Sanctions and AML Insights

The BIS Entity List is a critical U.S. export control tool targeting foreign entities engaged in activities deemed contrary to U.S. national security or foreign policy interests. Businesses must screen all export, re-export, and technology transfer transactions against this list—even those involving intangible items like software or visual inspections. Non-compliance risks are substantial, including hefty fines, criminal charges, and loss of export privileges. Effective compliance requires more than basic screening: firms must implement risk-based programs, classify items accurately, evaluate licensing needs, and maintain robust due diligence processes. As the Entity List changes frequently and can overlap with other sanctions lists, organizations should integrate automated, multi-list screening tools and stay up to date with evolving regulatory guidance to protect their global operations.

FinCEN 314(a) screening is a targeted, event-driven compliance process that requires U.S. financial institutions to search their customer and transaction records for potential matches with individuals or entities suspected of involvement in money laundering or terrorist financing. Unlike ongoing sanctions screening, 314(a) screening is retrospective and confidential, with strict controls over data access and disclosure. Institutions must establish structured internal workflows, use appropriate technology to perform efficient and accurate searches, and ensure timely responses to FinCEN when matches are found. Key challenges include fragmented data, poor recordkeeping, and over-reliance on manual processes, all of which can be mitigated through automation, staff training, and strong governance. A robust 314(a) screening program not only ensures regulatory compliance but also supports broader national security objectives.

The Asia-Pacific region presents a complex and often inconsistent sanctions environment, with 17 countries maintaining autonomous sanctions programs. While Australia and New Zealand lead the region with structured, accessible, and high-integrity lists, most other jurisdictions fall short due to vague designations, poor data formatting, and a lack of public guidance. China and Singapore stand out as high-risk due to opaque practices and limited usability, while Malaysia and Indonesia show technical promise but lack accessibility and clarity. Smaller nations often operate under UN mandates, lacking responsive national frameworks. For compliance professionals, navigating APAC sanctions requires robust screening tools, enhanced due diligence, and region-specific expertise to mitigate risk and ensure regulatory alignment.

FinCEN 314(a) is a key provision of the USA PATRIOT Act that facilitates information sharing between US law enforcement agencies and financial institutions to identify and disrupt potential terrorist financing and significant money laundering activities. While the regulation is US-based, it has implications for UK financial institutions with US operations or correspondent banking relationships, requiring them to respond to periodic information requests about individuals or entities under investigation. Compliance involves conducting internal record searches, maintaining strict confidentiality, adhering to tight reporting timelines, and ensuring data protection practices align with UK GDPR. A robust compliance framework, clear procedures, and regular staff training are essential to meet 314(a) obligations effectively while navigating cross-border legal considerations.

In June 2025, OFAC fined GVA Capital nearly $216 million for willfully violating U.S. sanctions by continuing to manage investments for Russian oligarch Suleiman Kerimov after his designation as an SDN, and for failing to fully comply with a subpoena. Despite legal advice warning of sanctions risks, GVA facilitated multiple transactions benefitting Kerimov through offshore structures and proxies. The case highlights serious lapses in compliance, including delayed and incomplete document disclosure, lack of internal oversight, and a disregard for U.S. sanctions law. For compliance professionals, the key lessons include the importance of assessing both ownership and control, ensuring timely cooperation with regulators, and embedding sanctions compliance into organizational governance—especially in non-bank financial sectors like venture capital.

Sanctions screening remains a cornerstone of compliance for financial institutions, yet it comes with significant challenges. Common issues include poor data quality, which leads to missed or false matches; high false positive rates that overwhelm compliance teams; difficulties in managing frequent sanctions list updates; and the complexity of screening layered or opaque entity structures. Inadequate investigation and escalation workflows can compromise the effectiveness of even well-designed screening systems. To address these challenges, institutions must invest in data standardization, algorithm calibration, automated list management, beneficial ownership transparency, and strong case management processes. A risk-based, technology-enabled approach backed by clear governance is essential for building a resilient and efficient sanctions screening program.

AUSTRAC, Australia's financial intelligence unit, plays a critical dual role as both regulator and investigator in the fight against money laundering, terrorist financing, and other financial crimes. Operating under the AML/CTF Act and FTR Act, AUSTRAC collects and analyses transaction reports from a wide range of designated entities, including financial institutions and digital currency exchanges. It collaborates with other regulators like ASIC and APRA, enforces compliance through initiatives like the REST program, and issues significant penalties for breaches. AUSTRAC also actively supports industry engagement, international cooperation, and continuous improvement through risk-based guidance, technological innovation, and alignment with FATF standards, cementing its position as a central pillar in Australia’s financial regulatory landscape.

US sanctions are among the world’s most influential and far-reaching tools for enforcing foreign policy, national security, and international norms. Administered mainly by OFAC and BIS, these measures range from broad country embargoes to targeted restrictions on individuals, companies, and sectors tied to terrorism, WMD proliferation, corruption, and human rights abuses. Firms must screen against key US lists like the SDN List and Entity List and comply with complex rules, including the “50 Percent Rule” for ownership. Non-compliance risks enormous fines and reputational harm, making up-to-date screening, ownership checks, and staff training essential for global businesses navigating US extraterritorial reach.

Shelf companies are legally registered but inactive firms held by brokers until sold to buyers seeking a ready-made business entity. While legitimate uses exist — like saving time or enhancing perceived business credibility — shelf companies can pose serious compliance risks. Criminals may exploit them to hide beneficial ownership, launder money, commit fraud, or evade taxes by layering them within complex offshore structures. Detecting shelf companies requires careful due diligence, robust ownership verification, and monitoring for sudden suspicious activity. Regulators worldwide are tightening transparency rules, but firms must proactively screen clients and understand when a dormant company could mask criminal conduct.