Sanctions Screening for Accountants: A Practical Guide

Sanctions Screening for Accountants: A Practical Guide

Sanctions screening means checking your clients, their beneficial owners and the parties to their transactions against the official lists of designated persons before you act, and again whenever the lists or the client change. Unlike most AML obligations, sanctions law applies to everyone — there is no de minimis threshold, no risk-based opt-out, and breaches are strict in effect. For UK and Irish accountancy firms, screening is the control that stops you providing funds, economic resources or professional services to a designated person.

Why do accountants have to screen for sanctions?

Financial sanctions prohibit dealing with the funds or economic resources of designated persons and making funds or services available to them. In the UK, these prohibitions arise under the Sanctions and Anti-Money Laundering Act 2018 and the regulations made under it, enforced by the Office of Financial Sanctions Implementation (OFSI). In Ireland, EU sanctions regulations apply directly, with the Central Bank of Ireland acting as the competent authority for financial sanctions, alongside the Department of Foreign Affairs and the Department of Enterprise, Trade and Employment for other aspects.

For accountants there are two distinct exposures. First, the general prohibitions: preparing accounts, moving client money or facilitating a transaction for a designated person can itself be a breach. Second, UK accountancy firms are "relevant firms" under the sanctions reporting regime, which means a positive legal duty to report to OFSI if, in the course of business, you know or have reasonable cause to suspect that a person is a designated person or has breached financial sanctions. Failing to report is an offence in its own right. Since 2022 the UK has also restricted the provision of accounting services to persons connected with Russia — a services ban that sits on top of the designated-persons regime.

Which lists should an accountancy firm screen against?

• UK firms: the UK Sanctions List and OFSI's consolidated list of asset freeze targets, as a minimum.
• Irish firms: the EU consolidated list of persons, groups and entities subject to EU financial sanctions, which implements both EU autonomous measures and UN designations.
• Firms with cross-border clients: consider US OFAC lists where there is any US nexus (US dollar payments, US persons, US-origin goods), because secondary exposure is commercially real even where it is not a direct legal duty.

Lists change frequently — sometimes daily during fast-moving designation rounds — so screening against a list you downloaded last quarter is not screening.

How should screening work in practice?

1. Decide what you screen

Screen the client entity, its directors and beneficial owners, and any connected parties relevant to the engagement (counterparties to a transaction you are advising on, payers and payees through client account). Beneficial owners matter because UK and EU regimes treat entities owned or controlled by designated persons as caught even if the entity itself is not listed — ownership and control analysis is part of screening, not an optional extra.

2. Decide when you screen

• At onboarding, before any work begins.
• On every list update for higher-risk clients, or on a defined refresh cycle for the wider client base — many firms use automated daily or weekly rescreening through their AML software.
• At transaction points: before funds move through client account, and before completion of advisory transactions.

3. Decide how you screen

A small firm with a domestic client base can legitimately use manual checks of the official lists and free search tools, provided each check is recorded. Firms with larger client books, international exposure or client money operations should use screening software with fuzzy matching, because exact-name searches miss transliterated and partially matching names. Whatever the method, calibrate it: match thresholds set too loose drown the MLRO in false positives; set too tight, they miss true hits.

4. Handle alerts properly

Most alerts are false positives. Your procedure should require the reviewer to compare identifiers — date of birth, nationality, address, passport numbers — against the list entry, record the basis for discounting the match, and escalate anything that cannot be discounted to the MLRO or sanctions lead.

What do you do if you get a true match?

• Freeze, do not proceed. Do not move funds, complete the transaction or continue providing services.
• Report. UK relevant firms must report knowledge or reasonable suspicion to OFSI as soon as practicable, including the nature and amount of any funds or economic resources held for the designated person — OFSI now provides online forms for this. Irish firms report to the Central Bank of Ireland as competent authority for financial sanctions.
• Consider a licence. Acting for a designated person is sometimes possible under an OFSI licence or an EU derogation (for example, for legal fees or basic needs), but only with authorisation in place first.
• Consider a SAR/STR too. Sanctions evasion frequently involves criminal property, so a parallel report to the NCA (UK) or FIU Ireland and Revenue may also be required.
• Mind confidentiality. Manage client communications carefully to avoid tipping off and to avoid assisting circumvention.

UK firms holding frozen assets for designated persons should also remember OFSI's annual frozen asset reporting exercise, which requires a return on assets held as at 30 September each year.

How does sanctions screening differ from AML checks?

Firms often assume their AML onboarding covers sanctions automatically. It usually does not, and the differences matter:

• Scope: AML duties under the Money Laundering Regulations apply to firms in the regulated sector; sanctions prohibitions apply to every person and business in the jurisdiction, regulated or not. A firm that only does work outside the AML regulated sector still cannot deal with designated persons.
• Risk-based versus absolute: AML allows you to calibrate effort to risk. Sanctions compliance is binary — a designated person is prohibited regardless of how low-risk the engagement looks. The risk-based element in sanctions is only about how much screening effort you apply, never about whether the prohibitions bind you.
• Timing: CDD refresh cycles of one to three years are normal in AML; sanctions lists can change overnight, so screening frequency has to be driven by list updates, not by your CDD calendar.
• Reporting destination: suspicious activity goes to the NCA or FIU Ireland; sanctions knowledge or suspicion goes to OFSI or the Central Bank of Ireland. One event can require both reports.

The practical conclusion: treat screening as its own documented control with its own owner, rather than a by-product of identity verification. Many eIDV and AML software packages include sanctions screening, which is convenient — but only if someone in the firm has confirmed which lists the tool checks, how often it rescreens, and where the results are stored.

A worked example

Suppose your firm is asked to prepare management accounts for a UK trading company. Onboarding screening clears the company and its two directors, but the beneficial ownership review shows 60% of shares held by an overseas holding company, whose own shareholder turns out to match an entry on the consolidated list. Even though no listed name appears anywhere in the immediate client, the ownership-and-control rules mean the client entity is likely caught by the asset freeze. The correct sequence is: stop work, escalate to the MLRO or sanctions lead, verify the match against identifiers, report to OFSI as a relevant firm, consider whether a licence could permit continued engagement, and assess in parallel whether a SAR is needed. The fee at stake is irrelevant to the analysis — and documenting that sequence is what protects the firm if the decision is later examined.

What do supervisors and regulators expect to see documented?

• A sanctions section in your firm-wide risk assessment and a written screening procedure: who screens, against what, when, and how alerts are cleared.
• A screening log or system audit trail showing checks actually happened — dates, lists, results.
• Documented false-positive rationale on file.
• An escalation route to a named senior owner (often the MLRO).
• Staff training records covering sanctions, not just money laundering — a recurring gap in inspection findings, and one easily closed with targeted CPD.

Study with Learnsignal

Sanctions regimes now move faster than annual training cycles, and your team's knowledge needs to keep pace. Learnsignal offers CPD-accredited AML and compliance training, delivered flexibly online, so partners, MLROs and client-facing staff can stay current without leaving the office. Start at Learnsignal CPD.