EU Sanctions Training for Employees — Who to Train, What to Teach, and How to Document It

You have a sanctions policy. You have designated a compliance responsible person. You have implemented a procedure for verifying counterparties against EU sanctions lists. And things can still go wrong — because the employees who are supposed to trigger that procedure simply do not know when to do it or how to recognise a situation that requires checking. The best procedure is useless if a sales representative signs a contract with a new client without realising they should have run a screening first.

Sanctions training is not a formality to obtain a certificate. It is an element of due diligence that, in the event of an inspection or proceedings, distinguishes a company that actively maintained compliance from one that merely declared it had a procedure in place. Legal status as of: 2026-05-20.

TL;DR — the six key points

• A trained and documented team is concrete evidence of due diligence — both before the Head of the National Revenue Administration (KAS — Krajowa Administracja Skarbowa) and in the context of the growing requirements under Directive (EU) 2024/1226 of 24 April 2024.¹
• Training should cover not only the compliance officer — but also sales, customer service, procurement, finance, and logistics. Everyone who has contact with a new counterparty or transaction should understand the procedure.
• Training teaches three things: what EU sanctions are and who they apply to, how to recognise a situation that requires action, and how to trigger the procedure and what to do in the event of a hit.
• Minimum training frequency: onboarding for new employees, annual refresher, and an update after significant changes in law (e.g. a new sanctions package).
• The format is secondary — what matters is that the training is documented and that the employee can demonstrate they completed it.
• Certification of the compliance officer is an additional safeguard — both for the designated person and for the company as a whole.

Why sanctions training is an element of due diligence

The obligation to comply with EU sanctions derives directly from EU regulations — Council Regulation (EU) No 269/2014 of 17 March 2014² and Council Regulation (EU) No 833/2014 of 31 July 2014.³ These regulations are directly applicable in every Member State without the need for transposition⁴ — which means your company is bound by them as a matter of law, regardless of whether anyone in the team has ever heard of them.

The problem is that the law does not ask about ignorance. If your employee concludes a transaction with an entity listed on the EU sanctions list⁵ because they did not know they should check — the company bears liability. The Head of the National Revenue Administration (KAS) may impose a financial penalty of up to PLN 20,000,000 under Article 6(2) of the Act of 13 April 2022 on Special Solutions for Preventing Support for Aggression Against Ukraine (Journal of Laws 2022, item 835).⁶ Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 has required all EU Member States to criminalise sanctions violations¹ — which further raises the stakes for managers and employees making transaction decisions.

Training addresses this problem in two ways. First — it prevents errors, because employees understand when and how to respond. Second — training documentation is evidence that the company took concrete action to ensure compliance with its procedures. In the event of proceedings, such evidence carries real weight. Companies that can demonstrate regular staff training and maintenance of a hits register are in a far better position than those that merely claim they “always did things that way”.

If you have not yet implemented a sanctions policy, start there — training should be its natural extension. You can read more about how to build compliance documentation in the article sanctions policy for your business — what it should contain and how to implement it.

Who in the company should be trained

The most common mistake is assuming that sanctions training concerns only the person designated for compliance. In practice, the risk arises wherever an employee has contact with a new counterparty, signs a contract, processes an order, or handles a payment. That means — practically every department.

Sales and customer service are the first point of contact with a new counterparty. If a sales representative signs a preliminary agreement or accepts an order without triggering the screening procedure, the company is exposed to a breach even before the compliance officer learns the transaction exists at all. The sales representative does not need to know every legal detail — they need to know one thing: before a new client or supplier is introduced into the system, they must be verified against sanctions lists.

Procurement and supply face the same issue from the supplier side. Counterparty verification applies not only to customers — it applies to everyone you transfer money to. A procurement employee who signs a contract with a new service or materials supplier should know that such verification is required before signing.²³

Finance and accounting is the department through which all payments flow. Employees in this area should understand what to do when a payment instruction concerns an entity that appears on a sanctions list — and why freezing a transfer may be a legal obligation rather than excessive caution.

Logistics and warehouse are particularly important for trading and manufacturing companies. Council Regulation (EU) No 833/2014³ introduces export and trade prohibitions covering specific goods, technologies, and sectors. Employees handling shipments or goods receipts should know that sanctions concern not only who pays, but also where something is being sent and what it is.

The compliance officer — the person designated to conduct screening — should have the deepest knowledge of all. This is the person who resolves doubtful cases (POSSIBLE result), maintains the hits register, updates the procedure, and answers questions from other departments. You can read about how to organise this role in a small company without a dedicated headcount in the article sanctions compliance officer in a small business — do you need one.

What sanctions training should cover

Good EU sanctions training for employees outside the financial sector does not need to be a course in European law. It should answer three practical questions: what sanctions are, how to recognise a situation that requires action, and exactly what to do.

