Sanctions Lists Explained: Types, Agencies, and What Each One Means for Exporters

The phrase "sanctions screening" implies a single check against a single list. In practice, it means somewhere between 10 and 50 lists, depending on which jurisdictions touch your transaction. The U.S. government alone runs more than a dozen active lists across three separate agencies, each built on different legal authority, each triggering different consequences when a party appears. Bring in non-U.S. obligations and the question changes entirely: not "are we screening?" but "are we screening everything that legally applies?"

Most SMB exporters aren't.

Sanctions Lists vs. Watchlists vs. Denied Party Lists: What's the Difference

Not the same thing, despite being used interchangeably in most compliance conversations. Each category is a different legal instrument, from a different agency, with different consequences when a party appears on it.

A sanctions list is the most restrictive. Appearing on one triggers prohibitions under executive order or statute: asset freezing, transaction bans, or both. OFAC's SDN List is the primary U.S. example. No transaction with a listed party is permitted without an OFAC license. No carve-out for existing relationships, partial involvement, or good-faith errors. The legal exposure attaches at the moment of designation, not the moment you discover it.

Denied party lists work differently. BIS's Denied Persons List bars any export transaction involving a listed party, but carries no financial sanctions component at all. A company can sit on the Denied Persons List with no OFAC designation. Their bank account is reachable. Any U.S.-origin export headed their way is cut off regardless of what you're shipping or where it's going.

Watchlists flag parties for heightened scrutiny without imposing a prohibition. BIS's Unverified List covers parties whose end-use and end-user status BIS hasn't confirmed through on-site checks. Shipping to an Unverified List party isn't automatically illegal, but proceeding without resolving the end-use question creates direct exposure under 15 C.F.R. § 744.15. BIS expects written assurances. If you can't get them, the transaction shouldn't proceed. The absence of documentation is what gets cited when BIS sends an inquiry.

Most SMB sanctions screening programs are built around OFAC-first logic. That catches financial sanctions exposure. Denied party screening and watchlist obligations stay completely invisible. Two separate categories of legal obligation, from a different agency, missing from the tool entirely.

Which Sanctions Lists Apply to an Export Transaction

Which lists apply to a given shipment depends on four variables: the jurisdiction of the exporting entity, the destination country, the origin of the goods, and the currency of the transaction. No single list covers all four. This is the part that surprises exporters who assume their OFAC check is doing more work than it actually is.

For U.S.-jurisdiction exporters, OFAC runs the SDN List alongside more than a dozen program-specific lists. Russia and Iran programs account for the majority of SDN entries, with Cuba and North Korea adding substantial volume. As of early 2026, the consolidated OFAC lists contain over 15,000 entries across 30-plus active sanctions programs (U.S. Treasury, OFAC). An SDN designation triggers asset freezing and blanket transaction prohibitions. The Sectoral Sanctions Identifications (SSI) List is narrower: it restricts specific debt, equity, or service transactions with entities in targeted sectors of a sanctioned economy rather than blocking all dealings. Not a blanket block — but if your transaction involves new debt or new equity with an SSI-listed party, the restriction applies regardless of how long the relationship has been running.

BIS runs four lists under the Export Administration Regulations: the Entity List, Denied Persons List, Unverified List, and Military End-User (MEU) List. The Entity List alone contained more than 2,000 entries as of early 2026, primarily covering technology companies and semiconductor manufacturers, with China and Russia accounting for the bulk of additions (BIS, 2026). An Entity List designation means any EAR-controlled item requires a license, and that application is presumed denied before it's reviewed.

The State Department's AECA Debarred List covers entities sanctioned under the Arms Export Control Act. If you're moving ITAR-controlled items, this list applies. Exporting any U.S. Munitions List item to a Debarred party is prohibited regardless of licensing status.

One mistake we see consistently: exporters treating the U.S. Consolidated Screening List (CSL) as their complete source. The CSL combines seven export-related lists into one searchable database, which is useful, but it excludes the OFAC SDN List, the one with the broadest legal reach and the highest per-transaction penalties. Using the CSL as your full check leaves the most consequential list unqueried.

Outside U.S. jurisdiction, the EU Consolidated List covers parties subject to EU restrictive measures across more than 40 programs. The UK's OFSI list runs independently under the Sanctions and Anti-Money Laundering Act 2018. Not a copy of the EU list. It updates on its own schedule since Brexit. The UN Security Council Consolidated List is technically separate from OFAC's SDN. OFAC implements UN designations domestically, but there's a gap between UN adoption and that implementation that typically runs up to 30 days. Canada's SEMA list and Australia's DFAT list carry independent authority in their respective markets, not mirroring OFAC or EU actions.

