UK Sanctions Screening Requirements: A Practical Compliance Guide for Businesses
From fintechs and cryptocurrency companies to law firms, estate agents, exporters, and payment providers, sanctions compliance affects a wide range of businesses operating in or connected to the UK.
The Office of Financial Sanctions Implementation (OFSI) has made it abundantly clear that enforcement is moving up a gear. In its 2024–25 Annual Review, OFSI reported that £37 billion worth of assets had been reported as frozen due to international sanctions. So, whether you’re a bank, a law firm, a luxury goods dealer, or a fast-growing fintech, the consequences of getting UK sanctions screening requirements wrong are serious.
For companies operating in the UK or expanding into the market, sanctions screening helps answer a critical question: Are we about to do business with someone we legally cannot deal with? This guide explains the key UK sanctions screening requirements and what businesses need to do to stay compliant.
Which Businesses Must Comply with UK Sanctions Requirements?
Under the Sanctions and Anti-Money Laundering Act 2018 (SAMLA), UK financial sanctions apply to all persons and entities within the UK’s territory, as well as to UK persons, including UK-registered legal entities, wherever they operate in the world.
Practically speaking, that means compliance obligations extend far beyond financial services. Relevant firms required to report to OFSI include:
- UK-incorporated companies, including overseas branches
- Businesses operating in the UK
- Financial institutions and payment service providers
- Crypto asset exchange and custodian wallet providers
- Accountants, lawyers, tax advisers, auditors, and trust or company service providers
- Estate agents and letting agents
- Casinos and gambling operators
- High-value dealers and art market participants, who make or receive payments of at least 10,000 EUR.
- Insolvency practitioners
- Businesses using UK banks, clearing systems, or UK-based intermediaries
So, if your business handles client money, facilitates transactions, or provides professional services to UK businesses or individuals, you need a sanctions screening program.
What Are the Main UK Sanctions Screening Requirements?
UK sanctions screening rules is a set of controls designed to prevent a business from making funds, economic resources, or services available to sanctioned individuals, entities, ships, or organizations.
OFSI states that financial sanctions can restrict access to financial markets, funds, economic resources, and certain financial services. For more details, please refer to the UK financial sanctions general guidance.
Even though the legislation requires compliance, how you achieve it is largely up to you. The only practical expectation, shaped by OFSI guidance, comes down to four core activities: customer screening, business screening, transaction screening, and ongoing monitoring. Let’s dig deeper into them.
Customer and Business Screening
Before you onboard a customer or a business party, you must screen them by checking their identity against the UK Sanctions List to establish whether they are a «designated person» – someone subject to an asset freeze or other sanctions measures.
Sanction screening procedures should happen:
- When onboarding a new customer
- Before entering into a supplier, distributor, or partner relationship
- Before providing regulated services
- Before accepting or sending payments
- When customer information changes
- When sanctions lists are updated
- During periodic customer reviews
For individuals, screening usually involves verifying full name, date of birth, nationality, address, aliases, and identification documents. For companies, it should include registered name, trading names, registration number, jurisdiction, directors, beneficial owners, parent companies, and controlling parties.
EXAMPLE: A UK-based accounting firm is approached by a new corporate client wishing to restructure its assets. Before signing an engagement letter, the firm must screen the company name, its directors, and its ultimate beneficial owners against the UK Sanctions List. If the firm’s founder appears on the list under an alias, that match needs to be investigated and not dismissed as a false positive without proper review.
Transaction Screening
Every payment or transfer of money, goods, services, or other economic resources must be screened at the point of execution, including checking the sender, receiver, and any intermediate parties involved in the transaction routing.
It helps identify whether a payment, counterparty, bank, vessel, destination, or intermediary may be connected to sanctions. So, if a transaction has links to a sanctioned individual (even indirectly), processing it is a breach.
All this means that in the UK transaction screening cannot be an afterthought, but rather be embedded into payment workflows before funds move.
Transaction screening is important because sanctions risk can appear after onboarding. A customer may not be sanctioned, but a transaction could involve a sanctioned bank, vessel, region, intermediary, or beneficial owner.