What EU sanctions are and who they apply to

An employee should understand that sanctions are prohibitions and restrictions imposed by the European Union, the United Nations, and other bodies against specific individuals, companies, and states. Polish companies must check primarily the EU consolidated sanctions list maintained by the European Commission (DG FISMA — Directorate-General for Financial Stability, Financial Services and Capital Markets Union)⁷ and the Polish list maintained by the Ministry of Interior and Administration (MSWiA — Ministerstwo Spraw Wewnętrznych i Administracji).⁸ It is also important to understand that sanctions cover not only individuals and companies listed directly — but also entities in which a listed person holds at least 50% of shares or exercises control over them.⁹

This last point is particularly important to convey to employees in procurement and sales: the counterparty’s company name alone is insufficient for verification if its owner appears on a sanctions list.

How to recognise a situation that requires verification

Training should clearly set out when to trigger the procedure. The minimum is every new commercial relationship — a new client, a new supplier, a new intermediary. Beyond that, employees should be able to recognise so-called red flags that should halt a transaction regardless of its stage:

• the counterparty is from a country with high sanctions risk (Russia, Belarus, Iran, North Korea),
• payment is to be made by a third party not named in the contract,
• the counterparty requests unusual payment terms or a last-minute change to the delivery route,
• the product or technology being bought or sold may be subject to export restrictions under Regulation 833/2014,³
• the counterparty’s details are incomplete or the counterparty refuses to provide full registration data.

This is not a closed list — its purpose is to give the employee enough context to assess independently whether something requires consultation with the compliance officer, rather than acting on autopilot.

How to trigger the procedure and what to do in the event of a hit

Employees should know the specific course of action: where to report a matter, who decides, within what timeframe, and what the three possible verification outcomes mean. A CLEAR result means the transaction may proceed — and this should be documented. A POSSIBLE result means an uncertain match has appeared on the list and the matter requires the compliance officer’s assessment — the transaction should be suspended pending clarification. A MATCH result means a confirmed hit — the transaction is blocked, and the matter requires immediate escalation and potentially contacting the relevant authority.

An employee should not resolve a POSSIBLE or MATCH outcome on their own. They should know that their role is to report and stop the transaction — not to decide on its admissibility.

How often to train employees

Training frequency depends on the employee’s role and the pace of legal change. Three moments are unconditionally required.

Onboarding — every new employee who has contact with counterparties, suppliers, or payments should complete basic sanctions training before taking up their duties or within their first weeks of employment. This need not be a full compliance officer course — a condensed version focused on recognising situations and triggering the procedure is sufficient.

Annual refresher — ideally once a year. Sanctions law changes: EU sanctions lists are updated regularly, and successive sanctions packages concerning Russia and Belarus continue to expand the scope of prohibitions. An annual verification training ensures employees have current knowledge — and provides an opportunity to update examples and procedures.

Extraordinary training after a significant legal change — the entry into force of a new sanctions package, the transposition of Directive (EU) 2024/1226¹ into national law, a change in the supervisory authority, or a material change in the company’s scope of obligations are all situations that justify training outside the regular schedule. The point is not to train after every update to the sanctions list — but after a change that affects what employees must do differently.

Training format — workshop, e-learning, knowledge base

Training format is secondary to content and documentation. But different formats have different advantages and disadvantages in the context of an SME.

An in-person or online workshop allows for discussion, questions, and work on specific cases. This is the best format for the compliance officer and senior management — people who must make decisions rather than mechanically follow a procedure. The drawback: it requires time and logistical coordination, which is difficult to maintain with a dispersed team or high staff turnover.

E-learning with a final test is the optimal solution for operational employees — sales staff, procurement, customer service. It can be completed independently at any time, and the test result and completion date are automatically recorded. This matters: an automatic record produces a document you can present at inspection. Online training without a final test is considerably harder to document.

A knowledge base and job-role instruction is supplementary material — not a replacement for training. A job-role instruction describes step by step what an employee should do in specific situations, without explaining the legal context. It is useful as a point of reference in daily work and as evidence that the company had a described procedure in place. You can read more about how such documentation should look in the article sanctions policy for your business — what it should contain.

Regardless of format, every training session should end with something that can be documented: a test, a signed confirmation of attendance, or a completion certificate. A verbal briefing at a team meeting, with no documentary record, is from an inspection standpoint almost equivalent to no training at all.

Certification and documenting training

Certification of the compliance officer is a different level from operational training for other employees. The person designated to conduct screening and make decisions in doubtful cases should have formally evidenced competence — both because their role is more demanding and because a certificate is evidence that can be presented to an inspecting authority.

A completion certificate for a sanctions compliance officer training programme shows that the designated person has completed a structured programme covering the legal basis, verification procedures, and handling of hits. It does not replace a lawyer — but documented competence of that person is an argument that the company acted in good faith and with due diligence.

What a training register should contain. Training documentation is more than an attendance list. The training register should include:

1. The employee’s first name, surname, and job title.
2. The date of training.
3. The topic and scope of training (e.g. “sanctions procedure fundamentals — onboarding training” or “update following the 14th EU sanctions package”).
4. The form of training (workshop, e-learning, external training).
5. The test result or confirmation of completion.
6. The name of the trainer or the name of the training provider.

