GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX
05 / SANCTIONS FOUNDATIONS9 MIN

Risk-based screening

The freeze obligation is absolute, but how a bank designs its screening control is a set of documented, defensible risk decisions.

NOT STARTED

L0 Explain simply

An everyday analogy: airport security checks everyone, but not identically — some passengers get a basic scan, others a detailed search, based on route and risk signals. No one skips security entirely, and the rules about what is forbidden on a plane are the same for all. Sanctions screening works the same way: the prohibition itself is absolute and applies to every customer and payment, but the intensity of checking — which lists, how sensitive the matching, how often customers are re-checked — is calibrated to the risk of the business. A domestic savings bank and a bank clearing dollars for other banks face very different exposure, and are expected to make different, documented choices.

L1 Core concepts

A risk-based approach means an institution assesses its sanctions exposure — customer base, products, geographies, currencies, and delivery channels — and designs its screening programme in proportion. The obligation to freeze and to not make funds available is not risk-based; what is risk-based is the control machinery around it: which lists are screened, which data attributes, how fuzzy the matching is allowed to be, how frequently the customer base is rescreened, and where in the payment flow screening happens. The Wolfsberg Group's guidance describes this explicitly: screening is one control within a wider programme, and its calibration should follow from the institution's own risk assessment rather than from a universal template. Two well-run banks can therefore make different choices and both be defensible.

L2 Practitioner view

In practice the risk-based decisions are specific and must be written down. Examples: whether to screen against lists of jurisdictions where the bank has no legal obligation but its correspondents care; whether weak aliases generate alerts or only enrich investigations; whether low-risk domestic retail payments get a lighter matching configuration than cross-border flows. Each choice trades alert volume against the chance of missing a true match, and each needs an owner, a rationale, and periodic review. The common failure is silent drift: thresholds tuned down during a backlog and never revisited. Auditors and regulators ask for the risk assessment behind the configuration, not just the configuration — a setting nobody can explain is treated as a finding regardless of whether it was, in fact, sensible.

L3 Technical details

The connective tissue between risk assessment and configuration is what supervisors probe. A mature programme can show: a documented sanctions risk assessment refreshed on a defined cycle and after material changes such as new products or markets; a mapping from each identified risk to the control that addresses it — list selection, screening points, match thresholds, rescreening triggers; and change control that records who approved each calibration and on what evidence. Risk acceptance is explicit: where the institution chooses not to screen something, the decision is recorded with its rationale. None of this removes judgment — it makes judgment inspectable. What is not defensible is inferring the risk appetite backwards from whatever the filter happens to be doing today.

Sources & standards1
  1. Market practice

    Wolfsberg Group Sanctions Screening GuidanceThe Wolfsberg Group · Risk-based approach to screening programme design

    Industry guidance on the elements of an effective sanctions screening programme: the risk-based approach, list management, matching technology, alert generation, and alert handling. · Checked 2026-07-12

    Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.

Sources for this topic2
  1. Market practice

    Wolfsberg Group Sanctions Screening GuidanceThe Wolfsberg Group · Consideration of a risk-based approach

    Industry guidance on the elements of an effective sanctions screening programme: the risk-based approach, list management, matching technology, alert generation, and alert handling. · Checked 2026-07-12

    Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.

  2. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    What this simplifies: The airport analogy implies a single calibration dial; real programmes calibrate dozens of interacting settings, and supervisory expectations differ by jurisdiction. The examples of risk decisions are illustrative, not a checklist.

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Deepest material on this page: L3 Technical details. Where a topic stops short of implementation depth, that is a deliberate coverage decision, not an oversight — see coverage.