One missed name on a sanctions list can end careers, trigger nine-figure fines, and freeze a bank’s ability to clear US dollars. Yet sanctions risk is not just a banking problem. Fintechs, exporters, shipping firms, insurers, crypto exchanges, and even law firms now sit squarely inside the enforcement perimeter. The discipline that keeps them out of trouble is sanctions screening.
This guide explains how a modern sanctions compliance program works end to end, from the OFAC SDN list and EU consolidated list to fuzzy matching, alert handling, and governance. If you build, run, or audit a screening function, the playbook below covers the architecture, controls, and best practices that hold up under regulator scrutiny.
What Is Sanctions Screening?
Sanctions screening is the process of comparing customers, counterparties, transactions, and related data points against official watchlists of sanctioned individuals, entities, vessels, aircraft, and jurisdictions. Its goal is to prevent regulated firms from doing business with parties prohibited by law.
Screening happens at multiple touchpoints across the customer lifecycle. It starts at onboarding, continues through ongoing monitoring, and is repeated for every payment, trade, or transaction that crosses a control point. A robust programme treats screening not as a single event but as a continuous, layered control.
What Gets Screened
- Customers and beneficial owners: individuals, legal entities, and the natural persons who ultimately control them.
- Counterparties: payment originators, beneficiaries, intermediaries, and trade partners on both sides of a deal.
- Transactions: payment instructions, SWIFT messages, trade finance documents, and free-text fields.
- Related data: vessels, aircraft, ports, BIC codes, addresses, and goods descriptions in trade transactions.
- Internal records: employees, vendors, contractors, and third-party providers, especially in higher-risk roles.
The Major Sanctions Lists You Must Screen Against
A serious sanctions compliance program screens against multiple sources, not just one. The reach of each regime depends on the firm’s nexus to the issuing authority, but most multinational firms apply a layered approach.
| Authority | Key List | Scope |
|---|---|---|
| US Treasury OFAC | SDN List, Sectoral Sanctions Identifications, Non-SDN lists | Global reach via US dollar clearing and US person rules |
| European Union | EU Consolidated Financial Sanctions List | All EU member states; binding on EU persons and entities |
| United Nations | UN Security Council Consolidated List | Mandatory for all UN member states |
| United Kingdom | OFSI Consolidated List | UK persons and entities, post-Brexit autonomous regime |
| Switzerland | SECO list | Swiss persons and entities |
| Other national lists | Canada, Australia, Japan, Singapore, UAE | Country-specific, often aligned with UN and OFAC |
The OFAC SDN List in Focus
The Specially Designated Nationals and Blocked Persons List, or SDN List, is the most consequential single source. Anyone listed has their US assets blocked, and US persons are prohibited from dealing with them. Because US dollar clearing flows through US correspondent banks, the SDN list effectively reaches any institution that touches the dollar.
The list includes individuals, entities, vessels, and aircraft, with a wide range of identifiers such as aliases, dates of birth, passport numbers, and addresses. Screening engines must handle all these data points and the constant updates OFAC publishes throughout the year.
How a Sanctions Screening Engine Works
Modern watchlist screening engines are far more sophisticated than the simple keyword match many regulators inspected a decade ago. The architecture below is now industry standard.
- Data ingestion: list vendors deliver consolidated, deduplicated lists with metadata, refreshed multiple times daily.
- Normalisation: names, addresses, and identifiers are cleansed, transliterated, and standardised for consistent comparison.
- Matching: customer and transaction data is compared against the lists using exact, phonetic, and fuzzy algorithms.
- Scoring: each potential match is scored, and rules decide which scores trigger alerts.
- Alert generation: alerts above the threshold are routed to investigators with full context.
- Disposition: investigators confirm true matches, dismiss false positives, and document the rationale.
- Escalation and reporting: confirmed matches are blocked, frozen, and reported to the relevant authority within statutory deadlines.
- Tuning and feedback: outcomes feed back into thresholds, rules, and models to improve accuracy over time.
Matching Techniques That Matter
- Exact match: simple equality on names or identifiers, fast but brittle against typos and aliases.
- Phonetic match: algorithms such as Soundex and Metaphone catch sound-alike names across spellings.
- Fuzzy match: edit-distance algorithms such as Levenshtein and Jaro-Winkler tolerate typos, missing letters, and word order changes.
- Token-based match: name segments are compared individually to handle reordering and missing tokens.
- Contextual match: combines name with date of birth, nationality, address, or identifiers to lift confidence and cut false positives.
