Having recently been included in the Chartis RiskTechAI50, we’re proud to announce that Ripjar has also been recognised as a Category Leader in two Chartis RiskTech Quadrants for 2025:
Name & Transaction Screening Solutions
Adverse Media Monitoring Solutions
Chartis defines Category Leaders as exhibiting “strength across the broadest set of capabilities in the segment, showing a clear execution of core strategy and innovation”.
Assessments were based on a number of criteria, and we’re delighted to have scored consistently highly across the board, reflecting our dedication to building the most advanced products to help our customers stay ahead of financial crime risks.
Our success in this quadrant came from having a high-performing, scalable infrastructure, with robust integrations and global data coverage. Our flexible deployment model also put us at an advantage in this space.
Ripjar scored highly across all criteria for name and transaction screening, with particular recognition for our data methodology, and reporting and auditing capability.
Adverse media monitoring
For the adverse media monitoring quadrant, success factors included effectively using GenAI to improve results, removing ambiguity through the use of sentiment and contextual analytics, and the ability to integrate a wide range of data sets and provide high quality multilingual name matching and screening.
Ripjar performed strongly across all adverse media capabilities, with significant strengths identified in data methodology and packaging. Our use of advanced disambiguation techniques to provide clear, accurate screening results also set us apart.
Ripjar’s position in the rankings reflects the strength of its proprietary analytics, particularly its matching methodology. Ripjar has also built full workflow and automation capabilities around its analytical, matching and data capabilities, enhancing the usability of its solution.
More complex and farther-reaching than ever before, supply chains make it possible for organisations to venture across borders, create new relationships, and launch new commercial ventures.
But supply chains are also more vulnerable than ever before. The more third parties that a firm integrates into its network, the more exposed it becomes to regulatory risk, including money laundering, terrorism financing, and sanctions evasion risk.
As the world’s largest economy, the United States has created a strict regulatory regime to counter the threat of global financial crime. Supply chain risk is an important part of that regime and firms that operate within US jurisdiction must factor that into their compliance solutions, including implementing effective adverse media screening measures.
However, in a regulatory environment as complicated and populous as the US, implementing effective adverse media screening isn’t always straightforward. In this post, we’re going to explore that challenge.
What is adverse media screening?
The term adverse media refers to any media that indicates compliance risk. Similarly, adverse media screening is the process of actively monitoring publicly available sources of risk data in order to accurately establish individual customers’ compliance risk.
By offering valuable enhancement to standard sanctions and watchlist screening, adverse media screening eables firms to uncover otherwise hidden risk.
Also known as “negative news screening”, adverse media screening should take in all relevant data sources, including traditional media such as print and television news, and online sources such as news websites, blogs, and social media platforms.
Adverse media screening is, essentially, a name matching process in which compliance teams search for their customers’ involvement in stories and other published content from across the global media landscape. With that in mind, adverse media screening solutions need to be able to account for both structured data, such as entries in lists and forms, and unstructured data, such as names that appear in sections of prose or in recorded audio and video files.
Screening solutions should also be capable of accounting for variations in language, such as different spellings, nicknames, aliases, initials, and so on.
Why is adverse media important for supply chain compliance?
An investigative news report, for example, may hint that sanctions against a specific person are in the works, prior to a later confirmation in a government press release, thereby enabling a firm to take prompt action to minimise or eliminate its risk exposure, and avoid regulatory penalties.
That utility extends to the supply chain, and to third-party screening requirements. While firms are typically used to managing the direct risk that their customers and clients present, third-party relationships up and down the supply chain can be much harder to scrutinise. Supply chains often hide their true compliance risk, especially if a network spans multiple parties, borders, regulatory environments, and so on.
The presence of bad actors within a third-party network adds even more complexity to the problem. Persons designated on sanctions lists, for example, may try to actively conceal their identities when dealing with business partners.
Adverse media screening in the US
US AML/CFT compliance regulations impose risk-based adverse media screening requirements. Although it’s not always an explicitly stated requirement, adverse media screening is typically a part of best practice recommendations, especially those relating to customer due diligence (CDD) and, for higher risk customers, enhanced due diligence (EDD).
Key adverse media screening considerations in the US include:
The Bank Secrecy Act (BSA): The cornerstone of AML/CFT regulation, the Bank Secrecy Act requires firms to implement risk-based compliance procedures, including monitoring for suspicious activity, which typically entails screening customers against adverse media.
The Customer Due Diligence Final Rule: A 2018 amendment to the BSA, the CDD Final Rule includes a requirement for “ongoing monitoring”, which (as mentioned previously) entails adverse media checks, even if they aren’t explicitly mandated.
The Financial Crimes Enforcement Network (FinCEN): The US’ primary financial regulator FinCEN also frames the requirement for adverse media screening as “ongoing monitoring” – a component of risk-based compliance with the BSA.
The Office of Foreign Assets Control (OFAC): Like FinCEN, OFAC does not impose an explicit requirement for adverse media screening, although it does require firms to conduct risk-based compliance when managing sanctions risk. With that in mind, adverse media screening is a best practice expectation.
The primary purpose of risk-based adverse media screening is to ensure that compliance teams get an up-to-date, accurate picture of their customers’ compliance risk. In the context of supply chain and third-party screening, and with the integration of automated search technology, there are numerous benefits.
Data management
Supply chain screening necessarily requires compliance teams to collect and analyse vast amounts of customer risk data, drawing on thousands of sources from across the globe. Automated screening solutions streamline and simplify that task, adding speed and accuracy to the name search process, accounting for structured and unstructured data, and reducing or even eliminating the potential for human data-handling error.
Language variations
Cross-border supply chain relationships often mean that compliance solutions need to screen data in multiple foreign languages. Screening technology can automate multi-language analysis requirements and account for regional variations in spelling, the use of nicknames and aliases, and the use of non-Latinate characters.
Real-time updates
Global supply chains and third-party networks are constantly evolving, with each new sanction or regulation introducing fresh compliance risks. Automated screening solutions mean that compliance teams can stay ahead of these changes, and be informed as soon as election results are announced, for example, or as soon as a relevant social media post is published.
Scalability
Business growth can also complicate supply chain risk exposure, especially when firms need to expand into new territories, and adjust for new compliance regimes. Automated third-party screening gives firms a way to scale their approach to screening along with their business ambitions, keeping pace with expanding risk exposure by simply augmenting the scope of their name search process to include new regulations, new customer populations, and so on.
More than compliance
For US companies, managing compliance risk is not just a question of avoiding financial penalties.
While regulators like FinCEN may punish firms for technical regulatory violations, members of the public may view association with unethical third parties just as negatively. That guilt by association may be applied even if the firm was not directly engaged with the offending entity and no regulatory violation took place. In a fast-moving and highly editorialised media landscape, the subsequent reputational fallout can be as (if not more) damaging than the government-imposed penalty.
To that end, robust supply chain screening solutions provide not only protection from regulatory punishment but valuable peace of mind that a firm is taking all possible steps to minimise risk and deliver on internal commitments to pursue ethical business practices.
Stronger, smarter screening with Ripjar
If your organisation is required to meet US supply chain screening requirements, it’s no longer enough to rely on manual adverse media processes – Google searches are both incredibly time-consuming and highly ineffective for this purpose. You need a comprehensive solution capable of capturing global risk, and delivering actionable financial intelligence in seconds.
Ripjar 3P60 is a next-generation screening platform designed to help compliance teams stay ahead of third-party and supply chain challenges. Leveraging advanced AI analytics to build flexibility and resilience into the screening process, Ripjar 3P60 cuts through the noise to identify regulatory and reputational risks from every direction as soon as they emerge, and ensure decision-makers have all the information they need to protect their businesses, and their reputation.
In Ripjar’s recent Compliance Masterclass, co-hosted with FINTRAIL – now available to watch on demand – a panel of industry experts from FINTRAIL, Ripjar, Wise and Nomura explored all stages of the sanctions screening process, providing insights, advice and best practice on how to make the most of your screening outcomes.Here’s a round-up of some of the key takeaways from the session.
The importance of accurate screening outputs
In today’s regulatory environment – where data on sanctioned parties, politically exposed persons and entities who may present a higher risk of financial crime is ever-expanding – screening plays a vital role in detecting bad actors.
However, financial institutions face a mounting challenge: how to effectively manage ever-increasing screening alert volumes to identify and act on genuine risks without getting buried in false positives. To create efficient screening outcomes, financial institutions need to rethink the end-to-end process: not only how screening alerts are generated, but how they are investigated and resolved.
Screening alerts alone don’t dictate what action should be taken for a specific customer or transaction. Rather, they serve as the entry point for further investigation. As noted by the Wolfsberg Group, “the generation of an alert is not, by itself, an indication of sanctions risk.”
Accurate and auditable screening outcomes are crucial for two reasons:
They allow you to detect potential financial crime risk and any resultant actions that need to be taken.
The allow you to further tune and calibrate your screening system to generate better and more precise screening alerts in future.
