Counterparty Sanctions Screening — A Complete Step-by-Step Guide

Legal status as of: 2026-05-20.

Before you sign a contract with a new supplier, accept an order from a foreign client, or process an invoice — you are required to check whether that entity appears on the EU, MSWiA (Ministry of Interior and Administration), UN, or OFAC sanctions list. This is not a procedure reserved for banks. Council Regulation (EU) No 269/2014 of 17 March 2014¹ and Council Regulation (EU) No 833/2014 of 31 July 2014² are directly applicable in all Member States³ — your company must comply regardless of sector or size.

Below you will find a concrete process: which lists to check, how to compare identifying data, how to apply the over-50% ownership rule, what to do when there is a hit, and how to document the entire screening.

TL;DR — Key Points

• The screening obligation applies to every company registered or operating in the EU, regardless of sector — Art. 2 of Regulation 269/2014¹.
• You must check a minimum of four lists: the EU Consolidated List, the Polish MSWiA list⁴, the UN list, and the OFAC SDN list⁵ (if you conduct transactions in USD or with US-linked entities).
• You screen before entering into a contract and periodically throughout the entire duration of the business relationship.
• Ownership rule: an entity controlled by a listed person in excess of 50% is also subject to sanctions — even if the entity itself does not appear on the list⁶.
• On a hit, you do not act unilaterally — you freeze assets and immediately report to the competent authority.
• You document and retain the full screening record for at least five years⁷.

Why Counterparty Screening Is an Obligation, Not an Option

EU regulations are directly binding — they take effect without any separate implementation by the Polish legislature³. This means that the prohibition on doing business with persons and entities listed on sanctions lists applies to your company by force of EU law, not by choice. Art. 2 of Regulation 269/2014 requires freezing all funds and economic resources belonging to listed entities and prohibits making any funds or resources available to them, directly or indirectly¹.

National rules reinforce this obligation. The Act of 13 April 2022 on special solutions to counter support for aggression against Ukraine and to protect national security (Journal of Laws 2022, item 835)⁸ imposes additional obligations and provides for administrative penalties for non-compliance — a financial penalty of up to PLN 20,000,000 may be imposed by the Head of the National Revenue Administration (KAS — Krajowa Administracja Skarbowa)⁹. Criminal liability for intentional violations of EU sanctions is established by Directive (EU) 2024/1226 of 24 April 2024¹⁰, whose transposition deadline for EU Member States passed on 20 May 2025¹¹ — for the most serious violations, the Directive provides for a custodial sentence of at least five years¹².

If you want to check whether the screening obligation applies specifically to your company, read the article Does my company have to conduct sanction screening? A full overview of penalties and supervisory authorities is available in What penalties apply for violating sanctions?

When You Must Screen a Counterparty

Before Entering into Any Contract

Screening is mandatory before you sign a contract, commission, purchase order, or cooperation agreement. This applies to both new counterparties and those you have worked with for years — sanctions list statuses change with every new sanctions package. The EU has already adopted 20 packages of measures against Russia¹³, and new entries are added on a regular basis.

Periodically During an Ongoing Business Relationship

A one-off check at the time of signing a contract is not sufficient. An entity that was “clear” six months ago may have been listed in the meantime. The recommended frequency is screening at each material transaction (e.g. a new invoice or new order) or at least once per quarter for high-value recurring counterparties.

In Specific Circumstances

Carry out an additional screening when: the counterparty changes ownership or management structure; a new ultimate beneficial owner (UBO) emerges; the transaction involves dual-use goods; or the transaction is routed through a third country at elevated risk of sanctions circumvention.

Which Sanctions Lists to Check

Your company must check at least the following four sources:

EU Consolidated List

Maintained by the European Commission (DG FISMA), available at webgate.ec.europa.eu/fsd¹⁴. It contains over 2,500 individual entries (as of the 18th Russia sanctions package; the current number after the 20th package is higher)¹⁵. The list covers individuals and entities subject to sanctions under multiple sanctions regimes — against Russia, Belarus, Syria, North Korea, and others. This is your primary and most important source. A full overview of EU sanctions regimes is available on the interactive EU Sanctions Map (sanctionsmap.eu)¹⁴.

Polish MSWiA List

Maintained by the minister responsible for internal affairs⁴ (MSWiA — Ministerstwo Spraw Wewnętrznych i Administracji, Ministry of Interior and Administration), available on gov.pl¹⁶. It supplements the EU list — it contains entities listed by decision of the Polish authorities. Although the MSWiA list is narrower than the EU list, omitting it is done at your own risk: national authorities may list entities operating in the Polish market that have not yet appeared on EU lists.