Building a Sanctions Compliance Program: Step-by-Step
- Define the regulatory perimeter: identify every regime that applies based on geography, currency, customers, products, and corporate structure.
- Adopt a written policy that codifies risk appetite, list coverage, screening points, escalation, and governance.
- Choose your list sources: combine official lists with a reputable vendor that adds derivative entities, ownership data, and PEP overlays.
- Map all screening touchpoints: onboarding, periodic refresh, transaction screening, trade finance, and internal records.
- Configure matching algorithms with documented thresholds for each touchpoint, supported by tuning and validation.
- Stand up an alert investigation workflow, including queues, SLAs, decisioning templates, and audit trails.
- Implement escalation paths for true matches, ownership-based hits, and 50 percent rule cases.
- Train staff on sanctions law, list interpretation, common evasion typologies, and how to handle alerts.
- Run model validation annually, covering data quality, threshold tuning, fuzzy logic, and effectiveness testing.
- Report to senior management with metrics on volumes, hit rates, false positive ratios, and remediation actions.
The OFAC 50 Percent Rule
The OFAC 50 percent rule extends sanctions to any entity owned 50 percent or more, directly or indirectly, individually or in aggregate, by one or more blocked persons. The entity does not need to appear on the SDN list to be blocked. This rule is a frequent source of unexpected hits.
Screening engines therefore cannot stop at the entity in front of them. They must trace the ownership chain, aggregate stakes held by multiple SDNs, and flag entities that breach the threshold even when they look clean on the surface. This is why integrated UBO and ownership data is central to a modern sanctions programme.
Real-World Use Cases
Banking and Payments
A correspondent bank screens every SWIFT MT103 in real time against OFAC, EU, UK, and UN lists. Payments hitting potential matches are held automatically until an investigator clears them, with strict SLAs to avoid breaking the payment cycle.
Trade Finance
A trade finance team screens letters of credit, bills of lading, vessels, ports, and goods descriptions. Vessel screening is critical for catching deceptive shipping practices such as flag hopping and AIS spoofing used to evade Russia, Iran, and North Korea sanctions.
Crypto and Digital Assets
A virtual asset service provider screens wallet addresses against OFAC’s SDN list of crypto wallets, integrates blockchain analytics to trace exposure to mixers or sanctioned protocols, and blocks transactions that breach risk thresholds.
Insurance
An insurer screens policyholders, beneficiaries, claimants, and brokers, with extra focus on marine and aviation lines, where vessel and aircraft sanctions exposure is highest.
Exporters and Manufacturers
An exporter screens end customers, distributors, and freight forwarders against trade lists such as the US Entity List and EU dual-use controls, integrating sanctions checks into ERP and order-management systems.
Sanctions Evasion Red Flags
- Last-minute changes to payment beneficiaries or routing instructions.
- Use of intermediary jurisdictions with no clear commercial logic.
- Shell companies, nominees, and opaque ownership structures.
- Vessels turning off AIS transponders or repeatedly changing flags.
- Goods descriptions that are vague, generic, or inconsistent with shipping documents.
- Unusual payment terms, such as cash, prepayment, or non-standard financial instruments.
- Counterparties recently incorporated, with no online footprint or trading history.
- Inconsistencies between customer-declared activity and observed transaction patterns.
- Goods being shipped to or transhipped through high-risk jurisdictions.
- Sudden surge in volume from a previously low-activity customer.
False Positives: The Operational Reality
Common names, language variants, and overlapping aliases mean that for every true sanctions hit, screening engines typically generate hundreds or thousands of false positives. Managing this noise without missing a real match is the central operational challenge.
| Driver of False Positives | Mitigation |
|---|---|
| Common names with no other context | Score down on partial matches, require secondary identifiers |
| Different transliterations of the same name | Normalise scripts, use phonetic and language-aware matching |
| Outdated or removed list entries | Frequent list refresh, vendor delisting feeds |
| Free-text payment fields | Tokenise, segment, and contextualise matches |
| Overly broad fuzzy thresholds | Tune by customer segment and risk, validate annually |
Benefits vs Challenges
| Benefits of a Strong Sanctions Program | Common Challenges |
|---|---|
| Avoids enforcement actions and reputational damage | High alert volumes strain investigator capacity |
| Protects access to US dollar clearing and global markets | Rapidly evolving sanctions regimes are hard to track |
| Provides clean data for AML, fraud, and credit decisions | Cross-border data privacy rules complicate screening |
| Enables faster onboarding for low-risk customers | Tuning fuzzy logic across languages and scripts is hard |
| Builds confidence with regulators, banks, and counterparties | Legacy systems may not integrate with modern engines |
Best Practices for a Bulletproof Program
- Screen at every relevant touchpoint: onboarding, refresh, payment, trade, and internal records.