Implementing an end-to-end alert process
Regulators are increasingly scrutinising alert handling processes, demanding not just that alerts are generated, but that they are managed, investigated, and documented with precision and consistency.
The European Banking Authority, for example, recently established standards on how it expects firms to carry out screening alert reviews, and in the UK regulatory standards focus on proper record keeping of resolved alerts.
Regulatory expectations
The EBA’s guidance states that policies and procedures should include:
Steps for starting to investigate all alerts generated.
Rules for the documentation of any decision taken in respect of alerts.
Measures to investigate alerts, such as procedures to assess and deal with indeterminate cases.
Different levels of review to be carried out in line with risk, by implementing at least a review by two people in relation to higher risk situations.
In the UK, JMLSG Part III 4.102 notes how firms should review screening alerts, including:
The process should be documented in writing.
Firms should keep an appropriate audit trail about every likely match.
A record of who made the decision and on what grounds.
A screening alert on its own will not define the screening outcome. Analysis is needed to confirm whether the alert is a match, whether funds need to be frozen, if the customer relationship needs to be terminated, if the customer’s risk rating needs to be increased, or if law enforcement needs to be contacted.
Key to reviewing screening alerts is having consistent disposition and decision-making throughout the firm, no matter how big or small, in order to comply not only with regulatory requirements but also the firm’s risk appetite. This could be achieved through:
Categorising alerts as high, medium or low risk based on the type of alert (sanctions, PEP or adverse media) and the strength of the hit (exact match or a fuzzy match).
Adoption of decision trees to ensure investigators review alerts in the same manner.
Identifying and escalating higher risk alerts – for example a nexus to high risk countries or exposure to certain high-risk industries – for expert review.
The use of the “four eyes” principle to ensure that at least two independent reviewers assess high-risk cases.
Many firms use a tiered approach for alert review and decisioning, whereby an alert will pass through several layers of review. For example, whereas all screening alerts will be reviewed by ‘Level 1’, and may need to be escalated to ‘Level 2’ for additional confirmation, the final determination of whether or not an alert is a true match and presents a risk to the firm may not occur until it is escalated to and reviewed by senior stakeholders at ‘Level 3’.
Documenting each step of the alert review process is crucial, not just for good practice, but for demonstrating robust governance. ‘Level 3’ decision-makers must be able to review the analysis and investigation already conducted, ensuring decisions are well-informed, defensible to regulators, and easily auditable. Clear documentation also streamlines escalations, reduces duplication of effort, and strengthens the overall quality of financial crime risk management. Furthermore, a clear audit trail of resolved alerts may be relevant for regulatory follow up or reporting.
Setting screening systems up for outcome success
Screening outcomes typically fall into four buckets:
True Positive: Correct escalation of a real risk.
False Positive: Incorrectly raised alert, which is later de-escalated.
True Negative: Correct non-match.
False Negative: Missed match and therefore an undetected risk for the firm.
In an ideal world, firms will be able to clearly identify and focus on true positives while ignoring false positives which carry no true risk exposure and lead to extra and unnecessary work. At the same time, firms will want to ensure that true risks do not slip through screening undetected. However, that is not always the case, and financial institutions face a number of AML compliance challenges in this area. As sanctions lists in particular expand, firms face rising false positives while spending less time detecting genuine alerts.
Understanding the root of false positives is not a one-off exercise but an ongoing process. Firms should continuously analyse data from past alerts to identify common triggers, refine matching logic, and adjust their thresholds. Leveraging historical alert data in this way not only reduces noise but also improves the precision of screening systems, enabling investigators to focus on genuine risks. Using past alerts to support ongoing tuning of screening systems can be done in two different ways:
Examining false positives: By analysing which types of alerts consistently lead to false positives, firms can refine their matching algorithms, exclude irrelevant data sets from screening, or apply different rules to specific client segments and thereby develop more precise rules for alert generation.
Examining false negatives: “Below the line” testing – the process of examining unseen alerts below the matching threshold set by the firm – to better understand what systems might be missing and whether the firm missed any false negatives.
Finally, effective screening outcomes are fundamentally dependent on two components: screening the correct watchlist data against high-quality customer data. At a minimum, firms should screen against any watchlists that they are legally required to comply with (for example sanctions lists) and lists relevant to their jurisdiction (for example PEP lists and specific adverse media lists). At the same time, customer data should also be of a good quality and consistency to ensure efficient screening alerts are generated.
Screening outcomes and AI
AI offers powerful possibilities in screening by rapidly analysing screening alerts to detect patterns, identify high risk alerts, and support enhanced decision-making. For example:
Enrichment of alerts: AI can be used to pull out additional data points (such as location data or beneficial ownership data) to provide further context to a screening alert which would otherwise only contain limited information. This can aid investigators in arriving faster, and more efficiently, at screening decisions.
Identifying high risk alerts: AI can be used to score and identify higher risk alerts that should be prioritised for review, due to a combination of the strength of the screening alert, the list it is matching against and the potential regulatory consequences.
Dealing with false positives: In certain situations, AI can even be used to auto-close alerts that are clearly false positives. Firms should note that where AI is used to make decisions, regulators expect firms to be able to demonstrate full governance and oversight over the AI’s decision-making remit.
From alerts to action
As regulatory scrutiny increases on how firms are conducting screening, firms must consider not only how they are generating screening alerts but also how they are reviewing these alerts and arriving at the right screening outcomes.
In summary, here are three things firms should do to ensure their screening process is set up for outcome success:
Undertake ongoing testing and tuning to understand the root of false positives. Analyse data from past alerts to identify types of alerts consistently leading to false positives to refine matching algorithms and rules going forward.
Screen the correct data. Carefully select the watchlists to be screened against, and ensure that the customer data used for screening is of sufficient quality to generate relevant screening alerts.
Create documented procedures for alert review and escalation. Establish clear, written procedures for how alerts are reviewed and escalated (for example, through decision trees and prioritisation of high risk alerts), including who makes decisions and on what grounds.
The guidance focuses on facilitating access to formal financial services for unserved and underserved persons, including those in low-income groups, or groups that may struggle to verify their identities easily.
Commenting on the release of the guidance, FATF President Elisa De Anda Madrazo pointed out that inclusion doesn’t just help disadvantaged people gain access to legitimate financial services, but contributes to the global fight against financial crime because it “reduces the size of the black and informal markets where criminals and terrorists hide their operations.”
As national governments adopt the new guidance, firms may need to adjust their anti-money laundering (AML) and counter-financing of terrorism (CFT) solutions. With that in mind, let’s take a closer look at the issues and risks surrounding financial exclusion, and explore the key takeaways of the 2025 guidance for domestic compliance teams.
What is Financial Exclusion?
While AML/CFT measures are a critical part of the global fight against financial crime, if they’re applied too rigorously as part of a risk-based approach to compliance they can have unintended consequences – namely, excluding persons from the financial system unfairly.
The over-application of AML/CFT measures is known as de-risking and is typically a result of firms seeking to manage a high level of compliance risk. De-risking is more likely in high risk industries and regions, and can affect vast groups of people with no connection to criminal activity, especially if they are from underprivileged backgrounds where other risk factors, such as a lack of formal identification (driving licences, passports, etc.), create additional barriers to financial services.
Why is Financial Exclusion a Compliance Issue?
Financial exclusion is often unfair, but it can also be harmful because it can actually increase the risk of financial crime, rather than reducing it. People who are excluded from the financial system are left with no choice but to use unregulated alternatives, either turning to black markets, or engaging in crime themselves and attempting to launder the proceeds.
These alternatives are, by definition, harder to monitor, and support wider criminal networks, not to mention ultimately adding to the AML/CFT compliance burden that firms face.
That’s why the new guidance from the FATF is so valuable. By turning a new regulatory focus on financial inclusion, firms can, in theory, bring more people into the legitimate financial system without compromising the integrity of AML/CFT controls.
The Key Takeaways
So, how does the new FATF guidance achieve its financial inclusion objectives? Let’s explore the key takeaways.
Proportional AML/CFT Measures
The FATF recommends that firms take a risk-based approach to AML/CFT compliance. Under previous guidance, that approach entailed a “commensurate” response to risk. Under the 2025 guidance, that term has been updated to “proportionate”.
The change reflects the need for countries to avoid imposing a uniform “one size fits all” AML/CFT regime on obligated entities. Under the proportionate risk-based response, firms have the flexibility to adjust their compliance solutions to match the “level and nature” of the risk they face, rather than simply excluding customers immediately.
Digital Onboarding Legitimacy
The guidance highlights the legitimacy of digital and non-face-to-face onboarding methods for financial services, providing that appropriate safeguarding measures are in place, and that the level of risk is manageable. The option of conducting digital and non-face-to-face onboarding makes it easier for some customers to open bank accounts where travel or other issues relating to physical distance might represent a barrier.
