Sanctions compliance is a core regulatory obligation for financial institutions and companies across sectors, requiring sustained attention and well-designed controls.
With evolving programs and requirements from the United States, the United Kingdom, and the European Union, keeping pace remains an ongoing challenge for organizations. As a result, companies risk steep penalties, reputational damage, and operational disruptions – especially amid shifting regulations and guidance, as well as increasingly sophisticated sanctions evasion tactics.
Below, we explore 10 key sanctions compliance questions every leader should be asking, along with practical insights to help strengthen your program.
Sanctions screening is a core risk management function. Gaps in implementation can leave organizations exposed to legal and financial penalties, regardless of how strong a program looks on paper.
For instance, under OFAC’s 50 Percent Rule, any entity owned 50% or more, directly or indirectly, by one or more blocked persons is automatically considered blocked—even if they’re not listed. The EU and U.K. apply similar rules.
Over the past five years, OFAC imposed over $4 billion in fines for sanctions violations, including breaches of the 50 Percent Rule. In January 2025, OFAC imposed a $1 million fine on a California-based Haas Automation, a manufacturing company that sold goods to seven Russian customers which were not on the SDN List but were “blocked by virtue of being directly or indirectly owned 50 percent or more by” SDNs.
Action: Go beyond basic list screening. Incorporate checks for the 50 Percent Rule by evaluating multilayered ownership structures, aggregated stakes across sanctioned parties, cross-border beneficial ownership, and changes in control over time.
In fact, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has explicitly stated that “all U.S. persons”, including companies and their foreign subsidiaries, must comply with sanctions regulations. This includes non-financial entities involved in international trade, transport, procurement, and insurance. Similarly, the U.K.’s Office of Financial Sanctions Implementation (OFSI) and international bodies like the Financial Action Task Force (FATF) stress the role of all businesses in preventing sanctions violations and financial crime.
Supply chain actors, for example, may unwittingly ship goods to restricted parties. Insurers can underwrite services for sanctioned vessels. And manufacturers might purchase components from blacklisted suppliers. These indirect or downstream exposures can still result in penalties—even if the entity in question isn’t directly listed.
If your business involves payments, shipments, or cross-border services, a sanctions compliance framework is essential.
Action: Regardless of your industry, ensure sanctions and risk screening is built into the necessary stages of your customer, vendor, and transaction workflows.
False positives and false negatives from name-matching errors can cause compliance gaps, especially when tools rely on incomplete datasets or outdated watchlists. More critically, these tools can miss contextual risks that require deeper analysis, like obscured ownership ties, front companies, or other advanced evasion tactics.
Relying solely on software won’t satisfy regulatory expectations, who have emphasized that merely “checking the box” with basic screening tools is not a sufficient defense in enforcement actions.
Action: Pair technology with a risk-based approach that includes strategically informed oversight and a commitment to constant improvement.
With evolving programs and requirements from the United States, the United Kingdom, and the European Union, keeping pace remains an ongoing challenge for organizations. As a result, companies risk steep penalties, reputational damage, and operational disruptions – especially amid shifting regulations and guidance, as well as increasingly sophisticated sanctions evasion tactics.
Below, we explore 10 key sanctions compliance questions every leader should be asking, along with practical insights to help strengthen your program.
What is Sanctions Compliance and Why Does It Matter?
Sanctions compliance is the practice of following laws and regulations that restrict or prohibit transactions, activities, or interactions with designated individuals, entities, countries, or regimes. It involves maintaining internal controls, such as screening customers and counterparties and assessing indirect exposure (like ownership links to sanctioned actors), to reflect evolving legal requirements.Sanctions screening is a core risk management function. Gaps in implementation can leave organizations exposed to legal and financial penalties, regardless of how strong a program looks on paper.
Ten Questions Everyone Should Ask
Sanctions compliance isn't just about checking boxes — it’s about asking the right questions before risks surface. These ten questions are designed to help compliance leaders uncover blind spots, challenge assumptions, and build stronger, more resilient programs.If a Company Isn’t on a Sanctions List, Is it Safe?
Sanctions risk goes far beyond the names that appear on official lists. Just because a party isn’t explicitly designated doesn’t mean they’re safe to do business with.For instance, under OFAC’s 50 Percent Rule, any entity owned 50% or more, directly or indirectly, by one or more blocked persons is automatically considered blocked—even if they’re not listed. The EU and U.K. apply similar rules.
