• 7 mins read

Expert Insights: The Biggest Screening Challenges of a Changing Sanctions Landscape

Sanctions pressure is increasing in jurisdictions all around the world, with financial institutions struggling to adapt to an increased volume of regulations, and more intensive approaches to enforcement. To meet that rising sanctions challenge, financial institutions must rely on employee skills and technical resources, integrated as part of a risk-based screening solution. 

In November 2024, Ripjar and FINTRAIL jointly hosted a Sanctions Masterclass on exactly that issue, with industry experts discussing some of the most significant concerns of a changing compliance landscape – and regulator expectations for managing them. 

As political tensions have grown dramatically all over the world, sanctions restrictions have become a lot more complex. Financial institutions need to stay ahead with screening solutions that look to advanced technology or intelligence-led solutions.

Ciara Aitchison, FINTRAIL Director

Industry Opinion: Top Screening Challenges for 2025

During the Sanctions Masterclass, audience members were asked to share what they felt were the top sanctions screening challenges for their organisations (with the option to select up to 3). The results reflect how complicated the sanctions screening question has become for many compliance teams and highlight the need for new ways to manage risk data.

Evolving Sanctions

The Masterclass poll highlights a number of specific sanctions compliance pain points, not least the ongoing issue of evasion. But it also reflects a collective concern with the pace at which the sanctions landscape is changing. 

Leading the discussion, FINTRAIL Senior Consultant & Sanctions Lead Emil Dall pointed to this change as the root of the screening burden that many firms are experiencing, identifying Russia’s invasion of Ukraine as a key driver.

“We’ve had a huge increase in the number of designations since 2022,” said Emil. “In the United Kingdom alone we’ve seen £22.7 billion worth of assets frozen because of Russia sanctions, and recorded 473 suspected breaches – up significantly from 147 at the beginning of Russia’s invasion.”

It’s not just the increasing volume of sanctions that is making life difficult for compliance teams but the type of restrictions that are being imposed. Western governments have introduced new types of sanctions restrictions, including those involving cryptocurrency wallets and crypto services, the ban on Russian banks using the SWIFT banking system, and sanctions that involve specific territories within occupied Ukraine. 

“All these different types of sanctions increase the levels of controls that financial institutions require,” said Emil. “Name screening won’t necessarily help you implement these restrictions, so we need to think creatively about how we can go further.”

In this case, “thinking creatively” may require capturing a greater depth of information about a given customer, including their passport number, email address, and so on, or a deeper-dive into potential evasion strategies which have emerged as a result of the changing nature of the sanctions regulations themselves. Illustrating that point, Emil brought up the example of the designated company Aeroscan. The UK listing includes the company’s website and email domain “scan.aero”, which some screening providers may not pick up through fuzzy matching, or which may not be picked up if not screening client websites or email domain names.

Regulatory Expectations

In the face of an increasing number of regulations, and new evasion strategies, businesses rely on regulatory guidance, insight and advice as a means to support compliance efforts.

Emil noted that there has been an uptick in regulator guidance to match that need, and specifically guidance that highlights financial institutions’ primary concern: detecting sanctions evasion. In September 2024, for example, the G7 released joint guidance, for the first time ever, on preventing Russia sanctions evasion. The guidance includes a list of red flag evasion characteristics, screening best practices, and top customer due diligence (CDD) controls. The UK has also issued red alert notices more frequently since the invasion, including one targeting sanctions evasion techniques used by Russian oligarchs. 

The focus on sanctions evasion techniques reflects another prominent sanctions challenge: the need to understand company ownership structures and the risk of sanctioned parties using third countries to evade restrictions. For example, news media reported on a surge in car exports to Azerbaijan, coinciding with a drop in exports to Russia as the export of luxury vehicles to Russia became prohibited.