UN List

The Sanctions Committees of the UN Security Council maintain their own lists for individual regimes (including Al-Qaeda, North Korea, and Iran). The EU list is separate from the UN list — the EU implements UN decisions through its own regulations and extends them autonomously¹⁷. An entity on the UN list is typically also included on the EU list, but checking the UN list directly eliminates the risk of a time lag between a Security Council decision and its EU implementation.

OFAC SDN List

The Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury⁵, maintains the Specially Designated Nationals and Blocked Persons (SDN) list¹⁸. It applies to you if: you conduct transactions in US dollars, you have counterparties with US connections, you export products containing US-origin components, or you work with entities that have branches in the United States.

UK OFSI List (Optional)

If you operate in the UK market or have counterparties based in the United Kingdom, check the UK OFSI list (Office of Financial Sanctions Implementation, HM Treasury). Since Brexit, the UK list is separate from the EU list and may differ. Screening this list is not an obligation under EU law, but it is standard practice for companies with exposure to the UK market.

The Screening Process — Step by Step

Step 1 — Collect the Counterparty’s Identifiers

Before you begin searching the lists, gather a complete set of identifying data:

• For a legal entity: full company name, NIP (tax identification number), REGON (statistical number), KRS number (National Court Register number, for Polish companies), country of registration, registered address, legal form.
• For a natural person (owner, representative, UBO): first name and surname, date of birth, nationality, PESEL (for Polish individuals), document type, series, and number.
• For foreign entities: equivalents of NIP (VAT number, EIN, Company Registration Number) and registered addresses.

Completeness of identifiers is key to avoiding both false positives and false negatives. The more data you have, the more reliable the result.

Step 2 — Check Aliases and Transliterations

Individuals and entities on sanctions lists are entered under multiple name variants. Rusłan and Ruslan, Łukaszenko and Lukashenka, Gazprom and Газпром — each of these variants may be listed separately or together. When screening manually, check:

• All known spelling variants of first and last names (particularly transliterations from Cyrillic).
• Abbreviations and former company names (e.g. following mergers or reorganisations).
• Names in original scripts (Russian, Arabic, Chinese) — lists often include entries in the original alphabet alongside transliterations.

When screening manually, use the fuzzy (approximate) search function available in tools such as EU Sanctions Map or the webgate.ec.europa.eu portal. Automated tools (such as dedicated screening software systems) handle transliterations and aliases natively.

Step 3 — Apply the Over-50% Ownership Rule

This is the most important and most frequently overlooked element of screening. If an entity on the sanctions list holds more than 50% of the proprietary rights (ownership interests) in another entity — that second entity is also subject to sanctions, even if it does not itself appear on the list⁶.

Example: Company X is not listed on the EU list, but 60% of its shares are held by a person named in Annex I to Regulation 269/2014. Entering into a contract with Company X constitutes a violation of sanctions.

Applying the ownership rule requires checking the counterparty’s ownership structure. Sources: KRS (National Court Register, for Polish companies), commercial registers in the country of registration, and the CRBR system (Centralny Rejestr Beneficjentów Rzeczywistych — Central Register of Beneficial Owners).

Step 4 — Identify the Ultimate Beneficial Owner (UBO)

Determine who the ultimate beneficial owner (UBO) of the counterparty is. In Poland, every company is required to report its UBO to the Central Register of Beneficial Owners (CRBR — Centralny Rejestr Beneficjentów Rzeczywistych). For foreign entities, use the CRBR equivalent in the country of registration or KYC/due diligence databases.

Check whether the UBO or anyone in the ownership chain (up to the level of control) appears on any sanctions list. The over-50% rule applies at every level of the structure — indirect control through a network of subsidiaries may equally result in sanctions coverage.

Step 5 — Assess the Result: MATCH, POSSIBLE, or CLEAR

After searching the lists, assess each hit:

Step 6 — Collect Supporting Documents

For each screening, collect and retain:

• The date and time of the screening and the list version (lists are updated regularly — the date of screening has evidentiary value).
• Screenshots or an export of search results from each list checked.
• The input data used for the search (which identifiers you entered).
• A justification for a POSSIBLE or CLEAR result where an initial hit existed.

Step 7 — Record the Result in the Hits Register

Every screening, regardless of outcome, is entered in the hits register. Details of this document are described in the section “How to Document Screening” below.

What to Do Following a Hit (MATCH, POSSIBLE, CLEAR)

CLEAR Result

The screening found no hits, or all initial matches were excluded by additional identifiers. Record the result in the register with the date, list version, and justification. You may proceed with the transaction.

POSSIBLE Result

The initial match requires further analysis. Do not automatically halt the transaction, but do not proceed until the matter is resolved. Request additional identification documents from the counterparty, information on their ownership structure, or other data that would allow you to conclusively confirm or exclude the hit. Consult a lawyer or compliance adviser. Document the entire process.

