Shufti-Sphere-Website-Banner
burger-menu cross-icon-2

Resources

us

216.73.216.200

Sanctions Screening: What It Is and How It Works in AML

sanctions screening

KEY TAKEAWAYS

  • Sanctions screening checks customers, transactions, and counterparties against government and international sanctions lists to block dealings with prohibited parties. It is a core AML control.

  • Core lists include OFAC (US), the EU consolidated list, the UN Security Council list, and HMT/OFSI (UK), plus other regimes depending on the market.

  • It runs at onboarding and continuously afterwards, because sanctions designations change constantly.

  • It is distinct from transaction monitoring: screening checks identity, monitoring checks behaviour.

  • It is a legal requirement in most regulated sectors, driven by FATF standards and enforced by bodies such as OFAC and OFSI.

Every regulated business is expected to know exactly who it is dealing with. Sanctions screening is the control that answers that question against official prohibition lists. Miss a sanctioned party and the consequences are not just reputational: they include enforcement penalties, frozen relationships, and, in strict jurisdictions, liability even where the breach was unintentional.

This guide explains what sanctions screening is, which lists it covers, how the process works end to end, and why AML regulations require it. It is written for compliance and risk teams who need a clear, accurate reference rather than a sales pitch.

What is sanctions screening and why does it matter?

Sanctions screening compares the people and organisations you interact with against lists of parties that governments and international bodies have restricted or prohibited. These parties can be individuals, companies, vessels, or entire jurisdictions. When a name, date of birth, or identifier matches an entry on a list, the relationship is flagged for review before any business proceeds.

It matters for three reasons:

  • Legal exposure. Dealing with a sanctioned party can breach financial-crime law regardless of intent.

  • Financial risk. Enforcement penalties, blocked funds, and remediation costs can be severe.

  • National-security and ethical duty. Sanctions regimes exist to restrict terrorism financing, proliferation, human-rights abuses, and organised crime. Screening is how private businesses support those objectives.

Within an AML programme, sanctions screening sits alongside customer due diligence (CDD), politically exposed person (PEP) checks, and transaction monitoring. It is one of the first controls applied at onboarding and one of the few that must run continuously afterwards.

Which sanctions lists does screening cover?

There is no single global list. A robust programme screens against the major regimes that apply to its markets and, in practice, a wider set of national and regional lists. The core lists most compliance teams reference are:

  • OFAC (United States). The Office of Foreign Assets Control publishes the Specially Designated Nationals (SDN) list and other consolidated lists. OFAC operates on a strict-liability basis, so a violation can occur even without knowledge or intent.

  • EU consolidated list. The European Union maintains a consolidated list of persons, groups, and entities subject to financial restrictions across member states.

  • UN Security Council. The UN Consolidated List reflects sanctions adopted by the Security Council and is implemented by member states worldwide.

  • HMT / OFSI (United Kingdom). HM Treasury, through the Office of Financial Sanctions Implementation, publishes the UK Sanctions List and the consolidated list of asset-freeze targets.

Beyond these, many programmes also screen against other national regimes, regional bodies, and law-enforcement or regulatory warning lists depending on where they operate. Because Shufti’s sanctions screening runs across 240+ countries, coverage of the right lists for each market is a core part of building a defensible screening programme.

How does sanctions screening work end to end?

At a high level, the workflow moves from data collection to a clear decision. The steps below give a brief overview. For a full step-by-step breakdown, see the dedicated sanctions screening process guide.

  1. Collect and standardise data. Capture the customer’s name, aliases, date of birth, nationality, and identifiers, then normalise the format so it can be compared reliably.

  2. Match against lists. Run the data against the relevant sanctions lists using fuzzy and exact matching to account for spelling variants, transliteration, and aliases.

  3. Score and flag potential matches. The system assigns a match confidence and raises an alert where the score crosses a threshold.

  4. Review and adjudicate. An analyst confirms a true match or clears a false positive, recording the rationale.

  5. Act and document. Block, freeze, escalate, or report as required, and keep an audit trail of every decision.

Onboarding screening vs ongoing rescreening

Sanctions screening is not a one-time check. It runs at two distinct points:

  • Onboarding screening. Before a customer relationship begins, the party is screened to confirm they are not on a sanctions list. This is a gating control: a confirmed match stops onboarding.

  • Ongoing rescreening. Sanctions lists change constantly as new designations are added and existing ones are amended or removed. A customer who was clear at onboarding can become sanctioned later. Ongoing rescreening re-checks the existing customer base against updated lists so that new designations are caught promptly.

Most regimes expect rescreening to happen close to real time after a list update, not on a slow periodic cycle. The gap between a designation being published and a customer being rescreened is exactly where exposure builds.

Sanctions screening vs transaction monitoring: what is the difference?

These two controls are often confused because both are part of AML, but they answer different questions.

  • Sanctions screening answers “is this party prohibited?” It checks identities and counterparties against sanctions lists at onboarding and on an ongoing basis.

  • Transaction monitoring answers “does this behaviour look suspicious?” It analyses the pattern, value, and flow of transactions over time to detect potential money laundering, regardless of whether the party is listed.

A complete programme runs both. Screening keeps sanctioned parties out; monitoring detects suspicious activity among the parties who are allowed in.

EVALUATING A SOLUTION?

See how Shufti screens customers and counterparties against global sanctions lists in real time, with ongoing rescreening and fewer false positives built in.

