Skip to content
Book a demo
Book a demo

15.5.2025 | Last updated: 15.5.2025

5 min read

The real best practices of sanctions screening

Antti Pekkala
Antti Pekkala

You’ve reviewed the invoice. You’ve confirmed the payment details. You hit Enter. And then—nothing. 

Your payment’s frozen. The bank won’t move it. And as you scramble to figure out what went wrong, you realize: the company you just paid is linked to someone buried in a sanctions list. Now, you’re not just dealing with a delay. You might be liable. 

This isn’t some edge case. It’s the daily risk every treasury, finance, and compliance team faces in today’s world. Sanctions screening is no longer a quiet back-office routine but a frontline defense. One missed detail can mean frozen funds, regulatory fines, or worse. 

The backdrop? A sanctions landscape shaped by Russia’s war on Ukraine, rising US-China friction, cyberattacks, and a global web of evolving restrictions. Sanctions have become tools of policy with teeth. And they move fast. 

And yet, many organizations are still using systems and methods designed for a simpler time. 

We spoke with Aleksi Pursiainen, a leading expert in sanctions policy and compliance, to cut through the noise. What does real sanctions screening look like? What’s just security theater? And what should companies actually be doing to stay ahead?

Let's get into it:

Meet the Expert: Aleksi Pursiainen

Aleksi Pursiainen (Solid Plan Consulting) is a seasoned compliance expert with years of experience guiding businesses through the complexities of sanctions regulations. With a deep understanding of the evolving legal landscape, he helps companies navigate risks, ensure compliance, and implement effective strategies to avoid penalties and operational disruptions in an increasingly regulated environment.

Aleksi-Pursiainen-yellow-circle

 

 

 

The increasingly complex sanctions landscape 

Let’s imagine you’re about to approve a standard supplier payment—same company, same account as always. Nothing’s changed. Except one thing has: that “same company” is now majority-owned by a Russian oligarch you've never heard of, via two shell entities and a trust in Cyprus. You didn't catch it. Your bank does. Now, your payment is frozen, and you're scrambling. 

This is the world of sanctions compliance in 2025. Ten years ago, things were different. Hell, even 5 years ago, you had it a lot easier. Now, if you think about checking a list and calling it a day, think again. You’re chasing a moving target that’s faster, messier, and more political than ever. 

The reality? Sanctions are no longer limited to a few rogue states. We're talking global cyber-attackers, shady crypto moguls, Chinese tech giants, Russian energy conglomerates, and anyone even connected to them. And they're sanctioned not just once—but repeatedly by different authorities, for different reasons, often in conflicting ways. 

As Aleksi puts it: We have so many different countries that are subject to some restrictions, and each of them is subject to different restrictions than the others.” 

Even if you’ve got a name match, it’s not enough. You need to know who owns what, who controls whom, and how the entire structure might have shifted overnight. 

“It’s not only the name on a list and the name on your computer and whether they're the same. You need to have a broader understanding of who you're dealing with.” 

Think it’s complicated? It is. And that's exactly why the old way of doing things just doesn't work anymore. 

Why the old way doesn’t cut it anymore 

Imagine relying on an old Rolodex—only now, it's a spreadsheet. That’s how many companies treat sanctions compliance. They tick a box when a name matches, expecting that to be enough. It’s a “name, check, move on” approach that ignores how fast things can change. 

Many firms still stick to outdated methods. They scan lists once and assume they’re safe for the year. But in today’s world, what was clean yesterday might be a risk today. The real trouble is the blind trust in these static systems.  

What’s the problem? For starters, sanctions lists don’t just change. They explode in complexity. A “name match” doesn’t simply cut it anymore. You need to track ownership structures, shell companies, and what happens when a controlling entity shifts from one oligarch to another. 

“Your sanction screening systems goes bling… and you have to understand whether that means you’ll be going to jail or just that you're not allowed to invest in their long-term bonds.” 

The EU’s new sanctions directive makes this even more serious. It turns violations into criminal offenses. Yes, criminal. That means fines, yes (up to 40 million or 5% of your global revenue), but also potential jail time for executives and compliance officers.  

With tens of thousands of partners and suppliers, keeping up manually isn’t just hard. It’s nearly impossible. You miss shifts in ownership, control changes, and those sneaky connections that slip through the cracks. 

“100% secure set-up is a rare thing, but almost every company should at least have the bits and pieces that fit their business and risk profile.” 

The real questions that take you beyond compliance 

Here’s the uncomfortable truth: asking “Are we compliant?” is the bare minimum. The real question is: Do we actually understand who we’re doing business with? And what does that expose us to? 

Because in the real world, it’s not always the guy on the list that trips you up. It’s the company he secretly controls. Or the trust fund his nephew manages in another country. Or the third-party payment you processed without blinking. 

Most compliance programs stop at checking names. But the smart ones go deeper. They ask: 

  • Who really owns or controls this entity? 
  • Has that changed recently? 
  • Are we exposed through anyone else in the chain? 
Let's say you're sending a refund to a customer's logistics partner. They're not in your CRM and have never been screened—but the payment goes out anyway. You've now just potentially broken the law. 

“Perhaps you can say hello to them on the street, but that’s about it.” 

That’s how strict EU asset freeze rules are. Even one innocent-looking transfer can trigger a frozen payment—or worse. 

Building a roadmap to sanctions-proofed treasury 

Here’s the hard truth: if your sanctions controls only kick in once a quarter, or worse, after the fact, you're already behind. Treasury teams today need systems that think in real-time, not spreadsheets that age like milk. 

That means daily, automated screening of every counterparty you touch. Customers, suppliers, random third parties you’re sending a one-time refund to. If they’re in your payment system, they should be screened. Every. Single. Day. 

"Everybody might have these parties that would never normally be screened... and then you press enter, and then the whole hell breaks loose." 

You also need layered controls, not just a single check at onboarding. Before a payment goes out, it should trigger another screening. Same with product shipments, software licenses, even service access. And when the system catches something weird—like a sudden shift in ownership—you want it to ping before your goods are on a truck or your money's halfway across the globe. 

“Ideally, again, you would have a fantastic, automated IT system that would ping if that’s not allowed—and stop the shipment.” 

Automation is key, but it’s not everything. You still need humans to make judgment calls. That’s why your setup has to match your risk profile, your business model, and your tech reality. Not someone else’s ideal. 

Sanctions-proofing your treasury isn’t a one-size-fits-all checklist. It’s a living system that watches, alerts, and acts before the problem hits your inbox. 

Final thoughts: Sanctions compliance as strategic infrastructure 

Sanctions compliance is more than just a box to tick. It’s part of how your company shows up in the world. Yes, there are rules to follow. Yes, the risks are real. But this isn’t just about dodging fines or avoiding awkward calls from your legal team. 

At the end of the day, it is all about knowing who you’re doing business with. It’s about recognizing that treasury and finance teams are now playing a role in global security, whether they like it or not. 

The right systems don’t just keep your company out of trouble. They keep your company in line with the values that sanctions are built to defend: sovereignty, accountability, and the rule of law. 

As Aleksi put it: 

“Why are we spending so much time trying to comply with sanctions? It’s not just about avoiding jail—it’s about doing the right thing.” 

So, if your screening still runs like it did five years ago, it's time to rethink it. Not just for compliance but for resilience. 

Sanctions-screening-on-demand-blog