Sanctions in 2025: Mastering strategies for compliance and risk management in a shifting geopolitical landscape

The UK’s sanctions landscape is dynamic, comprehensive and has evolved significantly in the past few years. The UK imposes various types of sanctions including financial, trade and transport sanctions.

In the UK, there is primary legislation governing UK sanctions. These include Sanctions and Anti-Money Laundering Act 2018 (SAMLA), which provides the legal framework for the UK to impose sanctions independently of the EU and allows the UK to implement its own sanctions regimes, and the Economic Crime (Transparency and Enforcement) Act 2022 (ECA), which introduced urgent designation procedures and strict liability for civil breaches of UK sanctions. The UK’s sanctions regime also involves a network of government bodies working together: Foreign, Commonwealth & Development Office (FCDO), Office of Financial Sanctions Implementation (OFSI), Office of Trade Sanctions Implementation (OTSI) and His Majesty Revenue and Customs (HMRC).

• Rapidly evolving regulations, as the UK sanctions regime is constantly evolving, with new sanctions imposed and existing ones updated frequently, firms need to ensure they are complying with multiple sanctions regimes to which they may be exposed, including those imposed by the EU and UN, which can add further complexity especially for firms who operate internationally.
• Understanding complex ownership and control structures is essential in ensuring sanctions compliance. ‘Designated Persons’ will often use holding companies and other tactics to obfuscate the true ownership of entities to evade sanction regimes.
• In line with the dynamic sanctions landscape, firms should ensureits sanctions controls are periodically evaluated and updated to remain aligned with the nature, scale and identified risks of the firm. This is especially crucial for firms undergoing growth, launching new products or entering different markets.

• Firms should ensure there is a strong compliance culture, which exhibits senior leadership involvement and commitment. It is important that top level management is actively involved in overseeing and implementing sanctions controls measures to ensure they are operating effectively and comprehensively.
• Management information should leverage a comprehensive suite of performance metrics that will be used to inform those charged with the responsibility for financial crime systems and controls (including senior management and relevant financial crime and risk committees) with appropriate risk and performance metrics. Often this will be issued monthly as part of regular financial crime performance dashboards, however a risk-based approach should be followed if this is too infrequent. Such metrics relevant to sanctions include the % of overdue sanctions hits, the total number of screening alerts, the QC/QA pass rate for screening reviews, and the proportion of false positive alerts compared with true hits. Assessing whether the information is useful, and enables a firm to take appropriate action, should be factored into compliance monitoring plans.

• Reliance on third party providers is a risk presented to firms who are reliant on technology vendors to support their sanctions name and transaction screening and may lead to ineffective oversight and compliance issues. Being able to bridge the gap between risk-appetite, regulatory obligations and the configuration of tools, is an increasing regulatory focus area and something firms should ensure is appropriately explained and supported by a clear methodology, in line with standards and policies on sanctions. Reliance placed on external providers may lead to screening systems that are not optimally tuned and calibrated, compromising their effectiveness. The default settings of automated solutions may not always align proportionately with the unique risks and customer profiles of regulated firms.
• Limited resources can hinder First Line teams from thoroughly investigating potential connections with Designated Persons, particularly when dealing with complex ownership structures where the sanctions nexus is not always apparent. Resource constraints can lead to compliance “fatigue”, where teams may fail to concentrate their efforts and technical expertise on high-risk issues, inadvertently overwhelming resources with low level risk areas resulting in inefficient resource use. Firms might consider leveraging technology supported solutions, including AI, to provide support.

• Inconsistent data poses a critical hurdle, due to sanctions lists from various sources being in either different formats, spellings and details, which makes it difficult for firms to accurately match data and identify sanctioned individuals or entities.
• Fuzzy matching issues in sanction screening tools arise because names can be transliterated differently across languages, creating multiple versions of the same name. This can lead to false positives (flagging non-sanctioned entities) and false negatives (missing actual sanctioned entities), of which firms need to be aware.
• The lack of data standardisation across global sanctions lists poses challenges for firms to analyse and integrate data from various sources. This can lead to inconsistent results, missed matches and multiple alerts per entity, straining firms’ efforts to link data to different sanction sources.
• Relying solely on technology isn’t enough. Whilst outsourcing or using third-party providers to enhance sanctions compliance frameworks with screening tools can be beneficial, these tools should not replace comprehensive measures. Firms must ensure proper configuration aligned with business risks, continuous monitoring, and regular testing and assessment of the systems used.

• With the rise and increased use of crypto currencies, these are creating new routes and avenues for sanctions evasions, due to the lack of clear identification of ownership controls.
• Firms are increasingly exploring the potential of machine learning and predictive data analytics through AI to enhance their sanction screening and reporting processes. By analysing patterns and identifying anomalies in ways beyond human capability, these technologies may offer significant improvements. The use of AI in alert resolution is already deployed by some firms, yet the challenges around the “explainability” of such tools and taking account of the risks around data quality and bias, need to be appropriately considered and factored into data model and sanctions screening solution governance.

• Proliferation financing is relevant to anti-money laundering and counter-terrorist financing but also sanctions evasion. Firms should ensure that proliferation financing risk is clearly considered within its sanction policies and procedures, as well as explicitly referenced and considered in its financial crime risk assessment (especially as this is an explicit requirement of the money laundering regulations) [10].