COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Alena Sharykava
19.03.2026 | 6 min read
Updated: 19.03.2026
I founded COREDO in 2016 with a simple idea: complex international rules can be turned into clear, business-ready processes. Over the years the COREDO team has implemented dozens of projects for the registration of legal entities in the EU, Asia and the CIS, supporting the obtaining of financial licenses and building resilient AML and sanctions functions. Today sanctions compliance has become a critical element of corporate governance, and I see how a sound sanctions policy increases resilience, speeds market entry and strengthens relationships with banks and regulators. In this article I will systematically lay out the approach that COREDO has honed in practice in the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore and Dubai.
Why sanctions compliance is important
EU and US sanctions regimes (including OFAC sanctions guidance and the US sanctions list SDN/OFAC SDN list), as well as UN sanctions regimes, are evolving dynamically and affect not only direct prohibitions but also export controls, trade finance and correspondent relationships. Banks and payment institutions place requirements on clients comparable to regulatory ones.
Therefore sanctions compliance for companies is no longer an option but a standard — without it licenses, access to payment infrastructure and counterparties will be at risk.
COREDO’s practice confirms: a company benefits when it builds a sanctions risk management system in advance. Compliance with EU and US sanctions reduces operational disruptions, simplifies engagement with banks and correspondents on sanctions matters, and allows you to quickly explain to the regulator why you made specific decisions.
As a result, trust increases, borrowing costs fall, and client onboarding and supplier onboarding speeds up.
Sanctions Risk Management System
I start by defining the risk appetite and allocating responsibilities. In an international group, the architecture decides: centralized and decentralized compliance can coexist if you have clearly described roles and control points. For holdings with operating companies in the EU, Asia and the CIS, I recommend centralizing the methodology, sanctions lists, screening providers and the incident management system, while leaving operational checks and escalations at the local company level with unified SLAs and KPIs.
The solution developed at COREDO combines a sanctions policy for an international group, standardized sanctions control procedures, risk registers and regular reporting to the board of directors.
The in-house legal department plays a key role: it interprets regimes, drafts sanctions clauses in contracts and conducts legal review of sanctions programs for new markets.
Sanctions Matrix and Risk Assessment
I use a matrix that takes into account the counterparty type (financial, non-financial, governmental), jurisdiction, industry, goods/services (including dual-use), supply chain, transaction type and payment channels. The sanctions risk matrix and likelihood assessment include impact factors: the probability of being listed on sanctions lists, the effect on correspondent accounts, the risk of asset freezes and the reputational impact.
Prioritization is straightforward: high-risk counterparties and transactions go for enhanced sanctions Due Diligence, and transaction monitoring for sanctions is conducted with increased sensitivity thresholds of the screener. For intercompany payments within the holding, I introduce separate rules: sanctions risk management accounts for routing through correspondent banks and the geography of settlements.
Sanctions KPIs and Reporting
I set sanctions key performance indicators (KPIs): screening coverage, average processing time for sanctions hits, rates of false positives and false negatives, escalation time, percentage of employees trained, and frequency of sanctions list updates. Reporting to regulators and banks becomes easier when KPIs are embedded in the incident management system with an audit log and traceability of decisions.
I recommend adding KPIs for third-party and vendor sanctions management: the percentage of contracts with sanctions clauses, supplier verification coverage and the share of audited supply chains. Such a dashboard helps the board of directors control the sanctions risk appetite.
Responsibilities of the Sanctions Officer and Committee
The sanctions officer’s responsibilities include methodology, procedure control, incident escalation and interaction with regulators on sanctions issues. For quick decisions, I form an interdisciplinary sanctions committee: compliance, legal, risk management, finance, sales and logistics. The committee approves exceptions, reviews requests for permission (Licensing of transactions) and oversees internal investigations into sanctions incidents.
Minimum Sanctions Toolkit
When I implement sanctions compliance in a new group, I put in place a minimum set of sanctions procedures that covers the requirements of the bank and the regulator:
- Group sanctions policy, adaptation of the policy for EU, Asia and CIS jurisdictions, and a policy for reviewing and updating procedures.
- Integration of KYC and sanctions screening: minimum KYC procedures and CDD in an international group, assessment of UBOs and beneficial owners, PEP screening, sanctions checks of counterparties and screening clients against sanctions lists.
- Transaction monitoring for sanctions, including trade finance, monitoring export restrictions and sanctions, export control and dual-use goods.
- Procedures for escalating sanctions incidents, an action plan for detecting sanctions risk, asset freezing and prohibition on conducting business with blocked persons.
