Darf ich Background Checks ueberhaupt DSGVO-konform durchfuehren?

Ja. Die DSGVO regelt das in Artikel 6. Du stuetzt Dich auf berechtigtes Interesse (Art. 6 Abs. 1f) oder Einwilligung (Art. 6 Abs. 1a). So bist Du 100% DSGVO-konform.

Verschreckt ein Background Check meine Bewerber?

Im Gegenteil: Ein fairer, digitaler Prozess verbessert die Candidate Experience. Keine wochenlangen Wartezeiten — das schaetzen Top-Bewerber.

Wie schnell erhalte ich die Ergebnisse?

Unsere KI liefert erste Ergebnisse oft in 30 Minuten (Essential Check) statt 2-5 Tagen bei manuellen Berichten.

Warum nicht einfach selbst googeln oder ChatGPT nutzen?

Googeln und ChatGPT liefern unklare, oft veraltete Daten und sind rechtlich riskant. Indicium nutzt verifizierte Quellen wie Moodys und LexisNexis fuer audit-sichere Reports.

Was kostet ein Background Check mit Indicium?

Transparente Abos ab 1.990 EUR/Monat, zugeschnitten auf Dein Hiring-Volumen. 100% planbare Kosten ohne Einzelgebuehren.

Schuetzt ein Background Check vor Innentaetern?

Ja. Indicium prueft automatisiert gegen Sanktionslisten, PEP-Datenbanken und Firmennetzwerke — bevor jemand Zugang zu sensiblen Daten erhaelt.

Kann ich Indicium kostenlos testen?

Ja. 14 Tage kostenlos, 3 Checks inklusive, keine Kreditkarte noetig. Alternativ: kostenlose 30-Minuten-Demo.

Compliance

Sanctions List Screening: EU, UN and OFAC in Practice

April 17, 2026

Compliance

Sanctions List Screening: EU, UN and OFAC in Practice

April 17, 2026

Sanctions List Screening: EU, UN, and OFAC in Practice

Sanctions list screening is mandatory for companies in regulated industries — and strongly recommended for everyone else. This guide shows which lists are relevant, how often you need to screen, and what legal consequences a violation can have.

The three most important lists

EU sanctions lists

Based on EU regulations (especially Regulations 2580/2001 and 881/2002). The EU consolidated list contains all individuals and organizations that are excluded from doing business with EU companies.

Update: weekly, and on short notice in acute situations
Scope: several thousand entries (as of 2026: over 4,500)
Requirement: binding for all EU companies

UN Security Council Consolidated List

Based on UN resolutions (including 1267, 1988, 2140). This list is globally binding — all UN member states, including Germany, implement it.

Update: after UN sessions, usually monthly
Scope: approx. 1,200 entries
Requirement: mandatory for all companies in UN member states

OFAC SDN List (US Treasury)

The US Office of Foreign Assets Control maintains the Specially Designated Nationals List. This list actually applies to US entities, but it has extraterritorial effect: anyone who does business with listed parties risks being cut off from US dollar payment transactions.

Update: almost daily
Scope: over 10,000 entries
Requirement: mandatory for US companies and firms with USD transactions

Other relevant lists

UK HMT Sanctions List — own list after Brexit
Swiss SECO list — Swiss sanctions regime
Industry-specific: BaFin insider lists, counterterrorism lists

Who is required to screen?

Strictest requirement:

Banks and financial institutions (§ 25h KWG — continuous monitoring)
Insurance companies (§ 24 VAG)
Anti-money laundering obliged entities under § 2 GwG (including real estate agents, art dealers, notaries in certain transactions)
Defense companies

Indirect requirement:

All companies with export business
Companies that have suppliers or customers in non-EU countries
Companies that process USD transactions
Critical infrastructure operators

Best practice (even without an explicit obligation):

All companies above a certain size — especially when conducting pre-employment screening for executives

How often must screening be performed?

In the financial sector

Continuously. § 25h KWG requires continuous monitoring. In practice: at least daily matching against current lists; check every transaction against the list.

For other industries

At the start of a business relationship: full match against all three lists (EU, UN, OFAC)
When contracts change: run the check again
Continuously: at least weekly automated checks for existing customers and employees
When new sanctions are issued: immediately after publication (some lists are updated daily)

Sanctions lists in Switzerland, Austria, and across the EU

Switzerland: SECO and Embargo Act

Switzerland maintains its own consolidated sanctions list via the State Secretariat for Economic Affairs (SECO). Legal basis: Embargo Act (EmbG, SR 946.231). Switzerland typically adopts UN and EU sanctions, but retains decision-making autonomy (for example, Russia sanctions were adopted with delay in 2022). For companies with ties to Switzerland, the SECO list must be checked. Update: weekly, more frequently during crises. Violations are prosecuted under Art. 9 EmbG with imprisonment of up to 5 years.

Austria: EU sanctions + FMA/OeNB

Austria applies EU sanctions directly (they are directly applicable law). In addition, the Financial Market Authority (FMA) and the Austrian National Bank (OeNB) monitor compliance in the financial sector. Violations are prosecuted under the Austrian Foreign Trade Act (AußWG) — penalty framework comparable to § 18 AWG in Germany.

Across the EU: Consolidated list + AMLR

The new EU Anti-Money Laundering Regulation (AMLR), binding from 2027, significantly expands screening obligations. Together with the new AMLA (Anti-Money Laundering Authority) in Frankfurt, this creates an EU-wide supervisory system with a uniform data basis. For companies, this means: higher requirements for ongoing monitoring, uniform standards across the EU, more reporting obligations. The EU consolidated list remains the foundation, but is supplemented by AMLR guidelines.

Consequences of a violation

Criminal law

Violating EU sanctions is a criminal offense in Germany under § 18 AWG (Foreign Trade Act). Penalty: imprisonment from 3 months to 5 years, and up to 15 years in serious cases.

Supervisory law

BaFin fines of up to €10 million or 5 % of annual revenue
Revocation of the business license (extreme case)

Business impact

Exclusion from US dollar payment transactions (for OFAC violations)
Reputational damage
Claims for damages from business partners

Typical screening mistakes

1. Check only once

Sanctions lists change daily. Anyone who checks once at contract signing and never again misses new sanctions.

2. Check only the EU list

Anyone working with US banks or US customers must also check OFAC. The UN list is binding under international law.

3. Check only individuals, not organizations

Companies, foundations, and other organizations are also listed.

4. Underestimating name similarities

Sanctioned parties often use aliases or spelling variants. Simple string comparisons miss this. Fuzzy matching is a must.

5. Missing documentation

BaFin audit asks: “Can you prove that you checked against list [X] on [date]?” Without audit-proof documentation, the process is worthless.

Automated screening with Indicium

Indicium automatically screens against EU, UN, and OFAC lists — with fuzzy matching, timestamp documentation, and ongoing monitoring. Integration into HR systems (SAP, Workday, Personio) means: every new employee is screened at hiring and continuously afterward — with no manual effort.

You can find all compliance documents (DPA, subprocessors, TOMs) in the Trust Center at trust.indicium.ag.

Conclusion

Sanctions list screening is not a nice-to-have, but a legal requirement for more and more companies. Anyone who screens manually misses matches and risks personal liability. Automated, continuous monitoring is the only scalable approach.

Talk to us about your sanctions list screening.

Nabil El Berr