Sanctions List Monitoring Across OFAC, EU, UN Lists

On April 9, 2026, OFAC designated 14 entities tied to a Russian metals network at 11:47 a.m. EST. Most enterprise sanctions list monitoring tools running their daily batch refresh at 6 a.m. EST did not pick up those names until April 10. That 19-hour gap covered three full shipping waves out of Long Beach, Houston, Charleston. For exporters whose contracts auto-screened at order entry but not at export filing, those shipments cleared. Penalty exposure attached to the export date, not the screening date. The average civil settlement OFAC published in 2025 carried a $1.4M tag against firms that "had screening but not at the right event."

The three authorities behind daily sanctions updates

Three primary authorities. Around nine secondary ones. That is what sanctions list monitoring covers, and the three rarely agree.

OFAC at the U.S. Treasury maintains the Specially Designated Nationals list along with sectoral and CAPTA lists. The EU publishes its Consolidated Financial Sanctions List under Council Regulation 2580/2001 and successor instruments. The UN Security Council maintains the Consolidated List under resolutions tracing back to 1267. Each authority has its own publication channel, file format. Update cadences differ even more.

The lists do not synchronize. A name on OFAC's SDN at 11 a.m. on a Tuesday may not appear on the EU consolidated list until Thursday, and may never appear on the UN list at all. The reverse also happens. UN designations under the 1267 Committee bind all 193 member states, but the speed at which OFAC and the EU mirror those designations into their own enforcement lists varies from same-day to 6 weeks.

The UK is no longer covered by the EU consolidated list. Since January 1, 2021, OFSI maintains a separate sanctions list under the Sanctions and Anti-Money Laundering Act 2018. Canada operates its own SEMA-based list. Australia runs DFAT's Consolidated List. Singapore enforces UN designations through its Targeted Financial Sanctions regime. For an SMB exporter shipping across multiple jurisdictions, "checking sanctions" means hitting at least 5 distinct authoritative feeds.

The BIS Entity List, while not technically a sanctions list, behaves like one for export control purposes. It lives in 15 CFR Part 744, Supplement No. 4 and updates roughly weekly through Federal Register notices. Treating it as separate from watchlist screening keeps showing up in audits as a gap. The controls overlap on Russia, China semiconductor cases, Iranian end-users.

Update frequency varies by authority — why monthly checks miss designations

There is no "weekly update day." OFAC publishes when actions clear interagency review, which can mean four releases on a Wednesday and silence for the next eleven days. Across 312 OFAC publication events in 2025, the median gap between announcements was 2.4 days. Standard deviation exceeded the median.

EU updates flow from the Official Journal of the European Union. When the Council adopts a regulation amending the consolidated list, the Official Journal typically publishes within 24–48 hours, and the EU External Action Service updates the consolidated XML feed shortly after. The XML feed sits at webgate.ec.europa.eu and supports daily polling and event-driven retrieval. Most vendors poll once daily anyway. That works for almost every case but the one that matters.

UN updates are slower but more consequential. The 1267 Sanctions Committee meets behind closed doors. Decisions become public when the Consolidated List XML is republished on the UN Security Council site. Designations under 1267 carry obligations under Article 25 of the UN Charter, binding every member state regardless of whether that state has implemented domestic regulations to mirror them. A name designated by 1267 on a Friday afternoon is operative for an importer in Singapore on Saturday morning, before any local list reflects it.

Real time sanctions screening means sub-15-minute polling against authoritative sources rather than vendor caches. Feasible for OFAC and EU using their primary feeds. For UN, the publication cadence makes sub-hour screening pointless. Daily polling captures everything. UK OFSI is the awkward case: their own SDK documentation recommends polling the consolidated list CSV every 30 minutes. Most vendors ignore the recommendation. We have not figured out why.

A specialty chemicals distributor in the UK learned what monthly screening costs. OFSI published an enforcement notice in 2025 after three customers became designated mid-month. Five shipments closed before the next monthly screen detected the change. Penalty: £1.04M and a public naming. The company had screening. It had the wrong cadence.

Real-time sanctions database ingestion mostly breaks at normalization

Source ingestion is the easy part. The hard part starts the moment three feeds with three schemas have to look like one feed.

