingly.

8. Monitoring and evaluating your program’s effectiveness: Establish procedures for monitoring and evaluating the effectiveness of your sanctions program and ensure it is scalable and can adapt to changes in your business or the regulatory environment. 

In addition, we suggest you consider OFAC’s Compliance Commitments Framework

Challenges to sanctions screening

Sanctions screening can be a challenging process for businesses due to various factors that can impact its effectiveness. Some common sanctions screening challenges include: 

• Data quality: The quality of the data used in sanctions screening can impact the accuracy of results. Poor data quality can result in false negatives (missing a true hit) and false positives, resulting in inefficiency and exposing the business to the risk of hefty fines.

• Volume of data: Businesses with large customer bases and high transaction volumes may find it challenging to process a significant amount of customer data quickly.

• Keeping sanctions data up to date: Sanctions lists are regularly updated, and businesses must keep their screening systems current to identify new risks.

• Resources: Establishing a comprehensive sanctions screening program requires a significant investment in personnel, time, and funds.

• Staying current with regulations: Global sanctions regulations and requirements can vary across different jurisdictions, making it challenging for businesses to stay up to date and avoid potential violations.

Addressing these challenges requires financial institutions and other businesses to implement the appropriate tools and processes, such as high-quality data management, advanced screening algorithms, and regular updates to sanctions lists, to ensure sanction screening best practices. Additionally, businesses must establish clear compliance procedures, including record-keeping, escalation workflows, and the use of case management tools to ensure sanctions screening processes are carried out effectively and efficiently.