Sanctions screening analyst
This path starts with the legal foundations — what sanctions are, who imposes them, and what an asset freeze actually prohibits — because good dispositions rest on understanding what is at stake. It then covers list data and matching mechanics before finishing with investigation practice: how to work an alert from hit to documented decision. Thresholds and procedures differ between institutions, so the focus is on reasoning you can carry anywhere.
FOR: Analysts who review screening alerts, investigate potential matches, and document dispositions in a compliance operations team.
AFTER THIS PATH YOU CAN
- You can explain what a sanctions designation prohibits and why a bank must not process a payment involving a designated party.
- You can read a list entry and identify the primary name, aliases, and secondary identifiers that matter for matching.
- You can explain why a screening engine generated a specific alert, including the fuzzy-matching logic behind it.
- You can use secondary identifiers to confirm or eliminate a potential match with confidence.
- You can document a disposition that a reviewer or auditor can follow without asking you a single question.
THE LINE
- 01GO TO L2 — PRACTITIONER VIEWWhat sanctions areSanctions are legal restrictions on dealing with listed people, entities, and places — and banks are on the front line of enforcing them.Every alert you work exists because a legal prohibition might apply. Knowing what sanctions are for keeps the paperwork connected to its purpose.
- 02GO TO L2 — PRACTITIONER VIEWWho imposes sanctionsThe UN, the US, the EU, and the UK each run their own sanctions lists — overlapping but not identical — and a bank may owe obedience to several at once.Alerts cite different authorities, and which regime applies changes the obligations in play. You need to recognize the major issuers and how their lists differ.
- 03GO TO L3 — TECHNICAL DETAILSAsset freezes and restrictionsWhat a designation actually forbids: freezing assets, not making funds available, and the narrower sectoral restrictions that stop specific activities.Asset freezes, sectoral measures, and ownership rules define what a true match actually requires you to do. Escalation decisions depend on knowing which prohibition is potentially engaged.
- 04GO TO L2 — PRACTITIONER VIEWSanctions screening vs AML vs fraudSanctions screening, AML monitoring, and fraud detection answer different questions on different clocks — and confusing them causes real design mistakes.Sanctions screening, anti-money-laundering monitoring, and fraud detection are separate controls with different logic and urgency. Confusing them leads to alerts routed to the wrong team and deadlines missed.
- 05GO TO L2 — PRACTITIONER VIEWRisk-based screeningThe freeze obligation is absolute, but how a bank designs its screening control is a set of documented, defensible risk decisions.Your institution's screening scope and thresholds come from a risk-based policy. Understanding that logic explains why some things are screened tightly and others are not.
- 06GO TO L3 — TECHNICAL DETAILSAnatomy of a sanctions listWhat a sanctions list entry actually contains — names, aliases, birth data, documents, and programme tags — and why every field matters for matching.An alert is only as meaningful as the list entry behind it. Reading entries properly — names, aliases, identifiers, remarks — is the first skill of investigation.
- 07GO TO L3 — TECHNICAL DETAILSIdentifiers and data qualitySecondary identifiers separate targets from namesakes, and ownership rules extend a designation to companies the list never names.Dates of birth, national identifiers, and addresses are what separate a namesake from a designated person. Knowing which identifiers are reliable, and which are weak, sharpens every disposition you write.
- 08GO TO L2 — PRACTITIONER VIEW · OPTIONALThe screening lifecycleFrom data in to decision out: how a screened record passes clean, or becomes an alert, a held payment, and finally a documented disposition.Seeing the full path from input data to alert queue explains where the records you review come from. Helpful context for understanding why some alerts arrive malformed or duplicated.
- 09GO TO L3 — TECHNICAL DETAILSName matching and fuzzy logicListed names never arrive spelled the same way twice. Fuzzy matching is how the control catches variation — at the price of innocent lookalikes.Fuzzy matching, transliteration, and alias logic generate most of your queue. Understanding why the engine fired lets you evaluate the hit itself instead of just the two names on screen.
- 10GO TO L3 — TECHNICAL DETAILSSecondary identifiers and confidenceA name similarity opens a question; birthdates, documents, and addresses are what close it — in either direction, with evidence.Secondary identifiers are your main tool for eliminating false positives defensibly. Using them well is the difference between clearing an alert and merely closing it.
- 11GO TO L3 — TECHNICAL DETAILSAlert investigation and false positivesMost alerts are innocent lookalikes; the discipline is proving it with evidence — and recognising the rare true match that must be escalated.This is the craft of the role: structuring an investigation, weighing evidence, escalating true matches, and documenting the decision. Everything earlier in the path feeds this skill.
- 12GO TO L2 — PRACTITIONER VIEWMoney laundering, terrorist financing, and FATFThe three stages controls are built to disrupt, how terrorist financing differs, and the FATF standards, reporting officers, and intelligence units behind the system.Sanctions screening sits inside a wider financial-crime programme. Knowing the stages of money laundering, how terrorist financing differs, and the FATF framework lets an analyst see where screening fits and what a SAR is for.