- Incident management system (case management), an audit log and traceability of decisions, storage of evidential material and logs, record retention and sanctions audits.
- Sanctions clauses in contracts, third-party and supplier sanctions management, supplier checks and supply chain audits.
- Transaction licensing and permission requests, right to a license and sanctions exemptions, checklists for approving sanctions exceptions.
- Confidentiality and data sharing during sanctions screening, internal privacy policies and GDPR, information sharing within the group of companies.
COREDO practice confirms: this basic framework delivers quick results — banks see mature control, and internal teams receive clear instructions without sacrificing business speed.
Automated sanctions screening
Technologies speed up and reduce the cost of the process. Automated sanctions screening takes routine work off the front lines and lowers the human factor. Integrating a sanctions filter into payment gateways and internal CRM/ERP systems saves hours and prevents costly mistakes.
Choosing a sanctions screening provider
Я оцениваю sanctions screening providers by coverage completeness (EU sanctions list, SDN/OFAC, UN, local registries), frequency of sanctions list updates, quality of name-matching and transliteration algorithms, API integration capabilities for sanctions filters, and total cost of ownership. For international groups it is critical to support multilingual scenarios and different alphabets.
Additionally, I check for adverse media, export control data, lists of state-owned enterprises and ownership links under OFAC’s 50% rule. The COREDO team helps assess a solution’s TCO and calculate the ROI from automating sanctions compliance so the CFO can see the project’s economics.
API integration into payment gateways
Я связываю скрининг со всеми точками входа: онбординг клиентов, обновление профилей, платежи, выпуски инвойсов, торговое финансирование и корреспондентские каналы. Integration is done via REST API, webhooks and batch processes, and a centralized database of clients and counterparties eliminates duplicates and reduces the level of false positives.
I separately set the screener’s sensitivity thresholds by scenario: high sensitivity for new counterparties, moderate for repeat customers with a clean history, increased for high-risk jurisdictions and operations involving dual-use goods. Such a risk-oriented approach provides an optimal balance of speed and quality.
Handling hits, thresholds and incidents
Processing sanctions hits and false positives follows standard SOPs: verification of matches, searching for confirming attributes, data enrichment, documenting the decision. The incident management system records all steps, SLA, participants and conclusions so external audits and independent verification proceed without surprises.
False-positive and false-negative triggers: an ongoing issue. Our experience at COREDO has shown that regular fine-tuning of models, relevant transliteration dictionaries and flexible threshold settings reduce false positives by 30–50% without loss of sensitivity.
EU and US sanctions and export control
I take a systemic approach to the requirements: compliance with EU and US sanctions includes direct prohibitions, sectoral restrictions, the OFAC 50% rule, secondary sanctions and asset-blocking requirements. The EU sanctions list and the US SDN sanctions list are updated frequently; version control and instantaneous updates in screening are mandatory.
Legal counsel drafts instructions on blocking and disposal, the prohibition on doing business with blocked persons and the use of licenses/exemptions. The COREDO team helps assess eligibility for a license, prepare the dossier and establish communication with the regulator and the bank.
Export control and dual-use items
Export control and dual-use items are an area where you can only afford to make a mistake once. I build controls at the level of the product catalogue, invoices, logistics routes and the end user. Control of export licences and permits is integrated into the sales and procurement workflow so the system blocks shipments without appropriate authorizations.
I supplement controls with end-use and end-user checks, sanctions due diligence and confirmations from counterparties. For complex cases I engage local legal advisers in the relevant jurisdictions to avoid conflicts of law.
Transaction licensing and authorizations
In some cases transaction licensing opens the way to a lawful operation. I maintain a library of precedents, roadmaps and checklists for approving sanctions exemptions so that the committee can make decisions quickly. The right package of documents, a clear rationale, transparency of sources and control mechanisms are the key to a positive decision.
For trade finance and documentary operations I build in screening against sanctions lists for all parties to the transaction: applicants, beneficiaries, carriers, insurers and correspondent banks. This reduces the risk of funds being blocked in transit.
Monitoring correspondent relationships
Banks have tightened monitoring of correspondent relationships. I introduce regular reports for correspondent banks: sanctions policy, KPIs, escalation cases, external audit results. Cooperation agreements with banks define the format of information exchange and SLAs for responses to requests.
In trade finance it is important to take into account sanctions restrictions for the supply chain: transport routes, port transshipments, insurance and charter agreements. At COREDO we have developed checklists for trade finance that prevent “sanctions surprises” at the worst possible moment.
