GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX

Sanctions Screening / Learning brief

Screening governance, policy, and ownership

Your notes

What this means in plain language

Screening governance is the framework of policies, roles, approvals, and controls around a sanctions programme. This article explains how ownership and documented decisions let an institution defend its configuration choices to auditors and supervisors.

Governance is the set of arrangements that decides how a sanctions screening programme is run, who is responsible for it, and how its choices are approved and recorded. A screening system makes many decisions that matter — which lists to load, what to screen, how strict the matching should be, when to hold a payment — and none should rest on one person's preference. Good governance assigns each decision to a named owner, requires significant changes to be approved and documented, and separates the people who operate the controls from those who independently check them. It also ties the configuration back to a written risk assessment, so a threshold or list choice can be explained as a reasoned response to the institution's real exposure. The purpose is not paperwork for its own sake. It is to make the programme defensible: when a supervisor asks why the system behaves as it does, the institution can point to the policy, the owner, and the approval behind each setting.

Understand the full idea, step by step

Every control eventually meets the same question from a supervisor or an auditor: who decided it should run this way, and can you show me why? A screening system can clear alerts perfectly and still fail that test if no one can explain how its threshold, its lists, and its ownership were set. Governance is the framework that lets the institution answer.

What a screening policy fixes in writing

Scope
Whether the institution screens customers, payments, or both — and at which points
Lists
Which sanctions lists are used and how quickly they refresh after an authority updates them
Matching
The matching approach and the thresholds that turn a resemblance into an alert
Escalation
The paths an alert follows and the time within which reviews are expected
Retention
How long records are kept and who may change each setting

Policy derives from risk, not habit

A sound policy does not appear from custom; it is derived from a documented risk assessment describing the institution's customers, products, countries, and channels, and the sanctions exposure each creates. That link is what lets a strict or a lenient setting be defended as a reasoned response to real risk rather than an arbitrary preference. Senior management approves the policy, and it is reviewed on a fixed schedule and again whenever a sanctions regime changes materially. Because obligations vary by jurisdiction, the policy also records which rules apply and where.

Three lines of defencea model separating who runs a control, who oversees it, and who audits it

The first line is the business and operations — the analysts like Kabir who run screening and clear or escalate alerts under the policy. The second line is an independent compliance or sanctions function that owns the policy, sets risk appetite, and oversees the first line without doing its daily work. The third line is internal audit, which independently tests whether the whole arrangement works as described and reports to the board. Separating who operates a control from who judges it guards against a single point of failure.

The three lines at a glance
LineWhoWhat they own
FirstBusiness and operations analystsRunning screening, reviewing alerts, clearing or escalating under the policy
SecondIndependent compliance / sanctions functionThe policy, risk appetite, advice on hard cases, oversight of the first line
ThirdInternal auditIndependent testing of the whole arrangement, reporting to the board

Change control keeps the configuration honest

Because a screening system behaves differently when its settings change, governance treats configuration as something controlled, not adjusted at will. A change to a threshold, a list source, a vendor, or a matching rule is proposed in writing, assessed for its likely effect — including how many more or fewer alerts it will create — and approved by an authorised body before it reaches production. The proposal, the impact review, the approver, and the date are all recorded, so a quiet adjustment cannot weaken a control without a trace.

Management information the board watches

Alert rate
How many alerts the system raises against volume screened
False-positive rate
The share of alerts that clear as not-a-match
Time to disposition
How long alerts take to clear or escalate
Escalations and confirmed matches
How many alerts became true matches and were reported

COMMON CONFUSION

Governance is paperwork that slows the real screening work down.

Governance is what makes the screening work defensible. Without a policy, a risk assessment, a named owner, and a recorded approval behind each setting, a correct decision still cannot be shown to be correct. The measure of good governance is a simple test: when a supervisor asks why the system is configured as it is, the institution can produce all four.

STRICTLY SPEAKING

Strictly speaking, many regimes also require a nominated senior person responsible for financial-crime reporting — one example is a Money Laundering Reporting Officer (MLRO), though the exact title and the precise obligations vary by jurisdiction. Above the three lines sits senior management and ultimately the board, who remain accountable for the programme and cannot delegate that accountability away. Each control has a named owner rather than a diffuse group, so a questioned setting always has a specific person who can explain it.