- Use layered list coverage: official lists plus vendor-enriched data with derivative and ownership intelligence.
- Tune by risk and segment: do not apply a single global threshold across all customer types and channels.
- Document model decisions: thresholds, algorithms, and tuning rationale should be fully traceable for examiners.
- Integrate UBO data to satisfy the 50 percent rule and equivalent ownership-based regimes.
- Automate workflow with case management, structured disposition, and clear audit trails.
- Run periodic effectiveness tests, including known-positive injection and missed-match analysis.
- Maintain a screening calendar that mandates rescreening after every list update, not just on customer events.
- Train continuously: list updates, geopolitical shifts, and new typologies should drive refreshed training every quarter.
- Test incident response with table-top exercises that simulate true matches, freezes, and regulator notifications.
Frequently Asked Questions
What is the OFAC SDN list?
The Specially Designated Nationals and Blocked Persons List is OFAC’s primary sanctions list, naming individuals, entities, vessels, and aircraft whose property must be blocked and with whom US persons cannot deal.
Who must comply with US sanctions?
US persons, US entities, anyone in the United States, US-incorporated companies and their foreign branches, and any non-US party using US dollars or US financial systems must comply with OFAC sanctions.
What is the difference between sanctions screening and AML monitoring?
Sanctions screening compares parties and transactions against watchlists in near real time, while AML monitoring detects suspicious patterns over time. Both controls are essential and complementary, not interchangeable.
How often are sanctions lists updated?
Major lists are updated frequently, sometimes multiple times per day, particularly during geopolitical events. Screening engines must ingest updates rapidly and rescreen affected populations after each refresh.
What is the OFAC 50 percent rule?
An entity owned 50 percent or more, directly or indirectly, individually or in aggregate, by one or more blocked persons is itself blocked, even if it does not appear on the SDN list.
What is fuzzy matching?
Fuzzy matching uses algorithms that tolerate spelling variations, typos, transliterations, and word order differences, increasing the chance of catching real matches that exact match would miss.
What is a true match versus a false positive?
A true match is a confirmed hit against a sanctioned party that triggers blocking and reporting. A false positive is an alert that, after investigation, proves to be a different party with no sanctions exposure.
How are sanctions screening alerts investigated?
Investigators review the alert in context, compare additional identifiers such as date of birth and address, consult vendor and open-source data, document the rationale, and either escalate as a true match or dismiss as a false positive.
What happens when a true match is confirmed?
The transaction is blocked or rejected per the applicable rules, assets are frozen where required, and the firm files mandatory reports with the relevant authority within statutory deadlines.
Do small fintechs need a full sanctions program?
Yes. Sanctions law applies regardless of firm size. Small fintechs typically rely on cloud-based screening vendors and proportionate processes, but the obligation to screen, investigate, and report is identical to a large bank.
Can sanctions screening be automated end to end?
List ingestion, matching, alert generation, and reporting can be automated, but human judgement remains essential for alert disposition, complex ownership analysis, and incident response.
Conclusion and Key Takeaways
A bulletproof sanctions compliance program is built on three foundations: complete and current list coverage, intelligent matching at every relevant touchpoint, and disciplined investigation backed by clear governance. Get any of these wrong and the firm is one alert away from a regulatory headline.
Treat sanctions screening as an integrated control, not a siloed system. Connect it to KYC, UBO, transaction monitoring, and trade finance. Tune by risk, validate annually, and feed outcomes back into your models. The firms that excel are not those with the loudest engines, but those with the most consistent process and the cleanest documentation.
Key takeaways:
- Screen every customer, counterparty, and transaction against multiple official and enriched lists.
- The OFAC SDN list and the 50 percent rule have global reach via US dollar clearing.
- Fuzzy and contextual matching cut both missed hits and false positives when properly tuned.
- Documented governance, tuning, and validation are what regulators expect to see in examinations.
- People and process matter as much as technology: training, escalation, and incident response are non-negotiable.
Want more deep dives on sanctions, AML, and financial-crime compliance? Subscribe to the petafusion.com newsletter and get weekly analysis written for compliance leaders, sanctions officers, and fintech operators who need clarity, not jargon.
