OFAC, OFSI, EU & UN Sanctions Screening: 2026 Compliance Guide

In 2023, a European bank was fined by OFAC for processing USD-clearing transactions involving an entity that was not on the SDN list but was blocked under the 50 Percent Rule due to aggregated ownership by two sanctioned individuals. Sanctions screening rarely fails because of missing data. It fails when compliance teams assume that global regimes move in lockstep, while in reality, each regime operates independently with its own scope and enforcement priorities.

In recent sanctions updates, major Russian energy entities have remained under strict sectoral and financial restrictions, with additional measures introduced across jurisdictions. The European Union adopted its 19th sanctions package on 23 October 2025, introducing a full ban on Russian LNG imports, tighter transaction bans on Rosneft and Gazprom Neft, sanctions on crypto exchanges, and 69 new individual and entity listings. The UK did not back down and went ahead with its own structure, putting both under asset freeze orders.

Restrictions were added by three significant regimes in the same period. Compliance teams had limited time to align their screening systems across all three regimes.

As a result, many institutions identified gaps in their screening coverage.

This reflects a broader challenge in sanctions screening in 2026. The global regimes are not aligned, the lists are not totally overlapping, and the screening of one authority does not encompass the other. The expansion of sanctions is ongoing, and the number of global listings is rising steadily, with tens of thousands of designated individuals and entities across major regimes.

OFAC: Extraterritorial Reach and Secondary Sanctions Exposure

The Office of Foreign Assets Control (OFAC) has one of the most extensive sanctions regimes in the world. It extends jurisdiction beyond US persons and entities in specific circumstances. Any transaction going through the US financial system, including transactions processed through the US financial system, such as US dollar clearing, can be subject to its jurisdiction.

This is further enforced through enforcement actions. Banks have been subject to hefty fines in cases of indirect exposure to sanctioned jurisdictions as part of intermediary transactions, despite the major relationship seeming to be lawful.

One of the key technical requirements under OFAC is the 50 percent ownership rule. Any entity owned 50% or more, directly or indirectly, by one or more sanctioned persons is treated as blocked, even if it does not appear on the sanctions list. This includes aggregated ownership. For example, the rule applies when two sanctioned individuals each hold 25 percent ownership in an entity.

The European Union codified its ownership threshold into binding law as part of the 19th sanctions package in October 2025, defining ownership as possessing 50% or more of the proprietary rights in an entity. UK OFSI guidance applies the threshold at more than 50%, and also incorporates control as a separate basis for sanctions application. Compliance teams should review both regimes’ definitions independently rather than assuming alignment.

There is an additional complicating aspect of secondary sanctions. Even in situations where there is no direct US relationship, OFAC has the ability to act against non-US entities that transact with the sanctioned parties. This increases exposure to institutions that have international operations, especially those that are cleared in the US dollar or those with financial flows associated with the US.

In April 2024, the 21st Century Peace Through Strength Act extended the statute of limitations for civil and criminal IEEPA violations from five years to ten years. The extension applies only to violations occurring on or after April 24, 2019, it does not revive liability for conduct already time-barred at enactment. MLROs should update record retention policies and transaction lookback periods accordingly, as the actionable window will continue to expand incrementally until a full ten-year scope is reached in April 2029.

UN Sanctions: The Legal Baseline Often Overlooked

United Nations sanctions are implemented in Chapter VII of the UN Charter and are binding on all member states. These regimes consist of jurisdictions and organizations such as North Korea, Iran, ISIL, Al-Qaeda, etc.

UN sanctions are less frequent and more focused in comparison to the measures of the OFAC or the EU. For a full breakdown of how the UN, OFAC, and EU sanctions regimes differ in scope, legal basis, and enforcement priority, see our guide to the global sanctions regime.

This creates recurring compliance gaps. In the jurisdictions where UN sanctions are the main legal duty, the prioritization of such lists may lead to a mismatch of the domestic regulatory expectations.

UN measures are a baseline. They are often supplemented with additional designations or sectoral constraints by other regimes. Checking against OFAC or EU lists does not necessarily meet requirements in areas where UN sanctions are directly implemented.

Compliance coverage, therefore, needs to be intentional rather than assumed.

EU Sanctions: Volume Growth and Fragmented Enforcement

The European Union has increased its sanction activity over the past few years. Hundreds of new designations are added each year, especially after geopolitical changes in Eastern Europe.

Fragmentation of enforcement is the defining challenge in the framework of the EU. Although sanctions legislation is set at the Union level, member states implement the required measures. This results in inconsistent interpretation, degree of enforcement, and punishment.

A transaction considered a minor violation in one jurisdiction may be treated as a serious offense in another. EU countries have various enforcement expectations that financial institutions are required to meet, as opposed to a single standard.

