From Screening to Scrutiny

Why Sanctions Investigations Demand a Different Toolset

Large, well-resourced financial institutions have incurred sanctions penalties exceeding hundreds of millions of dollars1 in recent years. Not from lack of resources or intent, but because sanctions compliance has become increasingly complex. Regulators now update programs on a near-daily basis. In 2025 alone, the U.S. Office of Foreign Assets Control (“OFAC”) revised 21 of its 37 active sanctions programs, while its UK equivalent, Office of Financial Sanctions Implementation (“OFSI”), updated 27 of 28 country-specific regimes.2,3 Even sophisticated compliance programs struggle to maintain the evidentiary rigor regulators demand at this pace of change.

The volatile nature of sanctions control creates significant compliance challenges for organisations. At the same time, heightened enforcement activity4 makes it critical for institutions to be prepared to build defensible, evidence-based responses to avoid reputational damage, asset freezes and monetary penalties.

The Growing Importance of Sanctions Investigations

Russia’s 2022 invasion of Ukraine marked a significant point in sanctions enforcement. The unified international response, from the regulatory authorities in the United States, the European Union and the United Kingdom imposed an escalating series of sanctions. Measures have ranged from asset freezes on individuals to tightening export controls to the removal of major Russian banks from the SWIFT international payment system.5 OFAC imposed a $216 million penalty on a venture capital firm for knowingly violating Ukraine-related sanctions,6 while over half of all OFAC and OFSI penalties in 2025 stemmed from Russia-Ukraine related violations.7,8 This represents not just an increase in volume, but a fundamental shift in enforcement intensity and international coordination.

The expansion of secondary sanctions has compounded organisational risk, extending liability beyond direct dealings with sanctioned parties, to indirect exposure through business partners, supply chains or financial intermediaries. This expands both the scope of potential violations and the complexity of investigations. A single transaction may require tracing layered relationships across jurisdictions, necessitating that institutions to assess both their own activity and that of the wider network which may create exposure.

As sanctions regimes grow more complex and globally intertwined, regulatory scrutiny has intensified. This has driven an increased emphasis on both proactive and reactive sanctions investigations. While some reviews are internally initiated to assess the effectiveness of existing controls, others are regulator-driven and aimed at determining the full extent of perceived or alleged historical failings.

The Challenges of Sanctions Investigations

Effective sanctions investigations require both advanced technological capabilities and specialised expertise. The most successful approaches combine purpose-built data integration techniques with advanced entity resolution capabilities, allowing investigation teams to process large amounts of transactions while maintaining accuracy and defensibility.

Managing Complex Data Landscapes
Sanctions investigations require integrating transactional records, customer data and regional information across multiple jurisdictions, often stored in several systems with inconsistent formats. The data must be consolidated into a unified, auditable environment which requires technical expertise in data standardisation and quality control. The challenge combines managing data volumes with ensuring completeness, accuracy and traceability across sources and processes.

Accessing Historical Sanctions Information
A critical failure point in sanctions investigations is the inability to assess historical compliance accurately. Investigations often require institutions to re-screen past activity. Without access to sanctions data as it existed at the time, transactions risk being judged against information that was not available when decisions were made. As regulators extend lookback periods, including OFAC’s move from five to ten years for certain violations, institutions face increasing risk of being unable to evidence historical compliance. Maintaining point-in-time versions of the sanctions lists used in screening is therefore foundational to any defensible investigation.

Overcoming Challenges in Entity Matching
Identifying sanctioned entities within organisational data presents significant matching challenges. Discrepancies such as spelling variations, transliterations, aliases and inconsistent data fields like names and addresses can lead to legitimate matches to be missed if not carefully addressed. To mitigate these issues, organisations employ fuzzy matching algorithms, standardisation processes and incorporate contextual information such as geographic locations and associated entities. While many organisations rely on entity-matching tools embedded in business-as-usual systems, these are rarely designed for retrospective investigative scrutiny and often lack the precision and configurability required to assess historical sanctions status.

