GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX

Sanctions Screening / Learning brief

How sanctions lists are delivered and updated

Your notes

What this means in plain language

Authorities publish sanctions lists and change them over time; vendors and feeds carry those additions and removals to screening systems. This article explains the delivery path and why loading updates promptly matters operationally.

A sanctions list is not fixed; authorities add parties, remove them, and correct details as circumstances change. Each authority publishes its own list and its own updates, often as downloadable files in standard formats. Most screening operations do not read every authority directly. Instead, a vendor collects the official publications, normalises them into one consistent structure, and delivers regular updates through a feed or file transfer. The screening system then loads each update so its copy of the list stays current. Timing matters. Between an authority publishing a change and the operation loading it, the screening system is working from an older picture. If a new party was added, screening might miss it until the update lands; if a party was removed, the system might keep raising alerts that are no longer valid. Understanding this delivery path, from authority to vendor to feed to load, explains why update discipline is a core screening control, not a background task.

Understand the full idea, step by step

Your phone updates its apps overnight, and in the morning you use the versions it downloaded — not whatever a developer changed five minutes ago on their own machine. A screening engine works the same way: it never checks a party against an authority's live web page. It checks against the latest snapshot that was delivered and loaded. Understanding that chain, and its timing, is most of this lesson.

From authority to screening system

A sanctions list reaches an engine through a chain, and each link matters. An authority — a government body or international organisation — decides to add, amend, or remove a party and publishes that decision, usually as a structured file plus a human-readable notice. Many authorities exist, each with its own list, format, and rhythm, so reading them all directly is a large task. A vendor collects the official publications, normalises them into one consistent structure, and delivers the result, commonly by a feed or scheduled file transfer. Finally the screening system loads each delivery, replacing or amending its working copy. The copy an engine screens against is always a delivered snapshot, never the authority's live page.

List versionthe specific snapshot in force at a moment

A list version is the identified state of a screening list after a particular delivery has loaded. Because updates arrive over time, screening is always performed against one specific version. Recording which version — and which load time — applied when each payment was screened is what lets a firm later reconstruct exactly what its system knew, and when.

You may wonder: are additions the only updates that matter?

No. Updates come in three kinds, and each has its own operational meaning. An addition places a new party on the list — the most time-sensitive change, because until it loads the engine cannot alert on that party at all. A removal takes a party off; once loaded, the engine should stop raising alerts against that entry, which prevents holding payments for a party no longer listed. A correction amends an entry — a new alias, a fixed date of birth, an extra identifier — and can either widen or sharpen future matches. Removals deserve as much care as additions: continuing to alert on a delisted party wastes review effort and can wrongly delay a legitimate customer.

Loading a delivery as a controlled event

  1. VALIDATION

    The system confirms the delivery arrived and loaded completely, rather than assuming a partial file was whole.

  2. VALIDATION

    It reconciles the loaded record count against the figure the vendor announced, so nothing dropped silently in transit.

  3. VALIDATION

    It records the version now in force and the load time, adding to a version history.

  4. NOTIFICATION

    If a load fails or a feed is late, staff are alerted — a missed or stale load is treated as an incident, not routine maintenance.

WHAT IF — A change is published but the update loads late

What happens: Between publication and load, the engine screens against an older version: a newly added party may pass without an alert, and a removed party may still trigger alerts that no longer apply.

How it is handled: The gap is a genuine risk window, so operations shorten and monitor it. Using the version history, the team can identify every payment screened during the window and re-screen it against the current list, escalating any new alert through the normal review process. The discipline is not chasing perfection — it is knowing exactly what the system knew and when, so a gap can be found, explained, and closed.

COMMON CONFUSION

As long as the engine is switched on, it is screening against the current list.

An engine is only ever as current as its last successful load. A running system with a stale or half-loaded list will confidently pass a newly listed party. That is why the load itself — confirmed, reconciled, and versioned — is treated as the control, not the mere fact that screening is enabled.

STRICTLY SPEAKING

Strictly speaking, authorities publish on their own schedules — sometimes several changes in a day, sometimes none for a stretch — and real formats and timings vary by regime. So operations design their loading process around the vendors and lists they actually use rather than a single assumed cadence, and avoid hard-coding a fixed update frequency.

FOR NOW, REMEMBER

  • An engine screens against a delivered snapshot, never the authority's live page.
  • The chain runs authority to publication to vendor normalisation to feed to load — each a place a delay or error could enter.
  • Additions, removals, and corrections each carry different operational meaning; removals matter as much as additions.
  • Timely, confirmed, versioned loading is the control: it lets a firm say exactly what it knew and when.

