The heart of sanctions screening is the lists you screen against. Four major regimes dominate global compliance: OFAC SDN (United States), UN Consolidated, EU Consolidated Financial Sanctions, and UK HMT OFSI. They differ in scope, format, update cadence and binding force, and an AML platform that normalises all four into a single screen-able source has to solve real engineering. This article compares the four (plus national lists worth knowing) and explains which regime is binding under which scenario.
Comparison at a Glance
| List | Authority | Scope | Cadence | Format | Binding On |
|---|---|---|---|---|---|
| UN Consolidated | UN Security Council | Global terrorism + country sanctions | Several times/week | XML | All UN member states |
| OFAC SDN | US Treasury | Broadest, fastest-changing | 1-3 times/day | XML, CSV | US persons + USD flows |
| EU Consolidated | EU Council | All EU member states | 4-6 times/month | XML | EU member states + EU persons |
| UK HMT OFSI | UK Treasury | UK-binding, post-Brexit divergent | Several times/week | CSV, PDF | UK persons + GBP flows |
| National (e.g. MASAK, Canada OSFI) | National | Country-specific | Irregular | Varies | National jurisdiction |
1. UN Security Council Consolidated List
Scope
All UN Security Council Sanctions Committees (1267 — Al-Qaeda and ISIL; 1988 — Taliban; 1518 — Iraq; 1591 — Sudan; 1718 — North Korea; 1737/2231 — Iran; 1844 — Somalia; 1907 — Eritrea; 1970 — Libya; 2127 — Central African Republic; 2140 — Yemen; 2206 — South Sudan; 2374 — Mali; 2653 — Haiti; and others) feed a single consolidated list of approximately 800-1,000 persons and entities.
Binding Force
All UN member states. Under Article 25 of the UN Charter, Member States must accept and carry out Security Council decisions. EU absorbs UN designations via Council Regulations; UK via OFSI publications; US via OFAC; each member state via its national implementation route.
Format and Cadence
- Format: XML (
consolidated.xml) - Source: un.org/securitycouncil
- Update cadence: Several times per week as committees decide
- Data richness: Name, aliases, DOB, place of birth, nationality, ID numbers, listing date, source UN Committee number
Matching Nuances
UN entries include heavy multi-script content — Arabic, Persian, Urdu, Chinese. Latin transliteration usually included but variants exist. Without strong transliteration, queries in source-script characters miss Latin-spelled listings.
2. OFAC SDN and Consolidated Lists
Scope
The US Treasury's Office of Foreign Assets Control (OFAC) maintains the Specially Designated Nationals (SDN) list — globally the broadest and most actively updated. Roughly 14,000-16,000 persons and entities. OFAC also publishes a "Consolidated Sanctions List" covering SSI (Sectoral Sanctions Identifications), FSE (Foreign Sanctions Evaders), NS-PLC (Non-SDN Palestinian Legislative Council), and other programs.
Binding Force
OFAC primary jurisdiction reaches:
- US persons (citizens, residents, US-incorporated entities, branches abroad)
- Persons or property located in the US
- Goods of US origin, regardless of where they are
- USD transactions touching the US clearing system
Secondary sanctions (under statutes like CAATSA, IEEPA, NDAA) can extend reach to non-US persons engaging in specified dealings with sanctioned parties. Any institution holding a US correspondent banking relationship effectively must screen OFAC, regardless of primary jurisdiction.
Format and Cadence
- Format: XML (
sdn.xml,sdn_advanced.xml), CSV (sdn.csv), TXT - Source: treasury.gov/ofac
- Update cadence: 1-3 times daily, more frequently in active enforcement periods
- Data richness: Aliases (full and abbreviated), DOB variants, ID number variants, address history, related entities, vessels, aircraft (for asset-type listings)
Matching Nuances
OFAC carries the broadest alias set in the industry. Records include vessels and aircraft as well as persons and entities — your match engine must support entity-type distinctions. Address and historical workplace data are also queryable inputs.
