Skip to main content
The Signicat Blog
Antti Kela

Digital Identity Expert, Certified Anti-Money Laundering Specialist (CAMS)

Changing sanction lists - which companies can I work with?

Organisations use sanction lists to ensure they don’t co-operate with customers, suppliers, subcontractors, other stakeholders or related important background influencers who have engaged in illegal activities and thus appear on a relevant sanction list. Given the latest developments in Europe, many of the applicable sanctions lists are now being updated frequently. List changes are being updated almost daily for both individuals and companies.

What are relevant sanction lists?

The sanction laws/lists one has to adhere to, depend on the laws which apply to your business. Not only the country of legal establishment of your organization determines which law is applicable. For example, a business with head-office in Sweden but a sales office in the US will have to adhere to US sanction regulation in addition to the Swedish one. To determine which sanction laws are applicable to your business, a safe choice is to seek legal advice.

For business in Europe with trade relations to the US and UK, the most common sanction lists to check are the ones which are maintained by the UN, the EU, the US and the UK:

  • UN Consolidated list
  • EU Consolidated list of persons, groups and entities subject to EU financial sanctions
  • OFAC Specially Designated Nationals And Blocked Persons List (SDN)
  • HM Treasury - consolidated list of financial sanctions

What to check on the sanction lists?

A straightforward way is to use a company name or business ID to simply check if an organization can be found on the company sanctions list. However, this approach leaves a lot of room for setups where the company’s important influencer may be on the sanctions list.

To mitigate the above risk, common practice is to identify people with significant control in the organization: shareholders, ultimate beneficial owners (UBOs), directors, board members or other persons with significant control, and target them with sanctions and PEP (Politically Exposed Persons) list checks. In addition, all legal entities in a company’s ownership structure needs to be checked in a similar way. Read about the challenges and solutions of chained ownership detection in this blog.

Sanction screening typically compares organization’s own text strings against information within the sanction lists. Naturally the quality of own data is the core requirement for a sound process. The alert of a possible match triggers the analysis around the risk of sanctions exposure.

What is the difference between PEP checks and Sanction checks?

PEP stands for politically exposed person, and means that someone has a prominent public function. Sanction checks are required by sanction law, while PEP checks are required by anti-money laundering law (AML). It is important to distinguish 2 separate regulations, even though both require screening.

Sanction law compliance does not only concern companies in regulated sectors, such as banks, but many companies in other – also non-regulated – sectors are also required to ensure, through their various commitments, that they do not cooperate with, for example, those whose decision-makers are on the sanction lists.

Updated FATF UBO Recommendation

The well-known global challenge around sanction screening and more widely AML and CDD relate to identifying beneficiary owners of a given organisation.

The Financial Action Task Force (FATF), a globally trusted authority, has published recently an updated version of Recommendation 24 on the identification of beneficial owners. This is one global level action which enhances the detection of persons with significant control over given organisations. The main points of the recommendation following the two-year preparation work are:

  • If no actual beneficiaries are found in the compilation of Customer Due Diligence (CDD), the directors and decision-makers of the target organization must be identified.
  • Note that each country must establish a UBO register. Similarly, at national level, it must be ensured that companies report their up-to-date ownership and UBO information to the register. Clarification of the definition of “nominator” related to the so-called «shadow director» who nominate other authorized persons «nominees» to lead the company. These «nominator» must be entered in the national UBO register.

How can I automate sanctions/PEP checks and UBO identification?

Sanction list checks and the identification of UBOs and controllers/decision makers are intertwined into one bigger process domain which is problematic to manage and automate in a timely manner. Signicat offers a solution to this problem - our services can be integrated into your organization’s KYB/AML process. The automated service utilizes different data sources through one technical interface - there are registers in different countries and the quality of the data also varies. As a result - for example, decision-maker, ownership, UBO, PEP, and sanctions list checks for corporate customers, suppliers, subcontractors, and partners can be automated and performed at regular intervals. One response example of such a business ID specific check would list the person or shareholding company names found on sanction lists.

# Signicat – a trusted partner for AML & KYC

Signicat is an eIDAS-audited Qualified Trust Service Provider. We operate the world’s largest Digital Identity Hub and offer identity verification as a service on eIDAS “substantial” and “high” level of assurance - using both electronic identities such as online BankIDs and physical ID documents such as passports. Regarding the automation of KYC and AML processes, our solutions are based on the utilization of national and global registers and information services. We offer ownership and other KYB information, e.g. via Bureau van Dijk and T-Rank services. In Finland, register searches are available comprehensively from different sources like: PRH, DVV, Bisnode and Trapets. With regard to electronic contracting and authorizations, our service covers e.g. PSD2 SCA compliant mobile consent management and electronic signature service with the strongest level of assurance.