Every money transfer business must screen every customer and every transaction against global sanctions lists before funds move. This guide explains exactly which lists apply, how screening systems work, and what regulators expect to find in your compliance file.
Sanctions screening for remittance companies is not optional — it is a legal obligation enforced by financial regulators in every major send-from jurisdiction. Every MTO must screen customers, beneficiaries, and transactions against OFAC, UN, EU, HMT, and applicable local sanctions lists before funds are released. Failure to do so carries criminal liability, licence revocation, and civil penalties that can exceed one million dollars per transaction.
In This Article
Money transfer operators occupy a uniquely exposed position in the global payments ecosystem. They move value across jurisdictions, often into corridors where sanctions exposure is highest, and they do so at high volume and speed. Regulators have concluded, consistently, that the risk of sanctions evasion through remittance channels is acute — and enforcement has intensified accordingly.
The legal basis varies by jurisdiction but the obligation is universal. In the United States, OFAC administers economic and trade sanctions under the authority of multiple Executive Orders and statutes including the International Emergency Economic Powers Act (IEEPA). In the UK, sanctions obligations arise under the Sanctions and Anti-Money Laundering Act 2018. In the EU, they flow from EU Regulations under the Common Foreign and Security Policy. In Australia, the Autonomous Sanctions Act 2011 governs.
What these frameworks share is a strict liability standard in many cases. OFAC's civil penalty regime does not require proof of intent — processing a payment to a designated person can result in a penalty even if the operator was unaware. This makes the technical design of your screening system a direct factor in your legal risk exposure.
Figure 1: Key enforcement data points. Sources: OFAC, FATF Recommendations 2012 (updated 2023).
The reputational consequences of a sanctions breach can be even more severe than the financial penalty. Correspondent bank relationships — essential for any MTO — can be terminated within days of a sanctions violation becoming public. For a money transfer business, losing correspondent banking is often an existential event.
Effective AML compliance for money transfer businesses begins with sanctions screening. It is the outermost gate — if a sanctioned party slips through, every other compliance layer is compromised.
Sanctions screening for money transfer operators means checking customer and transaction data against a defined set of government-maintained lists that identify individuals, entities, vessels, aircraft, and geographic regions subject to financial restrictions. The scope of lists you must screen depends on which jurisdictions you are licensed in — but any MTO with US-dollar-denominated flows, US customers, or US counterparties must include OFAC regardless of where it is headquartered.
| List Name | Issuing Authority | Jurisdiction | Update Frequency | Coverage |
|---|---|---|---|---|
| SDN & Consolidated Sanctions List | OFAC — US Treasury | USA (global reach) | Daily | Individuals, entities, vessels, aircraft; country programs |
| UN Consolidated Sanctions List | UN Security Council | All UN member states | Weekly | Designated individuals and entities from UNSC resolutions |
| EU Sanctions (CFSP) | EEAS / EU Council | EU / EEA | Daily | Individuals, entities, import/export restrictions by country |
| HMT Financial Sanctions List | His Majesty's Treasury | United Kingdom | Daily | Designated persons, thematic regimes (Russia, Iran, etc.) |
| Australian Sanctions List | DFAT / AUSTRAC / ACIC | Australia | As updated | Autonomous and UN-derived designations |
| OSFI Consolidated List | OSFI / Global Affairs Canada | Canada | As updated | Listed entities under Special Economic Measures Act, UN Act |
Figure 2: Principal sanctions lists for MTOs operating across major send-from corridors. Always verify list currency directly from the issuing authority.
Beyond these core lists, some jurisdictions maintain sectoral or secondary lists. OFAC's Sectoral Sanctions Identifications (SSI) list targets entities in specific Russian sectors without full SDN designation. The EU maintains country-specific annexes with asset-freeze and travel-ban designations. MTOs operating in the Gulf may also need to screen against lists maintained by the UAE Executive Office for Control and Non-Proliferation and similar Gulf Cooperation Council bodies.
The practical implication is that most MTOs with multi-corridor operations need to maintain a consolidated screening database drawing from at least five to eight separate official sources — updated in real time or near-real time as new designations are published.