3. EU Consolidated Financial Sanctions List
Scope
EU Council decisions under the Common Foreign and Security Policy framework (Article 215 TFEU) enter force via Council Regulations and consolidate in the EU sanctions list. Approximately 5,000-7,000 persons and entities.
Binding Force
All EU member states and EU persons. Council Regulations have direct effect — no national transposition required. UK was bound while a member state; post-Brexit the lists have diverged.
Format and Cadence
- Format: XML (consolidated_v1.xsd schema)
- Source: sanctionsmap.eu, ec.europa.eu/info/business-economy-euro
- Update cadence: 4-6 times per month, more during active regimes
- Data richness: Multilingual names, aliases, DOB, programNumber (sanctions regime reference)
Matching Nuances
The EU list ships structured XML but the canonical legal text lives in PDF Council Regulations published in the Official Journal of the EU. Edge cases sometimes require PDF parsing to reconcile. Alias richness is below OFAC.
4. UK HMT OFSI Consolidated List
Scope
The UK's Office of Financial Sanctions Implementation (OFSI), part of HM Treasury, maintains the UK sanctions list under the Sanctions and Anti-Money Laundering Act 2018. Post-Brexit, the list has diverged from the EU on several regimes (notably Russia, Belarus, Myanmar). Roughly 4,000-6,000 entries.
Binding Force
UK persons (UK nationals, UK-incorporated entities, UK-located persons) and GBP-denominated flows touching the UK. Foreign branches of UK firms are subject. Non-UK firms with UK correspondent banking are practically subject through correspondent compliance.
Format and Cadence
- Format: CSV, PDF, ODS
- Source: gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets
- Update cadence: Several times per week
- Data richness: Aliases, DOB, national ID, money-laundering linkage notes
Matching Nuances
UK format is CSV-heavy; less data-type discipline than XML. Single-cell multi-name listings ("name1, name2, name3") are common; parsers must split correctly. OFSI also publishes regime-specific lists separately from the consolidated list — full coverage requires watching both.
5. National Lists Worth Knowing
Beyond the four major regimes, jurisdictionally relevant national lists include:
- Canada OSFI — under the United Nations Act, Special Economic Measures Act and others
- Australia DFAT — under the Autonomous Sanctions Act 2011
- Switzerland SECO — under the Embargo Act
- Japan METI — under the Foreign Exchange and Foreign Trade Act
- France national list — domestic asset-freeze decisions
- Germany BAFin — domestic and EU-implementation
- Turkey MASAK — under Law No. 6415, Presidential decrees
Coverage decisions depend on the institution's customer footprint. A UK firm dealing primarily with UK and EU customers focuses on UK + EU + UN + OFAC; a firm with Latin American exposure adds Canada OSFI and selected national lists.
Which List Applies When?
| Scenario | Binding Lists |
|---|---|
| UK national, GBP account, domestic transaction | UN + UK HMT OFSI |
| USD-denominated cross-border transfer | + OFAC SDN |
| EUR transfer from EU country | + EU Consolidated |
| Multi-country crypto transaction | All four + selected national lists |
| Correspondent banking relationship | All correspondent-jurisdiction lists |
The practical standard is to screen against all four major lists always. Modern AML platforms screen all four in a single API call; gating individual lists creates operational risk without saving cost.
Format and Normalisation Challenges
Reducing four lists into one screen-able source is engineering work:
- Schema differences. OFAC offers rich attribute sets; some national lists offer only name and DOB. Many key fields (DOB, ID number) are absent for some entries on all lists.
- Encoding differences. OFAC UTF-8, EU UTF-16-BE, UK CSV sometimes Windows-1252.
- Alias management. A single person may carry 5-10 aliases (Mohammed/Muhammad/Mohamed). Which is primary, which is secondary — needs a systematic decision and a canonical record.
- Cross-list overlap. The same person may appear on UN + OFAC + EU + UK. Maintained as a merged canonical record or four separate records? The data model must support merging without losing per-list provenance.
What is AML screening covers the normalisation layer in the system architecture section.
List Update Pipelines: Operational Discipline
The list update layer is the most fragile part of most AML systems. A list was published 30 minutes ago and your system still runs yesterday's version — that is a supervisory finding. The only practical answer: a dedicated ETL pipeline per list, with monitoring and alerting.
