Skip to content
AuditFront
PROG.3 EU Sanctions DD

EU Sanctions DD PROG.3: Ongoing Counterparty Screening

What This Control Requires

Are counterparties screened regularly (not just at onboarding) and are screening results documented?

In Plain Language

Sanctions lists change frequently - new designations, delistings, and updates happen regularly, sometimes multiple times per month. A customer who was clean at onboarding may be designated months later. One-time screening is insufficient.

This control goes beyond initial screening (covered in WHO.1) to focus on the ongoing monitoring process. The EU Consolidated List is the minimum - ideally supplement with OFAC, UN, and national lists depending on your exposure.

Documentation is critical. Every screening run must be recorded: the date, lists used, results, and how any matches (including false positives) were resolved. Records should be kept for at least 5 years to demonstrate compliance history.

How to Implement

Implement a screening programme that covers the full lifecycle of counterparty relationships:

1. Onboarding screening - screen all new counterparties before the first transaction.

2. List update screening - re-screen your entire counterparty database whenever sanctions lists are updated. EU updates are published in the Official Journal of the European Union.

3. Periodic full re-screening - at least quarterly for all active counterparties, monthly for high-risk counterparties.

4. Transaction screening - for high-risk counterparties or high-value transactions, screen before each significant transaction.

5. Event-driven screening - re-screen when you become aware of changes in counterparty ownership, management, or sanctions status.

Use a screening tool that covers the EU Consolidated List (sanctionsmap.eu) at minimum. Ideally also cover OFAC SDN, UN Consolidated List, and relevant national lists. For companies with significant counterparty volumes, automated screening with alert management is strongly recommended.

Documentation requirements for every screening run: - Date and time of screening - Lists and databases screened against - Counterparties screened - Results: matches, potential matches, and clear results - False positive resolution records with documented rationale - Analyst name and sign-off

Keep screening records for at least 5 years. Implement quality controls: periodic sample checks of screening results, testing of screening tool accuracy, and audit trails.

Evidence Your Auditor Will Request

  • Screening programme policy documenting frequency, scope, and lists covered
  • Screening execution records showing compliance with the defined frequency
  • False positive resolution records with documented analysis and rationale
  • Screening tool validation records (accuracy testing, configuration review)
  • Record retention policy and evidence of at least 5-year retention

Common Mistakes

  • Screening only at onboarding with no ongoing monitoring programme
  • Re-screening at long intervals (annually) rather than when lists are updated
  • No documentation of screening results - running checks but not recording them
  • Poor false positive management: either ignoring potential matches or blocking legitimate transactions
  • Using a screening tool without testing its accuracy or configuring matching thresholds appropriately

Related Controls Across Frameworks

Framework Control ID Relationship
EU Sanctions DD EU Sanctions DD WHO.1 (related mapping) Related
EU Sanctions DD EU Sanctions DD PROG.2 (related mapping) Related
EU Sanctions DD EU Sanctions DD PROG.1 (related mapping) Related

Frequently Asked Questions

What screening tools are available?
Options range from free manual checks to enterprise screening platforms. For manual screening: the EU Sanctions Map (sanctionsmap.eu) allows free searches against the EU Consolidated List. For automated screening: commercial providers include Dow Jones Risk & Compliance, Refinitiv World-Check, LexisNexis, ComplyAdvantage, and Accuity. These tools offer batch screening, continuous monitoring, and multi-list coverage. Choose based on your counterparty volume, risk profile, and budget.
How do we handle false positives efficiently?
False positives are inevitable in sanctions screening, especially with common names. Establish a clear resolution process: compare identifying information (date of birth, nationality, address, aliases) against the designation details; document the analysis; and have a second analyst review for high-risk matches. Build a whitelist of resolved false positives to reduce repeat alerts, but re-validate the whitelist periodically. Most commercial screening tools include false positive management workflows.
Is screening against the EU Consolidated List alone sufficient?
It meets the minimum EU legal requirement, but may not be sufficient in practice. If you have US nexus (USD transactions, US-origin goods, US persons), OFAC screening is essential. For UK business, add the OFSI list. The UN Consolidated List adds entities designated at the international level. National lists from member states may also designate persons not on the EU Consolidated List. A multi-list approach provides the most comprehensive coverage.

Track EU Sanctions DD compliance in one place

AuditFront helps you manage every EU Sanctions DD control, collect evidence, and stay audit-ready.

Start Free Assessment