A customer passes screening clean on day one. Six months later, their name lands on a sanctions list following a designation. Your batch screening runs every Sunday night. So for up to seven days, you are knowingly transacting with a sanctioned party and have no idea. That gap is where most regulatory exposure actually lives, and it is not an edge case. We see versions of this story every month.
Sanctions screening gets treated as an onboarding checkbox. You run the name against the lists, you get a clean result, you move on. The problem is that sanctions designations do not wait for your next onboarding cycle. They happen in real time, often with no notice, and the obligation to not deal with a designated person applies the moment the designation takes effect. Not the moment your next batch job runs.
This article is about how screening actually works in operations, where it breaks, and what good infrastructure looks like when you strip away the vendor adjectives.
What sanctions screening is, in one sentence
Sanctions screening is the process of checking customers, transactions, and counterparties against government and international watchlists to identify anyone you are legally prohibited from doing business with. That is the whole job. The difficulty is in the detail: which lists, how often, how you match names, and what you do when you get a hit.
The lists you actually have to cover
There is no single global sanctions list, which is the first thing that trips teams up. A name that is clean on one list can be designated on another. If you operate across borders, you need coverage across the major regimes at minimum.
The Office of Foreign Assets Control (OFAC) maintains the United States Specially Designated Nationals (SDN) list, which has extraterritorial reach that catches far more firms than people expect. The UK Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, publishes the UK consolidated list of financial sanctions targets. The European Union maintains the EU Consolidated List of persons, groups, and entities subject to EU financial sanctions. And the United Nations Security Council issues UN sanctions through its consolidated list, which member states are obliged to implement.
Covering one or two of these and assuming the rest correlate is a common and dangerous shortcut. The lists diverge constantly. A designation under OFAC may take days or weeks to appear in equivalent form elsewhere, or may never appear at all. If your customer base spans jurisdictions, partial coverage is partial compliance.
Why static batch screening is the quiet killer
Static batch screening means you run your customer book against the lists on a schedule. Nightly, weekly, monthly. Between runs, you are blind.
Here is the operational reality. Sanctions lists are updated whenever an authority makes a designation, which can be any day, sometimes multiple times a day during periods of geopolitical tension. If your screening only fires on a batch cycle, every designation that lands between cycles is a window of exposure. A customer who was clean on Monday can be sanctioned on Tuesday, and if your next run is the following Sunday, you have six days of potential breach baked into your process.
Under the UK Money Laundering Regulations 2017 and the Proceeds of Crime Act 2002, dealing with a sanctioned party is not something you can defend by pointing at your batch schedule. The obligation is continuous. The Financial Action Task Force (FATF) is explicit that sanctions compliance requires ongoing monitoring, not point-in-time checks. Batch screening was a reasonable approach when lists changed slowly and customer books were small. Neither of those conditions holds in 2025.
This is exactly the workflow gap Zenoo was built to close. If your screening only runs at onboarding or on a batch cycle, it is worth seeing what continuous monitoring does to your exposure window. Book a demo to run it with your own data.
Fuzzy matching: where you lose hits and drown in noise
Name matching is the part of screening that looks simple and is not. Sanctioned individuals do not present a clean, transliterated, perfectly spelled name that matches your list entry character for character. Names get transliterated differently from Arabic, Cyrillic, or Chinese scripts. Aliases proliferate. Dates of birth are partial or missing. Corporate names get abbreviated.
This is where fuzzy matching comes in: algorithms that score how closely a customer name resembles a list entry, allowing for spelling variation, word order, and phonetic similarity. Set the threshold too tight and you miss real hits, which is the failure that ends careers. Set it too loose and your analysts drown in false positives, which is the failure that quietly destroys your team.
The practical consequence of bad matching is that analysts stop trusting the system. When 95% of your alerts are noise, the human reviewing them develops alert fatigue and starts clearing them on autopilot. That is precisely when the real hit slips through. Good matching is not about a single magic threshold. It is about combining name similarity with secondary identifiers (date of birth, nationality, known aliases) so the score reflects more than spelling.
| Matching failure | What it looks like | What it costs you |
|---|---|---|
| Threshold too tight | Clean-looking results, missed designations | Regulatory breach, undetected sanctioned exposure |
| Threshold too loose | Hundreds of low-quality alerts | Analyst fatigue, real hits cleared by mistake |
| Name-only matching | No use of DOB, nationality, aliases | Both missed hits and excess noise at once |
Adverse media: the screening that is not technically screening
Sanctions lists tell you who has already been designated. Adverse media screening tells you about the customer who is associated with financial crime, corruption, or sanctioned activity but has not yet been formally listed. Designations often follow public reporting by months. A name surfacing in credible reporting on sanctions evasion or money laundering is a risk signal you want before the formal listing, not after.