The EU also has ownership thresholds consistent with those of the OFAC, and both consolidated lists and annex-based restrictions. These annexes bring more complexity, especially to firms that are in trade or sector-specific activities.

Despite a lack of secondary sanctions by the EU, the same cannot be said about institutions that operate in the EU, customers, or transactions in the Euro currency.

This disjointed system necessitates compliance teams to have jurisdiction-conscious screening policies.

OFSI: Strict Liability and Enforcement Reality

The UK’s Office of Financial Sanctions Implementation operates under a strict liability framework. A breach is determined regardless of intent, meaning that a financial institution can be held accountable even without knowledge of the violation.

Penalty thresholds currently reach the greater of £1 million or 50% of the estimated value of the breach. OFSI has proposed doubling this to the greater of £2 million or 100% of the breach value, pending legislative change, a development that compliance teams should factor into their risk assessments now.  This places direct emphasis on the effectiveness of screening systems rather than the intent behind transactions.

Sanctions compliance has been noted to have recurring problems, as identified through regulatory reviews. Incorrect screening configurations continue to result in missed matches despite accurate underlying data. This demonstrates that data quality alone does not prevent breaches without proper system implementation.

Voluntary disclosure influences enforcement outcomes. Regulatory investigation usually imposes fewer penalties on institutions that identify and report breaches as compared to those that are identified by a regulatory investigation.

The recent changes also indicate greater attention to the emergent risks. Guidance related to crypto asset use in sanctions evasion and collaboration between UK and US authorities reflects growing coordination across jurisdictions.

Strict liability shifts the compliance focus toward operational accuracy and system reliability.

Why Traditional Screening Fails Against Modern Evasion

These evasion methods explain why traditional sanctions screening approaches fail even when the list data is accurate.

Sanctioned actors rarely operate under direct ownership structures. Instead, layered corporate entities, offshore registrations, and nominee arrangements are used to obscure beneficial ownership. This creates challenges in identifying connections that fall under ownership-based sanctions rules.

Maritime evasion techniques have also evolved. Vessels involved in restricted trade frequently disable or manipulate tracking systems to conceal their location. Frequent changes in flag registration further complicate identification. Institutions involved in trade finance or insurance must consider these factors beyond standard list screening.

Cryptocurrency introduces another channel for sanctions evasion. Large transaction volumes linked to sanctioned jurisdictions have been observed, often routed through intermediaries and digital asset platforms. Screening requirements now extend to wallet addresses and virtual asset service providers.

Advanced technologies are now used to simulate legitimate transaction behavior. Synthetic documentation, altered transaction patterns, and identity manipulation have made detection more complex. These developments require screening systems that go beyond static matching.

Overlap Does Not Mean Coverage

Relying on a single regime creates measurable gaps in global compliance coverage. Screening a single regime leaves measurable gaps in global compliance coverage.

Common Sanctions Screening Gaps in 2026

Several operational gaps continue to appear across enforcement actions. Screening only one regime creates structural blind spots. As a result, institutions miss exposures that exist outside the selected authority’s scope. Delayed data updates increase exposure to prohibited transactions. Designations occur without advance notice, and outdated data can result in prohibited transactions being processed.

Manual ownership checks create inconsistency across screening processes. Therefore, reliance on manual processes does not scale for institutions handling high volumes of transactions. Secondary sanctions are often underestimated. This leads to exposure through indirect relationships, particularly for institutions connected to global financial systems. These gaps highlight the need for integrated and continuously updated screening frameworks.

Multi-regime screening also compounds the false positive problem. Each additional list increases alert volume without proportionally increasing genuine hits. An MLRO running screens across OFAC, OFSI, EU, and UN simultaneously, without fuzzy matching, transliteration processing, and risk-scoring, will see alert volumes climb while true positive rates stay flat. Industry data indicates approximately 90% of AML alerts are false positives, meaning analysts spend the majority of their time clearing noise rather than acting on genuine exposure. This is where screening system design matters as much as data coverage.

How AML Watcher Supports Multi-Regime Sanctions Screening

Financial institutions face growing difficulty maintaining consistent sanctions coverage across multiple regimes, especially as updates occur without notice and ownership structures become more complex. AML Watcher addresses this challenge by unifying data across 215+ global sanctions regimes, including OFAC, UN, EU, and OFSI, with updates every 15 minutes.

Screening is not limited to name matching based on phonetic analysis, transliteration processing, and identifier-based checks, and enhances accuracy and minimizes false matches. Integrated ownership analysis helps identify indirect exposure, while coverage across vessels, aircraft, and crypto wallets supports sector-specific risks. TruRisk reduces false positives by 44% and false negatives by 15%, cutting manual review work by 70–80%, so analysts focus on genuine exposure, not list noise.