Automatic Risk Classification
The FATF guidance states that financial institutions should not automatically classify unserved and underserved persons as presenting a low AML/CFT risk, but points out that “risk assessments often conclude that they present a lower risk.”
It goes on to stress that financial inclusion initiatives must be predicated on the proper application of the risk-based approach, including an effective risk assessment process with “enhanced measures for higher risk” and “simplified measures for lower risk.”
De-risking Sectors and Populations
The guidance emphasises that the FATF has “long recognised the harmful impact” of de-risking, and that the practice is “not in line” with the risk-based approach that it mandates. It specifically warns against the “wholesale cutting loose of entire classes of customers” without properly taking their risk into account – in other words, applying appropriate risk mitigation measures on the level of individual customers.
Financial Inclusion Goals
The FATF recommends that governments formally incorporate financial inclusion goals into their National Risk Assessments (NRAs).
While it recognises that there is “no single or universal methodology” for conducting an AML/CFT risk assessment, the FATF suggests that NRAs should set out key concepts and stages involved in the process, in order to support “effective, proportionate implementation”. It also emphasises that NRAs should be coordinated at a national level, and be “comprehensive in scope”.
Financial Inclusion with Ripjar One
The FATF guidance suggests firms should reframe financial inclusion as an important part of their risk management strategies. However, in order to achieve better compliance outcomes for unserved or underserved customers, compliance teams need to be able to collect and analyse vast amounts of risk data accurately and efficiently, and make decisions with confidence.
Ripjar One is designed to address that challenge. Powered by cutting-edge artificial intelligence, Ripjar One is a next-generation AML risk management platform that creates a comprehensive view of customer risk, consolidating static and dynamic risk data from thousands of sources, including sanctions lists and watchlists, adverse media, and more.
The European Banking Authority (EBA) released new guidelines on sanctions screening in November 2024. Scheduled to come into effect across the EU on 30 December 2025, the guidelines set out the regulator’s expectations for how financial institutions (FIs) should implement governance, policies, procedures, and controls for their sanctions screening solutions.
With less than 6 months left before the new compliance requirements come into effect, it’s critical that obligated entities prepare, by reviewing and uplifting existing screening measures or developing new measures. In this post, we’ll explore that process in more detail.
What are the EBA guidelines?
The EBA’s November 2024 guidelines actually comprise two sets of guidelines, and apply in the following ways.
1) Guidelines for All Financial Institutions (EBA/GL/2024/14)
The first set of guidelines concern all FIs in the EU; banks, credit institutions, investment firms, and so on. The guidelines specifically focus on governance and risk management systems for sanctions compliance, and require FIs to:
Implement and maintain up-to-date sanctions compliance policies, procedures, and controls.
Establish a clear, well-defined governance structure and allocate responsibility (including to senior management) for sanctions compliance.
Conduct a sanctions risk exposure assessment to inform decisions on the controls and procedures necessary to establish effective sanctions compliance controls. The EBA has stated that this assessment should “be based on a sufficiently diverse range of information sources”.
Implement regular training programmes to ensure compliance teams are able to identify, assess, and manage sanctions compliance risk.
2) Guidelines for PSPs and CASPs (EBA/GL/2024/15)
The second set of guidelines concern payment service providers (PSPs) and crypto-asset service providers (CASPs). They focus on bringing these FIs under the scope of existing sanctions compliance regulations when handling specific types of transactions, including transactions involving crypto-assets. The guidelines require PSPs and CASPs to:
Choose and implement reliable sanctions screening solutions, and test their reliability regularly.
Define the dataset that they will be screening against the EU sanctions list and, where relevant, national restrictive measures.
Ensure that their sanctions screening measures are capable of verifying designated names on sanctions lists, managing the inherent risks involved in the screening process, and addressing the risk that customers engage in sanctions evasion strategies.
Preparing Your Screening Solution for Compliance
With the implementation date now on the horizon, it’s time for FIs to prepare their compliance teams, and adjust their screening solutions.
Here are the key stages in that process.
1. Align policies and procedures
Conduct a gap analysis to determine how your existing sanctions screening framework measures up against the EBA guidelines. Focus on identifying weaknesses in governance, technology, training, and documentation.
2. Update investigative steps
Following any updates to your screening policies and procedures, codify the steps your compliance team will take when investigating sanctions alerts. For example, set thresholds for escalating sanctions name matches, and define responsibilities within the compliance team.
3. Documentation of compliance process
Ensure your compliance process is fully documented, with an option to log the reasons for compliance decisions in a centralised and secure location. Your compliance documentation may be critical to subsequent investigations by law enforcement agencies, and so your decisions, and the information on which they were based, must be explainable and readily available for audit.
4. Invest in technology
For most FIs, manual screening methods will not be capable of meeting the EBA’s screening requirements. In order to achieve compliance, FIs should invest in screening technology capable of searching thousands of global sanctions lists and watchlists, along with other critical risk data sources such as adverse media stories, beneficial ownership lists, and politically exposed persons (PEP) lists.
Given the scope of the new screening obligations, many firms will find value in AI-powered screening tools capable of advanced analysis of huge volumes of unstructured data, and of making connections between risk data points that human compliance teams and manual tools might miss.
5. Train people and test processes
Your screening technology is only as good as the human compliance experts managing it. Develop a training schedule to familiarise compliance team members with new screening policies and procedures, and new screening technology integrations. Similarly, perform regular testing to identify weak spots in the new compliance process.
6. Risk-based review
Implement different levels of review for higher-risk sanctions alerts, such as those involving high-risk jurisdictions. While a sanctions list check may be sufficient for routine transactions, higher risk alerts may warrant enhanced due diligence, including supply chain risk screening and global adverse media searches.
Stay Ahead of Sanctions Risk with Ripjar One
With the EBA’s new sanctions screening guidelines imminent, it’s up to you to make sure your team is ready, by putting the right people, the right policies, and the right tools in place.
Powered by next-generation AI, Ripjar One is designed to help FIs manage that challenge, and take on an increasingly complex sanctions landscape.
Consolidating static and dynamic risk data seamlessly, including sanctions lists, adverse media, beneficial ownership registers, and transaction alerts, Ripjar One is a comprehensive screening solution that empowers compliance teams to make faster, stronger compliance decisions, identify risks more effectively, and optimise compliance outcomes for both their businesses and their customers.
“Third-party risk is both daunting and kaleidoscopic.“
In global businesses, an endless stream of parties must be assessed, from payment counterparties to the value chain of suppliers and distributors. Furthermore, each party is examined for a growing list of risks, including compliance, ethical, reputational and prudential.
More than ever, businesses need a comprehensive and flexible risk management tool that scales up and down as needed to assure a consistent risk process and a singular library of all third-party risk. Welcome to Ripjar 3P60.
Different risks, different challenges
There are four key categories of third-party risk, each presenting distinct operational challenges:
Compliance risk
Legal obligations to comply with sanctions, restricted party classifications and export controls all bring compliance risks. Businesses typically assess this risk through simple screening tools in a low latency environment, such as customer onboarding or counterparty payments. False positives proliferate here due to difficulties with name matching and entity resolution.
Potential headline risk associated with customers, suppliers, distributors or other third parties can impact your reputation. In recent years, this type of risk has taken on a life of its own, especially in relation to forced labour, child labour or human trafficking. But risk coverage goes beyond these disturbing topics to cover areas including corruption, fraud, non-delivery and potential criminal wrongdoing.
Risk assessment here involves screening against wrongdoer lists and adverse media. False positives abound, due largely to ineffective entity resolution, especially among commonly used names.
Prudential risk
How well do you know your value chain? That indispensable group of suppliers and distributors? Do you know who controls them? Do you know all beneficial owners? Do you know their reputation in the market? Do you know their performance history? Do you know what political, corruption and sovereign currency risks may affect them?
Corporate entities tend to manage this risk through a largely manual process of researching, mapping and assessment. Ownership structures are identified and assessed. Political risk environments and supply routes are identified and assessed. These assessments, plus reputational risk gauging, are brought together and scored. The process is incredibly complex, heavily manual and needs to be continuously updated. In short, it is very expensive to fully implement.
Ethical risk
Do the parties you deal with share your values? Do they, or will they, follow your ethical policies and procedures? Often, risk is managed here through the use of certifications. Businesses will require suppliers and distributors to certify – usually annually – that they follow the firm’s ethical policies or procedures, or at least follow similar ones of their own. This annual certification process is tedious, time-consuming and full of manual tracking processes.
Risk strategy vs business reality
While the types of third-party risks are straightforward, the methods businesses use to assess these risks are anything but. Not every firm believes managing all these risks is prudent or commercially reasonable. No two businesses face the exact same risks, while risk tolerances – or “acceptable loss norms” as they are more broadly known – differ widely.
Some firms, therefore, make the commercially reasonable decision not to incur management expense related to particular risks, such as hiring personnel to manage the process, eliminate false positives and update results accordingly. And, even those that manage all four types of risk across the board rarely do so in a similar manner. Certain risks receive substantial management attention, while others are relegated to a “compliance only” status.