Sanctions due diligence on third parties
Sanctions risk rarely sits within a single company. risk management of third parties is the foundation of resilience: suppliers, agents, distributors, as well as M&A partners affect your profile no less than internal divisions.
Sanctions clauses and guarantees
I include sanctions clauses in contracts, establish the counterparty’s obligation to conduct sanctions compliance, provide the results of checks and notify of sanctions changes. Contractual guarantees and sanctions clauses improve risk manageability and create a legal basis for swift termination or suspension.
Additionally, I add the right to audit and an obligation to support transaction licensing where necessary. Legal expertise on sanctions programs at the negotiation stage saves months down the line.
Supply chain audit
Sanctions checks of counterparties cover suppliers and their key subcontractors. Supplier checks and supply chain audits include screening, route analysis, end-user controls and assessment of sanctions-evasion mechanisms. For intercompany transactions within a holding, I implement routing controls and verification of originating and receiving banks to eliminate the risk of funds being blocked.
Monitoring correspondent relationships complements this framework: your payment “ecosystem” must understand your controls and trust your procedures. Regular meetings with banks, exchanging KPI statistics and case examples increase limits and reduce inquiries.
Due diligence and integration in M&A
At the due diligence stage in M&A and cross-border transactions I carry out sanctions due diligence: assessment of UBO, supply histories, customers, payment geographies, export licenses and current exemptions. Managing sanctions policy during international mergers and acquisitions requires an integration plan: unifying screening, migration to a centralized database, contract review and rapid team training.
Modeling sanctions shock scenarios helps assess the deal value taking into account likely restrictions. This approach protects the purchase price and reduces the risk of unpleasant surprises at closing.
Training and culture of the sanctions function
Sanctions compliance lives in culture, not in documents. Frontline, logistics, procurement, and sales staff must recognize red flags and know how to act.
Training of compliance officers
Я запускаю обучение персонала по санкционному комплаенсу по ролям, с регулярными апдейтами по новым режимам и кейсам. Обучение и сертификация compliance officers обеспечивает глубину компетенций, а микрокурсы для бизнеса: скорость реакции. Каждый курс закрывается тестом, метрики попадают в KPI.
COREDO использует реальные кейсы клиентов (анонимизированные), чтобы сделать тренинг практичным. Это помогает распознавать механизмы обхода санкций и избегать наивных ошибок.
Effectiveness testing and external audit
Тестирование эффективности санкционной политики идет через выборочные прогоны кейсов, stress-testing при введении новых санкций, «red team» сценарии и бенчмаркинг санкционной функции на фоне лучших практик рынка. Внешний аудит и независимая верификация добавляют веса вашим заявлениям перед банками и регуляторами.
The policy for reviewing and updating procedures sets the pace: a quarterly review of the risk matrix, semi-annual SOP updates, and an annual re-evaluation of data providers and IT solutions.
Scaling and business continuity
Масштабирование санкционной функции при росте группы включает централизацию данных, единый case management, каталоги интеграций и репозитории правил. Бенчмаркинг санкционной функции по рынку помогает ставить амбициозные, но реалистичные цели. Обеспечение непрерывности бизнеса при санкциях – это планы B по маршрутам, альтернативные банки-корреспонденты и контрактные сценарии ответных мер при введении новых санкций.
COREDO cases in the EU, Asia and the CIS
- Singapore fintech and integration of screening into a payment gateway. The client was seeking a license for payment services. The solution developed at COREDO combined KYC/CDD, automated sanctions screening and transaction monitoring. We configured the integration API, sensitivity thresholds and SLA for processing hits. Result: a 42% reduction in false positives, 28% faster onboarding, and a positive assessment by the correspondent bank.
- European crypto service provider (Estonia/Cyprus). The COREDO team implemented sanctions compliance taking into account the OFAC 50% rule and EU sectoral restrictions. We integrated a sanctions filter into on-chain/fiat payments, added reporting for banks and conducted front-line staff training. The regulator noted a strong sanctions risk management system, which expedited licensing.
- Manufacturing holding Czechia–Slovakia–Dubai and export control. We conducted an audit of dual-use goods, implemented export control checks, and integrated route and end-user screening. During stress-testing when new sanctions were introduced, the holding avoided contract disruptions by restructuring logistics within a week.
- M&A in the UK with assets in the EU. As part of due diligence the COREDO team conducted sanctions due diligence of the target, identified risks in the supply chain and intercompany settlements. We prepared a sanctions policy integration plan and carried out internal investigations into disputed transactions. The deal closed without sanctions incidents, and the bank retained its correspondent banking limits.
