How to conduct effective and compliant sanctions screening

Sanctions compliance was growing more complicated for businesses even before Western nations launched an unprecedented line of sanctions against Russia, as a result of its invasion of Ukraine, in February 2022. From selling financial technology to Russian banks to buying cotton from China, international businesses must confront a reality where trade restrictions can suddenly close off important markets. Effective sanctions screening plays a vital role in ensuring businesses are fully compliant with often quickly-evolving sanctions realities.

Read more: Sanctions training on the latest sanctions developments in Russia

Which companies need to conduct sanctions screening?

Sanctions list example
Sanctions databases are easy to use and can be found online

Companies that have operations, clients, suppliers or otherwise do business with a nexus to sanctioned countries should screen clients against their country’s sanctions list. This involves checking a database for the names of individuals, groups or companies. Entities on these lists may be sanctioned due to their geographic location or their partnerships and alliances. Properties and interests that are owned 50% or more by sanctioned parties are also considered sanctioned.

Businesses must understand what sanctions they are required to screen for and be able to prove that they are acting in compliance. Failure to do so can lead to significant fines. Sanctions lists can easily be searched online.

These lists include each target’s name, aliases, known identification details like address, date of birth and passport number, and other information relevant to their identification.

How to conduct sanctions screening

New customers must be screened for sanctions as part of the onboarding process. Existing customers and third parties should also be screened on a regular basis in order to comply with the changing landscape. New suppliers also need to be screened to ensure they comply with sanctions regulations and that they aren’t based in a sanctioned jurisdiction. Omnitrack’s supplier onboarding questionnaire helps businesses keep track of all their suppliers and their compliance with anti-money laundering and sanctions regulations.

What to do if you find a match during sanctions screening

If the name of an individual or entity you are dealing with matches an entry on the sanctions list, there are two possibilities: name match or target match.

What is a sanctions name match?

If the name matches, but none of the details do (ie, sex, nationality, date of birth), and you do not believe your subject matches the description, you do not need to take further action.

What is a sanctions target match?

If the individual in question matches a number of information items on the sanctions list (ie, sex, nationality, date of birth), this is likely to be a target match and action will be required. A target match occurs when the individual in question matches information that is included on the consolidated list. This means there is either a name match, close name match, similar date of birth, or other information that may lead you to conclude the individual and person on the list are the same. When in doubt, you can contact the OFSI for assistance.

How to report a target match

If a client or potential client appears as a target match, or if you are unsure, it must be reported immediately. Relevant firms should have a clearly defined senior manager responsible for sanctions compliance. That person will be required to evaluate the match and determine the next steps.

As a general rule, sanctions rules apply to all company subsidiaries and affect all subsidiaries of sanctioned entities. There may be exceptions, so it is worth confirming whether specific sanctions apply. In certain cases, you may also be able to apply for a licence to continue doing business with a specific client. If you have any questions, you should always speak with your sanctions compliance manager. If your company does not have a sanctions compliance manager, ask your supervisor who to contact. 

Why is effective sanctions screening so important?

Companies must be able to prove that they are properly screening for sanctions. This can be done by obtaining certification from a third-party provider or simply by taking screenshots when a search is conducted.

Failure to comply with screening requirements can carry stiff penalties reaching into the millions per infraction, depending on the jurisdiction and type of violation.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.