EXAMPLE: A payment services firm is processing a batch of international transfers. One payment is destined for a company in a third country. Before the funds are released, the firm’s systems flag the beneficiary’s name as a close match to a sanctioned entity. As a result, the transaction is paused pending manual review.
Ongoing Monitoring
Sanctions lists often change as new designations are added regularly, mostly in response to evolving geopolitical events. The risk remains that your customer who cleared screening at onboarding may become a designated person tomorrow. That’s why one-time screening is never enough.
Ongoing monitoring means re-screening existing customers and counterparties whenever the UK Sanctions List is updated, and reviewing the status of any customer flagged for the Enhanced Due Diligence (EDD) at regular intervals.
Ongoing monitoring should include:
- Rescreening existing customers when the UK Sanctions List changes
- Periodic reviews based on customer risk level
- Monitoring changes in ownership and control
- Screening new directors, shareholders, and authorized users
- Reviewing transaction patterns for sanctions evasion red flags
- Rechecking suppliers and partners during contract renewals
The UK’s OFSI came up with a convenient way that helps businesses to stay up to date with the sanctions list: it offers an e-alert service, which had reached over 56,000 subscribers in April 2025. This way, businesses can receive direct notifications when sanctions designations change.
EXAMPLE: A law firm onboarded a client in 2023, after sanctions check turned out clean. In early 2025, however, that client’s business partner and a major shareholder in one of the client’s subsidiary companies was designated under the Russia and Belarus sanctions regime. Without ongoing monitoring, the firm would have no way of knowing it may now be facilitating the business of a sanctioned party indirectly.
Screening Against the UK Sanctions List
Published by the Foreign, Commonwealth and Development Office (FCDO), the UK Sanctions List is the official source for people, entities, and ships designated or specified under the Sanctions and Anti-Money Laundering Act 2018.
Until January 2026, UK sanctions were published across two separate lists – the UK Sanctions List and the OFSI Consolidated List. But from January 18, 2026, the UK Sanctions List became the sole official source for all UK sanctions designations.
The OFSI Consolidated List has been closed and is no longer updated. So, businesses that still reference the old list (or use third-party providers that haven’t made the switch) risk screening against incomplete data.
The UK Sanctions List is available in multiple formats (Excel, XML, HTML, and others), and businesses should ensure their screening systems, whether in-house or third-party, are pulling from the current, live version of that list on a continuous basis.
Businesses should use the UK Sanctions List to screen:
- Customers
- Beneficial owners
- Directors and controlling parties
- Suppliers and contractors
- Payment beneficiaries and originators
- Intermediary banks
- Ships (where relevant)
- Connected parties in contracts or transactions
Ownership and Control Requirements
One of the most complex areas of UK sanctions compliance is the ownership and control test. OFSI guidance explains that financial sanctions do not only apply to individuals and entities named on the UK Sanctions List, but also to any entity that a designated person owns or controls, even indirectly.
Under UK financial sanctions regulations, a designated person is considered to «own or control» an entity if they:
- hold, directly or indirectly, more than 50% of the shares or voting rights in the entity, or
- have the right to appoint or remove the majority of the entity’s board of directors, or
- can otherwise ensure that the entity’s affairs are conducted in accordance with their wishes.
All this means that a company does not need to appear on the UK Sanctions List for obligations to apply. If a sanctioned individual holds 60% of its shares through a chain of holding companies in multiple jurisdictions, that company is effectively sanctioned, and you are prohibited from dealing with it.
It’s also worth noting that the UK’s ownership threshold differs from the Anti-Money Laundering (AML) regime’s 25% beneficial ownership test. For sanctions, the threshold is more than 50% – a distinction that catches many businesses off guard, particularly those who assume that their existing AML due diligence covers the full sanctions picture.
Asset Freeze and Reporting Obligations
So, what happens next after your sanctions screening has produced a confirmed match, meaning a customer, counterparty, or beneficial owner appeared to be a designated person?
After the issue is identified, you must act quickly. From that moment on your obligation is to freeze any funds or economic resources you hold for that person, refuse to make any further funds available to them, and report the situation to OFSI.