“Clearly, this is a market where one size does not fit all.”
You need a tool that fits your specific risk tolerance and enables you to scale up and down as needed. All risks and risk parties potentially need to be covered, even if you address each in your own bespoke way. You need a single, consistent and configurable way to assess and view risk, as well as an easily accessible central library providing single risk panes for all parties.
The good news is that current technology makes all this possible. A single, scalable platform is much more achievable now, and the latest AI has substantially lowered investment costs, as the number of employees required to run your system is a fraction of what it used to be.
Welcome to Ripjar 3P60
Ripjar 3P60 is the only tool on the market to afford you this convenience. The tool comes in three variations, each sharing configurable workflows which can be tailored specifically to your organisation, a common risk assessment schema, and an AI-powered Digital Assistant to double check your team’s work, reduce false positives, and constantly update your results.
“Thoroughness, consistency, flexibility, efficiency and tailoring is what you need.”
Ripjar 3P60 comes in three options to suit different third-party risk management requirements:
Ripjar 3P60 Screen
This dual low and high latency screening engine enables you to satisfy your regulatory compliance obligations. Screening against a potentially limitless group of sanctions, restricted party and export control lists, Ripjar 3P60 Screen utilises the latest in probability-driven entity resolution and AI digital assistant technology to significantly reduce false positives and work to avoid all false negatives. Its configurable scoring matrix allows you to customise your risk assessments to meet your needs, enabling all results to be scored properly and consistently.
Ripjar 3P60 Assess
This option meets your compliance and reputational risk needs as well as covering baseline prudential risk management. Screen all counterparties for compliance purposes, screen all suppliers and distributors (and potentially some or all customers) for reputational risk concerns, and identify all beneficial owners and control persons across your value chain.
Ripjar 3P60 Assess is backed by the same technology and features as Ripjar3P60 Screen, while enabling you to cast the net wider to assess a broader range of risks. Your AI-powered Digital Assistant will continuously monitor and update records, scores and approvals as needed, and will create the building blocks to establish your global value chain map.
Ripjar 3P60 Intelligence
This comprehensive solution covers all your third-party risk management needs. Everything in Ripar 3P60 Screen and Assess is included, plus a full value chain map listing vulnerabilities from political, sovereign and transport route risks. All parties are thoroughly vetted and assessed, with your Digital Assistant working continuously in the background and supporting your team to avoid false negatives and positives.
Your Digital Assistant ensures that all work is up to date and properly assessed according to your configured scoring rules. Furthermore, our ethical certification engine configures certifications for your needs, with Ripjar’s Digital Assistant constantly tracking and ensuring compliance across your supplier and distribution chains.
In a volatile global political climate, effective sanctions screening isn’t optional – spotting potential supply chain sanctions evasion is critical for global organisations.
The United States, for example, added over 3,000 names to its Specially Designated Nationals (SDN) list in 2024, compared to 2,500 in 2023. Similarly, in May 2025, the European Union imposed its 17th package of Ukraine sanctions, expanding restrictions against Russia and Vladimir Putin’s regime.
Long story short, the complexity of the global sanctions landscape, the severity of penalties for violations, and impact of ensuing reputational consequences, have increased the compliance burden significantly.
For global firms with a network of cross-border business relationships, that means it’s no longer sufficient to screen only customers and clients for sanctions risk. Instead, the scope of their screening solutions must expand to cover their wider third-party networks and supply chains, taking in suppliers, partners, distributors, contractors, and so on.
Meeting that expanded screening obligation requires firms to not only adjust their compliance tech stacks, but understand their third-party risk exposure. However, the sanctions risk posed by a supply chain or a third-party relationship is not always obvious or intuitive, and may even be hidden from basic sanctions screening processes.
With that in mind, we’ve put together a guide to some of the key red-flag indicators of supply chain sanctions risk. If you’re looking to strengthen your screening process, it’s worth becoming familiar with these red flags so that you can optimise your compliance performance from the ground up, and avoid unnecessary regulatory friction.
Why Are Supply Chains Vulnerable to Sanctions Evasion?
While most organisations are familiar with the immediate risks posed by their customers and clients, the need to factor in supply chains and third-party risk management makes things more complicated.
That’s because, in a global professional landscape, most firms operate amidst sprawling physical and digital networks, which span borders, industries, and regulatory environments. As part of that connected world, firms necessarily face a higher volume of sanctions compliance threats, and consequently, a greater exposure to risk.
Unfortunately, in this context, compliance isn’t quite as easy as checking a customer’s name against the relevant sanctions list (or lists). Third parties pose significant hidden sanctions risks because they may operate to different regulatory standards, may be concealing their liability, or, in worst case scenarios, attempting to evade sanctions and thwart scrutiny.
The only way to effectively manage that expanded risk is to implement a robust screening solution, capable of managing vast amounts of third-party data and of adapting to the fluctuations of the sanctions landscape.
Now that we know why it’s important to strengthen supply chain sanctions screening, let’s move on to the things you need to look for.
Common Red Flags for Sanctions Evasion
Proximity to sanctioned jurisdictions
Counterparties that are based in, or that route goods through, a country bordering a sanctioned jurisdiction may be masking the ultimate destination of those goods. Not all countries maintain solid borders, and certain trading entities may attempt to exploit that by covertly moving goods into an adjacent sanctioned jurisdiction.
Changes in trading behaviour
When a counterparty makes abrupt changes to its trading behaviour, the goods and services it offers, or its ownership structure, this may be indicative that it’s engaging in sanctions evasion. For example, a shift away from the trade of electronic goods, which are typically designated on sanctions lists, in favour of trade in textiles, which are not frequently targeted, could be an indicator of risk.
Shell companies
Persons engaging in sanctions evasion may attempt to avoid screening measures by concealing their identities (and, by extension, the true risk they pose) behind shell companies, or behind overly complex corporate infrastructure. Examples of this kind of red flag include companies that have suspiciously little or no online presence, minimal staff, or no physical premises.
Document discrepancies
Discrepancies in documentation, such as mismatches between shipping records and invoices, may indicate sanctions evasion activity – specifically, attempts to conceal the trade of sanctioned goods. Be alert for vague or inconsistent descriptions of shipped goods, or miscalculated quantities of cargo.
Financial holdings in third countries
Be vigilant for companies that hold settlement accounts in third countries with deficient anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Lax enforcement in these jurisdictions may create opportunities for sanctions evasion.
High risk and dual-use goods
Certain goods are highly regulated because of their potential for criminal misuse, while others have both civilian and military applications, and so are classified as “dual-use”. Companies that trade in these types of goods pose a higher sanctions risk and should be scrutinised closely during screening.
Unusual intermediaries
Companies that engage multiple intermediaries or third-party consignees to facilitate trade, without explanation, may be attempting to distance themselves from buyers and end-users in an attempt to avoid sanctions. A sudden engagement of a new intermediary may be similarly indicative of risk.
Lack of end-use documentation
End-use of goods is a critical sanctions consideration. Legitimate trading partners should be able to provide documentation to support the end-use of the goods they are importing or exporting. Therefore, failure to provide end-use documentation may indicate an attempt to evade sanctions restrictions.
In isolation, each of the listed red-flag indicators doesn’t necessarily confirm that an organisation or individual is engaging in sanctions evasion. Collectively, however, or in combination they may inform a compliance response, and represent the difference between a decision to initiate enhanced screening, to freezing a transaction and alerting the relevant authorities.
Firms should perform risk assessments on third parties in their supply chain. That process will necessarily involve data collection and analysis, and a need to obtain a range of identifying information from third parties, including names, addresses, company incorporation documents, financial records, and so on. Where that information points to a higher level of risk, firms may seek to perform enhanced due diligence.
Continuous monitoring
The shifting geopolitical landscape means that third-party risk exposure can change quickly. To account for this change, firms must conduct ongoing sanctions screening of third parties (rather than just at onboarding, periodically or the start of a business relationship), in order to ensure the accuracy of established risk profiles.
Harness external data
To perform risk assessments on targets up and down the supply chain, firms need to be able to collect and manage vast amounts of external data. That data should be of a sufficient quality, and broad enough scope, to support effective compliance decision-making. In practice, this means screening not only official sanctions lists and watchlists, but a range of credible global adverse media sources, including screen and print media, and social media.
Leverage technology
Screening solutions are key to the sanctions data management challenge. Firms should aim to automate as much of the process as possible in order to manage the thousands of data sources necessary to build accurate risk profiles. Artificial intelligence (AI) systems offer a significant advantage in supply chain screening: not only do they provide speed and accuracy, but can spot hidden patterns and connections in risk data to help build a comprehensive overview of a firm’s risk exposure.
Build a culture of compliance
Screening technology is only as effective as the human experts using it. To ensure optimal third-party risk management, firms should support their employees’ roles in the compliance effort by offering regular training and skill development. That process will ultimately contribute to a company-wide culture of compliance that can only enhance the contribution of compliance teams as they adapt to new regulations and new sanctions evasion strategies.