OFAC. Updates 1-3 times per day. Pipeline poll interval: 5-10 minutes. New file detected → checksum compare → parser runs → delta calculated → write to normalised store → index refresh. Target end-to-end: under 15 minutes.
UN. Formal weekly cadence but emergency sessions are irregular. Pipeline poll interval: 30 minutes. XML schema sensitive — UN has changed schema several times historically; parsers must degrade gracefully.
EU. Monthly-to-weekly cadence. Pipeline poll interval: 60 minutes. If you parse the Official Journal PDF for canonical text, add a manual review gate before pushing to production.
UK HMT OFSI. Weekly cadence, CSV format dominant. Pipeline poll interval: 30 minutes. CSV parsing is forgiving but multi-name cells require care.
Monitoring. Per pipeline: latency, error rate, recent-success indicator. PagerDuty or equivalent alerting; >30 minute lag triggers an operations alert. Monthly report shows per-list update performance.
Managing Cross-List Matches
The same person frequently appears on 4-5 lists. A person linked to a sanctioned regime may show up on UN, OFAC, EU and UK simultaneously. Cross-list management:
- Canonical entity merging. The system collapses records from different lists into a single canonical entity ID. Key: name + DOB + nationality combination matching above a high threshold counts as the same person.
- Per-list provenance retention. The merged entity preserves which lists it came from, when it was added on each, and references to the source document (UN resolution number, EU Council Regulation, etc.).
- Unified match response. A customer query that matches an entity returns details of every list that triggered, not just the first.
- Decision documentation. "Person X identified on UN + OFAC + EU + UK" — recorded in the audit log; consistency at future inspection.
- Delisting tracking. When an entry disappears from a list (delisting), the system tracks the event. Match status updates and an audit entry records the reason.
Frequently Asked Questions
Does a UK bank really need to screen OFAC?
If it operates any USD clearing or holds a US correspondent relationship, effectively yes. The correspondent bank will require OFAC SDN screening as a condition of the relationship. Standalone UK firms with no US exposure can technically focus on UN + UK OFSI + EU (where applicable), but in practice all major UK clearing banks screen OFAC SDN as baseline.
How divergent are UK and EU lists post-Brexit?
Roughly 85-90% overlap, 10-15% divergence. The UK has taken independent action on Russia, Belarus and Myanmar regimes that does not always match EU lists day-for-day. Operationally they must be managed as two separate lists, even if the underlying entities frequently match.
Is a commercial vendor list (Dow Jones, Refinitiv) sufficient?
For the four major regimes — usually yes. Vendors normalise and merge them, handle format changes, and provide a single consolidated feed. Where they typically lag is national lists from smaller jurisdictions (1-3 day update lag is common). Critical jurisdictions (your home market) often need direct source monitoring on top of the vendor feed.
How do we handle list updates without downtime?
Modern AML platforms run a hot-swappable index — list updates push to a staged index, validated, then atomically swapped live. The screening API never blocks for updates. List update latency (publication-to-live) is the metric to watch; sub-30-minute is achievable for OFAC, sub-60-minute for others.
What's the operational sequence when a sanctions hit is confirmed?
Hold the account or transaction; identify and freeze related assets; report to the competent authority (OFSI in the UK, FinCEN SAR in the US, the national FIU in EU member states) within the statutory window; notify the customer only if the sanctions regime allows; retain all decision records (5 years EU/UK, 5 years US for SARs).
How Legichain Helps
Legichain's AML screening API provides UN, OFAC SDN and consolidated, EU, UK HMT OFSI, plus major national lists (including MASAK for Turkey-relevant coverage) in a single normalised data model. List update latency:
- OFAC: under 15 minutes
- UN: under 30 minutes
- EU and UK HMT: under 60 minutes
- MASAK: under 60 minutes from Official Gazette publication
A single API call screens against all major lists; the response details which lists matched and at what score. The same person across multiple lists comes back as a merged canonical record with per-list provenance.