Sanctions Screening
Sanctions screening is a compliance procedure that checks every customer, transaction partner, and beneficial owner against government sanctions lists to identify and block transactions with individuals or entities under economic sanctions. Financial institutions must perform this check at account opening, during ongoing customer due diligence, and for certain outbound payments.
The regulatory mandate
Under anti-money laundering (AML) and sanctions compliance rules, financial institutions are legally required to screen customers. In the US, the Office of Foreign Assets Control (OFAC) publishes the Specially Designated Nationals (SDN) list—thousands of individuals and entities subject to US economic sanctions. Institutions that process payments must check whether the sender, receiver, or beneficiary appears on that list. The same applies to United Nations sanctions, European sanctions, and UK sanctions lists. A match—or even a reasonable suspicion of a match—requires the institution to block the transaction and file a suspicious activity report.
Name matching and false positives
Sanctions screening is technically a name-matching problem. A customer provides “John Smith” and an address; the system queries the government list for “John Smith.” But names have variant spellings, transliteration issues (Arabic and Cyrillic characters), and common overlap. The same “Ali Mohamed” appears on sanction lists and in millions of legitimate customers. Precision matters: too strict and legitimate customers get blocked (friction); too lenient and sanctions evasion slips through (legal exposure). Most institutions use multiple-field matching (name + date of birth + nationality + address) to reduce false positives, but rates of 1–5% are typical. Each match triggers a manual review by a compliance officer.
Ongoing monitoring and beneficial ownership
Initial screening at account opening is just the start. Institutions must re-screen periodically—quarterly or annually—against updated government lists, since sanctions lists grow and change. Additionally, beneficial ownership rules require identification of the true individuals behind corporate accounts. If a customer creates a shell company and later the company’s CEO is sanctioned, the institution must detect that link and freeze the account. This ongoing surveillance is labor-intensive and increasingly automated by compliance testing software that cross-references customer records against the latest lists.
OFAC and beyond
In the United States, OFAC under the Treasury Department is the primary sanctions authority. But many large financial institutions also screen against:
- UN Sanctions Committees — Lists of entities sanctioned under resolutions.
- EU and UK lists — Particularly relevant for cross-border payments to Europe.
- Consolidated lists — Third-party aggregators combine OFAC, UN, and regional lists into a single searchable database.
A US bank processing a wire to London must check not just OFAC, but potentially UK and EU sanctions too. Multinational institutions screen against dozens of lists simultaneously.
Transaction holds and regulatory reporting
When a name matches a sanctions list, the typical workflow is:
- Auto-hold — The transaction is blocked pending review.
- Manual investigation — A compliance officer verifies whether it is a true positive (the customer really is sanctioned) or a false positive (name collision, variant spelling).
- Escalation — If likely a true positive, the institution files a “Suspicious Activity Report” (SAR) or notification to OFAC.
- Account freeze — If the customer themselves are sanctioned, the entire account is typically frozen and the customer is notified (though timing can be sensitive for enforcement reasons).
False positives lead to customer friction but are preferable to missing a true positive, which can result in fines of tens of millions of dollars, as well as criminal liability for knowing sanctions evasion.
Technology and automation
Modern sanctions screening is entirely automated. When a customer initiates a wire transfer, the system instantly queries the transaction details (names, addresses, amounts) against sanctions databases. Results come back in milliseconds. Most matches are auto-cleared as false positives (common names). True hits are escalated to human review. Some institutions use machine learning to improve matching accuracy by learning patterns in historical false positives. Advanced systems also track beneficial owners and apply sanctions screening to wire-transfer intermediaries, not just the direct parties.
Challenges and cost
Sanctions screening, while mandatory, is expensive and operationally burdensome. The compliance teams needed to review matches, maintain list feeds, and document reviews are substantial. Smaller institutions often outsource to third-party compliance vendors. The volume of false positives means significant manual review—a compliance officer might spend 70% of their time clearing false hits from “Smith” or “Mohamed” name collisions. Additionally, the geopolitical environment changes quickly; new sanctions are announced, requiring updates within hours. An institution that fails to update its screening list faces regulatory liability.
Closely related
- Anti-Money Laundering — Broader regulatory framework encompassing sanctions screening
- Customer Due Diligence — Initial and ongoing customer verification
- Know Your Customer — Identification and verification of customer identity
- Beneficial Ownership Identification — Tracing true owners of accounts
Wider context
- Financial Regulation and Supervision — Regulatory oversight of financial institutions
- Compliance Testing Regime — Audit and compliance verification procedures
- Enhanced Due Diligence — Heightened verification for high-risk customers