FOR NOW, REMEMBER

  • A screening policy fixes scope, lists, matching thresholds, escalation, and retention — and derives from a documented risk assessment.
  • The three lines of defence separate running the control, overseeing it, and auditing it, with named owners for each setting.
  • Configuration changes go through written change control: proposal, impact review, approval, and date.
  • Management information — alert rate, false-positive rate, time to disposition, confirmed matches — lets the board see whether the programme is healthy.

TRY IT YOURSELF

An examiner asks Meridian Bank why its screening threshold was lowered last year. Which response shows the programme is governed defensibly?

Produce the written change proposal, its impact review, the risk assessment it referenced, the second-line owner who authorised it, and the date it went live.

Correct — That chain — policy, risk basis, named owner, recorded approval — is exactly what governance exists to produce. It shows the setting was a reasoned, authorised decision rather than an arbitrary one.

Explain that an experienced analyst judged the old threshold was raising too many alerts and quietly adjusted it.

Not this one — An undocumented adjustment by an operator of the control is the failure governance is designed to prevent. Even if the judgement was sound, the institution cannot demonstrate it was reasoned or authorised.

Point to the low current alert rate as proof the threshold is correct.

Not this one — A low alert rate could equally mean the control is missing genuine matches. A metric is not a justification; the defensible answer is the documented decision behind the setting, not its output.

Governance says every threshold change must be justified and re-tested. The next lesson opens that up: how a programme proves its system catches what it must, and how it tunes the threshold on evidence rather than on feel.

KEEP GOING

Three things to remember

  1. 01

    Governance assigns every screening decision to a named owner with a documented approval.

  2. 02

    Operating the controls and independently checking them are kept as separate responsibilities.

  3. 03

    Configuration is tied to a written risk assessment so each setting can be justified to supervisors.

Where you would use this

USE CASE 01

A compliance function writes the screening policy and reviews it on a fixed schedule as regimes change.

USE CASE 02

A change-approval group signs off threshold or list changes before they reach the production system.

USE CASE 03

Internal audit tests whether the programme is run as its policy describes and reports gaps to the board.

Put the idea into a real situation

Illustrative example: a fictional institution, Northgate Savings Bank, records in its screening policy that it screens every outbound payment against the sanctions lists its jurisdiction requires — a United Nations consolidated list and two national lists — refreshed within 24 hours of publication. The policy names the head of financial crime as owner of the match threshold, currently set at 85 out of 100, and requires any change to it to be approved by a change board of three members and recorded with a reason. When an analyst proposes lowering the threshold to 80 to catch more variants, the change is logged, approved after review of the expected extra alert volume, and dated. Six months later an auditor asks why the threshold is 80; the bank shows the request, the approval, and the risk reasoning in one record.

Evidence & review

REVIEWED 2026-07-13

Governance of a sanctions-screening programme at a regulated financial institution; specific role titles, review cadences, and reporting obligations vary by jurisdiction.

What this brief simplifies: The three-lines model and MI set are presented in a clean form; real institutions add committees, sub-policies, and layered approvals. The examiner scenario is synthetic.

Sources for this brief3
  1. Market practice

    Wolfsberg Group Sanctions Screening GuidanceThe Wolfsberg Group · Programme governance and ownership

    Industry guidance on the elements of an effective sanctions screening programme: the risk-based approach, list management, matching technology, alert generation, and alert handling. · Checked 2026-07-12

    Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.

  2. Official requirement

    The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & ProliferationFinancial Action Task Force · Risk-based approach and senior-management accountability

    The global standards countries implement against money laundering, terrorist financing, and proliferation financing, including targeted financial sanctions and payment transparency under Recommendation 16. · Checked 2026-07-12

    Adopted in 2012 and updated regularly since; the June 2025 FATF plenary agreed revisions to Recommendation 16 on payment transparency. Consult the live consolidated text for the current wording.

  3. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Learn this properly

Related briefs

View Sanctions Screening archive

Sanctions screening versus AML and fraud

Sanctions screening is a list check with an immediate stop. Anti-money-laundering monitoring looks for suspicious patterns after the fact, and fraud detection protects against theft in real time. The three share data but differ in purpose, timing, and outcome.

READ BRIEF

The risk-based approach to screening

The duty to freeze is absolute, but how a bank calibrates its screening, which lists, how sensitive the matching, how often it re-screens, is a set of documented, defensible risk decisions proportionate to the bank's exposure.

READ BRIEF

Identifiers and data quality in screening

Strong secondary identifiers, such as dates of birth, passport numbers, and places, let a screening system confirm or clear a party with confidence. This article explains how good data cuts false positives and what weak data costs.

READ BRIEF