A working sanctions database has three components: source ingestion, normalization, the matching layer. Source ingestion pulls from the ofac sdn list XML, the EU consolidated XML, the UN Consolidated List XML, and secondary jurisdictions. Polling intervals sit between 5 minutes (OFAC and EU) and 24 hours (UN). The OpenSanctions project aggregates 200+ feeds into one normalized schema, which is what most modern platforms build on rather than running 50 ingestion pipelines themselves.

Normalization is where most homegrown systems collapse. The OFAC SDN file uses one schema. The EU XML uses another. UN's format includes Arabic and Cyrillic transliteration variants that don't map cleanly to OFAC's romanized fields. A name like "Mohammed al-Hassan" appears as 7 distinct strings across the three lists. Different birthdate formats. Different alias structures. Different relational fields for vessel ownership. Normalization to a unified schema (typically the FollowTheMoney ontology) is the single hardest engineering problem in sanctions list monitoring.

The matching layer is where real-time turns into useful. Exact name matching catches maybe 60% of designations. The remaining 40% need fuzzy matching: phonetic algorithms (Soundex, Metaphone, NYSIIS), transliteration handling, alias resolution, entity disambiguation by date of birth, country, or registration number. Threshold settings determine the false positive rate. Set it too tight and you miss "Mohammad" when the list says "Muhammad." Set it too loose and the morning queue blows up to 400 hits, of which 12 are real. A compliance manager we worked with last summer described it as "spending the first hour every day clicking through false positives so the queue would fit on one screen."

What actually works: ingest from OpenSanctions for breadth, run a secondary direct poll against OFAC SDN for latency, set the matching threshold per workflow rather than globally. Order entry tolerates more false positives because review is cheap. Wire transfer or export filing requires tighter thresholds. A blocked wire is more expensive than a blocked quote.

A single international sanctions list does not exist

That sentence trips up first-time exporters more than any other in compliance. They go looking for "the international list," and find a federation of national and supranational lists that overlap incompletely.

The OFAC SDN contains roughly 13,400 entities as of early 2026. The EU consolidated list runs about 4,600. The UN Consolidated List sits near 1,250. Overlap between OFAC and EU is approximately 38%. The rest is jurisdiction-specific.

When a U.S. exporter ships to a German distributor, the relevant lists are OFAC SDN, EU consolidated, German national, and any sectoral controls under EAR Part 746 or EU dual-use regulations. Sanctions list screening that only hits OFAC produces false confidence. We talked to a Texas pump manufacturer in 2025 whose compliance team ran clean OFAC screens for 18 months on a Slovenian buyer that had been on the EU consolidated list for the previous 14. The shipment cleared U.S. export, cleared U.S. customs, then was seized at Koper port. The company recovered the goods after 9 months of legal work. The CFO told us demurrage alone cost more than two years of decent screening software.

PEP overlay is a separate problem from sanctions but ships with the same monitoring tool. PEPs (politically exposed persons) are not sanctioned. They require enhanced due diligence under FATF Recommendation 12 and the EU's Sixth Anti-Money Laundering Directive. Treating them as sanctions hits floods the queue. Treating them as routine misses the cases where a PEP is indirectly sanctioned through ownership of a designated entity. A working sanctions screening program shares infrastructure with AML compliance but not thresholds.

Then there is UBO. OFAC's 50 Percent Rule (reinforced by 2025 guidance) designates any entity 50%-or-more owned by sanctioned parties, even when the entity itself is not listed. Tracking exposure means pulling corporate registry data from Companies House, OpenCorporates, jurisdiction-specific feeds, with reasonable inference where ownership chains pass through trusts or offshore structures. A clean ofac search on the named buyer means nothing if the buyer's parent company is held 51% by a designated oligarch. The chain matters more than the name.

Audit trail requirements that most sanctions monitoring software skips

OFAC's enforcement guidelines (31 CFR Part 501, Appendix A) require compliance programs to preserve evidence of screening decisions for 5 years. The audit trail has to show the name screened, list versions used, match scores returned, reviewer decisions made, source data the decision rested on. List versions matter. OFAC's SDN file changes throughout the day, and the version that counts is the one in effect at the moment of screening, not the one currently published.