Spot More Red Flags With Ripjar 3P60
Ripjar’s AI-powered screening platform Ripjar 3P60 is designed to help firms meet their third-party and supply chain compliance challenges in jurisdictions around the world. A comprehensive third-party risk management solution, Ripjar 3P60 builds flexibility and resilience into your screening process from the ground up, and leverages advanced AI analytics to help you deal with risks whenever and wherever they emerge.
Sanctions risk is a fact of life for every global business but in the last few years, that risk has grown significantly. Geopolitical crises, such as Russia’s invasion of Ukraine, have prompted governments to add hundreds of new designations to sanctions lists, and renew or expand existing measures. The US, for example, added over 3,100 names to its Specially Designated Nationals (SDN) and Blocked Persons List in 2024 – a 25% increase on 2023.
In this climate, sanctions obligations don’t end with a round of basic checks of global watchlists. Compliance solutions need to be capable of dealing with the direct sanctions risk exposure posed to firms by their customers and clients, but also with the third party risk posed by their supply chains.
An organisation’s suppliers, partners and vendors may represent third party networks that span multiple jurisdictions, geographies, goods, intermediaries, and ownership structures. Add to that, the potential for bad actors attempting to evade sanctions, or conceal their actions with shell companies, and the supply chain risk factor quickly becomes considerable.
Given the complexity of this environment, and the potential regulatory penalties, it’s imperative that sanctions risk is treated as a core compliance priority as firms build their supply chain.
And the best way to approach that challenge is to build robust sanctions compliance into the supply chain from the outset, with a solution that can adapt to an evolving regulatory landscape and emerging geopolitical risks.
In this post, we’re going to discuss the key steps involved in doing just that.
Effective screening remains the best way for firms to learn about their clients and establish the sanctions risks that they pose. Accordingly, acquiring suitable screening technology should be your first priority when building a sanctions-ready supply chain.
However, while most approaches to sanctions compliance entail a screening process for clients, involving a search for names designated on the relevant sanctions lists (such as the SDN list), supply chain risk requires a much broader screening scope.
That means that you must implement screening technology capable of covering all relevant counterparties that form part of the third party network – vendors, suppliers, partners, and so on – in those list searches. This comprehensive approach to sanctions risk shouldn’t stop at list searches, either, but should serve to acquire as much data as possible on search targets including:
Adverse media stories: Sanctions risk is often revealed in adverse media stories long before persons are officially designated on sanctions lists. Investigative journalists may break stories that impose sanctions evasion activities and indicate that you should change your compliance response.
Politically exposed persons (PEPs): Elected officials and government employees pose a greater sanctions risk because of their proximity to political and bureaucratic financial resources.
Following Financial Action Task Force (FATF) recommendations, sanctions screening solutions should be risk-based. This means that you must deploy compliance measures in proportion to the risk that your organisation faces: lower risks demand a less intensive compliance response, higher risks, a more intensive response.
However, the effectiveness of a risk-based screening solution relies on you being able to accurately assess your supply chain to determine the risk that it poses. The sanctions risk assessment serves to help establish your risk appetite, define thresholds for compliance decision-making, and then dedicate resources to achieving those compliance objectives.
To conduct an effective risk assessment, you need to map your supply chain and capture any relevant risk factors. These may include:
Sanctions lists: It’s important to identify the relevant sanctions lists that pose a compliance risk to your organisation. For example, firms in the EU must screen against the EU consolidated list, and so on.
Industry: Different industries pose different levels of sanctions risk. Persons involved in, or connected to the shipping industry, for example, or those that trade in dual-use items, often carry a high sanctions risk.
Location: Supply chains that contact certain geographic locations, such as Russia, China, and the Middle East, may carry an elevated risk.
Corruption: Supply chains that involve jurisdictions with comparatively weaker regulatory infrastructure may be more vulnerable to corruption and associated sanctions evasion activities.
Step 3: Leverage Technology and Data
The success of the steps outlined above is dependent on you being able to implement a technology solution capable of managing the vast amounts of data involved in the supply chain risk assessment process. The solution must also output high quality intelligence that facilitates effective compliance decision-making in a constantly evolving sanctions risk landscape.
Given the expanded data demands of supply chain compliance, you’ll need to move your solution beyond manual processes and focus on automating as much of the process as possible, enabling your compliance team to focus their time on the activities where their skills are best used. With that in mind, you need your sanctions screening technology tools to deliver the following capabilities:
Real-time monitoring to help identify suspicious activity, including red flag indicators of sanctions evasion.
Data integration from a wide range of sources, including sanctions, watchlists, PEP data, adverse media, plus your own internal data in both structured and unstructured formats.
Entity resolution and advanced analytics capable of revealing hidden links to sanctions risk, and connecting supply chains to persons designated on sanctions lists.
Global adverse media screening capabilities covering screen and print media, digital media, and social media content.
Multi-language tools capable of screening natively against foreign language sources, and accounting for regional spelling and naming variations.
Automation to streamline responses to sanctions risk, including triaging alerts, assessing evidence, and automatically reviewing and closing false positive alerts.
Step 4. Train and Raise Awareness Across Your Organisation
A sanctions screening solution is only as good as the human employees that run it. To that end, you’ll need to ensure your compliance team members understand the organisation’s risk appetite, and have the necessary expertise to deal appropriately with the outputs and alerts that your solution generates.
So, to keep compliance teams up to speed with the capabilities of your screening technology, and the latest regulatory developments, you’ll need to implement a schedule of regular training and skill development. Your goal should not only be to impart regulatory and technical understanding, but to create a culture of compliance in which emergent challenges don’t disrupt services, and teams can adapt quickly to new risks.
You’ll need to extend this culture of sanctions compliance across your wider business, especially if your firm is part of a larger group of companies where some may be operating in different regulatory environments. This could mean establishing your sanctions obligations at group level, identifying further obligations for different locations, developing additional training materials, and implementing a mechanism to verify that overseas branches, subsidiaries, and local partners have understood, and are compliant with, the relevant standards.
To facilitate this kind of organisation-wide transformation, think about:
Policies: Consider centralising your compliance policies while localising specific controls.
Overseas training: Focus on training overseas offices on key sanctions obligations and red flag indicators of sanctions evasion activity specific to their locations.
Tools and frameworks: Provide access to shared screening tools and decision-making frameworks to ensure a consistent approach.
5. Maintain Robust Third Party Due Diligence Processes
Your supply chain sanctions compliance work is never done – it’s an ongoing process that evolves and grows with the business relationships that you maintain, and the sanctions risks that you face.
It’s therefore important to think about the following third party due diligence processes:
Continuous monitoring: Don’t simply conduct a risk assessment at the beginning of a business relationship as a one-off. You’ll need to monitor third parties in your supply chain constantly to ensure their risk profiles remain accurate. Leverage technology to automate rounds of screening and integrate real-time adverse media monitoring tools to be notified of changes in risk as soon as possible.
Geopolitical risk: Stay informed of emerging areas of geopolitical risk as a way of anticipating sanctions risk. The greater your awareness of potential new risks, the better able you’ll be to adjust your sanctions solution.
Evasion strategies: Be aware of the latest sanctions evasion tactics. Monitor for updates and guidance from relevant national and international regulators, such as the FATF, to ensure you receive the correct information and advice when the global risk landscape changes.
Reassess regularly: Conduct periodic risk assessments to test the efficacy of your supply chain risk solutions. Reevaluate your risk appetite after regulatory updates and geopolitical events.
Master Supply Chain Screening with Ripjar
In a period of unprecedented geopolitical uncertainty, it’s more important than ever to protect your organisation, and your reputation, from risk. You can do that by extending your sanctions compliance priorities to your supply chain, and leveraging technology to shoulder the increased data burden.
Ripjar’s AI-powered screening platform Ripjar 3P60 is designed to help firms meet that goal. A scalable, comprehensive approach to third party risk management, Ripjar 3P60 builds automated efficiency, flexibility, and resilience into your third party screening process, leveraging advanced machine learning to help you spot supply chain risks, and deal with them before they can harm your business.
The proliferation of weapons of mass destruction (WMDs) is one of the critical security issues of the 21st century. With geopolitical tensions rising, the business community must play its part in preventing terrorist and criminal organisations not only acquiring these types of weapons, but facilitating their movement around the world.
In this climate, spotting potential proliferation financing activity is a compliance priority. This means that firms must understand the relevant regulations, and adjust their screening solutions to account for risk exposure.
What is Proliferation Financing?
Proliferation financing (PF) is the act of providing funds that support the movement of WMDs, including nuclear, chemical, and biological weapons, around the world.
Given the elevated global risk of terrorist attacks, and the challenges involved in detecting financial crimes, governments have placed regulatory obligations on businesses, and particularly on financial services firms, to help combat PF and target its sources.
