Global sanctions have become one of the defining features of international business in the 2020s. No industry, geography, or company size is immune. The financial services sector faces direct regulatory obligations. The energy, shipping, and commodities sectors face targeted program restrictions. Professional services — law, accounting, consulting — face enforcement scrutiny for facilitating sanctions evasion. Technology companies face export control entanglements with sanctions. And virtually every multinational enterprise faces the challenge of navigating overlapping, sometimes conflicting, sanctions requirements from multiple authorities simultaneously. This guide provides a comprehensive overview of the global sanctions landscape in 2025–2026 and a practical framework for sanctions compliance programs. Our sanctions law firm advises clients across industries on managing all aspects of this complex regulatory environment.
The Four Pillars of the Global Sanctions Architecture
Global sanctions operate through four main authorities, each with distinct legal frameworks, geographic reach, and enforcement mechanisms:
1. United States (OFAC)
The U.S. Treasury Department’s Office of Foreign Assets Control administers more than 30 active sanctions programs. OFAC’s jurisdiction is extraordinarily broad: it covers all U.S. persons (citizens, permanent residents, U.S.-incorporated entities, and their foreign branches), any transaction touching U.S. financial infrastructure (including dollar-denominated transactions through U.S. correspondent banks), and any property within U.S. jurisdiction. U.S. secondary sanctions extend OFAC’s reach further still, enabling penalties against non-U.S. entities that engage in transactions with specified targets. Skilled OFAC attorneys are essential for any party navigating this system’s complexity.
2. European Union
The EU maintains comprehensive economic sanctions applicable across all 27 member states. EU sanctions are adopted through Council Regulations (directly applicable) and Decisions (requiring national implementation). The EU’s Russia sanctions program — now comprising 14 packages — is one of the most extensive in history, covering financial services, energy, transport, technology, and luxury goods. The EU Consolidated Sanctions List combines all designated persons and entities across all programs. Businesses with EU connections must consult an EU sanctions lawyer to understand their specific compliance obligations.
3. United Kingdom (OFSI)
Post-Brexit, the UK operates its own independent financial sanctions regime through the Office of Financial Sanctions Implementation (OFSI). The UK Consolidated List has grown substantially, with over 2,000 Russia-related designations as of 2025. The UK has also significantly expanded its anti-money laundering and economic crime enforcement infrastructure. OFSI’s enforcement posture has become more aggressive, with coordinated actions alongside the FCA. Working with a UK sanctions lawyer is critical for businesses with British operations or counterparties.
4. United Nations
The UN Security Council maintains 15 active sanctions regimes through its various committees, covering countries and actors including North Korea, Iran, Libya, Yemen, Sudan, and others. UN sanctions are binding on all 193 member states and are implemented through national legislation. While UN sanctions are narrower in scope than U.S. or EU unilateral sanctions and carry no secondary sanctions mechanism, they represent the baseline international sanctions regimes that no member state can ignore. The UN Consolidated List contained 727 individuals and 273 entities as of late 2025.
Multi-Jurisdictional Overlap: The Compliance Challenge
For multinationals, the challenge is not just complying with any single sanctions authority — it is navigating simultaneous, overlapping, and sometimes conflicting requirements from multiple authorities. Key complications include:
- Different designation lists: A party may be sanctioned by the U.S. but not the EU or UK, or vice versa. Post-Brexit divergences between UK and EU lists have grown. Checking all relevant lists separately is mandatory.
- Conflicting legal obligations: EU “blocking statutes” are designed to protect EU entities from complying with certain U.S. sanctions that the EU views as extraterritorial overreach (particularly Iran-related secondary sanctions). This creates genuine legal dilemmas for EU companies.
- Different program scope: The same transaction may be prohibited under U.S. law, authorized under a UK General License, and not addressed under EU law — or any combination thereof.
- Diverging enforcement priorities: U.S., UK, and EU authorities may target the same sanctions evasion network differently, creating strategic asymmetries in enforcement risk.
Comprehensive sanctions database screening that covers all major lists — OFAC SDN, EU Consolidated, UK Consolidated, UN Consolidated, and program-specific lists — is the baseline for any serious compliance program. The AML and OFAC compliance interaction adds another layer, as Anti-Money Laundering obligations frequently overlap with sanctions obligations and share the same compliance infrastructure.
2025–2026 Developments: What’s Changed
The sanctions landscape has evolved significantly, and staying current on 2025–2026 developments is essential:
- Russia sanctions enforcement intensification: All three major Western sanctions authorities (U.S., EU, UK) have escalated enforcement targeting Russia sanctions evasion networks, with particular focus on third-country intermediaries, shadow fleet shipping, and financial facilitators. Russia sanctions compliance remains the highest-priority area for most multinational businesses.
