Sanctions Screening Software: How to Evaluate Vendors for SMB Exporters

Most sanctions screening software demos look identical. A clean dashboard, a search box, a green checkmark when the name comes back clear. The difference between a tool that protects you and one that quietly fails shows up nowhere in the demo. It shows up eight months later, when a name that should have flagged came back clean, and you are explaining to an investigator why you shipped to a party who was added to a list three weeks before the order.

Sanctions screening software checks the people and companies you do business with against government watchlists, then alerts you when there is a possible match. For an SMB exporter, the real evaluation question is not whether a vendor can screen a name. They all can. It is how the tool handles the messy cases: a partial name match, a list updated overnight, a counterparty whose owner sits on a list even though the company does not. This guide walks through what actually separates vendors, the costs they leave out of the quote, and how to run a trial that tells you something real before you sign.

What sanctions screening software actually does

Sanctions screening software takes a name, an address, sometimes an ownership structure, and runs it against consolidated government lists like the OFAC SDN list, the EU consolidated list, and the UK and UN equivalents. When it finds a possible match, it raises an alert for a human to review. That is the whole job described in one sentence, and it is also where every vendor sounds the same.

The work that matters is hidden under that sentence. A name like "Mohammed Ali" appears on watchlists and also belongs to millions of people who are not sanctioned. The software has to decide how close is close enough to flag, which means tuning a fuzzy-matching threshold. Set it too tight and you miss a real hit because the spelling was off by one letter. Set it too loose and your team drowns in false positives, stops reading them carefully, and misses the real one inside the noise. We have watched a two-person compliance team get 60 alerts a day from a badly tuned tool and start clicking "clear" on autopilot by week three. The tool worked. The humans broke.

Good watchlist screening software gives you control over that threshold and shows you why it flagged, not just that it flagged. The bad ones hand you a yes or no with no reasoning, which means every alert is a blind investigation from scratch.

The hidden costs vendors don't quote

Forty false positives a day. That is the number that decides whether a sanctions screening tool is cheap or expensive, and it never appears on the quote. The license fee is the part vendors put on the slide. The real cost is the labor the tool generates. A tool that throws 40 false positives a day is not cheaper than one that throws 5, even if its license costs less, because someone on your team spends two hours a day clearing the noise. Run that across a year and the cheap tool is the expensive one.

Then there are the add-ons. The base license often covers the major lists, but the regional lists, the politically-exposed-persons data, the adverse media feed, and the ownership data come as separate line items. We talked to an exporter who signed at a quoted 8,000 dollars a year and was paying close to 19,000 by the second year once the lists they actually needed were switched on. Nobody lied to them. The base number just wasn't the real number.

Per-screen pricing hides a third cost. Some vendors charge per name screened, which feels cheap when you are screening 50 names a month. Then you land a distributor with 300 counterparties, you screen the whole book, and the bill spikes in a month you did not budget for. Ask every vendor for the all-in annual cost at your real screening volume, including rescreening, because the restricted party screening software that looks cheapest per screen is often the one that punishes you for growing.

Evaluation criteria that separate tools

Here is what actually distinguishes one sanctions screening solution from another once you get past the demo. Five things, in rough order of how often they are the reason a tool fails an exporter.

List refresh speed. Lists change daily, and the pace picked up through 2025 as sanctions programs expanded faster than most tools were built to track. OFAC can add a party in the morning and you can ship to them in the afternoon if your tool refreshed yesterday. Ask the specific question: how many hours between a government list update and that change being live in my screening? If the answer is "we update weekly," that is a six-day window where you are screening against a list the government already changed.

Fuzzy matching quality. This is the engine. A good denied party screening software catches transliteration variants, reordered names, and common misspellings without flooding you with garbage. Test it. Feed it a known sanctioned name with one letter changed and see if it catches it.

Ownership screening. A company can be clean while the person who owns 51 percent of it sits on a list. Tools that screen only the entity name and not the beneficial owners miss this entirely, and it is one of the most common ways a screen comes back falsely clean. Ask whether the tool screens ownership, and at what threshold.

Audit trail. When an investigator asks why you shipped, you need a record showing you screened, what the tool returned, and who reviewed it. A tool without a defensible audit log leaves you proving a negative.

Integration. If screening lives in a separate window your team has to remember to open, they will forget. A sanctions screening API that plugs the check into your existing order flow beats a standalone portal nobody opens until after the shipment leaves.

The trap of buying bank-grade software

The most expensive mistake an SMB exporter makes is buying software designed for a bank. The enterprise sanctions checking software that dominates this market was built for institutions screening millions of transactions a day under regulatory regimes that do not apply to a 90-person exporter. You pay for that scale whether you use it or not.

The trap is that bank-grade tools sound safer. More lists, more configuration, more compliance certifications on the website. What you actually get is a six-month implementation, a per-seat license priced for a compliance department of 20, and a configuration burden that needs a full-time analyst to maintain. We have seen an exporter spend more on the consultant who configured their enterprise tool than on the tool itself, then never touch 80 percent of what they paid for. The antidote is to scope to your actual risk. An SMB exporter screening a few hundred counterparties against the major lists does not need the same machine a global bank uses, and a focused tool built for that scale will cost a fraction and take days to deploy instead of months. This is the gap a platform like Lenzo was built to fill, sitting between the free government search tool that does not scale and the enterprise suite that overshoots the SMB by an order of magnitude.