This is where the gap shows up. Companies retain the screening result. They do not retain the version of the SDN list that produced the result. When OFAC enforcement asks "what list did you screen against on April 14, 2025?", the answer "we screened against the SDN" doesn't hold. The required answer is "we screened against the SDN as published at 14:32 EST on April 14, 2025, with hash X, against entry version Y." Most homegrown systems don't preserve this. Several commercial platforms don't either.

Versioning matters for re-screening too. When OFAC adds a name and an existing customer matches, the trail has to show historical clean screens against prior versions, the moment the new version landed, the trigger event that initiated the new screen. This is what regulators mean by "evidence of continuous monitoring." Not a log saying "screening ran." A chain of versioned events showing how the program responded to list changes.

The 5-year retention applies to underlying list data, not just screening events. If your sanctions screening api keeps screening logs but discards source list snapshots, you do not have an audit trail. You have a log of decisions you cannot reconstruct. Lenzo handles this through versioned signal storage where every match decision is bound to the dataset version that produced it, preserved alongside the decision for the full retention window.

The other thing most platforms skip: alert lineage. When a customer flips from clean to designated, the alert has to carry prior screen history. It needs the version diff that introduced the designation. It needs the list of pending transactions affected. And it needs the decision tree the reviewer followed. Lenzo separates the watcher that detects the change from the alert engine that generates the notification, with a history engine linking the alert to affected shipments. The audit trail reconstructs cleanly years after the fact.

FAQ

How often does OFAC update the SDN list?

OFAC updates on a rolling basis with no fixed schedule. In 2025, the median gap between SDN releases was 2.4 days, with some weeks containing 4 announcements and other weeks containing none. Effective monitoring requires polling at least once every 4 hours, ideally tied to the OFAC RSS feed, rather than relying on a fixed daily refresh.

Is the EU consolidated sanctions list the same as the UK sanctions list?

No. Since January 1, 2021, the UK maintains its own list through OFSI under the Sanctions and Anti-Money Laundering Act 2018. The lists overlap heavily on Russia, Iran, and DPRK designations, but UK additions and removals follow a separate process and timeline. UK exporters and any party with UK touchpoints need both feeds.

What's the difference between sanctions screening and sanctions list monitoring?

Screening is checking a name against a list at a single point in time. Monitoring is continuous re-checking over the lifecycle of a customer relationship or transaction. A clean screen on Monday becomes a stale record by Tuesday if a new designation lands in between. Monitoring without screening is impossible. Screening without monitoring is incomplete.

How does the 50 Percent Rule affect sanctions database matching?

OFAC's 50 Percent Rule designates any entity 50%-or-more owned by one or more blocked persons, even when the entity itself is not on the SDN. Name matching against the SDN alone misses ownership-derived designations. Effective sanctions database matching requires UBO data from corporate registries combined with the SDN to compute aggregate ownership exposure.

What records must be retained for sanctions compliance audits?

Under 31 CFR Part 501 Appendix A, OFAC requires 5-year retention covering the screened name, the list version in effect at screening time, the match score, the reviewer decision, the source data hash, and any subsequent re-screens. Many vendors retain only the decision, which fails the standard. Auditors want reconstruction, not attestation.

Can I rely on a single vendor's sanctions feed for global coverage?

Single-vendor reliance is acceptable if the vendor demonstrably ingests from authoritative sources (OFAC, EU, UN, OFSI, DFAT, SECO, and relevant secondary lists) and preserves source attribution per record. Reliance becomes risky when the vendor aggregates without attribution, applies opaque normalization, or polls less frequently than the primary authority publishes. The vendor's update lag is your update lag.

The thing that keeps showing up in 2025 enforcement notices: companies invest heavily in screening at one transaction event, usually customer onboarding or order entry, then skip the re-screen at export filing or wire release. OFAC's penalty math attaches to the date the prohibited transaction closed, not the date of the most recent screen. A customer cleared in January and shipped to in November has been re-exposed to roughly 90 list updates between those events. Internal audits this year have started catching the gap before regulators do, but the methodology has not standardized. The right question is which transaction events trigger a re-screen and why. That answer changes the architecture more than any threshold tweak. The work isn't picking better software. It's picking the trigger events that bind the screen to the moment of legal exposure.