Sanctions screening — how it works and what MATCH, POSSIBLE, CLEAR mean

Sanctions screening is the process of comparing a counterparty’s or customer’s data against lists of entities subject to EU, UN, and national sanctions — in order to establish, before a transaction takes place, whether the other party appears on any of those lists. If your company is obliged to conduct sanction screening, this mechanism is the very core of the entire process. This article explains how screening works from the inside: how data is compared, why false matches arise, and what to do when the result is neither a clear “yes” nor a clear “no”.

Legal status as of: 2026-05-20.

TL;DR — the key points in 60 seconds

• Sanctions screening is the automatic or manual comparison of a counterparty’s data (name, company name, identifiers) against entries on the EU, UN, MSWiA (Poland’s Ministry of Internal Affairs and Administration), and other sanctions lists.
• Matching algorithms work in two stages: first they look for exact matches, then for approximate ones (fuzzy matching), to catch typos, transliterations from Cyrillic, and aliases.
• Fuzzy matching generates so-called false positives — results that look like a hit but turn out on review to be a mistake. This is normal and manageable through procedural controls.
• The industry standard is a three-state result model: MATCH (confirmed hit — transaction blocked), POSSIBLE (requires manual review), and CLEAR (no hit).
• One-off screening — at the point of entering into a relationship with a counterparty — is the minimum. Continuous monitoring (alerts when lists are updated) is necessary for companies with large counterparty portfolios or a higher risk profile.
• Manual screening via search tools on the European Commission or MSWiA websites is lawful, but does not scale beyond a few dozen counterparties per month. Automated tools eliminate this problem and provide an audit trail.

What sanctions screening is

Sanctions screening — also called sanctions verification or sanction screening (the English term is widely used in compliance practice) — is a procedure in which you check whether a person or company you intend to do business with appears on any sanctions list. These lists are maintained by EU bodies, the United Nations, national authorities (in Poland: MSWiA¹ — the Ministry of Internal Affairs and Administration), and — outside the mandatory scope for Polish companies — the US Department of the Treasury (OFAC² — the Office of Foreign Assets Control).

Council Regulation (EU) No 269/2014 of 17 March 2014 directly prohibits making funds and economic resources available to persons and entities on the list³. Council Regulation (EU) No 833/2014 of 31 July 2014 introduces trade prohibitions relating to specific goods and sectors⁴. Both instruments are directly applicable throughout the EU — without requiring transposition by Member States⁵ — and that is precisely why the obligation to check the lists is not “a matter for banks”, but applies to every entity conducting business in the Union.

In practice, screening works as follows: you take a counterparty’s data — their name or full company name, country of registered address, and possibly an identification number — and compare it against entries on the lists. That comparison may be manual (online search tools), semi-automatic (a spreadsheet with manual checking), or fully automated (dedicated software). Regardless of the method, the outcome is one of three classes: a hit (MATCH), a result requiring investigation (POSSIBLE), or no hit (CLEAR). These three classes are described in detail later in this article.

It is worth clarifying straightaway what sanctions screening is not. It is not KYC (Know Your Customer) verification or AML (anti-money laundering) screening within the meaning of the Act of 1 March 2018 on counteracting money laundering and terrorist financing — although obliged entities (banks, accounting firms, estate agents) do both. It is not a credit assessment, a payment history check, or a business reputation review of the counterparty. Sanctions screening answers one question only: is this specific person or entity on the list of persons subject to restrictive measures?

How matching works — exact match and fuzzy matching

Exact match — simple, but insufficient

The simplest matching algorithm is character-by-character comparison (exact match): you search for “Jan Kowalski” and check whether “Jan Kowalski” appears on the list verbatim. This approach is fast and generates no false hits — but it has a serious flaw. It does not catch typos, spelling variants, or transliterations from other alphabets. After the 18th sanctions package, the number of individual entries on the EU consolidated sanctions list exceeded 2,500⁶ — and each entry may contain several versions of one person’s name. Exact match alone is inadequate as the sole verification method, because it creates a false sense of security: you searched “Ivanov” and found nothing, yet the list contains “Iwanow” — the same person, a different transliteration.

