Sanctions Screening: How to Screen Your Customers for AML Compliance

Sanctions screening is a non-negotiable obligation for every Australian reporting entity. Under the AML/CTF Act 2006, you must screen customers against applicable sanctions lists before providing a designated service — and continue screening throughout the customer relationship. Dealing with a sanctioned entity, even unknowingly, can expose your business to criminal prosecution and penalties of up to 10 years imprisonment or fines in the millions.

This guide explains what sanctions lists apply in Australia, how screening works in practice, and what your ongoing obligations look like under the AML/CTF Act.

What are sanctions?

Sanctions are legal restrictions imposed by governments or international bodies that prohibit financial dealings with specific individuals, entities, vessels, or countries. They are used as a foreign policy and national security tool to target activities such as terrorism, proliferation of weapons of mass destruction, and human rights abuses.

When a person or entity is "sanctioned", dealing with them — providing services, transferring funds, or making assets available — is prohibited. For Australian businesses, sanctions compliance is enforced through multiple overlapping regimes.

Which sanctions lists apply to Australian businesses?

Australian reporting entities must screen against all applicable sanctions regimes. The key lists are:

Politically Exposed Persons (PEPs)

While not technically a "sanctions list", PEP screening is closely linked to sanctions compliance under the AML/CTF Act. A politically exposed person is someone who holds — or has held — a prominent public position domestically or internationally, or is an immediate family member or close associate of such a person. Examples include:

• Current or former heads of state or government
• Senior politicians, ministers, and elected officials
• Senior judges and high court justices
• Senior military officials
• Senior executives of state-owned enterprises
• Ambassadors and senior diplomats

PEPs are considered higher risk because of their potential exposure to corruption and bribery. The AML/CTF Act requires reporting entities to apply enhanced customer due diligence (EDD) to PEPs. For a complete guide to CDD and EDD requirements, see our AML/CTF compliance obligations guide.

How sanctions screening works

Effective sanctions screening involves matching customer data against sanctions list entries using a combination of techniques to handle variations in names, transliterations, aliases, and data quality issues.

Exact name matching

The simplest screening technique compares a customer's name exactly against names in the sanctions database. Exact matching is fast and generates few false positives, but it will miss sanctions targets who use variations of their name — common with non-English names that can be transliterated multiple ways into the Latin alphabet.

Fuzzy matching

Fuzzy matching uses algorithms (such as Levenshtein distance, phonetic matching, or n-gram analysis) to identify names that are similar but not identical to a sanctions list entry. This catches common evasion tactics like deliberate misspellings, use of middle names, or transliteration variations. The trade-off is a higher rate of false positives that must be reviewed manually. A well-calibrated fuzzy match threshold — typically 80-90% similarity — balances coverage against operational burden.

Date of birth matching

Adding date of birth to the match criteria significantly reduces false positives from name-only matching. A customer sharing a name with a sanctions target but with a different date of birth is unlikely to be the same person. Date of birth is therefore a critical field to collect during customer onboarding.

PEP screening

PEP screening uses the same name-matching techniques applied against PEP databases rather than sanctions lists. Commercial PEP databases include data on hundreds of thousands of PEPs globally, including historical PEPs (individuals who have left office but may retain elevated risk) and their family members and close associates (known as RCAs — relatives and close associates).

Adverse media screening

Some compliance programs supplement sanctions and PEP screening with adverse media checks — scanning news databases for negative coverage linking a customer to financial crime, corruption, or regulatory enforcement. This is particularly valuable for customers from jurisdictions with less reliable public records.

Ongoing screening obligations

Screening a customer once at onboarding is insufficient. Sanctions lists are updated frequently — sometimes daily — and a customer who was clean at onboarding may appear on a list later. The AML/CTF Act's ongoing monitoring obligation requires you to maintain effective screening throughout the customer relationship.

In practice, ongoing screening involves:

• Automated daily re-screening — Continuously running your customer database against updated sanctions lists. New list entries trigger immediate alerts.
• Transaction-level screening — Screening counterparty names on incoming and outgoing transactions as well as the account holder, since transactions may involve third parties not previously screened.
• Alert management workflows — A documented process for reviewing and clearing screening alerts, including escalation procedures for confirmed matches.

What to do when you get a match

When a screening alert fires, you must promptly assess whether it represents a genuine match or a false positive. The steps are:

1. 1Review the alert — Compare the customer's identifying information (name, date of birth, nationality, address) against the sanctions list entry. Most alerts will be false positives from name similarities.
2. 2Document your decision — Whether you clear or escalate the alert, document the rationale. A well-documented false positive clearance protects you if AUSTRAC asks about your screening process.
3. 3If a genuine match — freeze and report — Do not proceed with the transaction. Freeze any assets or funds controlled by the sanctioned party. Report to DFAT (for Australian autonomous sanctions) and lodge an SMR with AUSTRAC. Seek legal advice immediately.
4. 4Apply tipping-off obligations — Do not alert the customer that they have been flagged or that an SMR has been lodged. Tipping off is a criminal offence.

Penalties for dealing with sanctioned entities

Australia's sanctions laws carry severe penalties:

• Criminal penalties — Up to 10 years imprisonment or fines of up to $2.25 million for individuals, and up to $11.25 million for corporations under the Autonomous Sanctions Act 2011.
• Civil penalties — DFAT can apply civil penalty provisions where the criminal standard of proof is not met. Civil penalties can reach $2.25 million per contravention.
• No "innocent dealing" defence — Sanctions laws are strict liability in some respects. The fact that you did not know a customer was sanctioned is not necessarily a complete defence if you did not take reasonable steps to screen.

How IntelliCompli helps

IntelliCompli's sanctions and PEP screening is built into every plan and covers the DFAT Consolidated List, UN Security Council lists, OFAC SDN list, UK OFSI list, and EU sanctions registers — with automated daily re-screening of your entire customer base against updated lists.

• Global list coverage — Screening against 500+ sanctions and watchlists including DFAT, UN, OFAC, EU, and UK lists.
• Fuzzy matching — Configurable match threshold to catch name variations and transliterations without overwhelming your team with false positives.
• PEP database — Access to a global PEP database covering domestic and international PEPs, their family members, and close associates.
• Automated daily re-screening — Your entire customer base is re-screened each day. List updates trigger instant alerts.
• Alert management workflows — Built-in workflows for reviewing, documenting, and escalating alerts with a full audit trail.

Sanctions screening that was once the domain of large financial institutions is now available to every Australian reporting entity at a fraction of the cost. See our pricing plans — all features, including sanctions and PEP screening, are included on every plan, free until July 2026.