Sanctions screening checks every customer and payment against government lists of prohibited people, entities, vessels and jurisdictions. Unlike AML, it is largely strict-liability: process one prohibited payment and you have breached, intent or not. Here is how screening works, why false positives dominate the workload, and how to tune without missing a true hit.
AML asks "did you make a reasonable effort?" Sanctions asks "did the prohibited payment go through?" That difference shapes everything about how you build the control.
Sanctions are restrictive measures imposed by governments and multilateral bodies (the UN, EU) to achieve foreign-policy and security goals — freezing assets, prohibiting transactions, embargoing whole jurisdictions. Sanctions screening is the control that checks your customers, counterparties and payment instructions against these lists before money moves.
The crucial contrast with AML: AML is risk-based and judges your effort. Sanctions are largely strict-liability and judge your result. Process a single payment to a designated party and you have committed a breach — whether or not you intended to, and in many regimes whether or not you knew. The penalties are severe and reach individuals.
Screening therefore has to be comprehensive and continuous, not sampled. And because sanctions lists change constantly — new designations land daily, sometimes hourly during a crisis — screening is a live operational function, not a periodic check.
OFAC dominates risk calculus because of the US dollar. Almost any cross-border payment touches USD correspondent clearing at some point, giving OFAC a hook. This is why even non-US institutions screen rigorously against the SDN list — losing USD-clearing access is an extinction-level event for a bank.
| Authority | List(s) | Reach |
|---|---|---|
| OFAC (US Treasury) | SDN list, sectoral / SSI lists | Extraterritorial in practice — any USD clearing, US person, or US nexus pulls you in. The most consequential globally. |
| United Nations | UN Security Council Consolidated List | Binds all member states; transposed into national law. |
| European Union | EU Consolidated Financial Sanctions list | Binds EU persons and activity in the EU. |
| UK (OFSI) | UK Sanctions List | Post-Brexit UK regime; binds UK persons and activity. |
| National / local | e.g. SA TFS list (FIC) under the POCDATARA / UNSC framework | Local designations and the domestic transposition of UN listings. |
Matching is rarely exact. Names transliterate differently (Arabic, Cyrillic, Chinese romanisation), get misspelled, reordered, or abbreviated. So screening engines use fuzzy matching — phonetic algorithms, edit-distance, transliteration tables — tuned by a similarity threshold. Lower the threshold and you catch more variants but generate more noise; raise it and you risk missing a true hit. That trade-off is the entire craft.
At onboarding and on every list update, screen your whole customer base against the lists. List changes mean re-screening — a new designation today can turn an existing clean customer into a match overnight.
Inline, before release: screen payment-message parties (e.g. ISO 20022 / MT fields — debtor, creditor, agents, narrative) and hold any hit before funds move. Latency-sensitive and unforgiving.
The asset-freeze and no-funds-available obligation against designated persons/entities — FATF Recommendations 6 & 7. You must freeze without delay and report. This is the operational core of sanctions for a PSP.
Beyond named parties: sectoral restrictions (e.g. specific debt/equity) and jurisdiction embargoes that prohibit dealings with whole territories.
The overwhelming majority of alerts are innocent name collisions — common names, partial matches, a customer who shares a name with a designated person. Tuning, good-guy lists and secondary-identifier checks (DOB, nationality) are what keep the queue survivable.
Because sanctions are strict-liability, an un-worked real-time alert that you released is a potential breach sitting in a queue. Real-time screening must actually hold payments, and the queue must be worked at payment speed.
If your list feed lags the official source, you can clear a payment to a freshly-designated party in perfect good faith and still breach. List-update latency is a top operational risk; near-real-time ingestion of authoritative feeds is essential.
A fuzzy-match threshold chosen without testing either floods analysts or hides true hits. It must be calibrated against known-positive test sets and documented — regulators ask how you set it.
OFAC’s 50% rule sweeps in entities owned ≥50% by designated persons even if the entity itself is not listed. Without beneficial-ownership data (see KYC/CDD) you cannot see these — a major hidden-exposure source.
Sanctioned parties hide in free-text narrative, intermediary-bank fields and remittance information — not just debtor/creditor name. Field coverage gaps are a common audit finding.
Sanctions tuning is a regulated balancing act: too loose and you breach; too noisy and the team misses the real hit inside the noise. Defensibility — can you show why you set it where you did — matters as much as the setting.
Ingest directly from OFAC/UN/EU/OFSI (or a reputable list provider with a tight SLA). Measure list-update latency as a KPI. This is the cheapest, highest-value control you have.
Maintain known-positive and known-negative test populations; tune the fuzzy threshold against them; document the rationale and re-test after every engine or list change.
DOB, nationality, full address and ID numbers collapse false positives. The richer your KYC data, the cheaper your screening operation — the two controls compound.
"Good-guy" lists cut repeat false positives but must be governed (reviewed, re-tested on list changes) or they become the hole a real hit slips through.
USD-clearing dependence makes OFAC the binding constraint even for purely regional flows. Screen TFS lists per the FIC framework and OFAC/UN. Losing a correspondent over a sanctions lapse is far costlier than the screening.
OFAC settlements run to eight and nine figures; beyond the fine, a designation or loss of USD clearing can end an institution. There is no "risk appetite" for processing a sanctioned payment — the appetite is zero.