PF shares characteristics with other financial crimes, specifically money laundering and the financing of terrorism, and so may be detectable via existing screening measures. Persons involved are often designated on sanctions lists, for example, or may attempt to conceal their transactions via shell companies and corporate infrastructure.
In other contexts, however, it is harder to detect PF because related transactions and activities do not necessarily share the same red flag indicators of criminality. For example, criminals may seek to bypass regulations and screening measures by transporting only legal component parts of WMDs, or by transporting “dual use” materials that may be repurposed for the construction of WMDs by end users.
The risk of PF goes beyond persons directly paying for the transport of WMDs, and extends to persons that may be providing services unknowingly. On the other hand, persons that are knowingly involved in PF often employ sophisticated evasion tactics to evade screening measures. In some cases, heavily sanctioned governments may engage in PF activity, and use state apparatus to do so.
High Risk Countries
Certain countries represent a higher PF risk than others, these include:
North Korea: The government of North Korea is actively pursuing a nuclear weapons programme and has demonstrated a willingness to attempt to evade sanctions.
Russia: Heavily sanctioned by multiple countries since the invasion of Ukraine in 2022, Russia is attempting to evade restrictions by importing dual use materials for use in military weapons technology.
Iran: The government of Iran has demonstrated an ongoing desire to develop a nuclear weapons programme.
China: China has demonstrated a desire to expand its own nuclear arsenal, and has facilitated other countries’ evasion of sanctions, including North Korea and Russia.
Syria: Under its previous government, Syria was known to have deployed chemical weapons, and financed its acquisition of WMDs via the sale of oil and petrochemicals.
Global Regulatory Response
Governments around the world are increasingly framing PF as a serious criminal risk, however, other than designation in sanctions programmes, dedicated PF regulations lag behind those applicable to similar financial crimes, such as money laundering and terrorist financing.
In light of the FATF’s strengthened focus on PF, the United Kingdom has led the international community in taking regulatory action. In 2021, for example, the UK government conducted its first National Risk Assessment of Proliferation Financing (NRAPF). Given the UK’s status as an international financial hub, the NRAPF suggested that the UK government put regulatory measures in place to address PF risk.
Accordingly, in 2022, the UK government amended the Money Laundering and Terrorist Financing Act to introduce new PF identification and risk screen requirements. The UK has also applied strict liability to sanctions breaches, meaning that penalties may be applied regardless of knowledge or intent behind the violation.
Firms that break PF rules and regulations face serious financial and even criminal consequences.
In the UK, for example, under the Money Laundering Act, the Office of Financial Sanctions Implementation (OFSI) has the authority to impose unlimited fines, and prison sentences of up to 7 years for PF rules breaches. Those penalties may be imposed in addition to existing sanctions rules, under which OFSI can fine companies up to £1 million, or 50% of the value of the offending transaction (whichever is greater), and name and shame companies publicly.
Regulatory Risk to Financial Institutions
Banks and financial services organisations are on the front line in the fight against PF, and may be exposed to compliance risk in numerous ways. Key examples of PF risk include:
Layered transactions: Persons designated on sanctions lists may route transactions through multiple accounts in order to obscure their origin and evade screening measures.
Dual use materials: Companies trading in dual use materials, particularly technology such as aerospace components or microelectronics, pose an elevated PF risk.
Shell companies: Criminals may attempt to use shell companies or complex corporate infrastructure to obscure the origin and destination of PF-related transactions.
Missing or incorrect transaction details: Criminals may intentionally withhold or misspell PF-related transaction details in order to evade AML/CFT scrutiny.
High risk countries: Transactions that involve parties in high risk AML/CFT territories (such as those listed above) carry an elevated PF risk.
Cryptocurrency: The anonymity of cryptocurrency transactions puts them at a higher risk of involvement in PF activity.
Third Party Risk
PF activity typically involves firms’ relationships with third party organisations, such as shipping and transportation companies. With that in mind, PF compliance screening should go beyond a singular focus on companies in the financial sector, and include relationships up and down the supply chain.
That means screening measures should account for the complexity of supply chains, and the potential for regulatory disparity across international borders. Key third party and supply chain risk factors include:
Persons designated on global sanctions lists.
Companies trading in dual use materials.
Suppliers operating in high risk industries, such as shipping.
Suppliers operating in high risk jurisdictions.
Persons designated on politically exposed persons (PEP) lists.
While third party risk factors may not necessarily result in direct regulatory violations, firms that are revealed to have relationships with third parties that are exposed as being involved in PF often incur reputational damage.
Implementing a Proliferation Financing Risk Management Strategy
The scale and complexity of PF risk means that firms should carefully consider their compliance posture, and, ideally, integrate an AML/CFT screening solution to help them manage their threat environment.
An effective PF risk management strategy should involve the following measures and controls:
Screening during onboarding
Firms should establish new clients’ PF risk levels as quickly and as accurately as possible. This means conducting robust customer due diligence (CDD), and applying suitable screening measures during onboarding, with a focus on sanctions designation, and designation on PEP lists. The screening process should be global in scope, which means searches should be conducted in multiple languages, and include scrutiny of other critical risk indicators, such as adverse media stories.
Beneficial ownership
As part of the due diligence process, firms should aim to establish the beneficial ownership of client companies in order to account for the possible misuse of shell companies or complex corporate structures as a means to disguise PF activity.
Continuous monitoring
Following onboarding, firms should continuously monitor their clients for PF risk in order to account for changes to risk profiles over time. This means maintaining a regular screening schedule with a focus on updates to sanctions lists, suspicious transaction patterns, changes in company ownership, and emerging adverse media stories.
Risk scoring and segmentation
PF screening should be risk-based. With that in mind, firms should seek to establish a risk scoring system to enhance their risk assessment process, with higher scores applied to higher risk jurisdictions, industries, and transactions, or to persons designated as PEPs. Similarly, audience segmentation – the process of grouping audiences by risk characteristics – can help compliance teams conduct risk assessments more efficiently.
Sanctions and watchlists
Effective sanctions and watchlist screening is a critical component of PF compliance. Firms must implement sanctions solutions that capture domestic and international sanctions designations, and listings on the relevant watchlists.
Adverse media
Changes to a client’s risk profile may be revealed by the media before they are confirmed officially. With that in mind, PF screening should include automated adverse media searches, in multiple languages, and with sufficient scope to capture third party risk.
Going Beyond the List
Given the global scale of PF, it’s critical that compliance solutions “go beyond the list”, which means going further than simple sanctions and watchlist name searches, and instead building out the most complete risk profile possible for each client.
That means leaving manual screening processes behind and, instead, implementing automated AML/CFT screening tools with powerful name search and identity matching capabilities. The tools that you choose should be able to screen against thousands of data sources, in multiple languages, while accounting for sanctions evasion tactics, disparities in spelling and naming, and the possibility of PF risk emerging from third party relationships and PF-adjacent activities. With those factors in mind, and the need to manage vast amounts of customer screening data, it’s worth leaning into the efficiency benefits of AI-enhanced search technology, which can not only boost the accuracy of PF screening results, and reduce false positives, but support stronger compliance decision-making.
The UK’s sanctions landscape has evolved dramatically since 2022, primarily in response to Russia’s invasion of Ukraine. During that time, the Office of Financial Sanctions Implementation (OFSI) has worked to ensure the UK government’s sanctions against Russia are enforced effectively, and that entities within the UK understand their compliance responsibilities.
With the UK’s Russia sanctions programme ongoing, in February 2025, OFSI released its Financial Services Threat Assessment. The report is intended to help UK firms deal with the changing global sanctions landscape, and, in particular, with the complexity of the restrictions against Vladmir Putin’s regime. To that end, the Threat Assessment focuses on the risks associated with Russia sanctions violations, including the need to accurately identify designated persons (DPs), the enablers of sanctions violations, the use of alternative payment methods to avoid restrictions, and failures in internal compliance solutions.
The report serves as an essential resource for all UK-based financial services firms, which should now review their compliance solutions in order to ensure alignment.
To help you navigate your UK sanctions obligations, we’ve put together a list of key takeaways from the report.
Key OFSI Takeaways for Financial Services
Failure to self-disclose
OFSI monitors suspected breaches of UK sanctions rules on a sectoral basis, and suggests that, while most reports are self-disclosed by financial institutions in a timely manner, the standard varies across different sectors and across the UK’s various sanctions regimes.
The report reveals that OFSI observed breaches that did not lead to self-disclosure by “some” UK financial services firms and non-bank payment service providers (NBPSPs). OFSI’s assessment implies a regulatory risk for firms that are not being fully transparent or rigorous in executing their sanctions compliance obligations.
Enablement activity
OFSI suggests that it is “almost certain” Russian designated persons (DPs) are using both professional and non-professional enablers to help them breach UK sanctions, and that activity has “significantly increased” since 2023.
OFSI defines non-professional enablers as individuals or entities that act on behalf of DPs to breach sanctions. These enablers have “close personal ties” to DPs and may include family members, spouses and ex spouses, and professional associates.