Develop a sanctions policy within 60 days
- Week 1–2: rapid risk assessment, sanctions risk matrix and likelihood assessment, process inventory, definition of risk appetite and the role of the sanctions officer.
- Week 3–4: draft sanctions policy, sanctions compliance policy, minimum set of sanctions procedures, escalation protocol, exception checklists, sanctions KPIs and reporting.
- Week 5–6: selection of a screening provider, design of API integrations, test datasets, tuning of screener sensitivity thresholds, launch of case management, audit log.
- Week 7–8: pilot on one business flow, handling hits and false positives, rule adjustments, staff training, readiness for external audit and reporting to banks.
- Week 9–10: scaling to the group’s other legal entities, integration of KYC and sanctions screening into front- and back-office, launch of monitoring of correspondent banking relationships.
- Week 11–12: effectiveness testing, stress tests, coordination with banks and correspondents on sanctions, closing gaps and final report to the board of directors.
Confidentiality and Data Sharing
Compliance relies on data, so confidentiality and data sharing in sanctions screening are a core pillar. I formalize internal privacy and GDPR policies, data minimization, protection in transit and at rest, as well as lawful bases for processing. I arrange information sharing within the corporate group through intra-group agreements and standard contractual clauses for data transfers.
Retention periods for records and sanctions audits are determined by the requirements of regulators and banks. Storing evidentiary material and logs in protected registries with access controls ensures traceability of decisions and readiness for inspections.
TCO and ROI of sanctions compliance
CFOs will rightly ask about the economics. The assessment of the cost of implementing sanctions software (TCO) includes provider licenses, integrations, support, training, and the compliance staff. The assessment of return on investment in sanctions compliance (ROI) is made up of prevented fines and blocks, accelerated onboarding and payments, preserved correspondent relationships, and reduced operational losses.
In one of COREDO’s projects, the ROI calculation showed payback in 9 months due to a reduction in false positives, decreased manual review time, and increased conversion of corporate client onboarding. When you link compliance KPIs to business KPIs, the conversation quickly shifts from “costs” to “investments”.
Interaction with banks and regulators
I am a proponent of open dialogue. Interaction with banks and correspondent banks on sanctions requires regular reporting, demonstrating KPIs, sharing case studies and a willingness to jointly improve processes. Cooperation agreements with banks establish channels and response times, which reduces friction.
With regulators, it is worth building constructive communication: discuss new products, regimes, transaction licensing and exemptions in advance. In complex cases I bring in external legal advisers to avoid conflicts between EU, US and local rules in Asia and the CIS.
Actions in Case of Sanctions Risk
The action plan should be concise and clear:
- Immediate suspension of the operation and freezing of assets when there is reasonable suspicion.
- Verification of data, rescreening, analysis of the 50% rule and affiliations.
- Escalation to an interdisciplinary committee and the legal department.
- Decision: block, request a license/authorization, or resume.
- Communication with the bank and, if necessary, with the regulator.
- Complete documentation, updating the audit log, preservation of evidence and logs.
- Lessons learned: updating rules, training the team, adjusting thresholds.
This clear protocol reduces downtime and demonstrates the maturity of your sanctions risk management system.
How to avoid common mistakes
I see recurring mistakes: ignoring the 50% OFAC rule, outdated lists, decentralized and uncoordinated procedures, lack of documentation and a weak role for the legal department. Companies confuse PEP screening with sanctions screening, do not control export licenses and underestimate intercompany payments.
Avoid overtrained filters that generate an avalanche of false positives, and don’t skimp on training. Implement escalation procedures for sanctions incidents, conduct regular external audits, study case law on sanctions violations, and keep checklists for sanctions exceptions on hand. This approach creates a safety buffer and speeds up operations.
Conclusions
Sanctions compliance is not about ‘stop’, it’s about ‘how to do things correctly and quickly’. When sanctions policy is embedded in company registration, obtaining financial licenses, AML and operational processes, the business gains a strategic advantage. COREDO’s experience has shown: a well-thought-out system, clear roles, technological support and a mature culture make the group resilient to shocks and open doors to banks, markets and partners.
If you are building an international structure in the EU, Asia and the CIS, preparing a license for payment, crypto, forex or banking services, or scaling an existing business, use this guide as a roadmap. The COREDO team is ready to discuss architecture details, KPI setup, provider selection and integration into your IT landscape. Reliable sanctions compliance is an investment in predictability, speed and trust, and therefore in the long-term value of your group.