Fuzzy matching — why it is needed and how it works

Fuzzy matching (approximate matching) is a class of algorithms that measure the similarity between character strings — rather than looking for identity, they look for correspondence above a defined threshold. The algorithm calculates the so-called edit distance (Levenshtein distance), i.e. the minimum number of operations needed to transform one string into another by inserting, deleting, or substituting a single character. The lower the distance, the greater the similarity.

In practice, fuzzy matching makes it possible to catch several classes of problems that are typical when verifying counterparties from Eastern Europe and Asia:

Transliteration from Cyrillic. Russian, Belarusian, and Ukrainian names may be written in Cyrillic, while sanctions lists render them in Latin-script transliteration — often in several variants simultaneously. Aleksandr, Alexander, Aleksander, and Olexandr are four spellings of the same Russian given name “Александр”. A good screening engine compares the counterparty’s data against all variants.

Aliases and former names. Persons on sanctions lists often appear under multiple names: a previous surname (e.g. after a marriage or divorce), a trading alias, or a shortened form of a given name. Every entry on the EU sanctions list includes an “aliases” field — the screening system must take these into account, not only the “primary name” field.

Typos and data entry errors. A counterparty may submit their own name or company name with a typo (particularly in online forms), or a typo may be introduced when data is entered manually into a system. Fuzzy matching catches such cases — exact match misses them.

Company names with legal-form variants. “Gazprom”, “Gazprom PJSC”, “Gazprom PAO”, “Газпром” — these are all the same company in different renderings. The system must recognise this.

The similarity threshold — below which the algorithm treats something as not a match, and above which it reports POSSIBLE or MATCH — is a configurable parameter of every screening system. Setting it too high (very strict) causes the system to miss some genuine hits. Setting it too low generates an avalanche of POSSIBLE results requiring manual review.

Why false positives arise and how to reduce them

What a false positive is

A false positive is a situation in which the screening system flags a potential hit — a POSSIBLE or even a MATCH result — but on manual review it turns out to be a different person or company from the one on the sanctions list. In other words: the counterparty is clean, but the system raised a warning.

This is not a system error — it is a natural consequence of fuzzy matching. If the algorithm is designed to catch typos and transliterations, it will by definition occasionally also catch coincidental similarities between unrelated persons. Common Russian or Ukrainian surnames such as “Petrov”, “Ivanov”, or “Kovalenko” may generate numerous POSSIBLE results for entirely unrelated counterparties from Eastern Europe.

Why false positives are problematic

A high false-positive rate is an operational problem, not merely an academic one. Every POSSIBLE result costs someone on your team time — manual review, comparison of identifiers (date of birth, document number, country), a decision, and documented reasoning. If the system generates several hundred POSSIBLE results per month for a company handling hundreds of counterparties, the entire compliance process becomes unworkable — and staff begin to treat alerts as noise, clicking “clear” without review. That is precisely the scenario that causes genuine hits to slip through unnoticed.

How to reduce false positives

The first method is data enrichment — augmenting counterparty data with additional identifiers before screening. The more data you compare (name + date of birth + country + document number), the less likely the algorithm is to flag a POSSIBLE result merely because two names sound similar. A name alone is insufficient — the minimum standard is country and, ideally, an identification number.

The second method is threshold configuration. A good screening system allows fuzzy-matching thresholds to be set separately for different fields (for example, the tolerance for typos in a company name differs from that for a date of birth). Calibrating these thresholds on the basis of historical reviews — analysing which previous POSSIBLE results were genuine hits and which were false positives — allows noise to be reduced progressively.

The third method is an approval list (whitelist or allowlist). If your system repeatedly flags the same well-known, long-standing counterparty as POSSIBLE, you can — after completing a manual review — add them to the approved list, so that subsequent checks skip that particular case. A whitelist does not mean abandoning screening — it means that the positive compliance decision for that counterparty has already been made and documented.

The fourth method, often undervalued, is regular maintenance of the counterparty database. POSSIBLE results generated for entities with whom you have not transacted in years burden your system without operational value. A well-maintained database of active counterparties means less noise and faster response times when a genuine alert arises.

The three-state result model — MATCH, POSSIBLE, CLEAR

The standard in professional screening systems is a three-state classification of results. Every verification ends with one of three outcomes, which simultaneously determines the required operational action.