The FATF Recommendations set the global standard for anti-money laundering and counter-terrorism financing. For sanctions screening specifically, two recommendations govern MTO obligations.
Figure 3: FATF Recommendations 6, 7, and 16 as they apply to MTO sanctions screening obligations. Source: FATF Recommendations 2012 (updated 2023).
The distinction between real-time and batch screening is one of the most operationally significant in sanctions compliance. It determines whether your system can actually meet the "without delay" standard required by FATF Recommendations 6 and 7, and by OFAC's expectation that sanctioned transactions be blocked at the point of initiation.
Figure 4: Real-time vs batch screening — compliance and operational comparison for money transfer operators.
Real-time screening is the only architecture that consistently meets regulatory expectations across all major MTO jurisdictions in 2026. Batch screening may have been acceptable a decade ago, but FATF mutual evaluation reports, OFAC examination guidance, and FCA supervisory expectations all point in the same direction: screening must happen before the transaction is processed, not after.
A well-designed real-time screening system also integrates with your broader transaction monitoring layer. A sanctions hit generates an alert that feeds into your case management workflow — not a separate manual process that has to be reconciled against a batch log.
Exact-name matching alone is not sufficient for sanctions screening. Sanctioned individuals and entities are identified in lists using their names — but those names may appear in different transliterations, with alternative spellings, with aliases, or with date-of-birth or address variations. A screening system that only matches on exact strings will systematically miss hits.
Fuzzy matching is the set of algorithms that allow a screening engine to recognise that "Mohammed Al-Rashid" and "Muhammad Al-Rasheed" may refer to the same person. It typically involves several techniques working in combination.
False positives — alerts generated for customers who are not actually sanctioned — are an inherent feature of fuzzy matching systems. A system sensitive enough to catch genuine hits will also flag customers with common names that partially match a sanctioned person. Managing false positives without suppressing genuine alerts is one of the defining operational challenges in sanctions compliance.
Figure 5: Six operational challenges in MTO sanctions compliance — name matching, list freshness, nested accounts, false positives, beneficiary data gaps, and audit completeness.
Effective false positive management requires a documented disposition process. Every alert — whether cleared, escalated, or resulted in a block — must be recorded with the reviewer's identity, the rationale for the decision, and the timestamp. This record is what regulators will examine when they assess your sanctions compliance programme.
Sanctions risk is not uniform across all corridors. A remittance business sending money from the UK to the Philippines faces a materially different sanctions exposure profile than one sending from the USA to Iran — which is prohibited in its entirety under OFAC's Iran sanctions programme. Corridor-specific risk calibration is a key element of a mature sanctions compliance framework.
Figure 6: End-to-end sanctions screening workflow for a money transfer operator — from transaction initiation to regulatory action and audit record.
Corridor risk configuration involves setting rules based on destination country risk levels. Transactions to or from comprehensively sanctioned jurisdictions — currently Iran, North Korea, Cuba, Syria, and certain regions of Ukraine under OFAC programmes — must be blocked at the system level, not just flagged for review. For high-risk corridors that are not comprehensively sanctioned, enhanced screening thresholds and additional due diligence requirements can be configured at the corridor level.
This type of corridor-specific configuration is part of a mature compliance and risk management framework. It ensures that your screening system is calibrated to the actual risk profile of your business — not a one-size-fits-all setting that either over-screens low-risk corridors or under-screens high-risk ones.
When a financial regulator examines your sanctions compliance programme — whether OFAC, the FCA, FINTRAC, FinCEN, or AUSTRAC — they are not simply checking whether you have a screening tool. They are assessing whether your entire programme is fit for purpose and whether it actually catches sanctioned parties in practice.
Understanding what regulators look for allows compliance teams to build examination-ready systems from the outset rather than scrambling to produce documentation after an examination is announced. The key areas regulators assess include the following.
Regulators also assess your sanctions programme's integration with your broader AML/CTF framework. A sanctions alert that is treated in isolation — without consideration of whether it also requires a SAR filing under your AML obligations — represents a process gap. The most examination-ready programmes have an integrated case management system where a sanctions alert automatically triggers the relevant AML workflow checks and vice versa. This is directly connected to the RemitSo compliance features that unify sanctions, KYC, and transaction monitoring in a single case management environment.
