Skip to content
AuditFront
WHO.1 EU Sanctions DD

EU Sanctions DD WHO.1: Counterparty Screening Against EU Consolidated List

What This Control Requires

Have all counterparties been screened against the EU Consolidated List of sanctioned persons and entities?

In Plain Language

This is the absolute baseline of EU sanctions compliance. Every business counterparty - customers, suppliers, partners, agents, and intermediaries - must be checked against the EU Consolidated List before you engage with them.

The EU Consolidated List is maintained on the EU Sanctions Map and is the single authoritative source for who is designated under EU restrictive measures. It includes individuals, entities, and groups subject to asset freezes and other restrictions.

Screening is not a one-time exercise. The list is updated frequently - sometimes multiple times per month - so you need a process for both initial screening and ongoing monitoring. Missing a newly designated counterparty because you only screened at onboarding is not a valid defence.

How to Implement

Use the EU Sanctions Map (sanctionsmap.eu) or a commercial screening tool to check all business counterparties against the EU Consolidated List. Screen at onboarding and re-screen periodically (at least quarterly).

Include in your screening scope: customers, suppliers, distributors, agents, joint-venture partners, and beneficial owners. Document every screening result - date, lists checked, matches found, and resolution of any false positives.

Also consider screening against OFAC SDN, UN, and OFSI lists if you have exposure outside the EU. Many commercial tools cover multiple lists simultaneously.

For free compliance support and screening guidance, visit the EU Sanctions Compliance Helpdesk (eu-sanctions-compliance-helpdesk.europa.eu).

Key regulations: the obligation to freeze assets of designated persons arises from Council Regulation (EU) No 269/2014 (asset freezing) and the various country-specific sanctions regulations. Failure to screen and comply is a criminal offence under Directive (EU) 2024/1226.

Evidence Your Auditor Will Request

  • Screening records showing all counterparties checked against EU Consolidated List
  • Documentation of screening tool or process used (commercial tool, manual checks, or combination)
  • Evidence of periodic re-screening schedule and execution
  • False positive resolution records with documented rationale
  • Coverage of all counterparty types: customers, suppliers, agents, partners, and beneficial owners

Common Mistakes

  • Screening only at onboarding with no ongoing monitoring as the sanctions list is updated
  • Screening limited to direct customers while ignoring suppliers, agents, and intermediaries
  • No documentation of screening results - relying on verbal confirmations or memory
  • Using outdated sanctions lists rather than the current EU Consolidated List
  • Failing to screen beneficial owners and only checking the entity name

Related Controls Across Frameworks

Framework Control ID Relationship
EU Sanctions DD EU Sanctions DD WHO.2 (related mapping) Related
EU Sanctions DD EU Sanctions DD PROG.3 (related mapping) Related

Frequently Asked Questions

What is the EU Consolidated List?
The EU Consolidated List is the single authoritative database of all persons, entities, and groups subject to EU restrictive measures (sanctions). It is maintained on the EU Sanctions Map at sanctionsmap.eu and includes designations under all EU sanctions programmes - Russia, Belarus, Iran, Syria, North Korea, Myanmar, and others. The list is updated whenever the Council adopts new designations or delistings, which can happen multiple times per month.
How often should we re-screen existing counterparties?
At minimum quarterly, but best practice is to re-screen whenever the EU Consolidated List is updated. Commercial screening tools can automate this by running continuous or daily batch checks. For high-risk counterparties (those in or near sanctioned jurisdictions, or in sensitive sectors), more frequent manual review is advisable.
Do we need to screen against non-EU lists as well?
If your company has US nexus (US persons, US-origin goods, USD transactions), you should also screen against the OFAC SDN list. If you deal with UK counterparties, include the OFSI list. The UN Consolidated List is also advisable for comprehensive coverage. Many commercial screening tools cover all major lists simultaneously.

Related Articles

The True Cost of Compliance: DIY vs Consultant vs Platform (2026)

A realistic comparison of three compliance approaches - DIY spreadsheets, hiring a consultant, or using a platform - with costs, timelines, and tradeoffs.

Read article →

GDPR Compliance Checklist for SaaS Companies

A practical GDPR checklist for SaaS companies - covering key requirements, common gaps, and actionable steps to achieve and maintain compliance.

Read article →

How to Get ISO 27001 Certified: A Step-by-Step Guide

A practical walkthrough of the ISO 27001 certification process - from scoping to stage 2 audit. Covers timelines, costs, common mistakes, and what auditors actually look for.

Read article →

Track EU Sanctions DD compliance in one place

AuditFront helps you manage every EU Sanctions DD control, collect evidence, and stay audit-ready.

Start Free Assessment