Explore Shufti Sanctions Screening  →

The false positive problem

Because matching is deliberately broad, sanctions screening software generates alerts that turn out not to be genuine matches. These false positives are common: a customer may simply share a name with a listed individual, or a transliterated name may partially match an alias.

False positives are not harmless. Each one consumes analyst time, slows customer onboarding, and, at scale, buries genuine matches in noise. The goal is not to eliminate alerts (that would risk missing true matches) but to reduce false positives through better data quality, tuned matching thresholds, and richer identifiers such as date of birth and nationality that let the system distinguish between two people with the same name.

Yes, in most regulated sectors it is. The specific obligation depends on jurisdiction, but the drivers are consistent:

  • FATF standards. The Financial Action Task Force sets the global baseline. Its recommendations on targeted financial sanctions require countries to implement measures to freeze the assets of designated parties without delay.

  • National AML law. Most jurisdictions translate these standards into binding requirements for banks, payment firms, and other obliged entities to screen customers and report or freeze where a match is confirmed.

  • Regime-specific enforcement. Bodies such as OFAC and OFSI enforce their own sanctions programmes directly, and penalties for breaches can be significant. Under strict-liability regimes, a business can be penalised even where it did not know it was dealing with a sanctioned party.

In short, sanctions screening is not optional for regulated businesses. It is a documented, auditable control that supervisors expect to see operating effectively.

RELATED READING

Sanctions screening is one part of a wider AML programme. See how it fits alongside PEP checks, adverse media, and ongoing monitoring in our guide to AML screening.

Read the AML screening guide  →


Frequently Asked Questions

What is sanctions screening?

Sanctions screening is the process of checking customers, transactions, and counterparties against government and international sanctions lists to identify and block dealings with prohibited parties. It is a core AML control.

How does sanctions screening work?

Customer data is collected and standardised, matched against relevant sanctions lists using exact and fuzzy matching, scored for confidence, and flagged where a threshold is crossed. An analyst then confirms a true match or clears a false positive, and the outcome is documented.

Which lists are used in sanctions screening?

The core lists are OFAC (US), the EU consolidated list, the UN Security Council consolidated list, and HMT/OFSI (UK). Programmes often screen additional national and regional regimes depending on the markets they serve.

Is sanctions screening a legal requirement?

In most regulated sectors, yes. FATF standards on targeted financial sanctions, national AML law, and regime-specific enforcement by bodies such as OFAC and OFSI make screening a mandatory, auditable control for obliged entities.

What is the difference between sanctions screening and monitoring?

Sanctions screening checks whether a party is prohibited by matching identities against sanctions lists. Transaction monitoring analyses behaviour over time to detect suspicious activity. Screening controls who you deal with; monitoring watches what they do.



Related Posts

Shufti Blog

What is Biometric Verification: Meaning, Types, Technology & Tools

What is Biometric Verification: Meaning, Types, Technology & Tools

Explore More

Shufti Blog

What Is Transaction Screening? Definition, Process, and How It Works

What Is Transaction Screening? Definition, Process, and How It Works

Explore More

Shufti Blog

Sanctions Screening: What It Is and How It Works in AML

Sanctions Screening: What It Is and How It Works in AML

Explore More

Shufti Blog

Florida SB1161 and Deepfake Platform Accountability: What the Law Requires (Updated October 2025)

Florida SB1161 and Deepfake Platform Accountability: What the Law Requires (Updated October 2025)

Explore More

Shufti Blog

VideoIdent for German Crypto Exchanges: MiCA, GwG and BaFin Compliance Guide for CASPs

VideoIdent for German Crypto Exchanges: MiCA, GwG and BaFin Compliance Guide for CASPs

Explore More

Shufti Blog

Video Identification in Switzerland: FINMA Compliance Guide for Banks, Insurance and Asset Managers

Video Identification in Switzerland: FINMA Compliance Guide for Banks, Insurance and Asset Managers

Explore More

Shufti Blog

FMA Video Identification in Austria: FM-GwG Compliance Guide for Financial Institutions

FMA Video Identification in Austria: FM-GwG Compliance Guide for Financial Institutions

Explore More

Shufti Blog

What is Biometric Verification: Meaning, Types, Technology & Tools

What is Biometric Verification: Meaning, Types, Technology & Tools

Explore More

Shufti Blog

What Is Transaction Screening? Definition, Process, and How It Works

What Is Transaction Screening? Definition, Process, and How It Works

Explore More

Shufti Blog

Sanctions Screening: What It Is and How It Works in AML

Sanctions Screening: What It Is and How It Works in AML

Explore More

Shufti Blog

Florida SB1161 and Deepfake Platform Accountability: What the Law Requires (Updated October 2025)

Florida SB1161 and Deepfake Platform Accountability: What the Law Requires (Updated October 2025)

Explore More

Shufti Blog

VideoIdent for German Crypto Exchanges: MiCA, GwG and BaFin Compliance Guide for CASPs

VideoIdent for German Crypto Exchanges: MiCA, GwG and BaFin Compliance Guide for CASPs

Explore More

Shufti Blog

Video Identification in Switzerland: FINMA Compliance Guide for Banks, Insurance and Asset Managers

Video Identification in Switzerland: FINMA Compliance Guide for Banks, Insurance and Asset Managers

Explore More

Shufti Blog

FMA Video Identification in Austria: FM-GwG Compliance Guide for Financial Institutions

FMA Video Identification in Austria: FM-GwG Compliance Guide for Financial Institutions

Explore More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started