Sanctions Screening. Stay Compliant

Imagine you just onboarded a new customer. Everything looks fine. A week later, you discover they're on a UN sanctions list for arms trafficking. You've just violated sanctions laws, and the penalties start in the millions.

That's why sanctions screening exists.

What Are Sanctions?

Sanctions are legal restrictions imposed by governments or international bodies to pressure individuals, entities, or countries into changing their behavior. The targets:

• Individuals — Terrorists, arms dealers, human rights violators, corrupt officials
• Entities — Companies, organizations, ships, aircraft linked to sanctioned activities
• Countries — Entire nations under comprehensive sanctions (North Korea, Iran, Syria)

When someone's sanctioned, you cannot do business with them. Period. No transactions. No services. No dealings whatsoever.

Who Imposes Sanctions?

Australia: DFAT Consolidated List
The Department of Foreign Affairs and Trade maintains Australia's sanctions list. It includes UN sanctions (which Australia must implement) plus autonomous Australian sanctions.

United Nations Security Council
UN sanctions are binding on all member states. These target terrorism, nuclear proliferation, and threats to international peace.

United States: OFAC
The Office of Foreign Assets Control maintains extensive sanctions lists. While these are US-specific, many international businesses screen against them because US sanctions have extraterritorial reach.

European Union
EU consolidated sanctions list. Relevant if you're dealing with European counterparties or transactions involving EU jurisdictions.

Why You Need to Screen

It's not just about AML/CTF compliance. Sanctions violations carry their own penalties:

Criminal prosecution
Deliberately dealing with sanctioned parties is a criminal offense. Imprisonment is on the table.

Civil penalties
Even inadvertent violations can result in massive fines. The penalties compound — every transaction is a separate breach.

Reputational damage
Getting caught dealing with terrorists or arms dealers? Your business is done. No bank will touch you. No customers will trust you.

Asset freezing
If you've got funds belonging to a sanctioned party, those assets get frozen. You can't return them. You can't use them. They're locked until authorities say otherwise.

When to Screen

At onboarding
Before you establish a business relationship, screen the customer. If they're sanctioned, you refuse them immediately.

During transactions
Every time you process a payment, check if the counterparty is sanctioned. Wire transfer to an unknown entity? Screen them first.

Ongoing monitoring
Sanctions lists update constantly. Someone who wasn't sanctioned yesterday might be today. You need regular re-screening.

How often?
- Real-time screening for transactions - Daily or weekly batch screening for existing customers - Immediate alerts when lists update

What You're Screening For

Exact name matches
Customer's name is "Ahmad Khan." Sanctions list has "Ahmad Khan." That's a hit — investigate further.

Close matches (fuzzy matching)
Customer: "Ahmed Kahn" vs List: "Ahmad Khan." Different spelling, same person? You need to verify.

Aliases
Sanctioned individuals use multiple names. Screening systems check known aliases automatically.

Date of birth
If available, DOB helps distinguish between Ahmad Khan (terrorist) and Ahmad Khan (dentist in Melbourne).

Address and nationality
Additional data points to confirm or rule out a match.

Entities and vessels
Company names, ship names (for maritime sanctions), aircraft tail numbers.

False Positives Are Normal

Screening generates lots of false positives. "John Smith" appears on your customer list. "John Smith" also appears on a sanctions list. Are they the same person?

You investigate:

• Check date of birth — Different? Probably not the same person
• Check nationality — Your John Smith is Australian, sanctioned John Smith is Syrian? Not a match
• Check address — Your customer lives in Sydney, sanctioned person last known in Damascus? Not a match

Once you've determined it's a false positive, document your reasoning and clear the match. Keep records showing you did due diligence.

True Positive: What to Do

You've screened a customer. They're a match. Name, DOB, nationality — it's definitely them. Now what?

Step 1: Stop immediately
Do not complete the transaction. Do not provide any services. Do not pass go.

Step 2: Report to AUSTRAC
File a Suspicious Matter Report explaining the sanctions match. Include all details.

Step 3: Report to DFAT
If it's a match against the Australian Sanctions List, you also need to report to DFAT.

Step 4: Freeze any assets
If you're holding funds or assets belonging to the sanctioned party, freeze them immediately. Don't return them. Don't use them. Just freeze and report.

