Setting up your Screening Process
A practical approach for designing, testing, and managing your sanctions screening process
Before integrating the sanctions.io API or one of our integration solutions, it's essential to define your screening process. A well-structured process ensures efficiency, accuracy, and compliance. Key steps include:
- Prepare and streamline the required data
- Select relevant sanctions and watchlists
- Define screening intervals and trigger events
- Set up archiving and case management
- Establish procedures for handling matches
- Test and validate your screening process
Preparing and Streamlining Your Data
Poor data quality is one of the main reasons screening systems underperform. Incomplete or inconsistent Know Your Customer (KYC) information can result in excessive false positives or, more critically, the missed detection of sanctioned entities. To minimize these risks, compile, clean, and standardize customer data before starting.
Since data is often spread across different IT systems, map and integrate all relevant sources into a central platform, and apply consistent quality standards to every record by extracting, enriching, and consolidating the data.
Key Data Points for Your Sanctions Screening Process
| Entities | Individuals |
|---|---|
| Name of the organization as registered | Full Name (First, Middle, Last name) |
| Address | Date of Birth |
| Tax ID | Country |
| Full name, Country of Birth, Date of Birth of all UBOs (Ultimate Beneficial Owners) | Address, Passport ID, National ID |
Select Relevant Sanctions Lists for Your Business
When setting up your screening process, it’s important to identify which sanctions lists are relevant to your business. Consider:
✔️ The countries where you operate
✔️ The territories where your partners and affiliates trade
✔️ The currencies in which you transact
Below are some of the most relevant sanctions lists for businesses operating in the US and Europe:
-
UK Sanctions List (HM Treasury) – Applies to all individuals and legal entities within the UK, those undertaking activities in the UK, and all UK nationals and entities established under UK law. It is enforced by the Office for Financial Sanctions Implementation (OFSI).
-
EU Consolidated Sanctions List – Applies to all EU citizens and corporate entities constituted in an EU member state. It is overseen by the EU Council.
-
OFAC Sanctions List (US) – Applies to all US citizens and entities constituted under US law, as well as any business trading in US dollars, US goods, or US components, or with a US parent or affiliate. It is regulated by the Office of Foreign Assets Control (OFAC).
-
UN Sanctions List – Applies to all UN member states and is overseen by the UN Council.
In addition to these core lists, many countries maintain their own sanctions regimes. Depending on your geographic and financial exposure, identifying all applicable regulations can be complex. A useful resource for navigating these requirements is The Association of Certified Sanctions Specialists webpage.
Screening Interval and Trigger Events
Screening should be built into both onboarding and ongoing monitoring to ensure continuous compliance:
-
Onboarding – Always screen new customers, partners, or counterparties before establishing a relationship.
-
Trigger events – Screen when specific events occur, such as new transactions, changes in ownership, or updates to customer information.
-
Regular intervals – Perform scheduled screening at defined frequencies (e.g., daily, weekly, or monthly), depending on your risk profile and regulatory requirements.
⚠️ Transaction screening should be designed so that any potential match is identified and stopped before the transaction is completed, preventing a sanctions violation.
Archiving and Case Management
Proper archiving and case management are essential for compliance audits and for tracking how potential matches are handled.
-
Archiving – Store all search requests and results to create a complete audit trail. Each sanctions.io API response and report already contains the search parameters and related data, making it easy to maintain a complete and auditable record.
-
Case management systems – Use a ticketing solution such as Jira or Zendesk to log and track alerts through to resolution. This ensures transparency and accountability.
-
Simpler workflows – For smaller teams, maintain a log of matches in an Excel or Google Sheet, combined with automated email notifications to the responsible compliance manager.
-
Automation and integrations – Case management workflows can be automated without coding by using low-/no-code tools such as Zapier or Make. sanctions.io also provides plug-and-play integrations for CRMs, ERPs, and other systems, making it easy to embed screening and case management directly into your existing compliance stack. Learn more about our Integrations.
Handling Matches
It’s important to note that not every alert generated during screening represents an actual sanctions risk. Each potential match must be verified before action is taken.
- Initial review – Compare all available client identity details (e.g., name, date of birth, nationality) against the data in the sanctions list.
- Request additional information – If necessary, contact the client directly to clarify discrepancies or confirm identity.
- Positive match – If the client or entity aligns with all relevant data points, treat it as a confirmed match. Escalate immediately to your compliance team and, if required, file a Suspicious Activity Report (SAR). All transactions with the individual or entity should be suspended until resolution.
- For more information (US), see the FinCEN SAR Guide
- For more information (UK), see the NCA SARs Guidance
- False positive – If you are confident the alert is not a true match, document your review process. You may also whitelist the client in your system to prevent repeat alerts.
⚠️ Clear documentation of how matches are reviewed, escalated, and resolved is essential to demonstrate compliance during audits.
Validating Your Screening Integration
Once you have defined your screening process and selected the relevant watchlists, it’s important to test and validate your setup prior to implementation.
If you are using the sanctions.io Screening API, make sure to test your integration thoroughly to confirm that it returns accurate results and handles matches correctly before going live.
-
Sandbox testing – Start with the sanctions.io Sandbox environment to validate your technical setup and confirm the API integration behaves as expected.
-
First production test – Request a temporary production API key to test your workflow against live sanctions data, ensuring accuracy and stability before full deployment.
If you need assistance during implementation, please don't hesitate to contact our Customer Support Team at help@sanctions.io. We are always happy to help.