Sanctions and Payments — What Your Company Needs to Know

Legal status as of: 2026-05-20.

A bank transfer is not merely a financial operation — if the recipient or sender is an entity subject to EU sanctions, the transaction becomes a breach of the law. This applies to every company operating in the European Union, regardless of sector. Council Regulation (EU) No 269/2014 of 17 March 2014¹ and Council Regulation (EU) No 833/2014 of 31 July 2014² apply directly in Poland — without any transposition³ — and impose a prohibition that admits no exception for “but the bank processed the transfer”.

TL;DR — the key points in 60 seconds

• A payment to a person or company subject to EU sanctions is prohibited, even if the bank did not block it.
• If a payment arrives from a listed entity — you are required to freeze it, not return it or release it to the counterparty.
• Bank screening is the bank’s own separate obligation and does not relieve your company of its own duty to verify counterparties.
• Transactions in US dollars (USD) may simultaneously fall under OFAC jurisdiction — even if both parties are European.
• Paying through an intermediary does not dilute liability — you are responsible for where the money ultimately goes.
• Circumventing a freeze (cash, another channel, a third party) is a separate, serious violation — carrying an administrative fine of up to PLN 20 million.⁴

Prohibition on making funds available — payments to listed entities

EU sanctions regulations prohibit “making funds or economic resources available” to persons and entities appearing on sanctions lists.¹ In practice this means that a payment against an invoice, an advance on a service, salary disbursement, or even a refund of an overpayment — any of these operations may constitute a violation if the other party is a sanctioned entity.

The crucial point is that the obligation rests with you, not the bank. The bank conducts its own screening and may block a transaction — but if it does not, that provides you with no shield whatsoever. You are responsible for whom you send money to, and the law makes no allowance for the defence that “I acted in good faith because the bank did not intervene”.

The prohibition does not cover only direct recipients on the list. Regulation (EU) No 269/2014 also covers entities in which a listed person or company holds at least 50% of the shares or exercises control over them.⁵ If your counterparty is a subsidiary of a Russian oligarch appearing on the EU Consolidated List — a transfer to that subsidiary is also prohibited, even if the subsidiary’s name does not appear directly on any list.

Before executing a transaction you should check your counterparty against the EU Consolidated Sanctions List⁶, the Polish MSWiA list⁷ (maintained by the Ministry of Internal Affairs and Administration), and the UN list.⁸ For more on which lists apply and to whom, see the article “EU Sanctions Lists — Which Ones Apply to Polish Companies”.

Payment FROM a listed entity — obligation to freeze

The reverse scenario is often even more surprising for businesses. If you receive a transfer from a person or company subject to sanctions — you cannot simply return those funds or release them. You are required to freeze them.

Freezing means that the funds are placed in a segregated account or otherwise isolated from normal circulation and remain in that state until a competent authority issues a decision. You do not dispose of them, offset them against receivables, or wire them back to the counterparty. For more on what freezing looks like in practice and what steps you must take, see the article “Asset Freezing — What It Means for Your Company in Practice”.

Many business owners’ instinct is: “I’ll return the money and distance myself from the problem.” This is a mistake — a return transfer to the account of a sanctioned entity is equivalent to making funds available to it, and therefore itself constitutes a violation of the prohibition. The only correct course of action is to freeze the funds and notify the competent authority.

The bank’s role — bank screening does not relieve your company of its own verification duty

Banks have their own obligations under AML legislation⁹ and internal compliance policies. They screen outgoing and incoming transactions, and when a hit is detected they block the transfer or request clarification. You may encounter this as a sender (the bank refuses to execute the transfer) or as a recipient (the bank withholds crediting your account).

The problem is that bank screening is designed to protect the bank and fulfil its own obligations — not to protect your company from liability. If the bank processes a transaction involving a counterparty appearing on a sanctions list, this does not transfer liability to the bank. You are still in breach of an EU regulation that is directly applicable³ and that addresses every participant in commercial activity, not just financial institutions.

In short: bank screening is the first line of defence of the system, but it is not yours. Your counterparty verification must take place before you execute a transaction or before you accept one. To find out whether your company is required to carry out such screening, read the article “Does My Company Have to Conduct Sanction Screening?”.

