What is a sanctions list?

To ensure regulatory compliance, financial institutions are required to consult sanctions lists when conducting business with foreign customers.

What is a sanctions list?

Sanctions lists contain persons, organizations, or countries that are subject to economic sanctions issued by a government or international organization. The role of these sanctions is to achieve a foreign policy or a national security objective by prohibiting trade with foreign targets that are engaged in breaches of international law, human rights abuses, or other forms of crime, such as cyber-attacks. 

Economic sanctions may also be used against third parties that are not directly engaged in crimes but that are acting on behalf of sanctions targets. Sanctions generally impose some or all of the following measures against their targets: 

• Embargoes on trade
• Prohibitions on certain types of trade or on trade with certain business
• Asset freezes
• Travel bans for individuals

Sanctions targets are set out in official government lists, which are updated regularly as the sanctions landscape changes. Since serious civil and criminal penalties usually back sanctions, institutions should consider their sanctions risk exposure and, if necessary, integrate sanctions list screening with their internal AML compliance process.

Given the strict legal implications of breaching sanctions, financial institutions must ensure they understand the sanctions lists and how to use them correctly.

Who is on a sanctions list?

Sanctions lists are normally passed by national governments or by an international authority such as the United Nations Security Council (UNSC).

Many sanctions lists include targets involved in the criminal financing of terrorist activities. These entities can include:

• Individuals
• Organizations
• Countries and their regimes

In the United States of America, for example, the Patriot Act prohibits US businesses from providing “material support” to groups suspected of terrorism, while the UNSC enforces legislation such as the Al Qaida and Taliban Order (2006), which serves a similar function. Sanctions listings generally aim to counter:

• Terrorism and terrorist financing
• Narcotics trafficking
• Human rights violations
• Weapons proliferation
• Violation of international treaties, e.g., arms embargo 
• Money laundering activities

Examples of key sanctions lists

Global sanctions regimes vary by jurisdiction. Where some countries implement and enforce the sanctions of international organizations such as the UN or the EU, others develop autonomous sanctions programs with their own sanctions lists. Key global sanctions regimes include:

• UN sanctions: The UN’s sanctions list is also known as the UNSC Consolidated List and comprises two sub-lists: one comprising individual targets and one comprising entities and group targets. UN sanctions are imposed by UNSC resolutions when the council determines that a country has failed to comply with international law, made threats to international peace, or committed violent activities within its borders. 
• US sanctions: Arguably the most influential global sanctions regime, the US maintains multiple sanctions lists. The Office of Foreign Assets Control (OFAC) maintains its two primary sanctions lists: 
  • The Specially Designated Nationals (SDN) List: A list of individuals and companies currently targeted by US sanctions.
  • The Consolidated Sanctions List: A list containing sanctions information not included in the SDN list. 

The US Bureau of Industry and Security also maintains the BIS Entity List, which designates all foreign entities that require US persons to obtain a license to begin a trading relationship. 

• EU sanctions: Under the EU’s Common Foreign and Security Policy (CFSP), member states must implement EU sanctions. This means screening against the EU’s Consolidated Sanctions List and the Global Human Rights Sanctions Regime (GHRSR). 
• UK sanctions: Following its departure from the EU, the UK implemented an autonomous sanctions regime, enforced by the Office of Financial Sanctions Implementation (OFSI) and Her Majesty’s Treasury (HMT). Accordingly, UK firms must screen against the UK Sanctions List.  
• Australia sanctions: The Australian Sanctions Office (ASO) and the Department of Foreign Affairs and Trade (DFAT) implement Australia’s autonomous sanctions regime and firms must screen against the Consolidated List of sanctions.   
• Canada sanctions: The Canadian government implements sanctions under the authority of the Special Economic Measures Act (SEMA) and the Justice for Victims of Corrupt Foreign Officials Act (JVCFO). Firms in Canada must screen customers against the Consolidated Canadian Autonomous Sanctions List. 
• Japan sanctions: Japan’s sanctions are issued under the authority of the Foreign Exchange and Foreign Trade Act (FEFTA) and managed by the Ministry of Economy, Trade, and Industry (METI) and the Ministry of Finance (MoF). Japan primarily follows the UN in the sanctions that it implements but also works jointly with international partners such as the US and the EU, or implements sanctions unilaterally.
• China sanctions: The Chinese Ministry of Foreign Affairs has the power to issue autonomous sanctions. Since 2020, China’s Ministry of Commerce (MOFCOM) has been developing new sanctions regulations as a response to Western sanctions measures. Accordingly, firms in China must check customers against the Unreliable Entity List (UEL) and observe rules set out in the Blocking Rules and the Anti-Foreign Sanctions Law (AFSL).

How do sanctions lists work?

Governments and financial authorities around the world maintain a variety of targeted sanctions lists. Examples include the United States’ Specially Designated Nationals and Blocked Persons (SDN) List, and the consolidated lists used by the United Kingdom, the European Union, and the United Nations. Sanctions lists are generally made available online and businesses are expected to consult them before entering into a relationship with a foreign person or entity.

