Sanction Screening 101: Why and How

Governments and international organizations use economic sanctions to penalize illicit actors, change targets’ behavior and prevent defined illicit activities. Sanctions lists continue to grow as countries rely on sanctions to disincentivize bad actors. Individuals and entities are required to comply with sanctions regimes implemented by authorities to avoid fines, civil or criminal action and reputational damage.

This article specifically addresses sanctions screening requirements. Compliance best practices include screening PEPs and other watchlists simultaneously with sanctions depending on a firm's risk profile and use case.

How Are Sanctions Used? 

Sanctions take several forms including: asset freezes, embargoes, bans on short or long term loans and trade restrictions. Further, sectoral sanctions localized ban on activities or investment from certain sectors. The most common sanctions are list-based targeted sanctions that forbid interactions with a specified party. Parties can be individuals, entities, vessels, aircraft, crypto addresses or countries.

In response to Russia’s invasion of Ukraine, for example, the United States and European allies froze the assets of Russian oligarchs, including steel magnate Oleg Deripaska. The US, EU, UK, and others also sanctioned Alrosa, a Russian state-owned diamond mining company. 

Over the last two decades sanctions have become an increasingly popular foreign policy tool in the US and globally. The United States Office of Foreign Assets Control (OFAC) has increased sanctions use by over 1300% since 2000. In the European Union alone, more than thirty autonomous sanctions programs include over 4,300 entities and individuals combined.

The Importance of Sanctions Screening

The increasing prevalence and influence of sanctions necessitate streamlined screening processes. Over 40 countries maintain autonomous sanctions regimes, with many also enforcing UN sanctions. This diversity often results in conflicting sanctions due to varied policies and goals. For instance, reciprocal sanctions exist between the United States and countries like China, Russia, and Iran. The expansion of global sanctions regimes underscores the need for clear best practices in sanctions screening.

Thus far in 2023, the Office of Foreign Assets Control (OFAC) has issued enforcement actions totaling $564 million in penalties. Sanction screening is crucial for avoiding civil and criminal liabilities and meeting KYC (Know Your Customer), and AML (Anti-Money Laundering) regulations. Traditionally, KYC and AML focused on financial institutions due to their vulnerability to money laundering, fraud, or terrorist financing, but requirements have expanded to other industries and global supply chains, and sanctions compliance is increasingly an imperative for crypto companies and others in decentralized finance (DeFi).

To avoid penalties businesses should consistently compare their client and financial activities against multiple sanctions lists throughout the screening process. Screening entails cross-referencing individuals, entities, and companies with government watchlists like OFAC’s Specially Designated Nationals And Blocked Persons (SDN) List to assess risks associated with entities and individuals. Given the increasing number of global sanctions and the frequent list updates, thorough screening is crucial for ensuring compliance.

Developing a Sanction Screening Strategy

To develop a compliance strategy organizations must know when to screen, which lists are relevant, what information to screen, and select an appropriate screening method.

When is Sanction Screening Necessary?

Screening should happen:

1. Before formalizing a business relationship with a client, vendor, partner, employee (and then daily)

2. For all transactions and payments

Combining sanctions screening with KYC checks is crucial for customer onboarding and maintaining vendor management and customer relationship management systems. Local regulations might also stipulate intervals for existing customers, suppliers, or other counterparties for re-screening. For financial institutions and fintechs that process transactions, screening mandates may extend to real-time screening on transactions, including checking originators and beneficiaries.

Determining Relevant Lists for Sanction Screening

Organizations must comply with sanctions in their country of operation and with foreign sanctions regimes when engaging in international trade or processing transactions abroad. To ensure extensive coverage, most organizations screen against “The Big Four” sanctions lists:

UN Sanctions: Mandatory for all 193 UN member states.

The US OFAC SDN List: Essential for all US citizens and entities, extending globally due to the prevalence of US dollars in global trade and finance. Compliance is also crucial for entities with US affiliates or utilizing US services.