- Cryptocurrency and digital asset sanctions: OFAC’s cryptocurrency enforcement program has matured significantly, with targeted crypto sanctions designations against exchanges, wallets, and mixing services. Crypto businesses face the same compliance obligations as traditional financial institutions.
- AI and technology in compliance: Regulators expect compliance programs to leverage AI and automated screening tools for real-time list monitoring, anomaly detection, and risk scoring. Manual, periodic screening is increasingly seen as inadequate.
- Iran pressure campaigns: U.S. maximum-pressure policies toward Iran sanctions have resulted in significant new designations targeting the Iranian oil shadow fleet, petrochemicals sector, and support networks.
- FATF and sanctions convergence: The FATF grey list increasingly correlates with elevated sanctions enforcement risk, as jurisdictions on the grey list are more likely to be used as sanctions evasion hubs.
Building a Compliance Program for Multi-National Businesses
OFAC’s 2019 Framework for Compliance Commitments — now adopted as a global best practice — identifies five core components of an effective OFAC compliance program. For multinationals facing multiple jurisdictions, each component must be scaled accordingly:
1. Management Commitment and Governance
Senior leadership — including the board — must be actively involved in the compliance program. This means dedicated compliance resources, a clear organizational structure for sanctions compliance responsibilities, and regular reporting to senior management on compliance status and incidents.
2. Comprehensive Risk Assessment
Every organization must conduct a documented sanctions risk assessment covering: customers and counterparties (including UBOs); geographic footprint (jurisdictions of operation, transaction flows); products and services offered; and third-party relationships. High-risk factors include dealing in USD (triggering OFAC jurisdiction), having EU or UK operations (triggering respective authorities), or operating in industries with known sanctions exposure (energy, shipping, metals, financial services, technology). The OFAC compliance checklist provides a practical framework for this assessment.
3. Internal Controls: Screening and Monitoring Systems
The heart of any compliance program is robust screening. All counterparties, customers, and beneficial owners must be screened against all applicable sanctions lists at onboarding and on an ongoing basis. Modern compliance platforms integrate real-time list updates, fuzzy-name matching, and PEP and sanctions screening alongside adverse media monitoring. For high-risk relationships, enhanced due diligence including source-of-funds analysis and ultimate beneficial owner identification is required.
4. Third-Party Risk Management
Sanctions evasion frequently works through layers of intermediaries. A clean counterparty may itself be dealing with a sanctioned party, creating exposure through the transaction chain. Effective compliance programs require due diligence not just on direct counterparties but on their significant business relationships — particularly in high-risk geographies. Third-party risk in export controls contexts has become especially acute, as sanctioned parties seek technology and components through intermediate distributors.
5. Testing, Audit, and Continuous Improvement
Compliance programs must be regularly tested for effectiveness. This means both testing screening systems (using “dummy” sanctioned parties to verify they are caught) and auditing procedural compliance (reviewing whether escalation protocols were followed in real cases). Deficiencies identified in testing must be remediated and documented.
Red Flags: Warning Signs of Sanctions Exposure
Compliance teams should be trained to recognize these key red flags that may indicate sanctions risk:
- Counterparties with opaque ownership structures or nominees in high-risk jurisdictions
- Requests for transactions involving high-risk countries (Russia, Iran, North Korea, Syria, Cuba, Venezuela)
- Transactions routed through multiple jurisdictions with no clear business purpose
- Reluctance to provide beneficial ownership information or unusual secrecy about business relationships
- Third-party intermediaries in jurisdictions commonly used for evasion (e.g., UAE, Turkey, China in Russia sanctions context)
- Involvement of vessels with recent history of AIS transponder gaps (“dark” periods)
- Dual-use goods or technology exports to end-users in sanctioned countries
Technology Solutions for Sanctions Compliance
The complexity and pace of change in global sanctions makes technology-enabled compliance not just advantageous but practically necessary. Leading solutions include:
- Automated screening platforms: Tools that maintain real-time updates of all major sanctions lists and screen names with fuzzy-matching, alias detection, and transliteration logic
- Beneficial ownership databases: Commercial databases aggregating corporate registry information to identify UBOs across complex structures
- Transaction monitoring: AI-powered systems that analyze payment flows and flag anomalies indicative of sanctions evasion
- Maritime tracking: AIS vessel monitoring to identify shadow fleet vessels and ship-to-ship transfers
- Adverse media monitoring: Automated scanning for negative news, regulatory actions, and sanctions-related mentions for existing counterparties
For businesses seeking to understand their overall exposure before investing in technology solutions, a consultation with experienced sanctions compliance counsel can help prioritize based on actual risk profile rather than deploying generic solutions.