TRY IT YOURSELF

A vendor's feed was delayed by several hours. During the delay, a party newly added by the authority sent a payment that Meridian Bank screened and passed. What is the defensible response once the update finally loads?

Use the version history to find every payment screened during the window and re-screen it against the now-current list, escalating any new alert through the normal process.

Correct — Correct. The version history is what makes the control defensible: it identifies exactly which payments were screened against the stale snapshot, so they can be re-screened and any hit escalated rather than discovered later.

Nothing further is needed, because the engine was running the whole time.

Not this one — A running engine is only as current as its last load. It screened against a version that did not yet contain the party, so those payments must be revisited — running is not the same as current.

Re-screen only future payments, since past ones already returned a result.

Not this one — The past result was produced by a stale list and is exactly what is in doubt. The point of the version history is to let the firm re-examine what it decided during the window, not only what comes next.

One authority is rarely the whole picture. Next: how a vendor combines many official and commercial sources into one list, and why keeping track of where each fact came from is what keeps a decision defensible.

KEEP GOING

Three things to remember

  1. 01

    Sanctions lists change constantly through additions, removals, and corrections.

  2. 02

    Vendors collect and normalise official publications, then deliver updates through feeds or file transfers.

  3. 03

    The gap between publication and loading is a real risk window, so prompt, verified updates matter.

Where you would use this

USE CASE 01

A screening operations team schedules and monitors list loads so updates apply promptly and completely.

USE CASE 02

A vendor management function checks how quickly a provider reflects official changes and flags delays.

USE CASE 03

A control owner records each list version and load time so a decision can be tied to the list in force at that moment.

Put the idea into a real situation

Illustrative example: a fictional authority publishes a list update at 09:00 that adds 1 new party and removes 2 others. The vendor normalises it and delivers a feed at 11:00. A fictional bank, Harbor Union, loads the update at 11:30, so for two and a half hours its screening ran against the previous version. During that window a payment naming the newly added party would not have alerted. The bank's control records show the version in force at each moment, so any payment sent in that window can be re-screened against the updated list and reviewed.

Evidence & review

REVIEWED 2026-07-13

Sanctions list delivery and loading generally; publication mechanics reflect major authorities (for example OFAC, OFSI). Not legal advice; update obligations depend on a firm's regulators and vendors.

What this brief simplifies: Presents the delivery chain as a linear authority-to-load pipeline and omits vendor-specific feed formats and load tooling. No update frequency is stated as a number, as cadences vary and change.

Sources for this brief4
  1. Official requirement

    Specially Designated Nationals and Blocked Persons List (SDN List)US Department of the Treasury, Office of Foreign Assets Control · Publication of the SDN list and changes

    The US list of designated individuals and entities whose assets are blocked and with whom US persons are generally prohibited from dealing. · Checked 2026-07-12

    Updated continuously; machine-readable formats are distributed via OFAC's Sanctions List Service. Every list entry appearing in this site's examples is fictional.

  2. Official requirement

    UK financial sanctions general guidanceOffice of Financial Sanctions Implementation, HM Treasury · Notification of changes to the consolidated list

    OFSI's general guidance on UK financial sanctions obligations, licensing, exceptions, reporting, and compliance. · Checked 2026-07-12

    General in nature; regime-specific guidance and the underlying UK regulations take precedence over it.

  3. Market practice

    Wolfsberg Group Sanctions Screening GuidanceThe Wolfsberg Group · List management and update discipline

    Industry guidance on the elements of an effective sanctions screening programme: the risk-based approach, list management, matching technology, alert generation, and alert handling. · Checked 2026-07-12

    Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.

  4. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Learn this properly

Related briefs

View Sanctions Screening archive

What sanctions are and why payments are screened

Sanctions are legal restrictions on dealing with listed people, entities, and places. Screening is the control that enforces them, checking every customer and payment against official lists before money is allowed to move.

READ BRIEF

How a sanctions screening product works

An end-to-end view of the capabilities leading sanctions screening products share — list management, a matching engine, real-time and batch screening, hold queues, alert and case management, disposition, tuning, and audit.

READ BRIEF

Who issues sanctions: regimes and authorities

Several authorities issue sanctions: the United Nations, the United States, the European Union, and the United Kingdom among them. Their lists overlap but are not identical, so a bank must decide which regimes its business obliges it to apply.

READ BRIEF