Foreign transfers and currencies — OFAC risk for USD transactions

If you make payments in US dollars, you enter an additional layer of risk — the jurisdiction of OFAC (the Office of Foreign Assets Control, U.S. Department of the Treasury).¹⁰ OFAC maintains the SDN list (Specially Designated Nationals and Blocked Persons), one of the broadest and most frequently updated sanctions lists in the world.¹⁰

The key mechanism works as follows: dollar-denominated transactions are settled through the SWIFT system with clearing via correspondent banks in the United States. Every such transaction passes through infrastructure subject to US jurisdiction, which means OFAC can enforce its rules — even if both parties to the transaction are based in Europe and neither is a US company.

In practice: if you import from high-risk markets (e.g. Russia, Belarus, Iran) and settle in USD, you risk simultaneously breaching EU sanctions and OFAC rules. Switching to euros or Polish zloty eliminates only the OFAC risk — EU obligations remain unchanged. For guidance on using the US SDN list, see the article “The OFAC Sanctions List — A Guide for Polish Companies”.

Payments through intermediaries — hidden risk

An increasingly common scenario: a company does not pay a listed counterparty directly, but uses an agent, sub-agent, distributor, or broker — who then passes the funds further down the chain. This arrangement does not eliminate liability — it complicates it.

EU sanctions regulations prohibit making funds available both directly and indirectly.¹ If you knew or ought to have known (i.e. with the exercise of due diligence you should have discovered) that the funds would reach a listed entity — you are liable for the violation. Deliberately using an intermediary to circumvent sanctions is treated as an intentional violation and may attract criminal liability — Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024¹¹ requires all Member States to criminalise such conduct.

The practical rule: if your intermediary operates in high-risk markets, you should carry out a sanctions check on both the intermediary and the ultimate beneficiaries of the payment, to the extent these are known to you. Lack of knowledge is not an automatic defence — the rules require the exercise of due diligence. For more on identifying high-risk transactions, see the article “Circumventing Sanctions Against Russia via Third Countries”.

What to do when your bank blocks a transfer

A blocked transfer is a signal, not a verdict. It may mean the bank’s system detected a hit on a sanctions list — but it could equally be a false positive, for example a name coincidentally matching that of a sanctioned person. Here is what you should do:

1. Ask the bank for a written explanation of the reason for the block. The bank is required to inform you of the basis for its refusal to execute the transaction, provided it is not legally restricted from doing so (the so-called tipping-off rule in an AML context).

2. Verify the counterparty independently. Check them against the EU Consolidated List⁶, the OFAC SDN list¹⁰, the UN list⁸, and the MSWiA list⁷. If there is no hit — you have documentation for the purposes of any explanation.

3. Gather and retain documentation. A printout from the sanctions lists with the date and time of the search, the counterparty’s details, and a verification note — these constitute your evidence of due diligence.

4. If the hit is confirmed — do not attempt to execute the transaction through another channel. Consult a lawyer or compliance adviser and consider whether the circumstances require a report to the relevant authority (the Head of KAS — the National Revenue Administration — or GIIF¹² — the General Inspector of Financial Information).

5. If the hit is a false positive — provide the bank with your documentation and request a fresh review. Banks have internal procedures for such cases and may unblock the transaction following verification.

6. Update your internal procedures. A blocking incident — even a false positive — is a good opportunity to review whether your company has an up-to-date pre-transaction verification process.

What you must not do — circumventing a block

This is a section worth reading carefully, because business instinct can lead you in the wrong direction here.

If the bank has blocked a transfer and you know you have a debt to the counterparty, the temptation arises: “I’ll pay in cash”, “I’ll use a different bank”, “I’ll ask my business partner to wire it from their account.” Each of these strategies constitutes a violation of the prohibition on circumventing restrictive measures.

The Act of 13 April 2022 on Special Solutions for Countering Support for Aggression against Ukraine and for the Protection of National Security⁴ provides for administrative penalties imposed by the Head of the National Revenue Administration (KAS).¹³ The financial penalty may amount to up to PLN 20,000,000.¹⁴ In addition to administrative liability, Directive 2024/1226¹¹ requires EU Member States to introduce criminal liability for intentional violations — which in the Polish implementing bill means the prospect of criminal proceedings, not merely administrative ones.