What to Do When a Violation Has Occurred
Despite best efforts, sanctions violations do occur — often due to sophisticated evasion, incomplete counterparty information, or rapidly changing designations. When a potential violation is discovered, the immediate priority is legal assessment of the situation before any action is taken.
Key decisions include: whether to make a voluntary self-disclosure to OFAC or other relevant authorities (which can significantly reduce penalties if timed and executed correctly); whether to seek a specific license to authorize ongoing activities; and what internal remediation measures are appropriate. The decision tree is complex and fact-specific — consulting OFAC enforcement defense counsel before acting is essential.
For businesses that have sustained blocked assets as a result of compliance issues or designation of a counterparty, specialist counsel can pursue paths to release blocked funds through the licensing process. The how to get off the OFAC list process is similarly available for any party that has been incorrectly designated or whose circumstances have materially changed.
Frequently Asked Questions
Do I need to check all sanctions lists or just OFAC?
It depends on your business’s jurisdictional exposure. If you have U.S. connections (including dollar-denominated transactions), you must check OFAC. If you have EU operations or EU counterparties, you must check the EU Consolidated List. If you have UK connections, you must check the OFSI UK Consolidated List. Most multinationals must check all major lists simultaneously.
What are the biggest sanctions compliance risks for businesses in 2025–2026?
Russia sanctions evasion networks, Iran sanctions circumvention, cryptocurrency-related designations, and third-party risk through intermediaries in high-risk jurisdictions are the primary enforcement focus areas in 2025–2026. All three major Western sanctions authorities are investing heavily in detection and enforcement in these areas.
Can a company be penalized for inadvertent sanctions violations?
Yes — OFAC, OFSI, and EU authorities can all impose civil penalties for sanctions violations regardless of intent. The standard of proof for civil penalties is lower than criminal prosecution. However, intent (willfulness vs. negligence vs. no knowledge) is a major factor in determining the size of penalties, with willful violations attracting dramatically higher fines.
What is the most important first step in building a sanctions compliance program?
A comprehensive risk assessment. You cannot design an effective compliance program without first understanding your actual exposure — which jurisdictions, counterparty types, and transaction types create the most risk for your specific business. Risk assessment should precede any investment in technology, training, or procedural infrastructure.
What should I do if I discover my company has processed a transaction with a sanctioned party?
Stop further transactions immediately and preserve all relevant documentation. Then seek legal advice from qualified sanctions counsel before making any reports, disclosures, or further decisions. The timing and completeness of any voluntary self-disclosure significantly affects the outcome — acting without expert guidance can result in worse outcomes than the underlying violation would have warranted.
A Practical Sanctions Compliance Checklist
Drawing from OFAC’s Framework for Compliance Commitments and best practices across all major sanctions authorities, here is a practical checklist for businesses assessing their compliance posture. The OFAC compliance checklist approach can be scaled to any organization size:
- ☐ All counterparties, customers, and beneficial owners are screened against OFAC SDN, EU Consolidated, UK Consolidated, and UN lists before onboarding
- ☐ Automated real-time list monitoring is implemented with alerts for changes affecting existing customers
- ☐ Beneficial ownership is identified to the ultimate beneficial owner level for all corporate counterparties
- ☐ The 50% rule is applied systematically — entity ownership chains are traced beyond just the direct counterparty
- ☐ Transactions involving high-risk jurisdictions (Russia, Iran, North Korea, Cuba, Syria, Venezuela) receive enhanced due diligence
- ☐ Sanctions compliance training is provided to all relevant employees and updated when programs change
- ☐ Written policies and procedures exist for handling potential sanctions matches, including escalation and reporting protocols
- ☐ Records of all screening checks and due diligence are maintained for at least five years
- ☐ Third-party relationships (agents, distributors, intermediaries) are screened and subject to contractual sanctions compliance obligations
- ☐ A sanctions incident response procedure exists, including criteria for voluntary self-disclosure consideration
For businesses with significant international operations, this checklist represents a minimum baseline. Sophisticated programs go further, incorporating risk-based transaction monitoring, third-party audits, and regular stress-testing of compliance controls. Consulting OFAC compliance lawyers to review your program against current regulatory expectations is a worthwhile investment, particularly when expanding into new markets or products with elevated sanctions risk profiles.