RemitSo is built for money transfer operators who need compliance infrastructure that works from day one — not a bolt-on module added after the fact. Sanctions screening is embedded into every transaction flow on the platform, not treated as an optional compliance layer.
The RemitSo sanctions screening engine screens against 40,000+ records drawn from 8+ global lists — including OFAC SDN and Consolidated Sanctions, UN Security Council Consolidated List, EU CFSP sanctions, HMT Financial Sanctions List, and applicable local lists — in real time at the point of transaction initiation. No transaction proceeds before screening is complete.
Fuzzy matching and alias detection are built into the engine. The platform maintains an expanded alias index aligned with official list alias data, and applies phonetic, edit-distance, and token-based matching to catch transliteration variants and name-order differences. MTOs can configure matching thresholds aligned with their risk appetite and corridor profile.
Every screening event generates a timestamped audit record — list version used, match score returned, disposition decision, reviewer identity, and action taken. This record is stored immutably and is accessible for regulatory examination. The audit trail is integrated with RemitSo's KYC and AML/CTF case management module, so a sanctions alert automatically surfaces relevant customer risk data in a unified case view.
The automated clear/alert/block workflow reduces analyst workload on low-confidence false positives while ensuring that high-confidence matches receive immediate escalation with a transaction hold applied before any funds move. Alert queues are configurable by corridor risk level, allowing compliance teams to focus review resource on the highest-exposure transaction populations.
For MTOs at any stage — from pre-launch through to regulated operations across multiple corridors — RemitSo's compliance architecture is designed to grow with your business without requiring a compliance rebuild at each new licensing milestone. Learn more about the full RemitSo compliance features and how they map to your regulatory obligations.
RemitSo gives money transfer operators a production-ready sanctions screening system that meets FATF, OFAC, FCA, and multi-jurisdiction standards — integrated with KYC, transaction monitoring, and case management from day one.
Sanctions screening is the automated process of checking customer names, beneficiary names, and transaction details against government-maintained lists of designated individuals, entities, vessels, and sanctioned countries before a money transfer is processed. The purpose is to prevent financial services from being provided to parties subject to economic sanctions — who may be involved in terrorism financing, WMD proliferation, drug trafficking, or other activities that governments have responded to with financial restrictions. For money transfer operators, sanctions screening is a legal obligation enforced by regulators in every major send-from jurisdiction, including the USA (OFAC), UK (FCA/HMT), EU, Australia (AUSTRAC), and Canada (FINTRAC). Processing a transaction involving a sanctioned party — even unknowingly — can result in civil penalties, criminal liability, and licence revocation.
The required lists depend on your jurisdiction and transaction flows, but most MTOs must screen against at minimum: OFAC's SDN and Consolidated Sanctions List (USA — also applies to any MTO using US dollars or US correspondent banks), the UN Security Council Consolidated List (applicable to all UN member states), the EU CFSP financial sanctions list (for EU/EEA licensed MTOs), the HMT Financial Sanctions List (for UK-licensed MTOs), and AUSTRAC/DFAT sanctions (for Australian-licensed MTOs). Canadian MTOs must screen against the OSFI Consolidated List under the Special Economic Measures Act and the United Nations Act. MTOs operating in the UAE should also screen against UAE Executive Office for Control and Non-Proliferation lists. A comprehensive screening programme typically draws from 8 or more official sources and consolidates them into a single searchable database that is updated in real time or near-real time.
FATF Recommendations 6 and 7 require targeted financial sanctions to be implemented "without delay" — meaning within hours of a new designation being published, not at the next batch run. In practice, this means MTOs must screen every transaction in real time at the point of initiation, before funds are moved. Batch screening — where transactions are processed first and screened overnight — does not meet the "without delay" standard and is increasingly cited as a deficiency in regulatory examination findings. MTOs should also re-screen existing customers periodically (typically quarterly or when a designation update is published) to catch newly designated parties who are already in the customer database. The list update frequency itself varies by authority: OFAC and EU EEAS update daily; HMT updates daily; UN Security Council updates less frequently but without a fixed schedule.