So, here is a list of actions a business must do after a sanctions issue is identified:
- Stop the transaction and freeze funds or assets
- Avoid notifying the customer in a way that could enable evasion
- Escalate internally to compliance or legal teams
- Report to OFSI where required
- Keep clear records of decisions and evidence
Reporting Requirements
When it comes to reporting, relevant firms are required to inform OFSI «as soon as practicable» if they know or have reasonable cause to suspect that a person is a designated person, or that a sanctions breach has occurred.
If the person is a customer and the firm holds funds or economic resources for them, the firm must also report the nature and amount or quantity of those funds or resources. Failure to report is considered a criminal offense, punishable by up to five years imprisonment or a fine.
OFSI strongly encourages self-reporting in cases where a breach has already occurred. OFSI treats voluntary disclosure as a significant mitigating factor when deciding on enforcement action and penalty levels.
EXAMPLE: A payment firm identifies that a customer whose account holds £85,000 has just been added to the UK Sanctions List following a new Russia regime designation. The firm must immediately freeze the funds, cease any activity on the account, and report the situation to OFSI. And all this without delay and without waiting to seek legal advice first.
Common Sanctions Screening Challenges
But even well-intentioned compliance programs struggle with several recurring issues. Let’s review the most common sanctions screening challenges:
False positives and false negatives. Sanctions lists contain common names, and screening tools frequently generate alerts for individuals who share a name with a designated person but have no connection to them. Unmanaged, this creates alert fatigue, which can lead to legitimate hits being dismissed. On the flip side, poor matching logic, outdated lists, missing aliases, or weak data quality can cause a real match to be missed.
Complex ownership structures. Sanctioned individuals routinely use layered corporate structures, such as shell companies, nominee directors, relatives, layered entities, or trusts. This is done to obscure their ownership interests.
The use of shell companies and client proxies as one of the primary methods used by professional enablers to help sanctioned individuals circumvent restrictions. Source
Cross-border operations. The UK financial sanctions are legally distinct from the EU and US sanctions. Since Brexit, a person may be designated under UK sanctions but not EU sanctions, or vice versa. Businesses operating across both jurisdictions need separate compliance frameworks: one UK program is not sufficient for EU operations, and vice versa.
List updates and operational pressure. New designations can turn an existing customer or supplier into a restricted relationship overnight. Also, businesses want fast onboarding and smooth payments. To achieve that compliance teams need tools that support speed without sacrificing screening accuracy.
EXAMPLE: A UK import business is dealing with a European supplier whose parent company appears to be majority-owned by a Russian holding group. The supplier itself is not on any list, but the parent company may be controlled by a designated person. The UK business must investigate the full ownership chain before proceeding – not simply rely on the fact that no individual or entity in the immediate transaction is named on the list.
How Automated Sanctions Screening Helps Meet Compliance Requirements
Manual screening can work for very small volumes, but it becomes difficult to scale.
For example, a mid-sized payments firm needs to onboard dozens of new customers a week, process hundreds of transactions a day, and try to keep pace with a sanctions list that can change overnight.
Doing all of that by hand is painfully slow, and, frankly, a compliance liability waiting to happen. Automated sanctions screening takes that pressure off by connecting directly to the UK Sanctions List (and other global lists where relevant) and running checks in real time, at every stage that matters – onboarding, transaction execution, and ongoing monitoring.
A well-implemented automated sanctions screening system will:
- Match customer and counterparty data against the live UK Sanctions List, including known aliases and transliterations
- Flag potential matches for human review rather than auto-blocking (reducing both false positives and missed hits)
- Automatically re-screen existing customers when list updates occur
- Generate audit trails showing when checks were performed, what data was used, and how alerts were resolved
- Support beneficial ownership screening by mapping corporate structures and identifying indirect links to designated persons
Automation is especially valuable for growing companies because sanctions risk increases with scale. More customers, more transactions, more markets, and more counterparties – all create more opportunities for missed matches.
It’s important to stress that automation does not remove the need for human judgment. Confirmed matches still require trained staff to assess, escalate, and report. But automation ensures that the volume of transactions never becomes an excuse for missed checks, and it provides the documented evidence of due diligence that OFSI looks for when assessing enforcement cases.