Specific prohibitions:

• Paying in cash instead of by bank transfer — changing the form of payment does not change its substance; it is still making funds available to a listed entity.
• Transferring through another bank or country — this does not change the substance of the transaction or the legal basis.
• Payment by a third party (employee, business partner, affiliated company) on behalf of your company — an indirect structure is expressly covered by the prohibition on making funds available indirectly.¹
• Setting off receivables (netting mutual claims) without the consent of the competent authority — this may be treated as an impermissible form of disposal of funds.
• Assignment of receivables or other financial instruments whose practical effect is to transfer value to a listed entity.

FAQ

Do I need to screen my counterparty before every payment?

In practice, sanctions screening should be part of the process of entering into a new business relationship — and should be repeated for material transactions and on an ongoing basis, because sanctions lists are updated regularly. The goal is not for you to manually search several databases before every single transfer, but rather to have a system that automatically flags problems.

The bank processed the payment — does that give me any protection?

No. The fact that the bank did not block the transaction does not transfer liability to the bank or relieve your company of it. EU regulations are directly applicable³ and address every participant in commercial activity, not only financial institutions. This is precisely the argument for screening your counterparties independently before instructing a transfer.

What is the “50% ownership rule”?

If a person or entity on a sanctions list holds at least 50% of the shares in a company or exercises control over it, that company is also subject to sanctions — even if its name does not appear on any list.⁵ This means that merely checking the counterparty’s name in a database is not sufficient; the ownership structure must also be verified. This mechanism is discussed in greater detail in our article on the 50% ownership rule in sanctions.

I pay in euros, so OFAC doesn’t apply to me?

If the transaction is denominated in euros and is routed through a European payment system with no US clearing — the OFAC risk is minimal. However, if you use USD or a correspondent bank with US ties, OFAC jurisdiction may arise. If in doubt, it is worth asking your bank about the transaction routing.

Is returning an advance payment from a listed entity safe?

No — a transfer to the account of a sanctioned entity, even as a refund, constitutes making funds available to it, which is prohibited.¹ The correct course of action is to freeze the funds and contact the competent authority. Further detail on the freezing procedure can be found in the article “Asset Freezing — What It Means for Your Company in Practice”.

What is the difference between a sanction and an embargo?

An embargo is typically a prohibition on trade with an entire country or category of goods — for example, the ban on exporting dual-use goods to Russia under Regulation (EU) No 833/2014.² A sanction in the narrower sense targets specific named individuals and entities. In practice, both mechanisms may apply to the same transaction — and both impose obligations on your company.

How Sanqto Can Help

Screening counterparties against sanctions lists does not have to be a manual or time-consuming process. Sanqto is sanction screening software installed within your company’s own network — your clients’ and counterparties’ data never leaves your infrastructure (on-premise). The system automatically checks a given entity against the EU Consolidated List, the OFAC SDN list, the UN list, and the Polish MSWiA list, returning a result in one of three states: MATCH, POSSIBLE, or CLEAR — allowing your team to focus on cases that require a decision, rather than manually searching several databases before every transaction. If you run a travel agency, an insurance company, or operate in another non-financial sector — find out what implementation looks like for your specific context.

Legal basis

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269
• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833
• Act of 13 April 2022 on Special Solutions for Countering Support for Aggression against Ukraine and for the Protection of National Security (Journal of Laws 2022, item 835) — ISAP
• Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — CELEX 32024L1226
• Act of 1 March 2018 on Countering Money Laundering and Financing of Terrorism (Journal of Laws 2018, item 723) — ISAP
• UN Security Council Consolidated List — un.org
• OFAC Specially Designated Nationals and Blocked Persons List (SDN) — ofac.treasury.gov
• Polish MSWiA sanctions list — gov.pl/web/mswia
• EU Consolidated Sanctions List (DG FISMA) — finance.ec.europa.eu

Footnotes

Information, not legal advice. This article is informational and educational in nature. It does not constitute legal advice. Legal status as of: 20 May 2026. Your company’s specific obligations depend on its business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.