The report classifies three types of enabler activity:
Making payments to maintain the lifestyle or assets of DPs.
Fronting on behalf of a DP to claim ownership of frozen assets.
Money laundering to provide DPs with liquidity.
The Threat Assessment adds that Russian DPs are using “increasingly sophisticated methods” to breach sanctions, and that banks and financial institutions are in particularly advantageous positions to spot this kind of activity and report it to the authorities.
Compliance teams can address enabler activity by monitoring any new movement of assets and applying enhanced due diligence to the persons involved.
Fronting risks
The report suggests that it is “likely” that “a small number of enablers” have engaged in fronting activities on behalf of Russian DPs.
Fronting is defined as the act of professional enablers coming forward to claim ownership of assets that have been frozen under UK sanctions rules. The enablers typically target frozen assets that have unclear ownership – such as those associated with insolvency and complex corporate structures (shell companies), or situations in which significant liquidity is involved.
Enablers engaged in fronting present themselves as legitimate business persons, and often have links to DPs which they seek to conceal. These links are not necessarily obvious and may involve previous employment with a DP, or past membership of a shared community.
OFSI sets out a number of red flag indicators of fronting activity, which include:
Individuals with limited public profiles and little relevant experience to the professional roles they hold.
Inconsistent spellings of names – particularly those derived from Cyrillic.
Recent changes of name.
Recently-acquired non-Russian citizenships.
Maintenance payments
The Threat Assessment suggests that it is “highly likely” that enablers have used NBPSPs to help Russian DPs maintain their lifestyle and assets in the UK – in violation of sanctions restrictions. Maintenance activity involves payments that relate, for example, to DPs’ superyachts, personal security services, school fees, concierge services, and high value goods.
Enablers involved in maintenance payments “are typically small companies” engaged in services for “ultra-high-net-worth lifestyles”, and have relationships with the DPs which predate their designation on the UK sanctions list. Maintenance payments may also be made by DPs’ family members and close associates.
The report points out that financial services firms are, again, well placed to spot maintenance payment activity, which often leverages multiple payment methods, including cash and cryptocurrencies. OFSI has set out a number of red flags for maintenance activities, including:
Regular payments previously made by a DP now made by a new individual.
Family members and close associates of DPs receiving significant funds without adequate explanation.
Frequent payments between entities controlled by a DP.
Individuals attempting to deposit large sums of cash without adequate explanation.
Family members and close associates of DPs engaging in cryptocurrency transactions.
Next Steps: Strengthening Russia Sanctions Compliance
In the wake of OFSI’s Threat Assessment report, compliance teams should take the following steps:
Strengthen due diligence: Financial institutions should ensure they establish and verify the identities of their customers by performing adequate customer due diligence. In addition to collecting identity documents, firms should seek to scrutinize assets ownership and beneficial ownership, complex corporate structures, and cashflow sources.
Improve screening and monitoring: Financial institutions should review their sanctions screening solutions to ensure they are capable of capturing Russia sanctions risk effectively. In practice, this means integrating an automated screening solution, with global scope, and multi-language name search capabilities.
Proactive self-reporting: Given OFSI’s focus on failure to self-disclose, financial institutions must review their sanctions breach reporting process.
Russia Sanctions Screening Advantages
Russia sanctions are only a component of an evolving global landscape, which hosts thousands of potential threat vectors. In this environment, UK banks and financial institutions must remain agile and adaptable, without compromising the rigorousness of their sanctions screening capabilities.
With that in mind, automated screening technology should be a critical part of any sanctions compliance solution. Automated screening tools not only add speed and accuracy to sanctions list name searches, but reduce the potential for costly human error, and enable organisations to scale their response to their unique needs.
Screening tools enable organisations to search thousands of global sanctions lists and watchlists in seconds, along with other indicators of risk such as adverse media stories that can reveal changes in customer risk profiles long before official designation. Screening technology may also leverage artificial intelligence tools, to help compliance teams work with vast amounts of data, eliminate false positive alerts, generate meaningful intelligence, and ultimately, make stronger, faster decisions.
This is what every compliance officer says when talking about screening today. Little to nothing has changed on the technology and data front, despite ever increasing demands placed on compliance professionals.
This once simple compliance process is now anything but. Sanctions screening has grown beyond simple Latin alphabet name matching to include multi-alphabet and street address matching, not to mention the newer regulatory requirement to identify related and “network” members. Politically exposed person (PEP) identification has moved well beyond matching against established third party lists, to include potential unrelated and non-network “close associates”. Adverse media screening, once destined for the privileged few, is increasingly being demanded across all client segments.
Despite this changing landscape, regtech providers haven’t budged. “Static” data providers continue to generate lists based on their own assessments of who is important, and who isn’t, regardless of your risk tolerance. Or, worse, they provide media feeds of literally billions of articles, asking you to filter relevance. Screening tech firms are even worse, employing “fuzzy logic” (lots of fuzz, little logic) ostensibly to show their solutions’ ability to reduce false positives, even though regulators, from the beginning, primarily emphasise avoiding false negatives.
But from a risk perspective, the situation is even worse.Screening occurs on many levels – clients, payments and counterparties. The risk demands are similar across all levels, however the regtech solutions produce at times materially different outcomes. Screening at each level differs, as name matching and risk scoring typologies differ markedly. Similar risks are treated differently, causing frustration for any risk manager.
All this changes today.
It’s time to move to a 21st century solution and embrace the latest in technology from advanced data science, probabilistic programming and AI, all brought together in Ripjar’s powerful tech. Combine all your static data, including third party lists from sanctions, PEP and adverse media providers, as well as your own lists such as Do Not Do Business (DNDB), Approved Counterparties, and “Reported”. Then integrate this with your dynamic information, such as payment and account transaction data, to create a single “risk brain” – a holistic assessment process that produces the far too elusive “one pane of glass” for all clients, counterparties, originators, beneficiaries and, even, vendors.
Ripjar One
Unlimited data integrations
Enhanced with UBO data and transaction monitoring
Continuous live risk scoring with Dynamic Risk Profiles
Networking and advanced workflow capabilities
Backed by Ripjar’s powerful Digital Assistant
Welcome to the Ripjar One family of products
Ripjar One’s product family uses dynamic risk profiling to give compliance officers the power to achieve in today’s environment. Rather than relying on static risk profiles judgmentally created by third parties, dynamic risk profiling creates your own unique profile for each of your clients, counterparties, and even payment originators and beneficiaries. Powered by the latest AI technology, each profile is live, constantly checked in accordance with your rules, scored against your risk appetite, and continuously updated for new developments from both the outside world (such as sanctions or adverse media) and the inside (such as a new transaction monitoring alert or DNDB designation).
How dynamic risk profiling works
Centralise: Combine all your client name screening activities into one engine, regardless of whether the data is structured (by a third-party or your firm) or unstructured. This is then all searched as one, powered by the latest probabilistic-based name matching capability, and expandable to incorporate the results of your transaction screening and transaction monitoring systems’ outputs.
Unify: Subject all your processes to a single risk scoring methodology, completely configurable to meet your needs. All your screening risks will be treated not just in a similar, but the same manner.
Clarify: Build your own profile for every client and counterparty. Relevant output from your third party and internal sources is blended into your very own curated, dynamic risk profile. The profile is AI-generated, summarising the critical data points, and even highlighting links with other related and unrelated parties. The profile has a unique ID so it can be easily retrieved in milliseconds. The profile is the alert, sent to your team for review. And your Digital Assistant double checks your team’s work, notifying you of potential discrepancies.
Monitor and update: Your Digital Assistant works in the background constantly to update profiles when material changes occur and alerting you when necessary. These changes are highlighted to expedite review.
The benefits are numerous
One risk profile from all systems transforms static data into a dynamic answer, constantly updated, giving you the most complete risk picture.
One system eliminates redundant work arising from running multiple systems and processes, substantially increasing productivity.
False negative risk is substantially reduced through consolidating different characterisations from different lists into a uniform whole and having your Digital Assistant work as a “sixth pair of eyes” to double check your screening team’s work.
False positives are nearly eliminated from the use of a mathematically-driven probability matching schema and AI assessed alerting which prioritises alerts for review according to your rules, providing exponential ROI.
Identify hidden relationships and networksto significantly improve your compliance efforts.
Although still in the early days of his administration, President Donald Trump has introduced significant changes to US sanctions policy, with consequences for firms operating in the US and around the world.
During his previous term, sanctions were a cornerstone of President Trump’s foreign policy, and were often applied quickly and unpredictably in order to achieve administration objectives. With that in mind, in 2025, it’s critical that obligated entities implement screening solutions capable of not only delivering robust compliance, but adapting to a potentially-volatile sanctions risk landscape.