CLEAR — no hit

A CLEAR result means that no entry on the sanctions lists checked reached the similarity threshold required to qualify as a potential hit. You may proceed with the transaction. A CLEAR result is not a permanent guarantee — if a sanctions list is updated and the counterparty appears on it after your verification, your earlier CLEAR does not protect you from liability. This is one of the main reasons why one-off screening is replaced by continuous monitoring.

A CLEAR result should be documented with the date, the list version, and the data of the verified entity. That record is your evidence of due diligence.

POSSIBLE — requires manual review

A POSSIBLE result means the algorithm found an entry on a sanctions list that is sufficiently similar to the counterparty’s data to warrant investigation — but the match is not one hundred per cent. It may be the same surname with a different date of birth, a similar company name with a different country of registration, or a transliteration that fits but is not unambiguous.

A POSSIBLE result does not permit the transaction to continue without a decision being reached. The required steps are: compare all available identifiers (date of birth, document number, country, address, NIP/REGON — the Polish tax and business registration numbers — or their equivalent), request additional identity-confirming documents from the counterparty if necessary, have the person responsible for compliance make a decision, and document the entire reasoning process. If on review you determine it is a false positive — document that clearly. If you cannot rule out that it is the same person — apply the MATCH procedure.

POSSIBLE is the most demanding part of operational screening. It requires human judgement and a sound process — and that is precisely where the value of a well-designed system lies: it does not eliminate POSSIBLE results, but reduces their number and provides all the information needed for a swift decision.

MATCH — confirmed hit, transaction blocked

A MATCH result means that the counterparty’s identifiers unambiguously correspond to an entry on a sanctions list. The transaction is blocked. If the counterparty’s funds are already in your control (for example, an advance payment received from a customer), you are obliged to freeze them — you may not return them or transfer them without authorisation from the competent authority. You are also obliged to report the hit to the competent national authority — in Poland, supervision over compliance with sanctions obligations and the imposition of financial penalties falls under the Head of the National Revenue Administration (Szef KAS — Szef Krajowej Administracji Skarbowej).⁷

Action following a MATCH is strictly regulated by law — there is no room for discretion. You cannot independently “check again” and decide it was a false positive after all. The decision to unfreeze funds or continue the business relationship is made by the authority — not by you.

One-off screening versus continuous monitoring

One-off screening — the minimum, but not enough

One-off screening is a verification carried out at a specific moment — typically before the first transaction with a new counterparty, before signing a contract, or when onboarding a new client. It is the minimum you should always perform.

The problem is that sanctions lists are living documents — they change frequently, sometimes overnight. After the 18th EU sanctions package, the number of individual entries on the EU consolidated list exceeded 2,500⁶. Subsequent packages (the 19th and 20th, announced on 23 April 2026⁸) added further entries. A company that passed your screening two years ago with a CLEAR result may be on the list today. If you have maintained a business relationship with them in the interim without re-verifying — you are in breach of the law regardless of the fact that the result was correct at the time of the original check.

Continuous monitoring — how it works

Continuous monitoring means that the screening system automatically retrieves sanctions list updates and compares them against your database of active counterparties. When a new list entry matches a counterparty you have on file, the system generates an alert and notifies the person responsible for compliance.

This approach fundamentally changes the logic of the process: instead of actively checking counterparties (when you remember, when there is a new transaction, when someone on the team remembers), the system checks them passively — and raises an alert only when something has changed. With a portfolio of several hundred counterparties, this is the only practical way to maintain continuous verification coverage.

Poland’s MSWiA sanctions list is maintained by the minister responsible for internal affairs¹ and updated irregularly — as and when new ministerial decisions are issued. There is no fixed schedule. The EU list is updated after each sanctions package. Neither list follows a predictable rhythm that would make monthly verification sufficient.

When you need continuous monitoring

Continuous monitoring is particularly important if: you have a portfolio of more than a few dozen active counterparties; you operate cross-border or work with counterparties from Eastern Europe, Central Asia, or the Middle East; your contracts are long-term in nature (rental, leasing, service agreements); or the sector in which you operate carries elevated sanctions risk — such as travel and OTA, insurance, or real estate.