Fuzzy matching is a set of algorithms that allow a sanctions screening engine to identify potential matches between a customer name and a sanctioned person's name even when the spelling is not identical. This is essential because sanctioned individuals' names appear in official lists in specific transliterations, but those same individuals may submit documents or be referred to in other documents with different spellings, aliases, or name-order variations. Common fuzzy matching techniques include phonetic matching (Soundex, Metaphone), edit-distance algorithms (Levenshtein distance), n-gram analysis, token-based matching, and dedicated transliteration tables for Arabic, Cyrillic, and Chinese to Latin character conversions. A compliance-grade screening system also maintains an expanded alias index derived from the alias data published in official sanctions lists. Every screening system requires a configured similarity threshold — typically between 75 and 90 per cent — that determines when a potential match is flagged for human review rather than auto-cleared.
When a screening system generates a potential match (a "hit"), the transaction must be held — funds must not move — pending review. A trained compliance analyst reviews the alert by comparing the customer data against the list entry, checking corroborating identifiers such as date of birth, nationality, and address. If the match is determined to be a false positive (the customer is not the designated person), the transaction is cleared with a documented rationale and proceeds. If the match is confirmed as a genuine sanctions hit, the funds must be blocked or frozen immediately. The tipping-off prohibition means the customer must not be notified that the hold is sanctions-related. The MLRO or compliance officer must be notified, a Suspicious Activity Report must be filed with the relevant financial intelligence unit, and the sanctioned funds must be reported to the relevant authority — OFAC in the USA, the Office of Financial Sanctions Implementation (OFSI) in the UK, or the equivalent. All steps must be timestamped and recorded.
There is no universal regulatory target for false positive rates — regulators focus on whether your programme catches true hits rather than on minimising false positives per se. However, from an operational standpoint, false positive rates above 95–98% of all alerts are common for MTOs with high-volume, common-name customer populations. The practical management goal is to configure matching thresholds at a level where your analyst team can review all non-auto-cleared alerts within defined SLAs without the alert volume being so high that it creates a backlog that delays genuine transactions. Your threshold calibration methodology, alert volume trend data, and the average time-to-disposition for alerts are all metrics that regulators assess as indicators of programme health. MTOs should review and document their threshold settings at least annually, and adjust when alert volume data shows that the threshold is generating unsustainable analyst workloads or, conversely, is missing obvious near-matches.
OFAC civil penalties for sanctions violations can reach up to $1 million or twice the value of the transaction per violation, whichever is greater, under the International Emergency Economic Powers Act (IEEPA). Criminal penalties under IEEPA include fines up to $1 million and imprisonment up to 20 years per wilful violation. OFAC operates a strict liability civil penalty standard — meaning that intent to violate sanctions is not required for a civil penalty to apply. However, OFAC's enforcement framework does consider several factors that influence the penalty amount, including whether the MTO voluntarily self-disclosed the apparent violation, the strength of the compliance programme in place, the nature and duration of the violation, and whether the violation was wilful or reckless versus unintentional. Voluntary self-disclosure of an apparent violation typically reduces the penalty significantly and is always the recommended course of action when a possible sanctions breach is discovered. MTOs should refer directly to the OFAC website for current penalty guidelines and enforcement actions.
RemitSo provides a built-in real-time sanctions screening engine that is part of the core compliance infrastructure available to every MTO on the platform. The engine screens against 40,000+ records drawn from 8+ global lists — including OFAC SDN and Consolidated Sanctions, UN Security Council Consolidated List, EU CFSP sanctions, and HMT Financial Sanctions List, alongside applicable local lists for additional jurisdictions. Fuzzy matching and alias detection are integrated into the engine, applying phonetic, edit-distance, and token-based algorithms to catch name variants and transliterations. Every transaction generates a timestamped audit record covering the list version used, the match score returned, the disposition decision, and the action taken — all stored in a format accessible for regulatory examination. The screening workflow is integrated with RemitSo's KYC and AML/CTF case management module, so compliance teams work from a unified case view rather than separate systems. MTOs can request a demo to see the sanctions screening and compliance module in operation.
