Sanctions Compliance: Beyond the Name on the List

Share Articles

A Singapore-based corporation runs a sanctions screen on a new supplier before onboarding. The supplier comes back clean: not on OFAC, not on the EU Consolidated List, not flagged by any of the standard databases. The relationship begins. Eighteen months later, an audit reveals that the supplier’s parent company is itself owned, two layers up, by an individual sanctioned by the United States Treasury. The original check was technically accurate. However, it did not uncover the indirect ownership exposure that later became relevant.

This is the situation global sanctions compliance is increasingly built around. Sanctions regimes are expanding faster than they have in years. Corporate structures, particularly in APAC, are getting more layered, more cross-border and harder to read. The exposure that matters now lives in the gap between the two, not on the front page of the screening report.

What Are Global Sanctions?

The regimes themselves are the first half of the picture. Global sanctions are restrictive measures imposed by governments and multilateral bodies to deny designated individuals, entities and jurisdictions access to financial systems, trade or specific transactions.

The principal regimes financial institutions screen against are issued by the US Office of Foreign Assets Control (OFAC), the United Nations Security Council, the European Union, the UK Office of Financial Sanctions Implementation (OFSI) and, for APAC firms specifically, the Monetary Authority of Singapore (MAS).

The volume and reach of these regimes have grown sharply in recent years, driven by responses to the war in Ukraine, restrictions on Myanmar, China-linked technology controls and broader geopolitical realignment. Compliance teams are working against a target that no longer sits still.

What Is Sanctions Compliance?

That moving target reshapes what compliance teams actually have to do. Sanctions compliance is the ongoing obligation to ensure that an organisation does not, directly or indirectly, conduct business with sanctioned parties. It is not a one-time screening exercise conducted during onboarding, but a continuous risk management function that runs across the lifetime of every relationship.

The practical distinction is between reactive and proactive compliance. Reactive sanctions compliance checks a name against a list before opening an account. Proactive compliance monitors relationships continuously, assesses network-level exposure, and treats sanctions risk as something that can emerge after onboarding rather than only at the gate.

Regulators increasingly expect organisations to adopt risk-based controls that extend beyond point-in-time screening. Penalties are no longer reserved for organisations that knowingly deal with sanctioned parties. Failure to implement appropriate sanctions controls or identify relevant exposure can result in regulatory findings and enforcement action. 

The Network Risk Problem Nobody’s Screening For

Two issues compound to make this gap larger than most programmes recognise: the layered structure of modern corporate ownership, and the specific complexity of doing this work across APAC.

Why One Degree of Separation Isn’t Enough

Indirect sanctions exposure is the gap most screening programmes still leave open. A business partner can be clean on paper while majority-owned by a sanctioned individual. A counterparty can share directors with a blacklisted entity. A clean trading company can hold beneficial ownership tracing back to a sanctioned holding structure two or three layers up.

Take a simplified example. Company A passes its own check. Company A is wholly owned by Company B. Company B is majority-owned by Individual C. Individual C appears on the OFAC SDN List. Standard name-screening tools may not surface that exposure without additional ownership and relationship analysis. They were designed for direct hits, not for the layered ownership structures that have become normal across APAC corporate landscapes.

The APAC Dimension

APAC compounds the problem. Corporate structures regularly span multiple jurisdictions, each with its own registry standards, disclosure thresholds and transparency norms. A holding structure tracing through Singapore, Malaysia, Vietnam, China and Thailand can sit within the same group and tracing exposure across all five requires reliable data depth in each. Where visibility into any jurisdiction is limited, ownership analysis becomes more challenging and may require additional investigation. This is the practical context that makes regional registry coverage a compliance question, not just a data one.

Where Traditional Sanctions Screening Falls Short

Traditional sanctions screening tools are not failing because they were poorly built. They were built for a simpler threat environment, and the environment has moved.

Three limitations recur:

  • Timing: A name-check at onboarding matches the list as it stands that day, but ownership shifts can happen within weeks, and the check does not move with them.
  • Depth: Matching individual names alone may not surface risks that exist deeper within ownership structures.
  • Scale: Manual cross-referencing across multiple jurisdictions is slow, inconsistent and hard to audit at the standard regulators now expect.

None of this is an indictment of the tools themselves. It is recognition that sanctions compliance has expanded beyond the problem that name-matching was designed to solve.

A Smarter Approach to Sanctions Compliance

A network-aware approach to sanctions compliance rests on three capabilities working together:

  • Breadth: Registry coverage across every market where exposure can hide, not just the home jurisdiction.
  • Mapping: Ownership and relationships traced through multiple corporate layers, surfacing indirect exposure that direct name-matching misses.
  • Monitoring: Ongoing monitoring and alerts help compliance teams stay informed of changes in ownership, control, or sanctions status throughout the customer lifecycle.

Handshakes offers business intelligence solutions built around exactly this combination. UBO mapping and relationship intelligence help organisations trace ownership chains across APAC registries, supporting the identification of indirect sanctions exposure through complex ownership structures.. Our KYC platform and Handshakes KYB then apply that intelligence consistently across customer and counterparty workflows, so the same depth that supports onboarding also supports ongoing screening.

Treat Sanctions Compliance Like a Network Problem

Return to the scenario that opened this piece. The check was technically accurate. The exposure was real. The gap between those two facts is what global sanctions compliance now has to close.

The question for compliance teams is no longer simply, is this entity sanctioned? It is: who is this entity connected to, what does that network reveal, and how would we know if any of it changed tomorrow? Answering that requires data, mapping and ongoing intelligence working in concert, not three separate tools held together by manual review.

Handshakes supports compliance teams with the corporate intelligence, ownership visibility, and relationship analysis needed to strengthen sanctions compliance across APAC. Explore how Handshakes can strengthen your sanction compliance programme across APAC counterparties, ownership structures and the regulatory landscape they sit within.