What Each Type of Sanctions List Actually Restricts

Two parties can both "be on a sanctions list" and face completely different restrictions from the same exporter on the same day. The consequence varies. By list, by agency, by the program behind the designation. Getting this wrong in either direction costs money: over-blocking loses deals; under-blocking creates enforcement exposure.

Asset freeze and blanket transaction prohibition is the most severe outcome. OFAC SDN designations, along with EU and UK equivalents, prohibit any transaction with the listed party: no sale, no purchase, no financial transfer, no service delivery, no facilitating a third party doing any of these. The freeze is automatic and takes effect at publication. It applies to any property coming within U.S. jurisdiction, including transactions your overseas subsidiary initiates when there's a U.S. nexus.

Export-specific transaction restrictions apply under BIS lists. An Entity List designation blocks export transactions on EAR-controlled items but doesn't prohibit buying from that party or conducting unrelated financial transactions. The restriction is narrower but absolute within its scope. If the party is on the Denied Persons List, there's no path through. No export transactions, regardless of item, destination, or end use. No licensing workaround.

Heightened due diligence obligations apply under the Unverified List. No transaction is automatically prohibited, but you can't just ship and hope. Proceeding without a completed end-use assurance (a BIS-711 Supplement or equivalent written confirmation from the buyer) violates the EAR.

The obligation is procedural, not transactional. BIS doesn't care that the goods were benign. What they look for is whether you had documentation before the shipment left. If you don't, that's the problem.

Sectoral restrictions under OFAC's SSI List sit between full block and no restriction. The listed entity isn't fully off-limits. Certain transactions remain open, but specific types are prohibited: new debt, new equity, certain services. The exact scope varies by executive order. SSI designations under Executive Order 13662 restrict debt over 90 days and new equity, while leaving many other dealings open. We've watched exporters get this wrong in both directions: blocking all transactions with an SSI-listed party unnecessarily, and treating SSI as a non-issue because it isn't the SDN. Both errors have consequences.

How Many Sanctions Lists Exist Globally and Why That Number Keeps Growing

There's no official global count. The operational number for a cross-border exporter touching multiple jurisdictions sits above 50 active lists. Public aggregation projects have tracked more than 60 distinct government-maintained datasets as of early 2026, spanning more than 15 jurisdictions (open-data landscape reviews, 2026).

That number grew substantially starting in 2022. The Russia sanctions response produced new lists and new programs across every major Western jurisdiction simultaneously, while expanding existing ones. The EU issued 14 separate sanctions packages against Russia between early 2022 and early 2026, each adding entities, expanding sectoral restrictions, or tightening existing measures (EUR-Lex, 2026). The UK moved in parallel but not identically. The U.S. added Russia-related SDN entries across dozens of separate actions. The programs don't replicate each other.

Three structural factors will keep the count growing. Geopolitical fragmentation means more countries issuing national sanctions programs outside UN frameworks. Export controls expanding into technology sectors (semiconductors, AI, quantum computing) have produced new restricted party lists that didn't exist five years ago. Forced labor supply chain legislation in the U.S., EU, and Canada has created entity-level screening obligations entirely outside the traditional sanctions framework.

If your operation touches multiple markets, a screening program built around two or three familiar lists covers a fraction of what legally applies to you. The gap between "lists we check" and "lists that apply" is exactly where most screening failures occur. Not because the tool missed a hit on a known list. Because the list itself wasn't in scope.

Which Sanctions Lists Are Most Commonly Missed by SMB Exporters

The lists generating the most undetected exposure aren't the well-known ones. OFAC SDN is understood, if imperfectly implemented. The real gaps sit just outside standard screening scope, specifically because those lists are harder to access and less integrated into off-the-shelf tools.

The BIS Unverified List is consistently underscreened, and the gap is structural, not accidental. Most SMB exporters run OFAC checks and Entity List checks and call it done. That covers two of the four BIS lists. The Unverified List, which carries a real procedural obligation under 15 C.F.R. § 744.15, is absent from most screening workflows entirely. We've seen exporters receive BIS inquiry letters about shipments to Unverified List parties where the company had no record of ever checking that list. Not an outdated record. No record.

EU Consolidated List obligations get missed by U.S.-incorporated exporters who treat their screening as purely OFAC-based, which is most of them. If your goods pass through an EU distributor, or an EU financial institution clears the payment, EU screening obligations apply to that transaction regardless of where your company is incorporated. The EU list includes parties not on the OFAC SDN, and vice versa. Running OFAC-only screening for a transaction with EU nexus isn't a conservative approach. It's an incomplete one that leaves a real legal gap.