Sanctions lists should play an important role in a financial institution’s anti-money laundering (AML) policy and will significantly affect how, and with whom, that institution does business.

How are sanctions lists changing?

The global sanctions landscape evolves quickly. Key recent changes include:

• Autonomous regimes: Sanctions lists have changed dramatically over the last decade in response to a variety of geopolitical events. UNSC sanctions for example, which focused on weapons proliferation and terrorism and were implemented by UN member-states, are now increasingly being supplemented by autonomous national sanctions regimes, such as the UK sanctions program, and the US’ OFAC and SDN lists. For example, Russia’s seat on the UN Security Council meant that almost all sanctions imposed on Russia due to the invasion of Ukraine came from coordinated action between western governments. 
• Magnitsky sanctions: While the Russian invasion of Ukraine in February 2022 emphasized the importance of sanctions as a primary response to major geopolitical challenges, many Western governments have also begun to use sanctions for a range of connected issues. In particular, Western governments are moving to implement ‘Magnitsky-style’ sanctions to address human rights and civil liberties abuses, corruption, and other acts of criminality or aggression (such as state-sponsored cyber-attacks). Magnitsky-style sanctions lists tend to allow governments to target individuals and businesses, rather than imposing sanctions against entire countries. 
• Sanctions evasion: While sanctions regimes are expanding, so too are the capabilities of sanctions targets to evade the measures imposed against them. North Korea, for example, has become increasingly adept at sanctions evasion, often employing financial technology to thwart AML/CFT screening. In particular, North Korea has used virtual assets to evade sanctions controls, exploiting the anonymity associated with cryptocurrency transactions in several high-profile thefts. 
• Sanctions enforcement: The growing challenge of sanctions enforcement, and the ability of sanctions targets to evade AML/CFT controls, has forced governments to expand compliance regulations and develop a range of enforcement tools, including virtual asset sanctions. New sanctions programs (such as Magnitsky-style sanctions) may be implemented in a ‘smart’ or targeted manner, against individuals, organizations, and key economic enterprises, rather than against countries or entire industrial sectors. Similarly, many governments use asset freezes and travel bans as a way of censuring individual targets. 

The complexity of the sanctions landscape and its associated compliance obligations mean that firms are now exposed to a much wider range of high-risk jurisdictions and financial activities when they do business with foreign customers and counterparties. Those challenges require that firms take a flexible approach to sanctions screening, and ensure that their solution is updated regularly with the latest designations from the relevant sanctions lists.

Using sanctions lists in AML compliance

The sanctions screening process involves analyzing huge amounts of data. Beyond running name checks on listed individuals, businesses must also check peripheral details such as targets’ known aliases and geographic location.

For businesses that deal with high volumes of clients and transactions, the act of navigating sanctions lists represents a significant compliance challenge. With this in mind, businesses may incorporate a range of useful screening tools to make the search process much more efficient, including automated sanctions screening technology. When choosing a screening platform, however, compliance requirements should be a priority and AML officers should ensure that their platform is regularly updated for relevance and accuracy.

Screening reviews 

Sanctions lists change as new designations are added and withdrawn. To account for those changes firms must ensure they capture any changes in their customers’ risk profiles. In practice, this means conducting regular reviews of their screening technology to ensure that it continues to capture the relevant data, and is generating relevant alerts. 

Firms that integrate an external sanctions screening provider should find that updates to official sanctions lists are captured automatically when their platforms scrape the relevant lists. However, some sanctions updates may be announced via non-official sources, such as news media, before official lists are updated. In this case, firms may be able to capture crucial data with a range of additional screening processes such as politically exposed person (PEP) screening, and adverse media screening. 

Similarly, some sanctions list changes involve major amendments to domestic legislation and may require firms to fundamentally adjust their screening solutions to capture new regulatory obligations. In the EU for example, following Russia’s invasion of Ukraine, new sanctions were issued via the Official Journal of the European Union – reflecting the speed at which the regulatory landscape was changing at the time. 

Firms must also consider their supply chains as part of any sanctions screening review. Third-party business relationships may entail sanctions risks that are not captured by customer screening technology. Accordingly, firms should ensure that their Know Your Business (KYB) procedures are capable of capturing supply chain risk accurately and efficiently.

Reporting obligations

To maintain regulatory compliance, financial institutions must know what to do when they match customer names to designations on sanctions lists. Establishing the likelihood of a match should be the first step but, since many individuals use similar names, false positive alerts are common. Peripheral and contextual information, such as geographic location, may be used to establish the accuracy of the name match – and third-party screening providers may prove useful by adding contextual details to searches to increase the efficiency of the resolution process.

Where confidence is high that a correct match has been returned, institutions should contact the relevant financial authority and await instruction.