If you have US sanctions compliance concerns, now is the time to review your risk environment and screening mechanisms. To help you get to grips with that burden, here are the latest key changes to US sanctions policy that risk leaders should be aware of:
1. Intensified Sanctions On Iran
On 6 February, 2025, the US Treasury announced that it would be “restoring maximum pressure” on Iran by imposing new economic sanctions on the Iranian oil industry. The latest restrictions target an international network of shipping tankers that transport oil from Iran to countries like China, with the proceeds used by the Iranian government to fund the development of nuclear weapons.
Since the sanctions designations include firms operating in locations around the world, including India and the UAE, it’s critical that compliance teams recalibrate their screening tools to account for the broadened scope of the program.
2. Reversal of Cuba Sanctions Relief
On 14 January 2025, President Joe Biden removed Cuba from the US’ list of state-sponsors of terrorism. However, on 20 January 2025, hours after taking office, President Trump revoked that decision.
Cuba is already subject to robust sanctions measures under existing US policy, but by reinstating Cuba on the state sponsor of terrorism list, the Trump administration has blocked US citizens and entities from doing business with certain Cuban entities that would otherwise have been relieved. Examples of the reinstated restrictions include licensing requirements for technology exports that could be used by the Cuban military, and the requirement for the US to oppose loans to Cuba by the World Bank.
3. Dissolution of Russian Oligarch Sanctions Task Force
Under the Biden administration, in response to the invasion of Ukraine, the US Treasury assembled a task force to enforce sanctions against Russian oligarchs. On 6 February, President Trump disbanded that task force, signalling that the Treasury would be shifting its focus to combatting Mexican drug cartels and international criminal gangs operating in the US.
The US Justice Department will continue to prosecute cases currently in motion against Russian oligarchs but the change will see the number of new Russian targets drop significantly. The shift to Mexico and international gangs also suggests that the Justice Department will lean more heavily on the Foreign Corrupt Practices Act as a means to prosecute bribery investigations.
4. Tariffs on Canada, Mexico, and China
The Trump administration recently imposed new 25% tariffs against imports from Canada and Mexico, and an additional 10% tariff on imports from China, citing concerns about imbalances in the US’ trade relationships with those countries. In response, Canada announced that it was imposing a retaliatory 25% tariff against the US, while Mexico and China also indicated they would also be responding in kind.
The imposition of tariffs typically has indirect effects on supply chains, necessarily changing the risk profile of parties involved in a trading relationship. That change may require US firms to adjust their screening solutions going forward, with an emphasis on supply chain and third party risk.
Tariff update: On 4 February, President Trump announced that the US was “pausing” the introduction of tariffs against Canada and Mexico – as a result of productive discussions. He indicated that tariffs against China would remain in place.
5. Potential ICC Sanctions
On 6 February, President Trump announced that he was imposing sanctions against persons supporting International Criminal Court (ICC) investigations into US citizens, and into allies of the US. The sanctions represent a retaliation against recent arrest warrants issued by the ICC against Israeli Prime Minister Benjamin Netanyahu.
The list of US ICC sanctions designations has not been made public. However, the restrictions include a ban on travel to the US, and possible asset freezes, and extend to family members and close associates of the targets.
US ICC sanctions will impose new screening obligations on obligated firms, but will likely have further consequences, not least on international legal cooperation agreements. With that in mind, firms must monitor ICC sanctions developments carefully and be ready to react if new retaliatory measures are forthcoming.
Stay Ahead of Sanctions Risk in 2025
The Trump administration has assumed an aggressive and dynamic sanctions posture in its first few weeks, and it’s likely that further changes are on the horizon in 2025. The best way to manage sanctions risk, especially in a volatile environment like the US, is to gather as much risk data as possible, and lean into the possibilities of software automation in order to make sense of it.
Beyond the speed, efficiency, and accuracy, sanctions screening technology offers valuable flexibility for firms working to ease compliance pressure. Screening technology enables compliance teams to search thousands of sanctions data sources, including global watchlists and adverse media stories, and generate actionable intelligence in seconds. Don’t let the evolving US sanctions landscape outpace your screening capabilities, explore your automation options to stay ahead of the regulatory curve.
The Anti-Money Laundering Act 2020 (AMLA) is a cornerstone of US financial crime legislation. Setting out numerous corporate rules and obligations, the Act affects all US banks and financial institutions, and requires CFOs, and their teams, to think carefully about their day-to-day compliance duties.
In this post, we’re going to explore AMLA’s key regulatory details and compliance implications, and examine incoming regulatory activity that might affect your AMLA compliance posture.
What is AMLA?
Passed by the US Senate in 2020, AMLA came into effect on 1 January 2021 under the National Defence Authorisation Act.
Representing the most significant reform of US anti-money laundering (AML) rules since the Patriot Act in 2001, AMLA introduced significant regulatory changes. The Act was part of an effort to modernise the US’ AML infrastructure to account for advances in financial technology, and increasingly sophisticated criminal methodologies.
AMLA broadly expanded the authority of federal regulators, including the US Treasury’s Financial Crimes Enforcement Network (FinCEN), with new investigative powers. With that in mind, AMLA’s key AML/CFT provisions include:
Beneficial ownership: Expanded beneficial ownership disclosure requirements for smaller firms, with 20 employees or fewer. The requirements are designed to address the misuse of shell companies to conceal illegal financial activity.
Politically exposed persons: Expanded requirements for preventing politically exposed persons (PEPs) from misrepresenting the source of funds when dealing with US firms.
Non-traditional financial institutions: Expansion of Bank Secrecy Act (BSA) compliance requirements to certain non-traditional financial institutions, including those dealing with virtual currencies, such as cryptocurrency exchanges.
Criminal and financial penalties: New penalties for violations of money laundering rules, including prison sentences of up to 10 years, and fines of up to $1 million.
Expanded penalties: Increased financial penalties for violations of existing money laundering regulations – set out in the BSA and Patriot Act.
Whistleblowers: Enhanced protections and rewards for whistleblowers that expose violations of money laundering regulations.
International money laundering: Expanded powers for US law enforcement agencies to investigate foreign entities suspected of money laundering. The provision includes new US Treasury subpoena powers.
Information sharing: New information sharing rules for US entities with foreign subsidiaries and affiliates.
AMLA Compliance Priorities
Given the increased penalties imposed by AMLA, it’s critical that firms in the US understand how to comply with the regulations, and are able to adjust their compliance posture to account for emerging risks.
Key priorities for compliance with AMLA include:
Customer due diligence: AMLA’s focus on beneficial ownership (along with existing BSA requirements), means that firms must be able to verify customer identities through robust customer due diligence (CDD) and, where necessary, enhanced due diligence (EDD). While customer identities may be verified via official documentation such as passports or driving licenses, firms must also affirm beneficial ownership, which involves capturing shareholder information, incorporation dates, operating locations, and so on.
Screening: To account for increased customer risk, firms should review their AML/CFT screening capabilities. AMLA’s focus on non-traditional financial institutions, PEPs, beneficial ownership, and foreign money laundering may require firms to take a different approach to risk screening in order to capture emerging risks.
Compliance automation: The sheer volume of risk data that firms must consider as part of their AMLA obligations means that compliance teams should seek to integrate automated solutions wherever possible. Automated screening tools, for example, can search thousands of global news stories and deliver actionable financial intelligence in seconds – a level of efficiency that would be impossible in a manual search process.
Recent AMLA Developments
The US government continues to adjust the regulatory detail of AMLA in order to account for changes in the domestic and global risk landscapes.
The Corporate Transparency Act: The Corporate Transparency Act (CTA) was passed on 1 January 2024, strengthening AMLA’s beneficial ownership provisions. As part of the CTA, “reporting companies” have to submit company details, including owners’ personal information, to a FinCEN beneficial ownership database. In December 2024, several courts, including the US 5th Circuit Court of Appeals, blocked the implementation of the CTA nationwide. The US Supreme Court subsequently overturned the 5th Circuit decision but as of 1 February 2025, CTA enforcement remains blocked as a result of an earlier decision by a court in Texas.
Proposed Rule: In July 2024, FinCEN put forward a ‘proposed rule’ to strengthen certain AMLA provisions. The rule emphasises that compliance solutions need to be “effective, risk-based, and reasonably designed”, in order to help firms become more responsive to the specific challenges of their risk environment.
Fintech innovation: FinCEN has continued to encourage US firms to explore technological solutions to AML/CFT challenges through ‘the promotion of responsible financial service innovation,’ in alignment with AMLA’s broader objectives. For example, innovations such as AI-supported analytics, may help firms enhance their screening processes and reduce false positive alert rates.
Screening Advantages
In an evolving regulatory environment like the US, firms must be capable of managing existing risks while anticipating future challenges. With that in mind, automated screening solutions represent the best way of keeping pace with AMLA requirements.
Merging human expertise with advanced data collection and analysis, screening technology provides critical visibility of the risk landscape which, in turn, facilitates stronger, more informed compliance decision-making. Even better, automated screening solutions ensure compliance teams stay agile, adapting quickly to incoming AMLA amendments, while managing evolving money laundering methodologies.
