Sanctions and AML Insights

The BIS Entity List is a critical U.S. export control tool targeting foreign entities engaged in activities deemed contrary to U.S. national security or foreign policy interests. Businesses must screen all export, re-export, and technology transfer transactions against this list—even those involving intangible items like software or visual inspections. Non-compliance risks are substantial, including hefty fines, criminal charges, and loss of export privileges. Effective compliance requires more than basic screening: firms must implement risk-based programs, classify items accurately, evaluate licensing needs, and maintain robust due diligence processes. As the Entity List changes frequently and can overlap with other sanctions lists, organizations should integrate automated, multi-list screening tools and stay up to date with evolving regulatory guidance to protect their global operations.

FinCEN 314(a) screening is a targeted, event-driven compliance process that requires U.S. financial institutions to search their customer and transaction records for potential matches with individuals or entities suspected of involvement in money laundering or terrorist financing. Unlike ongoing sanctions screening, 314(a) screening is retrospective and confidential, with strict controls over data access and disclosure. Institutions must establish structured internal workflows, use appropriate technology to perform efficient and accurate searches, and ensure timely responses to FinCEN when matches are found. Key challenges include fragmented data, poor recordkeeping, and over-reliance on manual processes, all of which can be mitigated through automation, staff training, and strong governance. A robust 314(a) screening program not only ensures regulatory compliance but also supports broader national security objectives.

The Asia-Pacific region presents a complex and often inconsistent sanctions environment, with 17 countries maintaining autonomous sanctions programs. While Australia and New Zealand lead the region with structured, accessible, and high-integrity lists, most other jurisdictions fall short due to vague designations, poor data formatting, and a lack of public guidance. China and Singapore stand out as high-risk due to opaque practices and limited usability, while Malaysia and Indonesia show technical promise but lack accessibility and clarity. Smaller nations often operate under UN mandates, lacking responsive national frameworks. For compliance professionals, navigating APAC sanctions requires robust screening tools, enhanced due diligence, and region-specific expertise to mitigate risk and ensure regulatory alignment.

FinCEN 314(a) is a key provision of the USA PATRIOT Act that facilitates information sharing between US law enforcement agencies and financial institutions to identify and disrupt potential terrorist financing and significant money laundering activities. While the regulation is US-based, it has implications for UK financial institutions with US operations or correspondent banking relationships, requiring them to respond to periodic information requests about individuals or entities under investigation. Compliance involves conducting internal record searches, maintaining strict confidentiality, adhering to tight reporting timelines, and ensuring data protection practices align with UK GDPR. A robust compliance framework, clear procedures, and regular staff training are essential to meet 314(a) obligations effectively while navigating cross-border legal considerations.

In June 2025, OFAC fined GVA Capital nearly $216 million for willfully violating U.S. sanctions by continuing to manage investments for Russian oligarch Suleiman Kerimov after his designation as an SDN, and for failing to fully comply with a subpoena. Despite legal advice warning of sanctions risks, GVA facilitated multiple transactions benefitting Kerimov through offshore structures and proxies. The case highlights serious lapses in compliance, including delayed and incomplete document disclosure, lack of internal oversight, and a disregard for U.S. sanctions law. For compliance professionals, the key lessons include the importance of assessing both ownership and control, ensuring timely cooperation with regulators, and embedding sanctions compliance into organizational governance—especially in non-bank financial sectors like venture capital.

Sanctions screening remains a cornerstone of compliance for financial institutions, yet it comes with significant challenges. Common issues include poor data quality, which leads to missed or false matches; high false positive rates that overwhelm compliance teams; difficulties in managing frequent sanctions list updates; and the complexity of screening layered or opaque entity structures. Inadequate investigation and escalation workflows can compromise the effectiveness of even well-designed screening systems. To address these challenges, institutions must invest in data standardization, algorithm calibration, automated list management, beneficial ownership transparency, and strong case management processes. A risk-based, technology-enabled approach backed by clear governance is essential for building a resilient and efficient sanctions screening program.