You maintain such a register in the same way as the hits register and other elements of compliance documentation. It is worth retaining it for several years — similarly to counterparty verification records — in case of an inspection or proceedings relating to past events.

An important rule on documentation: a signed attendance confirmation or an online test result with a date and the employee’s name constitutes evidence with probative value. The statement “everyone was informed” without a document does not.

What to do — 6 steps

1. Identify who in the company has contact with counterparties and transactions. Do not limit the list to compliance — include sales, procurement, finance, logistics, and everyone who signs contracts or approves payments.

2. Develop or select training suited to two levels: operational training for departmental staff (condensed, focused on recognising situations and triggering the procedure) and extended training for the compliance officer (covering the legal basis, handling of hits, and documentation).

3. Conduct onboarding training for all current employees in the above groups and for every new employee before taking up their position or within their first weeks of employment.

4. Document every training session — attendance lists with signatures or dated test results for e-learning. Maintain the training register as a separate document or as an annex to the sanctions policy.

5. Set a recurring training schedule — at minimum once a year for everyone, and promptly after any significant change in law or in the company’s scope of activity.

6. Arrange certification for the compliance officer. A certificate is a document evidencing the competence of the designated person — it is better to have it before a potential inspection than after.

FAQ

Is there a specific legal provision that expressly requires sanctions training for employees?

EU and national legislation — including Council Regulation (EU) No 269/2014,² No 833/2014,³ and the Act of 13 April 2022⁶ — does not contain a provision that literally requires a non-financial company to conduct training under precisely this title. It does, however, impose an obligation to comply with transaction prohibitions — and training is the only practical way to ensure employees know how to fulfil that obligation. The absence of training does not exempt a company from liability for a breach.

Do I need to train external workers (subcontractors, freelancers)?

It depends on the extent of their involvement in the company’s commercial processes. If a subcontractor or freelancer enters into contracts with clients or suppliers on behalf of your company, it is advisable to provide them with at least basic training or to satisfy yourself that they have their own compliance procedures in place. This decision should be described in the sanctions policy.

How long should training records be retained?

There is no statutory retention period for sanctions training records for non-financial companies. The accepted good practice, analogous to transaction documentation, is at least several years. This allows the company to demonstrate that training was conducted regularly, even if an inspection concerns an event from several years ago.

What should be done if an employee fails the training test?

An employee who has not passed the test should not independently conduct counterparty verification or make compliance decisions. Possible approaches include: repeat training, restricting the employee’s access to processes requiring screening, or escalating every case to the compliance officer until the assessment is passed.

Is sanctions training the same as AML training?

No. Anti-money laundering (AML) training, required of obliged entities within the meaning of the Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (Journal of Laws 2018, item 723)¹⁰ — administered by GIIF (Generalny Inspektor Informacji Finansowej — the General Inspector of Financial Information) — has a different scope and covers a narrower category of entities. The obligation to conduct sanction screening derives directly from EU regulations and applies to all companies operating in the EU — regardless of whether they are AML obliged entities. These are two separate legal regimes. You can read more about this distinction in the article does my company have to conduct sanction screening.

Does training delivered externally (by a training company) offer better legal protection than internal training?

The organisational form of training (internal vs. external) is not the decisive factor — what matters is whether the programme covered the appropriate content and whether the training was documented. External training with a certificate and a course programme is easier to present to an inspecting authority because it comes from a third party. Internal training with a well-maintained register and materials is equally valid, provided the documentation is thorough.

How Sanqto can help

Sanqto offers non-financial companies a complete implementation package: sanction screening software installed within the client’s own infrastructure (on-premise, with no data leaving the premises), ready-to-use compliance documents (sanctions policy, job-role instruction, hits register), and training with compliance officer certification. The training covers the legal basis, the verification procedure, and the handling of hits — completed with an online examination and a certificate for the person designated at your company. The system returns the verification result in three states (MATCH / POSSIBLE / CLEAR) and automatically documents every check, creating a ready-made audit trail. If you operate a travel agency or work in the insurance sector — check how the solution applies in the context of your industry.

Legal basis

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269

• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833

• Council Regulation (EU) No 765/2006 of 18 May 2006 concerning restrictive measures in respect of Belarus — CELEX 32006R0765

• Act of 13 April 2022 on Special Solutions for Preventing Support for Aggression Against Ukraine and Protecting National Security (Journal of Laws 2022, item 835) — ISAP

• Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (Journal of Laws 2018, item 723) — ISAP

• Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — CELEX 32024L1226

• Polish sanctions list maintained by MSWiA (Ministry of Interior and Administration) — gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami

• EU consolidated sanctions list (DG FISMA) — finance.ec.europa.eu

Footnotes

Information, not legal advice. This article is for informational and educational purposes only. It does not constitute legal advice. Legal status as of: 20 May 2026. Your company’s specific obligations depend on its business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.