Sanctions List Screening: EU, UN and OFAC in Practice
Sanctions list screening is mandatory for companies in regulated industries — and strongly recommended for everyone else. This guide shows which lists are relevant, how often checks must be performed, and what legal consequences a violation has.
The three most important lists
EU sanctions lists
Based on EU regulations (in particular Regulations 2580/2001 and 881/2002). The EU Consolidated List contains all individuals and organizations that are barred from doing business with EU companies.
Update: weekly, at short notice in acute events
Scope: several thousand entries (as of 2026: over 4,500)
Obligation: binding for all EU companies
UN Security Council Consolidated List
Based on UN resolutions (including 1267, 1988, 2140). This list is globally binding — all UN member states, including Germany, implement it.
Update: after UN meetings, usually monthly
Scope: approx. 1,200 entries
Obligation: for all companies in UN member states
OFAC SDN List (US Treasury)
The U.S. Office of Foreign Assets Control maintains the Specially Designated Nationals List. This list actually applies to U.S. entities, but it has extraterritorial effect: anyone doing business with listed parties risks exclusion from U.S. dollar payment transactions.
Update: almost daily
Scope: over 10,000 entries
Obligation: for U.S. companies and firms with USD transactions
Other relevant lists
UK HMT Sanctions List — own list after Brexit
Swiss SECO List — Swiss sanctions regime
Sector-specific: BaFin insider lists, anti-terrorism lists
Who is required to screen?
Strictest obligation:
Banks and financial institutions (§ 25h KWG — continuous monitoring)
Insurance companies (§ 24 VAG)
Money laundering-obliged entities under § 2 GwG (also real estate agents, art dealers, notaries in certain transactions)
Defense companies
Indirect obligation:
All companies with export business
Companies that have suppliers or customers in non-EU countries
Companies that process USD transactions
Critical infrastructure operators
Best practice (even without an explicit obligation):
All companies above a certain size — especially for pre-employment screening of executives
How often must checks be performed?
In the financial sector
Ongoing. Section 25h KWG requires continuous monitoring. In practice: at least daily comparison against current lists, and check every transaction against the list.
For other industries
At business start: full comparison against all three lists (EU, UN, OFAC)
When contracts change: repeat the comparison
Ongoing: at least weekly automated comparison for existing customers and employees
When new sanctions are issued: immediately after publication (some lists are updated daily)
Sanctions lists in Switzerland, Austria, and across the EU
Switzerland: SECO and the Embargo Act
Switzerland maintains its own consolidated sanctions list through the State Secretariat for Economic Affairs (SECO). Legal basis: Embargo Act (EmbG, SR 946.231). Switzerland typically adopts UN and EU sanctions, but retains decision-making autonomy (example: Russia sanctions were adopted with delay in 2022). For companies with a Swiss nexus, the SECO list must be checked. Update: weekly, more frequently during crisis periods. Violations are prosecuted under Art. 9 EmbG with imprisonment of up to 5 years.
Austria: EU sanctions + FMA/ÖNB
Austria applies EU sanctions directly (they are directly applicable law). In addition, the Financial Market Authority (FMA) and the Oesterreichische Nationalbank (ÖNB) monitor compliance in the financial sector. Violations are prosecuted under the Austrian Foreign Trade Act (AußWG) — the penalty framework is comparable to § 18 AWG in Germany.
Across the EU: Consolidated List + AMLR
The new EU Anti-Money-Laundering Regulation (AMLR), binding from 2027, significantly expands screening obligations. Together with the new AMLA (Anti-Money Laundering Authority) in Frankfurt, this creates an EU-wide supervisory system with a unified data basis. For companies, this means higher requirements for ongoing monitoring, uniform standards across the EU, and more reporting obligations. The EU Consolidated List remains the foundation, but it is supplemented by AMLR guidelines.
Consequences of a violation
Criminal law
A violation of EU sanctions is a criminal offense in Germany under § 18 AWG (Foreign Trade and Payments Act). Penalty: imprisonment from 3 months to 5 years, and in severe cases up to 15 years.
Supervisory law
BaFin fines of up to €10 million or 5% of annual revenue
Revocation of business authorization (extreme case)
Business impact
Exclusion from USD payment transactions (in case of OFAC violations)
Reputational damage
Claims for damages from business partners
Typical mistakes in screening
1. Checking only once
Sanctions lists change daily. Anyone who checks only once at contract signing and never again will miss new sanctions.
2. Checking only the EU list
Anyone working with U.S. banks or U.S. customers must also screen against OFAC. The UN list is binding under international law.
3. Checking only individuals, not organizations
Companies, foundations, and other organizations can also appear on lists.
4. Underestimating name similarity
Sanctioned parties often use alias names or spelling variations. Simple string comparisons miss this. Fuzzy matching is essential.
5. Missing documentation
BaFin audit asks: “Can you prove that you checked against list [X] on [date]?” Without audit-proof documentation, the process is worthless.
Automated screening with Indicium
Indicium automatically checks against EU, UN, and OFAC lists — with fuzzy matching, timestamp documentation, and continuous monitoring. Integration into HR systems (SAP, Workday, Personio) means every new employee is checked at hiring and then continuously thereafter — without manual effort.
You can find all compliance documents (DPA, subprocessors, TOMs) in the Trust Center at trust.indicium.ag.
Conclusion
Sanctions list screening is not a nice-to-have, but a legal requirement for more and more companies. If you check manually, you will miss matches and risk personal liability. Automated, continuous monitoring is the only scalable approach.
Talk to us about your sanctions list screening.
Read more — related articles
Nabil El Berr