Over the past five years, OFAC imposed over $4 billion in fines for sanctions violations, including breaches of the 50 Percent Rule. In January 2025, OFAC imposed a $1 million fine on a California-based Haas Automation, a manufacturing company that sold goods to seven Russian customers which were not on the SDN List but were “blocked by virtue of being directly or indirectly owned 50 percent or more by” SDNs.
Action: Go beyond basic list screening. Incorporate checks for the 50 Percent Rule by evaluating multilayered ownership structures, aggregated stakes across sanctioned parties, cross-border beneficial ownership, and changes in control over time.
What Does Sanctions Compliance Look like for Non-Financial Institutions?
Sanctions compliance is relevant to various sectors – logistics, tech, insurance, manufacturing, apparel, automobiles, and more.In fact, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has explicitly stated that “all U.S. persons”, including companies and their foreign subsidiaries, must comply with sanctions regulations. This includes non-financial entities involved in international trade, transport, procurement, and insurance. Similarly, the U.K.’s Office of Financial Sanctions Implementation (OFSI) and international bodies like the Financial Action Task Force (FATF) stress the role of all businesses in preventing sanctions violations and financial crime.
Supply chain actors, for example, may unwittingly ship goods to restricted parties. Insurers can underwrite services for sanctioned vessels. And manufacturers might purchase components from blacklisted suppliers. These indirect or downstream exposures can still result in penalties—even if the entity in question isn’t directly listed.
If your business involves payments, shipments, or cross-border services, a sanctions compliance framework is essential.
Action: Regardless of your industry, ensure sanctions and risk screening is built into the necessary stages of your customer, vendor, and transaction workflows.
Are Automated Tools Alone Enough to Ensure Sanctions Compliance?
Automated tools are essential, but not foolproof.False positives and false negatives from name-matching errors can cause compliance gaps, especially when tools rely on incomplete datasets or outdated watchlists. More critically, these tools can miss contextual risks that require deeper analysis, like obscured ownership ties, front companies, or other advanced evasion tactics.
Relying solely on software won’t satisfy regulatory expectations, who have emphasized that merely “checking the box” with basic screening tools is not a sufficient defense in enforcement actions.
Action: Pair technology with a risk-based approach that includes strategically informed oversight and a commitment to constant improvement.
Kharon’s solutions empower compliance teams to go beyond reactive measures by offering proactive, risk-informed decision-making capabilities, helping them to evolve from compliance enforcers to strategic risk managers.
Is U.S. Sanctions Compliance Sufficient on its Own?
Some companies—especially those headquartered in the U.S.—may operate under the assumption that if they comply with OFAC sanctions, they’re covered. This view treats U.S. regulations as the only ones that matter, when in reality, global companies must comply with multiple regimes.Many jurisdictions maintain independent sanctions regimes with varying scope, targets, and thresholds. What’s permitted under one regime may be prohibited under another.
Action: Build a compliance program that is informed by multi-jurisdictional responsibilities. Tools and datasets that take into account U.N., EU, U.K., Canadian, Australian, and other sanctions programs can reduce blind spots.
Is It Enough to Check for Sanctions Exposure Just Once?
Some organizations treat sanctions screening as something to be done during customer onboarding or vendor approval, then filed away as complete. This static view assumes that once an entity is screened and cleared, the risk is resolved permanently.In reality, sanctions lists change frequently, as does the ownership or control structure of sanctioned or related entities. A partner who’s clear today may be added tomorrow.
Action: Implement an ongoing screening and review process. Re-screen your customer base periodically, and subscribe to official update feeds.
Discover why Treasury guidance urges past transaction screening—and how high-quality risk intelligence can reveal hidden indicators of sanctions evasion in your current customer or transaction base. Learn more in our report: Strategic Counterplay.
Does Voluntary Disclosure Mean You’ve Met Your Obligation?
While voluntary self-disclosure (VSD) is strongly encouraged by OFAC and other regulators—and can significantly reduce penalties—it does not guarantee immunity. And it won’t eliminate consequences.OFAC’s Enforcement Guidelines clarify that penalties ultimately depend on the nature of the violation, the strength of the company’s compliance program, whether the disclosure was timely and complete, and whether the company took corrective action.