Manual versus automated screening — advantages and disadvantages

Manual screening

Manual screening is verification carried out directly by an employee — visiting the European Commission website (the Financial Sanctions Files portal), the MSWiA website, or the OFAC/UN equivalents, typing in the counterparty’s name, and reviewing the search results.

Advantages of manual screening: no implementation cost, easy to start, full control over every verification. Disadvantages: no scalability (a few dozen verifications per month is the practical limit), no automatic documentation (you must create registers yourself), no alerts when lists are updated (you do not know when to check again), a high risk of human error (a forgotten verification, a missed alias), and zero capacity for continuous monitoring.

An important note: manual searching on the European Commission website does not substitute for checking all aliases and transliteration variants. The search tool on the Financial Sanctions Files (FSD) portal does this automatically — but a Google search for “Jan Kowalski sanctions list” does not.

Automated screening

Automated screening means dedicated software that retrieves sanctions lists, runs fuzzy matching against your counterparty database, returns a three-state result, and logs every verification automatically.

Advantages: scalability (thousands of records without increased workload), automatic documentation (a ready-made hit register for the Head of KAS), fuzzy matching that accounts for aliases and transliteration, continuous monitoring with alerts, and the ability to integrate with your ERP or CRM system. Disadvantages: implementation and licence costs, time required to onboard staff, and the need to keep the counterparty database current.

For companies that handle more than a few dozen transactions per month or maintain relationships with counterparties from Eastern markets, automated screening quickly becomes the only option that provides genuine risk protection.

Comparison of both approaches

What to look for when choosing a screening tool

Choosing a screening tool is a decision that affects your entire compliance process. Below is a list of criteria that should feature on your checklist.

1. Which lists are covered and how they are updated. The tool should cover at minimum the EU Consolidated List (DG FISMA) and the Polish MSWiA list⁹ — this is the minimum for companies operating in Poland. Check how frequently the vendor updates data: daily? after every list change? A delay of several days in retrieving the EU list can mean that during that period your verification is based on outdated data.

2. Quality of the fuzzy matching engine. Ask the vendor how it handles transliteration from Cyrillic, Arabic, and Chinese scripts, shortened forms of given names, and company names with different legal-form variants (Ltd, GmbH, PJSC, ПАО). Request tests against a set of test cases covering Russian and Belarusian names and surnames.

3. Whether data leaves your infrastructure. If you process counterparties’ personal data — and in screening you always do — you must ensure GDPR compliance. An on-premise solution, installed within your own network without transmitting data to an external vendor’s cloud, eliminates the risk of personal data transfers outside your control. This is particularly relevant for companies that process large volumes of sensitive data or have clients with strict data residency requirements.

4. Three-state result model and the ability to handle POSSIBLE. The tool should return not only MATCH or CLEAR, but also POSSIBLE with full context — which field matched, against which list entry, and at what similarity level. Without this information, your compliance officer cannot conduct a meaningful manual review.

5. Documentation and audit trail. Every verification should be automatically logged with the date, list version, input data, and result. That register is your evidence of due diligence — without it you are left reconstructing history from memory or spreadsheets.

6. Response time. In online processes (customer registration via a web form, booking in a reservation system) the verification time matters for user experience. A long wait either means screening is asynchronous (with a delay) or that it slows down the entire onboarding flow. Ask about the declared response time and how the system behaves under a high volume of simultaneous requests.

7. Integration with existing systems. Does the tool have an API that will allow integration with your ERP, CRM, or onboarding system? Manually exporting and importing CSV files eliminates the benefits of automation.

What to do in practice — 6 steps

1. Define the scope of screening. Establish who you are verifying: new clients, all counterparties, suppliers, intermediaries? The scope should follow from your company’s risk profile and the sector in which you operate.

2. Choose your method. If you have fewer than a few dozen new counterparties per month — start with manual checking via the European Commission’s FSD portal and the MSWiA website. If volumes are higher or you have an ongoing counterparty portfolio requiring monitoring — invest in an automated tool.

3. Gather the data for screening. The minimum is: the full company name or the individual’s name and surname, and the country of registered address or incorporation. Ideally also: an identification number (NIP/REGON or national equivalent), date of birth (for natural persons), and address. The more data you have, the lower the risk of false positives.