The failure point is that adverse media is frequently bolted on as a separate tool, run separately, reviewed separately, with no link back to the sanctions case. So an analyst clears a sanctions alert without ever seeing that the same individual appeared in adverse reporting last quarter. The two data sources should inform a single risk picture. When they live in separate systems, your team is making decisions with half the file.
No audit trail means you cannot prove the work
Here is a question every Head of Compliance should be able to answer instantly: when a regulator asks why you cleared a particular sanctions alert eighteen months ago, can you show them who reviewed it, what data they saw, what decision they made, and why?
If the answer involves digging through email threads and spreadsheets, you have an audit trail problem, and it is a serious one. Under the Money Laundering Regulations 2017, you are expected to evidence your decisions, not just make them. A clean screening result with no record of the reasoning behind a disposition is, from a regulator's perspective, close to no screening at all.
The Head of Financial Crime at a European payments firm put it to us plainly: "We did not fail because we missed a hit. We failed because we could not prove what we did with the hits we caught." That is the part teams underinvest in until an examiner asks.
What good screening infrastructure actually looks like
Strip away the marketing and good screening comes down to a few operational truths.
It runs continuously, not on a batch schedule. The moment OFAC, OFSI, the EU, or the UN updates a list, your existing customer book is rescreened against the change. Ongoing monitoring is the obligation, so the infrastructure has to match it. This is the difference between checking someone once at onboarding and watching the relationship for its entire life.
It matches intelligently across all the major lists at once, using secondary identifiers to keep the signal high and the noise manageable. It pulls adverse media into the same case file as the sanctions hit, so the analyst sees one risk picture rather than three disconnected tools. And it records everything: who saw what, when, and the reasoning behind every disposition, so the audit trail is a by-product of the work rather than a frantic reconstruction during an examination.
Zenoo's platform automates ongoing monitoring rather than treating screening as a one-time onboarding check. The point is not the technology for its own sake. It is closing the gap between when a designation happens and when you know about it, and being able to prove the work afterwards.
Key takeaways
- Static batch screening leaves you blind between runs. Designations happen in real time, and so must your monitoring. The obligation under the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2017 is continuous.
- There is no single global list. Cover OFAC, the UK OFSI list, the EU Consolidated List, and UN sanctions if you operate across borders. Partial coverage is partial compliance.
- Fuzzy matching tuned wrong fails in both directions: too tight and you miss real hits, too loose and analyst fatigue clears them by accident. Use secondary identifiers, not name similarity alone.
- Adverse media belongs in the same case file as the sanctions hit, not in a separate tool nobody cross-references.
- If you cannot evidence why an alert was cleared, you have an audit trail problem that a regulator will treat as a screening problem.
FAQ
What is sanctions screening?
Sanctions screening is the process of checking customers, transactions, and counterparties against government and international watchlists, such as the OFAC SDN list, the UK OFSI list, the EU Consolidated List, and UN sanctions, to identify anyone you are legally prohibited from doing business with.
How often should sanctions screening run?
Continuously. Sanctions lists are updated whenever an authority makes a designation, which can happen on any day with no notice. FATF guidance and the UK Money Laundering Regulations 2017 frame the obligation as ongoing monitoring, so screening only at onboarding or on a weekly batch leaves an exposure window every time a list changes between runs.
What are the main sanctions lists compliance teams must cover?
The four core regimes are the United States OFAC SDN list, the UK OFSI consolidated list maintained by HM Treasury, the EU Consolidated List, and UN Security Council sanctions. Firms operating across borders generally need coverage of all four, because a name clean on one list can be designated on another.
Why do sanctions screening systems produce so many false positives?
Mostly because of name matching. Sanctioned names appear in many transliterations, aliases, and spellings, so fuzzy matching algorithms score similarity to allow for variation. Set the threshold loosely and you generate large volumes of low-quality alerts. Combining name similarity with secondary identifiers like date of birth and nationality keeps the signal high without missing real hits.
Is adverse media part of sanctions screening?
Not strictly, but it belongs alongside it. Sanctions lists show who has already been designated, while adverse media screening flags customers linked to financial crime or sanctions evasion in credible reporting before any formal listing. The two should feed a single risk picture rather than living in separate, unconnected tools.
If your screening still runs on a batch cycle, or your adverse media and sanctions hits live in different systems, it is worth seeing how continuous monitoring changes your exposure. Visit zenoo.com to book a demo. 30 minutes. Your data. No slides.