Action: Make sure that your organization is positioned to surface where voluntary disclosures may be required, but don’t overly rely on this mechanism as a safe harbor. Invest in preventative systems and escalate suspicious activity immediately.
Can Risky Shell Companies Be Identified Through Due Diligence?
Some organizations may assume that because shell companies are legally registered and do not display red flags on the surface, they fall outside the scope of sanctions screening and pose minimal compliance risk.But shell companies, designed to evade detection by traditional screening systems and exploit weak due diligence processes, are a well-documented tool for sanctions evasion. Both FATF and OFAC among others have issued guidance stressing the importance of identifying UBOs and understanding the control structures behind entities. Screening for minority ownership and non-controlling interests is equally critical, as these relationships may not violate sanctions laws outright but can still expose businesses to significant regulatory, reputational, and commercial risk.
Action: Enrich your screening with ownership intelligence to detect and investigate hidden ownership structures. Use risk intelligence tools like Kharon that detect indirect links and networks of control.
What Are the Risks of Indiscriminate De-Risking?
Unnecessarily exiting or denying the provision of financial services or commercial transactions to avoid risk can disproportionately impact certain customer segments, damage goodwill, and create unnecessary friction with partners. Regulators like OFAC have cautioned against indiscriminate de-risking, especially when it stems from underinvestment in compliance capabilities such as poor data, rigid screening logic, or a lack of context.In addition, being cautious without cause doesn’t just waste resources, it can also erode confidence in your compliance program.
Action: Aim for targeted risk management. Calibrate your screening and escalation protocols to distinguish between real threats and false alarms.
Do Sanctions Requirements Only Apply When Dealing Directly with Sanctioned Jurisdictions?
Even if you're not dealing directly with a heavily sanctioned jurisdiction like Russia, China or Venezuela, sanctions risk is still something you need to invest in. You can be penalized for facilitating transactions through intermediaries like subsidiaries, shell companies, joint ventures, or supply chain partners that operate from commercial hubs around the globe.For example, a non-sanctioned procurement agent might purchase your product, only to quietly resell it to a sanctioned entity or jurisdiction. Failing to detect these hidden ties can result in multimillion-dollar fines, and severe reputational damage.
Action: Approach sanctions compliance as a global challenge. Make sure your team is performing the appropriate level of due diligence on customers and supply chains, in particular where resellers, hidden parties and intermediaries may be involved.
Is Compliance Just a Cost Center, or Can It Be a Strategic Advantage?
Compliance is often viewed as a necessary burden that doesn’t add real business value or clearly result in a positive ROI. Consequently, it may be underfunded, under-resourced, and siloed from broader decision-making.In reality, effective compliance protects revenue, supports growth, and builds trust. Regulators reward proactive programs, and investors prefer resilient, well-governed companies.
Action: Reframe compliance as a strategic function and competitive advantage.
Improving Sanctions Compliance with Kharon
Kharon goes beyond traditional sanctions screening and surface-level checks by supporting compliance professionals with advanced data on sanctioned ownership, affiliations, and sanctions evasion networks.Here are just a few ways that Kharon supports key challenges raised throughout this article:
- Detecting hidden ownership and shell structures: Kharon maps multi-layered corporate networks and identifies UBOs, nominee directors, and front companies implicated in sanctions evasion—helping organizations comply with various jurisdictions 50 Percent Rules and FATF guidance. Kharon also goes further, uncovering minority ownership stakes, control relationships, and other risk-relevant links that may fall outside formal sanctions thresholds but still expose institutions to regulatory, reputational, or strategic risk.
- Going beyond automated screening tools: Instead of relying solely on watchlist hits, Kharon provides contextual risk data, reducing false positives and uncovering missed exposures that other tools and data providers overlook. Kharon allows users to instantly visualize complex ownership and network connections, helping teams quickly understand relationships, assess risk, and make informed decisions with confidence.
- Maintaining continuous compliance: Sanctions evolve rapidly. Kharon supports ongoing due diligence with timely updates and intelligence that helps businesses screen beyond onboarding and stay compliant over time. Kharon’s Rapid Response offering delivers files identifying any entities or units newly subject to the U.S., EU, or U.K. 50 Percent Rules within 72 hours of a sanctions action—ensuring organizations can act quickly and with confidence.
Ready to strengthen your compliance efforts? Explore Kharon’s sanctions and financial crime compliance solutions or request a demo today.