Integrating Human Expertise
Algorithmic matching generates candidates, but human experts are required to validate results. Trained specialists interpret system outputs, apply contextual judgment and distinguish false positives from genuine sanctions exposure. In many workflows, these determinations require secondary review to ensure defensibility. This human-in-the-loop approach is critical for accuracy but introduces operational complexity. Without purpose-built technology to structure the review process, organisations risk inconsistent decision-making, inadequate documentation or efficiency bottlenecks that compromise investigation quality.

Building Effective Solutions for Sanctions Investigations

Effective solutions must be technology-enabled, integrated into investigative workflows and adaptable to evolving review demands.

Access to Historical Sanctions Data
Defensible investigations require the ability to reference sanctions lists as they existed at any point in time. Maintaining access to repositories that consolidate both historical and current sanctions data from major global regulators is crucial. This enables investigators to verify what information was available at the time of a potential breach and demonstrate this to regulators. Automated collection and versioning of sanctions lists reduces manual processing effort and ensures that historical context is embedded into every review.

Effective Entity Matching and Screening
Advanced name matching capabilities are key to accurately identifying links between organisational data and sanctions sources. Combining configurable text normalisation routines, fuzzy matching algorithms and contextual analysis can resolve discrepancies caused by typographical differences, datapoints with multiple representations and incomplete data. Equally critical in investigations is the incorporation of an audit capability that creates evidence on how matches were generated, what thresholds were applied and what data points drove the decision. This audit trail ensures transparency and defensibility in investigative findings.

Flexible Case Management Frameworks
The review process itself must be structured to ensure consistency across investigations. Purpose-built case management platforms that integrate machine-driven analysis with human oversight streamline complex reviews while maintaining process integrity. Configurable workflows and structured review layers ensure consistency and create a transparent, auditable decision trail.

As sanctions enforcement intensifies and regulatory expectations rise, organisations must be confident that their investigation capabilities can withstand scrutiny. Those that invest appropriately in data, expertise, infrastructure and tooling will be able to respond to regulatory enquiries with confidence and clarity. Those that do not risk being exposed to prolonged remediation, significant financial penalties, reputational damage and, in some cases, criminal liability.

Footnotes:

1: “Sanctions Violations,” Violation Tracker.

2: “Sanctions Programs and Country Information,” U.S. Department of the Treasury – Office of Foreign Assets Control (“OFAC”).

3: “UK Sanctions Regimes Under the Sanctions Act,” UK Government.

4: “New Agency Set to Beef Up UK Sanctions Enforcement,” ICLG (September, 2024).

5: Sardor Boratov, “Bearing the Brunt: Analysing the Economic Impact of EU Sanctions on the Russian Economy in the Context of the Invasion in Ukraine,” Council of the European Union (September, 2024).

6: “OFAC Imposes $215,988,868 Penalty on GVA Capital Ltd. for Violating Ukraine/Russia-Related Sanctions and Reporting Obligations,” U.S. Department of the Treasury – Office of Foreign Assets Control (“OFAC”) (June, 2025).

7: “Civil Penalties and Enforcement Information,” U.S. Department of the Treasury – Office of Foreign Assets Control (“OFAC”).

8: “Enforcement of Financial Sanctions,” UK Government.

Related Insights

Related Information

Published

March 26, 2026

temp Key Contacts

Bruno Gomes

Managing Director

Kyle Johnson

Senior Director

Most Popular Insights

  1. Beyond Cost Metrics: Recognizing the True Value of Nuclear Energy
  2. Finally, Pundits Are Talking About Rising Consumer Loan Delinquencies
  3. A New Era of Medicaid Reform
  4. Turning Vision and Strategy Into Action: The Role of Operating Model Design
  5. The Hidden Risk for Data Centers That No One is Talking About

Sign up to get access to FTI Consulting Insights

Subscribe