Sanctions Screening

When a sanctions list updates, every financial institution must re-screen its entire customer base and every pending transaction within hours. A single missed match can result in a regulatory fine, criminal liability, and reputational damage that no amount of compliance spending can undo. Sanctions screening operates under a zero-miss mandate, and that mandate makes it one of the most expensive compliance functions to run and one of the hardest to optimise.

What is sanctions screening?

Sanctions screening is the process of checking customers, transactions, and counterparties against lists of sanctioned individuals, entities, and countries maintained by governments and international bodies. It is a core component of anti-money laundering compliance. In the UK, the Office of Financial Sanctions Implementation (OFSI) maintains the UK sanctions list. The EU has its consolidated sanctions list. The US Office of Foreign Assets Control (OFAC) maintains the Specially Designated Nationals (SDN) list. Financial institutions must screen against all lists relevant to their operations.

Screening happens at multiple points: customer onboarding, transaction processing, periodic batch rescreening of the entire customer base, and whenever a sanctions list is updated. Each screening event compares customer and transaction data against list entries using name-matching algorithms that account for transliteration variations, aliases, and partial matches. The matching is necessarily fuzzy, because sanctioned individuals use aliases, because names transliterate differently from Arabic, Cyrillic, or Chinese scripts, and because data quality in both customer records and sanctions lists is imperfect.

The false positive rate is the dominant operational cost. Fuzzy matching generates large volumes of potential matches that must be reviewed by analysts. A mid-sized bank screening its customer base against major sanctions lists can generate tens of thousands of potential matches, of which fewer than 1 per cent are true positives. Each false positive costs 10 to 30 pounds in analyst time. The aggregate annual cost runs into millions for a typical institution, making false positive reduction a priority for every compliance function.

The landscape

The pace of sanctions activity has accelerated sharply since 2022. Sanctions designations related to Russia alone added thousands of new entries across multiple lists. OFSI has increased both the frequency of list updates and the complexity of designations, which now include sectoral sanctions, investment prohibitions, and trust services restrictions alongside traditional asset freezes. Each new designation type creates screening requirements that existing systems may not cover.

Secondary sanctions and sanctions evasion have become enforcement priorities. Regulators are looking beyond direct matches to identify customers who may be acting on behalf of sanctioned persons or facilitating circumvention. This extends screening from a name-matching exercise to a network analysis exercise, examining whether a customer's transaction patterns suggest they are acting as a front for a sanctioned entity.

The FCA expects firms to demonstrate not just that they screen, but that their screening is effective. This means calibrating fuzzy-matching thresholds appropriately, investigating potential matches promptly, and escalating genuine matches correctly. Firms that run screening but fail to act on results, or that set thresholds so high that genuine matches are missed, face enforcement action. The regulatory expectation is a system that works, not one that merely exists.

How AI changes this

Intelligent name matching is the core improvement. Traditional fuzzy-matching algorithms generate false positives because they cannot distinguish between coincidental name similarity and genuine matches. AI models trained on confirmed true and false positives learn the contextual features that distinguish the two: name similarity combined with jurisdiction, date of birth, nationality, and other identifying information. Institutions deploying AI-enhanced matching report 30 to 50 per cent reductions in false positives without degradation in true positive detection.

Real-time screening for payments uses optimised AI models that can assess a transaction against the full sanctions list in milliseconds. This is essential for real-time payment systems where any screening latency delays the payment. The challenge is maintaining the zero-miss requirement at processing speeds measured in single-digit milliseconds. AI models compress the search space by pre-filtering, reducing the number of list entries that require detailed comparison for each transaction.

Network-based sanctions evasion detection extends screening beyond direct name matching. Graph analytics maps relationships between accounts and entities, identifying patterns consistent with sanctions evasion: transactions routed through intermediaries to avoid direct screening matches, shell companies controlled by sanctioned individuals, or trade finance arrangements structured to circumvent sectoral sanctions. This connects sanctions screening to broader financial crime analytics capabilities.

Automated disposition of clear false positives reduces the analyst workload. When an AI model determines with high confidence that a potential match is a false positive (different date of birth, different nationality, different gender from the sanctioned individual), it can auto-close the alert with a documented rationale. The analyst reviews only the cases where the model's confidence is below the threshold. This preserves the zero-miss mandate while reducing investigation costs by focusing human attention where it is needed.

What to know before you start

The zero-miss requirement shapes every technology decision. Unlike transaction monitoring, where a small number of missed cases is an accepted trade-off for reduced false positives, sanctions screening tolerates no misses. Any AI system must be validated to demonstrate that it does not introduce false negatives. This validation must cover edge cases: transliterated names, partial matches, and newly designated entities. The burden of proof is on the institution.

Sanctions list data quality is your problem, not the list publisher's. OFSI, OFAC, and EU lists contain inconsistencies: duplicate entries, incomplete identifying information, and entries where the same individual appears under different transliterations. Your screening system must handle these inconsistencies. Build list data cleansing into your ingestion process.

Customer data quality determines screening effectiveness. If your customer records contain incomplete names, missing dates of birth, or inconsistent nationality fields, your screening will generate more false positives and risk missing true positives. Invest in customer data quality as a prerequisite for screening optimisation.

Start with false positive reduction on batch rescreening, where the volume is highest and the time pressure is lowest. Validate the AI model's performance on historical screening results where the true positive and false positive status is known. Only extend to real-time payment screening once the model's zero-miss performance is demonstrated and validated. The regulatory conversation about AI in sanctions screening must begin before deployment, not after.