Penalties for Non-Compliance
Sanctions breaches in the UK can lead to serious consequences, including regulatory action, monetary penalties, criminal prosecution, reputational damage, frozen transactions, and loss of banking or partner relationships.
Also, ignorance is not a defense, as you can be penalized even if you didn’t know you were dealing with a sanctioned person or entity. If a breach occurred, OFSI can act, regardless of intent.
Civil penalties, imposed by OFSI, can reach £1 million or 50% of the estimated value of the breach, whichever is greater. But that’s not all. Under powers introduced by the Economic Crime (Transparency and Enforcement) Act 2022, OFSI can publicly «name and shame» a business it believes has breached sanctions, even without issuing a fine. For most organizations, that kind of reputational exposure hits harder than any penalty notice.
Meanwhile, criminal prosecution by the National Crime Agency and the Crown Prosecution Service can result in unlimited fines and up to seven years’ imprisonment under SAMLA.
And if you’re wondering whether OFSI actually uses these powers – it does.
For example, in 2025, OFSI fined Markom Management Limited £300,000 for instructing a payment of £416,590.92 to a designated individual under Russia sanctions. What made things worse is that the firm knew about the breach and still lacked adequate controls to prevent it.
This only proves that awareness without action is exactly the kind of aggravating factor that turns a compliance lapse into a very public, very costly lesson.
Best Practices for Building an Effective Sanctions Compliance Program
There is no prescriptive OFSI-mandated framework.
A strong sanctions compliance program should be risk-based, documented, and practical, helping the business make faster decisions and reducing the chance of prohibited activity.
Here are a few practices that reflect what OFSI expects to see in enforcement cases, and what consistently distinguishes firms that handle breaches well from those that don’t:
Conduct a sanctions risk assessment
Map your business against the key risk factors: the types of customers you serve, the jurisdictions you operate in, the products or services you provide, and your exposure to high-risk sectors. Even though a formal sanctions risk assessment is not compulsory, OFSI and the SRA both recommend it, because it forms the basis for calibrating your screening controls.
Screen at every relevant touchpoint
Onboarding is only the starting point. Screen customers at onboarding, re-screen when the sanctions list updates, and build triggers for re-screening when material changes occur in a customer relationship, such as a change of directors, a new ultimate beneficial owner, or a significant transaction.
Document everything
When a sanctions alert is reviewed and closed as a false positive, the reasoning for that decision must be recorded. And when a potential match is escalated, the steps taken must be auditable. OFSI’s enforcement decisions consistently highlight inadequate record-keeping as a compliance failure, even where the underlying screening was performed.
Know your escalation path
Every organization should have a nominated officer or Money Laundering Reporting Officer (MLRO)-equivalent responsible for sanctions compliance, with a clear internal escalation process for handling suspected matches. Ambiguity about who is responsible for reporting leads to delays, which OFSI treats as an aggravating factor.
Stay current on list changes
Subscribe to OFSI’s e-alert service for real-time notifications on UK Sanctions List updates. Review your third-party screening providers to confirm they have migrated to the UK Sanctions List as their primary data source following the closure of the OFSI Consolidated List in January 2026.
Treat voluntary disclosure seriously
If a breach has occurred, self-reporting to OFSI promptly and fully can meaningfully reduce both the scale of any penalty and the likelihood of criminal referral. Voluntary disclosure is not an admission of bad faith, but rather a signal that your compliance culture is functioning as it should.
The Final Word
UK sanctions compliance is not a static task. As the sanctions list changes, the enforcement environment is intensifying, and the range of businesses in scope is expanding.
But with the right screening processes, clear internal ownership, and a commitment to acting promptly when issues arise, compliance is entirely achievable, and the reputational and legal risks of falling short are very much avoidable.
All in all, UK sanctions screening helps companies avoid prohibited relationships, protect payment flows, reduce enforcement risk, implement effective AML mechanisms, and build trust with banks, regulators, partners, and customers.
*The content of this guide does not represent legal advice.
FAQ
