Sanctions List Screening: OFAC, UN, EU, UK & MAS Compared

The lists below cover the substantial majority of obligation exposure for regulated firms operating across the major financial centres. Firms with more specialised geographic exposure should add the relevant additional regimes (OFSI's Russia-specific lists, Switzerland's SECO, Canada's SEMA designations, and so on).

Maintained by the US Office of Foreign Assets Control. The Specially Designated Nationals and Blocked Persons list is the most consequential single sanctions list in global finance, covering several thousand individuals, entities, vessels and aircraft across more than 40 distinct sanctions programmes (Russia/Ukraine, Iran, North Korea, Venezuela, narcotics trafficking, cyber, terrorism, and others). OFAC's 50% rule extends sanctions automatically to any entity owned 50% or more in aggregate by one or more SDN-listed persons — meaning a screening hit on a UBO can trigger sanctions exposure on the underlying entity even when the entity itself is not listed. OFAC publishes updates as designations occur; firms should ingest changes within hours of publication.

Maintained by the United Nations Security Council, covering all designations made under Chapter VII resolutions. Scope is narrower than OFAC — focused on terrorism financing (ISIL and Al-Qaida regime), proliferation finance (DPRK and Iran), and a small number of country-specific regimes. UN designations are binding on every UN member state and form the foundation of most national sanctions lists. Update cadence is lower than national lists — typically weeks between revisions — but the obligation reach is universal.

Maintained by the European External Action Service under EU Council Regulations. Implements UN designations plus EU-autonomous designations across thematic regimes (Russia, Belarus, cyber-attacks, human rights violations, chemical weapons proliferation, terrorism). The list is published in machine-readable XML and updated on a roughly weekly cadence as Council Regulations are amended. EU sanctions bind EU persons globally and any person acting within EU territory.

Maintained by the Office of Financial Sanctions Implementation within HM Treasury. Post-Brexit the UK list is independent of the EU list, though they continue to overlap on most designations. OFSI publishes the list as machine-readable CSV and XML. UK sanctions bind UK persons globally and any person within UK territory. Notable differences from the EU list include selected Russia-specific designations, the UK's broader use of the Global Anti-Corruption Sanctions Regulations, and timing differences as each regime moves at its own pace.

Maintained by the Monetary Authority of Singapore under the Terrorism (Suppression of Financing) Act and various MAS Regulations. MAS implements UN designations plus Singapore-specific designations affecting terrorism financing and proliferation finance. Compared with OFAC or EU lists, the volume of designations is smaller and the policy approach is more focused — Singapore prioritises full UN implementation over autonomous thematic regimes. Coverage obligation extends to all MAS-regulated financial institutions.

Maintained by the Department of Foreign Affairs and Trade with implementation oversight from AUSTRAC and the Australian Sanctions Office. Covers UN-mandated designations plus Australian autonomous designations under the Autonomous Sanctions Act 2011. The list is published in CSV format and updated as designations occur. Australian sanctions bind Australian persons globally and any person within Australian territory, with the regime currently undergoing significant expansion under AUSTRAC Tranche 2 reform.

A defensible multi-list programme is built around the firm's obligation exposure, not around vendor convenience. The starting point is mapping which lists apply to which parts of the business — that determines the screening scope.

For each business line, identify the applicable sanctions regimes: which jurisdictions the firm operates in, which currencies it clears in, which counterparties it transacts with, which technologies it uses. A Singapore-regulated firm clearing USD payments through correspondent banks faces MAS, UN and OFAC exposure simultaneously. An EU fund administrator with UK investors faces EU, UN and OFSI. Document the mapping; it is the first thing a supervisor will ask to see.

Decide what gets screened against which list. Customers, beneficial owners and directors should be screened against every applicable list. Counterparties on transactions should be screened — for cross-border payments this means screening the originator, beneficiary, and any intermediary parties named in the payment message. Internal employees and vendors generally also fall in scope. Specialist categories (vessels for trade finance, aircraft for asset finance, ports for shipping exposure) need explicit decisions.

Different lists warrant different match thresholds. OFAC matches typically warrant lower thresholds (more sensitivity, more false positives, more analyst review) because the consequence of missing an OFAC hit is more severe than for a less prescriptive regime. List-level threshold configuration also handles the data quality variation — UN lists with detailed dates of birth allow stricter matching than lists where DOB is often absent.

Match alerts should be reviewed and dispositioned within defined service-level windows — typically same-day for high-priority lists (OFAC, UN terrorism), with longer windows for lower-priority lists at the firm's discretion. Onboarding flow alerts should block the relationship until cleared; transaction alerts should pause the transaction. Document the SLA and the escalation path; both will be inspected.

The same individual often appears on multiple lists. A clean programme deduplicates at the entity level — a single match against Ivan Petrov surfaces once with the list memberships attached, not five times as separate alerts. Where data conflicts between lists (different spellings, different DOBs, different addresses), the programme should record both versions and use the broader match attributes for screening.

Regulators inspect documentation more closely than they inspect technology. The programme document should describe which lists are screened, against which customer populations, at what frequency, with what matching configuration, with what alert disposition standards, and with what oversight. Quarterly reviews of the methodology — and explicit sign-off when changes are made — are expected practice.

Manual multi-list screening at any meaningful scale is unsustainable. A modern sanctions screening platform automates list ingestion (real-time updates from every major regime), entity matching (fuzzy name matching with transliteration support, DOB matching, and structured attribute comparison), alert routing (list-specific SLA enforcement and analyst routing), and audit trail (every alert disposition recorded with reasoning and the data used).

The objective of automation is not to remove analyst judgement — it is to focus analyst time on the cases that warrant judgement. A platform that auto-clears clear-cut matches and surfaces only the ambiguous cases produces dramatically better outcomes than one requiring shallow analyst review of every alert. For the broader compliance context, see our overview of AML / CFT obligations and our companion guide to PEP screening best practices.