EU Sanctions: Binding for all citizens and corporate entities within the 27 EU member states.

UK Sanctions: Compliance is required for UK citizens and entities, including foreign branches established under UK law, as they are subject to the HM Treasury OFSI sanctions.

For example, a France-based company must comply with French, EU, and UN sanctions due to France’s autonomous sanctions regime and its position as an EU member state implementing both EU and UN sanctions. If the company conducts business in the US or deals in US dollars, adherence to US OFAC sanctions becomes equally imperative, requiring diligent screening of customers and suppliers.

Necessary Identifying Information for Sanction Screening

Verifying and evaluating the risk associated with customers and counterparties relies heavily on the quality of the identifying information collected to conduct the screening. A thorough screening should encompass:

• Names: Include the legal names of individuals, companies, or other legal entities and vessels involved to ascertain their legitimacy.

• Date of Birth: Whenever possible, dates of birth are crucial for enhancing screening accuracy, particularly for commonplace names, and minimizing false positives.

• Location: Accurate addresses comprising street address, city, province, and country are pivotal for verifying the identity of the counterparty involved.

• ID Details: Government-issued IDs like passport numbers for individuals and business registration or tax numbers for entities serve as unique identifiers, crucial for enhancing the accuracy of the screening and reducing the incidence of false positives.

By integrating these identifiers, organizations can refine screening processes to ensure optimal compliance with regulatory mandates, and mitigate legal and financial risks.

Selecting an Appropriate Sanction Screening Method for your Organization

A company’s screening method is largely influenced by screening volume and frequency. Organizations will generally leverage a third-party data provider using one of three screening approaches:

• Individual or Batch Searches: Inputting names individually into an online search platform manually or uploading batch files to simultaneously screen multiple names.

• Automated API Screening: Employing an API for automated and continuous name screening.

• Bulk Data Integration: Incorporating bulk sanctions data through regularly updated watchlist files into existing operational systems.

Matches found during the screening process should be addressed immediately and any transaction between an organization and a sanctioned entity must be blocked or rejected. All US businesses must report rejected transactions to OFAC within 10 days where “engaging in the transaction” would violate OFAC sanctions. Reporting matches in a timely manner avoids further involvement with sanctioned parties and helps organizations avoid costly non-compliance penalties.

Challenges in Sanctions Screening

Organizations often grapple with balancing under and over screening. Each has its inherent risks and consequences, and finding equilibrium is necessary for optimizing resource allocation. Under-screening may lead to overlooking sanctioned entities, resulting in unlawful transactions and significant penalties due to false negatives. This inadequacy in screening necessitates rigorous measures to ensure no sanctioned parties are inadvertently omitted. Conversely, over-screening generates false positives and identifies non-sanctioned entities as potential risks. This necessitates additional efforts and resources to validate the entities' statuses, ensuring accurate and reliable compliance.

An accurate data source is instrumental in balancing screening quality. It offers precise and detailed information on subjects, enabling organizations to rely on the screening process's results and ensuring enhanced compliance. The discrepancies in the sanctions data released by various sanctioning bodies present another layer of complexity. Varying details across lists necessitate a diligent and cautious approach to transactions.

Sanctions Screening Solutions with Castellum.AI

Castellum.AI automates compliance screening by providing watchlist screening solutions across an online platform, API, and bulk data.

Castellum.AI obtains global sanctions information directly from authorities issuing sanctions, and then proceeds to standardize, clean and enrich the data, extracting key information like IDs and addresses from text blobs. Castellum.AI enriches as many as fifteen separate items per entry. 

The database consists of over 1,000 watchlists, covering over 200 countries and eight different categories (sanctions, export control, law enforcement most wanted, contract debarment, politically exposed persons, regulatory enforcement, delisted, and elevated risk). Castellum.AI checks for watchlist updates every five minutes directly from issuing authorities.