“It begs the question of what our financial institutions are being asked to detect,” said Emil. Referring to OFAC’s Framework for Sanctions Compliance Programs, he continued, “If you ask OFAC, it goes beyond name screening and focuses on firms having policies, procedures, and controls in place to detect prohibited activity – not just preventing certain people from accessing financial services.”

That point reflects another important consideration in a changing sanctions landscape. While the volume of regulator guidance has kept pace with new rules, it is also clear that regulators “increasingly expect” financial institutions to successfully spot sanctions evasion. 

“There is a growing realisation that financial institutions have a lot more data at hand which can allow them to detect sanctions activity,” said Emil, “beyond just detecting whether someone’s name is on a list.”

There is a growing realisation that financial institutions have a lot more data at hand which can allow them to detect sanctions activity, beyond just detecting whether someone’s name is on a list.

Emil Dall, Senior Consultant & Sanctions Lead, FINTRAIL

Real-world enforcement actions seem to reflect that trend:

  • In 2021, financial services firm Payoneer was fined over $1.4 million for multiple failures in its fuzzy matching screening controls. 
  • In 2022, crypto service provider Kraken was fined over $300,000 for failing to screen customer IP addresses correctly during onboarding. 
  • In 2023, Swedbank was fined over $3.4 million for not acting on location data that suggested transactions were connected to sanctions-listed Crimea. 

The examples demonstrate the growing need for financial institutions to consider the risk data that they hold on their customers, and integrate that into the screening process – rather than just verifying against a list of sanctioned names. 

Risk-Based Compliance

Sanctions compliance is risk-based, which means financial institutions must deploy a proportional response to the risk that their clients present. This makes the accurate assessment and understanding of risk critical on an individual-organisation basis, and means there are a number of practical sanctions screening considerations organisations must make.

In this climate, out-of-the-box screening solutions do not offer an adequate level of compliance protection, since those systems are not calibrated or tested to the specific risks of a given firm’s operational environment. Risk assessment is all the more important in an evolving sanctions landscape, where new sanctions are issued regularly, along with the emergence of new evasion techniques.  

Effective risk-based compliance requires firms to look inwards, as much as to the introduction of new regulations. Emil set out questions that firms should ask themselves to strengthen their approach to risk assessment: 

How can we innovate? How can we tune? How can we test and make our systems better at addressing the risk we’re facing? As sanctions risks increase globally, our screening systems must also follow suit.

Emil Dall, Senior Consultant & Sanctions Lead, FINTRAIL

With that in mind, effective risk-based compliance should also be thought of as a series of dials that apply different levels of screening intensity to different points in an organisation’s infrastructure. 

In the context of customer screening, for example, that could include a dial for selecting the right lists to screen, a dial for screening adverse media, a dial for screening cadence, ongoing testing and so on. Meanwhile, in the context of fuzzy matching, there may be a dial for adjusting alert triggers in line with risk, based on client profiles, payment types, products being used, and so on. 

Key Takeaway: The Value of Data

The pace of change in the modern financial landscape requires every firm to prioritise the development of a unique screening process that takes sanctions screening beyond name matching. This process must not only meet regulatory expectations, but also internal assessments of risk. Building that solution should involve careful tuning and calibration on an ongoing basis, informed by every available data point, both in official sanctions lists and published guidance, and on the customer side in records and internal documents. 

That data challenge is significant, but financial institutions can make their job easier by leaning-in to the speed and efficiency possibilities of automation, and integrating cutting-edge screening technology such as Ripjar’s sanctions screening solution

Capable of capturing thousands of data points, including sanctions lists, watchlists, and adverse media sources for further screening enhancement, Ripjar screening can be tailored to a firm’s risk appetite and environment. In a changing and challenging regulatory landscape, Ripjar gives compliance teams the power to adapt, incorporating powerful AI-supported screening features that add depth to customer name searches, enrich the quality of search data, and ultimately enhance compliance decision-making. 


Catch up with the Sanctions Masterclass on demand

Watch Now

Subscribe to Newsletter