Sanctions Screening Best Practices for 2026
Sanctions screening is the highest-risk control in your AML program. Here are the 2026 best practices that keep false positives down and OFAC happy.
Sanctions screening is the only AML control where a single miss can shut down your business. OFAC, EU, UK HMT, UN and a growing patchwork of national lists are updated weekly, and secondary sanctions reach counterparties three hops away. In 2026, doing sanctions screening well means more than running a daily batch — it means tunable matching, evidence-quality dispositions and continuous coverage.
This guide covers the practices that distinguish a defensible sanctions program from a checkbox one.
Pick the Right Lists
At minimum, screen against OFAC SDN, OFAC sectoral, OFAC non-SDN, EU Consolidated, UK HMT, UN, Canada, Australia and Switzerland. Add country-specific lists where you have material exposure. For PEPs and adverse media, use a global database that updates daily.
Tune the Matching Engine
Out-of-the-box fuzzy matching produces 10–20% false positive rates. Tune by transliteration rules, date-of-birth weighting, secondary identifier boosts and entity-type filters. Document every tuning decision so you can defend it in an exam.
Watch for Underscreening
Tuning down too aggressively to cut false positives can produce false negatives — the dangerous kind. Always pair tuning with backtesting against known-positive samples.
Disposition With Evidence
Every hit needs a written disposition — match, no match, escalate — with the analyst's reasoning, the comparison fields and the supporting evidence preserved. Use a four-eye approval for true matches and any close calls.
Continuous Rescreening
Daily rescreening of the full customer base is the minimum bar in 2026. Anything slower means you may be transacting with a newly designated party for hours or days before catching it.
Secondary Sanctions and Counterparty Risk
Modern OFAC enforcement reaches secondary sanctions — penalties for transacting with parties that themselves do business with sanctioned entities. Screen counterparties, beneficial owners and key vendors, not just direct customers.
Geofencing and Payment-Layer Controls
Pair name screening with IP geofencing, KYC address checks, payment instrument issuer-country filters and on-chain analytics for crypto. Layered controls catch what name screening alone misses.
Key Takeaways
- Multi-list coverage and daily rescreening are baseline expectations.
- Tune matching with documented evidence and backtesting.
- Dispositions are exam evidence — invest in case management.
- Layer name screening with geofencing and on-chain analytics.
Related Verification Services
Screen against US Treasury sanctions lists.
Check against United Nations consolidated list.
Identify domestic and foreign PEPs.
Search 10,000+ news sources for negative mentions.
Frequently Asked Questions
How often does OFAC update the SDN list?
Multiple times per week. Treat any list older than 24 hours as stale.
Is OFAC strict liability?
Yes. Lack of intent does not avoid penalties; mitigating factors only reduce them.
What false-positive rate is acceptable?
Most mature programs target 2–4% on true alerts after tuning, with full evidence on every disposition.
Do PEPs require screening if my product is low risk?
Yes for many regulators, and best practice for all. PEP status drives risk rating, not just rejection.
Can we rely on a vendor's tuning?
Only if you understand it, test it and document why it is appropriate for your risk profile.
Need defensible sanctions screening?
We deliver tuned, evidence-rich sanctions and PEP screening — daily rescreening, four-eye disposition and exam-ready logs.