4. Conduct the verification and document the result. Record the date, the counterparty’s data, the list or lists checked (with their version date), the result, and the name of the person who conducted the verification. For POSSIBLE — document the manual review steps and the decision reached.

5. Implement continuous monitoring for active counterparties. One-off screening at the start of a relationship is the necessary minimum — but it is not sufficient. Establish a procedure for regular re-checking of active counterparties, or implement a tool that does this automatically.

6. Train staff and keep the procedure current. The person responsible for compliance must know what to do following a MATCH (freeze assets, report to the Head of KAS), what to do following a POSSIBLE (manual review, documented decision), and how frequently the lists are updated. The procedure should be written down and accessible to everyone in the organisation who may be involved in the counterparty onboarding process.

How Sanqto can help

Sanqto is sanctions screening software designed for non-financial companies — such as travel agencies, estate agencies, insurance brokers, and leasing companies. The software is installed within the client’s own network (on-premise), meaning counterparty data never leaves your infrastructure. The system automatically retrieves sanctions list updates, runs fuzzy matching that accounts for transliterations and aliases, and returns a three-state result — MATCH, POSSIBLE, or CLEAR — in very short response times. Every verification is logged automatically, creating a ready-made hit register and audit trail for any inspection by the Head of KAS. In addition to the software, we offer an implementation document pack and compliance training for the designated person in your organisation. Find out how Sanqto works in your sector: sanctions screening for travel agencies, sanctions screening for estate agents, sanctions screening for insurance brokers.

FAQ

What is sanctions screening?

Sanctions screening is the procedure of comparing a counterparty’s or customer’s data (name, company name, identifiers) against entries on lists of entities subject to sanctions — primarily the EU Consolidated List (DG FISMA) and the Polish MSWiA sanctions list. The purpose is to establish, before a transaction, whether the other party is subject to restrictive measures that prohibit entering into certain transactions with them or making funds available to them.

What is fuzzy matching in sanctions screening?

Fuzzy matching is an approximate matching algorithm — rather than searching for identical character strings, it measures the similarity between the data being compared. It makes it possible to catch typos, transliteration variants from Cyrillic (e.g. “Ivanov” and “Iwanow”), and aliases. It is necessary because the data on sanctions lists itself often contains multiple spelling variants of the same name or company name.

What is a false positive in sanctions screening?

A false positive is a situation in which the screening system flags a potential hit (a POSSIBLE result), but on manual review it turns out to be a different person or company from the one on the list. This is a natural consequence of fuzzy matching and does not indicate a system error — it does, however, require a manual review process and documented decision-making.

What should you do after a POSSIBLE result?

A POSSIBLE result requires manual review: compare all available identifiers (date of birth, document number, country, address), and if necessary ask the counterparty for additional documents. Reach a decision — false positive or genuine hit — and document the entire reasoning process. If you cannot rule out that it is the same person as the one on the list, apply the MATCH procedure.

What does a MATCH screening result mean?

A MATCH result means that the counterparty’s identifiers unambiguously correspond to an entry on a sanctions list. The transaction is blocked. If the counterparty’s funds are in your control — you are obliged to freeze them. You must report the hit to the Head of KAS. You may not make the decision to unfreeze independently.

Is one-off screening sufficient?

For a new counterparty — one-off screening before the first transaction is the mandatory minimum. It is not sufficient, however, for active, long-term relationships, because sanctions lists are updated regularly and an entity that was CLEAR a year ago may be on the list today. Continuous monitoring — automatic alerts upon list changes — is the recommended standard for companies with a portfolio of active counterparties.

Legal basis

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269

• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833

• Act of 13 April 2022 on special solutions to counter support for aggression against Ukraine and to protect national security (Journal of Laws 2022, item 835) — ISAP

• Directive (EU) 2024/1226 of the European Parliament and of the Council of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — CELEX 32024L1226

• Polish MSWiA sanctions list — gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami

• EU Consolidated Sanctions List (Consolidated List / FSD) — European Commission (DG FISMA): webgate.ec.europa.eu/fsd/fsf

Footnotes

Information, not legal advice. This article is for informational and educational purposes only. It does not constitute legal advice. Legal status as of: 20 May 2026. Your company’s specific obligations depend on its business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.