Match the tool to the problem you have, not the problem the vendor's biggest client has.

How to run a real vendor trial

A vendor demo proves nothing, because the vendor controls the data. A real trial uses your data and a result you can verify. Here is the sequence that actually tells you whether a tool works.

First, screen a name you already know is sanctioned. Take a real entry from the OFAC SDN list, change one letter, and feed it to the trial. A tool that misses a near-match on a known bad name is telling you exactly how it will fail in production. Second, screen your own real counterparty list, the messy one with inconsistent spellings and missing country codes, not a clean test file. The false-positive rate on your own data is the number that predicts your team's daily workload. Third, time the list refresh. Find a recent list change and check whether the trial reflects it. If it does not, you have your answer on refresh speed without taking the vendor's word for it.

Then sit your actual compliance person in front of the alert screen and watch them work one. Can they tell why it flagged? Can they clear it or escalate it without a manual? The tool that a real user finds legible in five minutes beats the one that needs a training course, because the second one gets abandoned the first busy week. The best sanctions screening tools earn their keep in the boring moment when a tired person has to read an alert correctly at 4pm on a Friday. Lenzo and a handful of focused competitors compete on exactly that legibility, not on the length of the feature list.

Build vs buy for an SMB

A competent developer can stand up a name-matching script against the OFAC list in about a week. That is the pitch every engineering-minded founder makes, and for a company screening a dozen names a month against one list, it can genuinely be enough. The list is downloadable. The data is public. The math looks obvious on a whiteboard.

The build case falls apart on maintenance, and it falls apart fast. The lists change format. New lists become relevant as you enter new markets. Fuzzy matching is a hard problem that a one-week script does badly, producing either misses or noise. And the audit trail, the ownership screening, the rescreening of your existing book when a list changes overnight, all of that is now your engineering team's permanent job instead of a vendor's. The free tool screens today's name against today's list. It does not rescreen yesterday's customer against tonight's update, and that gap is where most violations actually happen. Most exporters who build end up rebuilding a worse version of the compliance management software they could have bought, and paying for it in engineering hours that were supposed to go to the product. The honest threshold is volume and markets. Below a dozen screens a month in one jurisdiction, build might hold. Above that, or across more than one list, buy.

FAQ

What is sanctions screening software?

Software that checks the names of your customers, suppliers, and other counterparties against government sanctions and watchlists, then alerts you to possible matches for a human to review. It exists so you do not unknowingly do business with a sanctioned party, which carries serious penalties even when the violation was accidental.

How much does sanctions screening software cost for an SMB?

It varies widely, and the quoted license is usually not the full cost. Base licenses for SMB-focused tools commonly run from a few thousand to low five figures a year, but regional lists, ownership data, and per-screen fees can double that quietly over the first two years. The bigger hidden cost is the labor of clearing false positives, so a tool's true price is the license plus the staff hours it generates. We have seen a tool with a lower sticker price cost more in year one than a pricier competitor, purely because its false-positive rate ate ten hours a week of a compliance person's time. When you compare quotes, build a single all-in number per vendor at your real volume, and put the labor estimate next to the license. The cheapest license is almost never the cheapest tool.

What is the difference between sanctions screening and denied party screening?

They overlap heavily and the terms get used interchangeably. Sanctions screening checks government sanctions lists specifically, while denied party screening is broader and covers any restricted, denied, or debarred list including export-specific ones, so ask the vendor which lists are actually included.

How often should I rescreen my existing customers?

Continuously, or as close to it as your tool allows. Lists change daily, so a customer who was clear when you onboarded them can be added to a list at any time. A tool that only screens at the point of a new transaction misses the customer who becomes sanctioned mid-relationship, which is one of the most common real-world failure modes.

Can I just use the free government search tools?

For very low volume in a single jurisdiction, the free OFAC search can work. It breaks down on scale, on fuzzy matching, on rescreening, and on audit trails. The free tool tells you whether a name is on the list today. It does not watch your existing book for changes, screen ownership, or produce the record an investigator will ask for, which is why most exporters outgrow it quickly.

The thing most evaluation guides miss is that sanctions screening software is not really software you buy once and own. It is a subscription to a moving target. The lists change every day, the regulators shift their expectations, and the tool that fit your business at 50 counterparties strains at 500. So the sharpest evaluation question is not which tool is best today. It is which vendor will still fit you in two years, when your counterparty book has tripled and you have entered two new markets with their own lists. Pick for the company you are becoming, run the trial on your own ugly data, and weight list refresh speed and fuzzy matching above the feature checklist every vendor pads to look complete. That bias toward legibility over feature count is why a focused option like Lenzo tends to outlast the enterprise suite for an SMB. The longest brochure rarely survives contact with a real Friday afternoon.