UK Sanctions Screening — the complete guide for accountants and law firms
What screening is, which lists matter, how to run it at onboarding and ongoing, what to do on a match, and the OFSI penalty regime.
By Mehmood Rajoka · Last updated 2026-06-08
TL;DR — Quick Summary
- •Sanctions screening is the process of checking clients, beneficial owners, and associated parties against official UK and international sanctions lists — a legal obligation for every regulated firm.
- •In the UK, the lead authority is the Office of Financial Sanctions Implementation (OFSI), part of HM Treasury. OFSI maintains the UK Consolidated List of asset-freeze targets and runs the licensing regime for permitted dealings.
- •Acting for a sanctioned person is a criminal offence. OFSI civil monetary penalties reach £1 million or 50% of the breach value, whichever is higher. Serious cases face criminal prosecution.
- •Screening is required at onboarding AND on an ongoing basis. The list changes — new designations, removals, and amendments are published frequently — so a single onboarding check is not enough.
- •A confirmed match triggers immediate obligations: freeze any assets, do not deal further, report to OFSI typically within the same working day. The reporting obligation is independent of any SAR duty under POCA.
Answer-first summary
What is sanctions screening?
Sanctions screening is the process of checking clients, beneficial owners, directors, signatories, and other associated parties against official UK and international sanctions lists — primarily the UK Consolidated List maintained by the Office of Financial Sanctions Implementation (OFSI), but also UN, EU, and US OFAC lists where the firm's exposure requires. The screen is mandatory at onboarding before any work begins and on an ongoing basis throughout the relationship. A confirmed match triggers an immediate freezing obligation, reporting to OFSI, and the cessation of further dealings — and exposure to criminal prosecution if the firm continues regardless.
- UK Consolidated List (OFSI) is the legal minimum
- Required at onboarding AND on ongoing basis
- Match triggers freeze + OFSI report + work cessation
- Penalties up to £1 million civil or 7 years criminal
The sanctions lists that matter for UK firms
UK Consolidated List is the legal minimum. The international lists you should also screen against depend on the firm's exposure:
UK Consolidated List (OFSI)
The primary list. Contains every individual and entity subject to a UK financial sanctions regime — asset freeze, prohibited dealings, travel ban. Updated by OFSI as designations change. Available for free download in CSV and PDF formats.
UN Security Council Consolidated List
Persons subject to UN sanctions regimes (counter-terrorism, ISIL/Al-Qaida, country regimes such as DPRK and Mali). UN designations are typically reflected in the UK Consolidated List under UK domestic legislation.
EU Consolidated List
Persons subject to EU sanctions regimes. Since Brexit, the UK no longer automatically mirrors EU designations — firms must check both lists where the EU's may not be reflected in the UK list. Particularly relevant for firms with EU customers or operations.
US OFAC SDN List
Persons designated by the US Office of Foreign Assets Control. UK firms with USD transactions, US correspondents, or US-touching operations need to screen against OFAC even where no direct UK obligation exists — secondary sanctions and correspondent-bank compliance are real exposures.
UK National Security Sanctions
Sanctions imposed under the Sanctions and Anti-Money Laundering Act 2018 (SAMLA) for UK-specific national security purposes — e.g. cyber sanctions, anti-corruption sanctions, the Magnitsky regime for human-rights violators.
The screening process
Four cycles of screening — onboarding, periodic, event-driven, and match disposition — that together cover the ongoing-monitoring obligation:
Initial onboarding screen
Every client, beneficial owner, and associated party (directors, signatories, attorneys) screened against the UK Consolidated List at minimum, with additional lists as the firm's risk assessment requires. The screen must use accurate name + identifier data — date of birth, nationality, address — to reduce false positives.
Periodic re-screen
The sanctions lists change — at minimum monthly, often more frequently. Re-screen every existing client against the updated list. Higher-risk clients warrant more frequent re-screening; risk-rated firms apply weekly to high-risk and monthly to standard portfolios.
Event-driven re-screen
Trigger an ad-hoc re-screen when (a) a major designation event happens — a new sanctions regime is announced; (b) the client's circumstances change — new beneficial owner, change of business activity, new jurisdictional exposure; (c) the client's existing transactions involve newly designated counterparties.
Match disposition
Every match must be investigated and the outcome documented. Differentiate between true matches (designated person), false positives (name similarity), and probable matches requiring further verification. Document the reasoning — supervisors look for the disposition log first.
What to do when you get a match
Six immediate obligations. The clock starts the moment the match is confirmed:
- 1Stop any further dealings — no new transactions, no further work for the client
- 2Freeze any assets held by the firm for the designated person (client account funds, security held, etc.)