The UN Consolidated List updates independently at un.org. OFAC implements UN designations domestically, but there's a lag of typically up to 30 days. During that window your OFAC SDN check doesn't capture a party that's already sanctioned at the UN level. Most exporters don't know that gap exists.

Canada's SEMA list and Australia's DFAT list cover parties designated under autonomous programs that operate independently from U.S. or EU actions. The parties on these lists aren't always designated elsewhere. If your goods move through Canadian or Australian distributors, or if payments clear through financial institutions in those markets, your OFAC and BIS screening doesn't touch the applicable obligations. We've talked to exporters running established Canada distribution channels who had never heard of SEMA. Both lists require separate data sourcing and separate monitoring.

The pattern holds across every exporter we talk to. Your restricted party screening program gets built around the lists that are easiest to access and most integrated into the tools you're already using. The full set that actually applies to your specific transactions is a different, harder question. Usually a longer list. Lenzo covers all major global sanctions and restricted party lists in a single pass, including the ones most commonly absent from SMB screening programs.

Frequently Asked Questions

If a party clears OFAC screening, does that mean it's safe to export to them?

No. OFAC screening covers financial sanctions prohibitions only: asset freezes and transaction bans under OFAC's programs. A party can be completely clean on the SDN and still appear on the BIS Entity List, which blocks any EAR-controlled export to them. "Cleared OFAC" means cleared for one legal obligation. The BIS, State Department, and watchlist obligations are separate questions entirely.

What's the difference between the OFAC SDN List and the EU Consolidated List?

Different governments, different legal authority, different parties on each. OFAC's SDN List is a U.S. instrument administered by Treasury under IEEPA and program-specific executive orders. The EU Consolidated List is issued under Council Regulations across more than 40 programs. Some parties appear on both. Many appear on only one. If you ship through an EU distributor, you may have obligations under both simultaneously, enforced by separate authorities, with separate penalty structures.

Does the UN sanctions list automatically apply to U.S. exporters?

Not directly. The UN Security Council Consolidated List is a UN instrument. The U.S. implements it domestically by adding designated parties to OFAC's SDN List. But that process takes time.

There's typically a lag of up to 30 days between UN adoption and OFAC implementation. During that window, the party is sanctioned internationally but not yet on your OFAC check. Real exposure, for a brief but defined window, and most exporters never account for it.

What is the BIS Military End-User List and when does it apply?

The BIS MEU List identifies foreign military end-users in China, Russia, and Venezuela that BIS has determined present an unacceptable diversion indicator for U.S. technology. Unlike the Entity List, which requires a license for all EAR-controlled items, MEU restrictions apply only to specific items under ECCNs listed in Supplement 2 to Part 744. If you export dual-use technology to these countries, the MEU List is a separate check from the Entity List, not a subset of it.

Can a company get removed from a sanctions list, and how long does that take?

It depends on the list and jurisdiction. OFAC has a reconsideration process under 31 C.F.R. Part 501, but fewer than 5% of challenges result in removal or modification. Most successful removals involve misidentification: wrong name, shared surname, transliteration match against an unrelated party. Challenging the underlying factual basis of a designation is harder because the evidentiary record often includes classified intelligence the petitioner cannot see. The EU and UK have formal review processes, but removals outside of court orders are uncommon. Some SDN entries have been active for more than a decade.

What is the practical difference between a Section 744 end-use restriction and an Entity List designation?

Section 744 end-use restrictions apply based on what a party plans to do with U.S.-origin goods, regardless of whether they appear on any list. If there's reason to believe a party intends nuclear, missile, chemical or biological weapons, or military end uses in specified countries, the restriction applies to any exporter shipping those items. An Entity List designation is entity-specific: it follows the named party regardless of what they claim they'll do with the goods. The two operate independently. A party not on any list can still trigger an end-use restriction based on apparent intent, while an Entity List party can legally receive items that fall outside EAR control entirely.

The real compliance gap in sanctions screening isn't awareness of the SDN List. Every exporter knows OFAC exists. The gap is the assumption that OFAC screening covers the full obligation, that one well-known list satisfies what actually runs across three U.S. agencies plus non-U.S. jurisdictions, depending on where goods go and who clears the payment. An inquiry letter from BIS about an Unverified List shipment doesn't come with a warning. It arrives months after the fact, citing transactions that looked clean to you because the relevant list wasn't in your scope. That's not a screening failure. That's a scope failure. Scope is something you control entirely.