Step 5: Don't tip them off
Same as SMRs — you can't tell them you've identified them as sanctioned. That's tipping off, and it's a criminal offense.

Step 6: Terminate the relationship
You cannot maintain business relationships with sanctioned parties. Terminate the account/service.

Sanctions Evasion Techniques

Criminals know about sanctions screening. They try to evade it:

Name variations
"Mohammad" vs "Muhammad" vs "Mohamed." Using initials. Dropping middle names. Western aliases.

Shell companies
Sanctioned individual doesn't own the company directly. They use nominee directors and offshore structures to hide their control.

Third-party intermediaries
Payments don't go directly to the sanctioned party. They route through multiple entities to obscure the ultimate beneficiary.

False documentation
Fake passports, forged identity documents, using identity theft victims' details.

Jurisdiction shopping
Operating in countries with weak sanctions enforcement or screening requirements.

That's why beneficial ownership identification and enhanced due diligence matter. You need to see through these evasion tactics.

Country-Based Sanctions

Some sanctions target entire countries:

Comprehensive sanctions
North Korea, Iran, Syria — very limited dealings permitted. Most commercial activity is prohibited.

Sectoral sanctions
Russia — certain sectors (energy, defense, finance) are sanctioned. Other activity might be permitted.

Travel bans and asset freezes
Individuals from sanctioned countries can't enter certain jurisdictions, and their assets are frozen.

If your customer's from a sanctioned country, you need:

• Enhanced due diligence
• Clear documentation of why the transaction is permitted (if it is)
• Legal advice if you're uncertain
• Sanctions compliance checks beyond just the watchlist screening

Screening Technology

Manual sanctions screening doesn't scale. You need automated systems that:

Access multiple lists
DFAT, UN, OFAC, EU, plus other watchlists (Interpol, national lists).

Update in real-time
Lists change daily. Your system needs to pull updates automatically.

Fuzzy matching
Catch name variations, transliterations, spelling errors.

Batch screening
Re-screen your entire customer base when lists update.

Risk scoring
Not just "match" or "no match." Confidence scores help you prioritize which matches to investigate first.

Audit trails
Record every screening, every match, every clearance decision. AUSTRAC will want to see this.

Tranche 2 Implications

From July 2026, lawyers, accountants, and real estate agents must screen for sanctions:

Real estate: Foreign buyer wants to purchase property. Screen them against sanctions lists before proceeding. If they're sanctioned? Transaction stops.

Accountants: Client asks you to set up a company. Screen the beneficial owners. Sanctioned? You refuse the work and report.

Lawyers: New client wants legal services. Screen them first. Sanctions match? No legal services, immediate report.

This isn't theoretical. AUSTRAC expects every reporting entity to have sanctions screening processes in place from day one.

Real Case: Crown Resorts

Crown Casino's $450 million penalty included failures around sanctions screening. They onboarded high-risk customers with links to foreign organized crime without adequate screening. Some had connections to jurisdictions and activities that should've triggered enhanced scrutiny.

The lesson: Sanctions screening isn't just a checkbox. You need to screen, investigate matches, and refuse sanctioned parties — no matter how much revenue they represent.

Common Mistakes

Screening once at onboarding, never again
Lists update constantly. Ongoing screening is mandatory.

Clearing false positives without documentation
"This is obviously not the same person" — prove it. Document why you cleared the match.

Not screening beneficial owners
Customer's clean, but the beneficial owner is sanctioned? You've still violated sanctions.

Not screening transaction counterparties
Customer is fine, but they're paying a sanctioned entity. That's still a sanctions breach.

Ignoring partial matches
"It's only an 80% name match, probably fine." Wrong. Investigate every meaningful match.

The Bottom Line

Sanctions screening is non-negotiable. You screen at onboarding. You screen during transactions. You screen ongoing.

When you find a match, you stop. You report. You freeze assets. You terminate the relationship.

Because the alternative — doing business with terrorists, arms dealers, or sanctioned regimes — carries penalties that will destroy your business and potentially land you in prison.

Platforms like ARCaml automate sanctions screening against global watchlists, flag matches for investigation, and maintain audit trails for AUSTRAC compliance. But ultimately, you're responsible for ensuring sanctioned parties don't use your services.

Get it right from the start. The cost of compliance is nothing compared to the cost of getting it wrong.