How address matching is extending customer screening across entity, trade, and reputational risk.
In June 2024, the U.S. Bureau of Industry and Security did something unusual. Instead of adding a company name to its entity list, for the first time it added an address.
But why? Well, certain groups under trade restrictions had worked out that if they changed their company name, now on the BIS screening list, quickly enough, they could slip past the existing BIS screening requirements. The new name sailed through. Same people, same physical office… and unsurprisingly, the same fraudulent activity.
That decision by BIS, to add a physical location rather than a legal entity, marked a meaningful shift in how trade compliance is enforced.
For compliance teams still relying on name-only screening (and that’s most compliance teams today), this creates a risk gap that their current name matching processes cannot bridge.
The dimension most screening programmes haven’t added yet
Address screening is the process of checking whether a customer, counterparty or transaction destination shares an address with a sanctioned or high-risk entity. It returns results based on address matching alone, regardless of name or entity type. Until recently, most compliance platforms didn’t offer it at all.
That matters more than it might seem. Shell companies are, by design, disposable. They exist to be created, used and discarded. A sanctioned network can spin up a new entity in days. But it rarely moves premises. The physical address is often the most persistent identifier a compliance team has to work with. It is also the one dimension most screening programmes have yet to incorporate.
Three reasons address screening matters now
The BIS entity list is the most visible driver, but it is not the only one. Address screening serves distinct compliance needs, and the regulatory pressure behind each of them is growing.
The first is BIS compliance. The BIS entity list flagged addresses as problematic in their own right, citing their “high risk involvement in unlawful diversion.” The principle is simple: if a network of shell companies keeps changing its name but operates from the same location, the location is the constant. Block the address and the evasion strategy breaks. The BIS has expanded the list from eight addresses to approximately twenty, and other regulators are watching. If address-based restrictions prove effective, expect similar approaches from OFAC, the EU and HM Treasury.
The second is trade compliance. When shipping goods to a specific address, it is not enough to validate the named recipient. The address itself may be shared with or used by a sanctioned entity. For organisations involved in cross-border trade, address screening adds a layer that name matching alone cannot provide.
The third is general screening and reputation risk. Across global sanctions lists, not just the BIS, there are thousands of high-risk addresses. When a customer or counterparty shares a registered address with a sanctioned entity, that is a risk signal regardless of whether the address appears on the BIS list specifically. For financial institutions, this extends beyond regulatory compliance to reputational protection: no organisation wants to discover after the fact that it has been doing business with entities co-located with sanctioned organisations.
How address matching at scale changes the picture
Matching against a list is the starting point. The real value is in what becomes visible when you operate at genuine scale.
Consider what that means in practice. The BIS entity list contains around twenty high-risk addresses, a number most compliance teams could theoretically manage manually. But sanctioned addresses don’t stop there. Ripjar’s Advanced Address Screening covers approximately 100,000 high-risk addresses across the BIS entity list and key global sanctions lists. At that scale, patterns that would be invisible in a smaller dataset begin to surface. A client address that returns multiple matches across different sanctioned entities is a clear signal about the network around it.
This is what screening at scale enables: not just confirming whether a single address appears on a list, but identifying which client addresses are drawing repeated matches, and what that concentration tells you about risk. The matching is probabilistic, not string-based. Specialised AI ensures precision at scale, distinguishing between a genuinely high-risk address and one that merely looks similar, so that a street in Dubai isn’t confused with a superficially similar address on the other side of the world.
Operating at this scale reveals something else that narrow list-matching cannot: early indicators of risk that haven’t yet made it onto a sanctions list. An entity sharing premises with sanctioned organisations may not be designated today. But the pattern is a signal. For compliance teams, this is the difference between saying no at the front door and having to extract yourself from a relationship after the fact.
This is where address screening shifts from a compliance checkbox to an intelligence tool. It is not just about matching an address against a list. It is about understanding what that address tells you about the network around it, and only precision matching at scale makes that possible.
What this means if you run a screening programme
Global anti-money laundering (AML) fines reached roughly $3.8 billion in 2025. Senior manager accountability regimes are expanding across jurisdictions. SM&CR in the UK. MAS Individual Accountability Guidelines in Singapore. Similar frameworks elsewhere. All of them mean the same thing: screening failures are now attributed to named individuals, not just the institution. Your Head of Compliance. Your MLRO. Your board sponsor.
In that environment, extending your screening programme to include address matching means identifying risk before it surfaces in an audit. Every address-linked connection your system can flag is one fewer gap for regulators to find.
The organisations acting now are building address screening into their infrastructure while the regulatory expectation is still forming. That is a stronger position than waiting for it to become a requirement.
What to look for in an Advanced Address Screening capability
Not all approaches are equal. If you are evaluating address screening, five things matter. The first is coverage depth: how many high-risk addresses the system holds and how frequently the list is updated. The second is scale and precision: whether the tool matches across a comprehensive universe of high-risk addresses while maintaining the matching accuracy needed to avoid conflating genuinely distinct addresses that happen to look similar.
The third is integration with your existing watchlist and adverse media screening. Two further criteria separate the leaders: configurability (whether you can tune matching sensitivity by risk appetite and customer segment) and early risk identification (whether the capability uses specialised AI to surface patterns that indicate emerging risk, beyond confirmed list matches).
In a recent deployment, Ripjar customers identified address-linked risk patterns that name-only screening had missed entirely. The matches were not speculative. They surfaced connections between apparently unrelated entities operating from the same premises as sanctioned organisations.
An important caveat
Address screening is not a silver bullet. Legitimate businesses share addresses with sanctioned entities all the time. A match on address alone does not mean wrongdoing. Where the value lies is in what repeated matches reveal: the concentration of risk around a particular address, the persistence of that address as an identifier, the additional context it provides alongside name matching, adverse media and other risk signals.
Which compliance teams will get the most from it? The ones that treat it as one dimension of a multi-dimensional risk view, not as a standalone check. Here at Ripjar, we’ve always believed that compliance should be intelligence-led, not list-led. Address screening is what that looks like in practice. Ripjar built Advanced Address Screening as part of Ripjar Screening for exactly that reason. Address data is most powerful when it compounds with entity resolution, watchlist matching and adverse media in a single, dynamic risk profile. Every decision explainable. Every audit trail intact.
The regulation is forming. The opportunity is now.
Address screening is not a single regulatory mandate. It is a capability that sits at the intersection of BIS compliance, trade screening, and broader sanctions risk management. Each of those areas is tightening independently. Together, they make address matching a dimension that compliance programmes can no longer treat as optional.
With Advanced Address Screening, you extend your capabilities beyond name-only matches to meet changing regulatory requirements across all three use cases. You also identify risk that hasn’t reached a sanctions list yet. The compliance teams adding address screening now are the ones who will already have the capability in place when the next wave of regulation arrives.
Talk to a Ripjar screening specialist about adding Address Screening to your compliance programme.