- 3Notify OFSI of the match — typically within the same working day. The OFSI 'compliance reporting form' captures the firm details, the designated person details, and the assets held
- 4Do not tell the client they are sanctioned, in the same way tipping off applies to SARs — though sanctions notifications come from law enforcement, not the firm
- 5Consider whether a SAR is also required — sanctions matches often (but not always) involve money laundering suspicion in parallel
- 6Apply for an OFSI licence if there is a legitimate reason to continue dealing (e.g. humanitarian, legal services, basic needs) — licences are granted in specific categories
The UK sanctions penalty regime
Four enforcement tracks operate in parallel — they can run simultaneously on the same facts:
Criminal prosecution
Breaching a UK sanctions prohibition is a criminal offence under SAMLA — punishable by up to 7 years' imprisonment in indictable cases. Prosecution is reserved for serious cases but remains the most significant exposure for individuals who knowingly facilitate breach.
OFSI civil monetary penalties
Civil penalties up to £1 million or 50% of the value of the breach, whichever is higher. Strict liability applies — OFSI does not need to prove intent. The penalty is published, naming the firm or individual.
Compliance Order or Warning Letter
For lower-severity breaches, OFSI may impose a compliance order requiring remediation actions or issue a warning letter. These are not formally penalties but are recorded and create an enforcement history.
Supervisory action
Independent of OFSI's penalties, a firm's AML supervisor (HMRC, SRA, FCA, professional body) can take action against the firm for failures of its sanctions-screening systems. Two-track exposure on the same underlying facts.
FAQ
Answer-first summary
What is sanctions screening?
Sanctions screening is the process of checking clients, beneficial owners, directors, signatories, and other associated parties against official sanctions lists — primarily the UK Consolidated List maintained by the Office of Financial Sanctions Implementation (OFSI), but also UN, EU, and US OFAC lists where the firm's exposure requires. The screen is required at onboarding and on an ongoing basis. A confirmed match triggers an immediate freezing obligation, reporting to OFSI, and the cessation of further dealings with the designated person.
Answer-first summary
Who is OFSI and what does it do?
The Office of Financial Sanctions Implementation (OFSI) is part of HM Treasury and is the UK's lead authority for administering and enforcing financial sanctions. OFSI maintains the UK Consolidated List of asset-freeze targets; processes licence applications to permit dealings with sanctioned parties in defined circumstances; investigates suspected breaches; and imposes civil monetary penalties for breaches up to £1 million or 50% of the breach value, whichever is higher. Criminal prosecution remains available for serious cases.
Answer-first summary
How often should sanctions screening be done?
Every client must be screened at onboarding before any work begins. Existing clients must be screened on an ongoing basis — minimum monthly, more frequently for higher-risk portfolios. Major designation events (new sanctions regime, large-scale designations) trigger an ad-hoc re-screen. Event-driven re-screens are also triggered by changes in the client's own circumstances — new beneficial owner, new jurisdictional exposure, new business activity. A single onboarding check is not sufficient.
Answer-first summary
What lists should UK firms screen against?
The UK Consolidated List maintained by OFSI is the legal minimum for any UK firm. Most firms add UN and EU lists for international exposure (since Brexit, UK no longer automatically mirrors EU designations). Firms with USD transactions, US correspondent relationships, or US-touching operations should screen against OFAC SDN to manage secondary sanctions risk. Higher-risk firms add national-security-specific lists — UK Magnitsky designations, cyber sanctions, anti-corruption sanctions — published under SAMLA.
Answer-first summary
What happens if I get a sanctions match?
Six immediate steps. (1) Stop further dealings — no transactions, no further work. (2) Freeze any assets held for the designated person. (3) Notify OFSI typically within the same working day using their compliance reporting form. (4) Do not warn the client. (5) Consider whether a parallel SAR is required under POCA. (6) Apply for an OFSI licence if there is a legitimate humanitarian, legal-services, or basic-needs reason to continue any dealing. Every step must be documented for the firm's records and for OFSI submission.
Answer-first summary
What's the difference between sanctions and PEP screening?
Sanctions screening checks against legal designations — the person is on a list because a UK or international sanctions regime has formally designated them. Acting for a sanctioned person is a criminal offence. PEP screening identifies individuals in prominent public functions whose role creates elevated money-laundering risk — but a PEP is not, by virtue of being a PEP, prohibited. PEP status triggers Enhanced Due Diligence; sanctions status triggers an absolute prohibition. Most modern screening tools run both checks in one pass, but the obligations are separate.
Answer-first summary
What penalties apply for UK sanctions breaches?
Three enforcement tracks. (1) Criminal prosecution — up to 7 years' imprisonment for indictable breaches under SAMLA. (2) OFSI civil monetary penalties — up to £1 million or 50% of the breach value, whichever is higher. Strict liability applies (OFSI does not need to prove intent). (3) Compliance orders, warning letters, or supervisory action by the firm's AML supervisor. The civil and supervisory tracks can run on the same facts as the criminal track. Penalties are published, creating reputational exposure on top of the financial penalty.
Related glossary and guides
Sanctions screening
Canonical glossary entry
OFSI
The Office of Financial Sanctions Implementation
PEP
Often screened in the same pass
High-Risk Third Country
Mandatory EDD trigger that often overlaps sanctions
AML — UK guide
How sanctions sits inside the wider regime
EDD guide
What screening triggers when matches surface