MATCH Result

You have a confirmed hit — the counterparty’s data fully matches an entry on the sanctions list. Your obligations are defined by law:

1. Immediately halt the transaction and freeze all financial funds or economic resources belonging to, or under the control of, that entity¹.
2. Without delay, report the matter to the Head of the National Revenue Administration (KAS)¹⁹ or another competent national authority.
3. Do not notify the counterparty of the hit (the “tipping off” prohibition, known from AML regulations).
4. Secure all documentation and retain it until a decision is received from the competent authority.

Do not act unilaterally — do not release assets or take any action regarding frozen assets without the express authorisation of the competent authority.

How to Document Screening — The Hits Register

The hits register is the document that enables you to demonstrate to supervisory authorities that screening was conducted — when, how, and with what result. It is a critical element of the compliance procedure.

Minimum Content of the Register

Each entry in the register should contain:

• Date and time of screening — accurate to the minute (list versions change throughout the day).
• Counterparty identifying data — full name, NIP/registration number, names of natural persons.
• Identifiers used for the search — what you entered into the search field of each list.
• Lists searched — EU, MSWiA, UN, OFAC, others — with the exact URL or tool name and the list version/date.
• Screening result — MATCH, POSSIBLE, or CLEAR.
• Justification — for POSSIBLE results: a description of the initial hit and the reason for exclusion or further steps taken.
• Person who conducted the screening — first name, surname, position.

How Long to Retain Records

Article 49 of the Act of 1 March 2018 on countering money laundering and terrorist financing provides for a five-year retention period for documentation, calculated from the end of the business relationship⁷. It is advisable to apply the same standard to sanctions documentation — five years is the safe minimum in the event of an inspection.

Format of the Register

The register may take the form of a spreadsheet, a ticketing system, or a dedicated module within compliance software. The key requirement: it must be available on demand to the supervisory authority and must allow the verification history for each counterparty to be reconstructed quickly.

Manual Versus Automated Screening

Manual Screening

Manual screening involves checking counterparties independently in official databases: the webgate.ec.europa.eu/fsd portal¹⁴, the MSWiA website¹⁶, the OFAC SDN list¹⁸, and UN portals. It has no licence cost but is time-consuming and prone to human error — particularly regarding transliterations, aliases, and ownership structure verification. For a handful of counterparties per month it may be adequate. For dozens or hundreds, it becomes a compliance risk.

Automated Screening

Sanction screening software systems automate searches across multiple lists simultaneously, handle aliases and transliterations, apply fuzzy matching algorithms, and generate documentation and the hits register automatically. They eliminate the risk of missing a list or overlooking an entry due to a spelling variation.

When selecting a system, pay attention to: which lists are covered, how frequently they are updated, whether the system supports deployment within your own company’s infrastructure (on-premise) rather than sending counterparty data to external servers, and what the audit trail looks like for each screening.

How Sanqto Can Help

Sanqto is sanction screening software designed for companies outside the financial sector — such as travel agencies, insurance brokers, property developers, and real estate agents. The system operates in on-premise mode, meaning your counterparty data never leaves your company’s infrastructure. Screening results are returned in three states: MATCH, POSSIBLE, or CLEAR, and a full audit trail for every screening is ready to be presented on demand to a supervisory authority. Learn more about screening for your sector: travel agencies and tourism, real estate, insurance.

FAQ — Frequently Asked Questions

Do I need to screen Polish counterparties, or only foreign ones?

You must screen all of them — both Polish companies and individuals, and foreign ones. The Polish MSWiA list⁴ contains entities operating in the domestic market. The EU list covers entities from all countries. The criterion for being subject to sanctions is inclusion on a list, not the country of registration.

Does the over-50% ownership rule also apply to Polish subsidiaries of foreign entities?

Yes. If a Polish company is more than 50% owned by an entity listed on a sanctions list — that Polish company is subject to sanctions⁶. The KRS (National Court Register) and CRBR allow you to check the ownership structure of Polish entities.

What should I do if a counterparty has the same name as a person on the list, but is clearly a different individual?

Treat the result as POSSIBLE, gather documents confirming a distinct identity (e.g. a different PESEL, date of birth, or country of residence), and record in the register why the hit was excluded. Such “false positives” are a normal part of the process — what matters is that they are properly documented.

Is the UN list automatically included in the EU list?

They are not automatically identical. The EU implements UN decisions through its own regulations and maintains a separate, broader list¹⁷. In practice, persons on the UN list typically appear on the EU list as well, but there may be a time lag. Checking the UN list directly provides certainty as to current status.

How frequently are sanctions lists updated?

The EU Consolidated List is updated with each new sanctions package — the EU has already adopted 20 packages against Russia¹³, and further packages are added whenever political decisions are taken. The OFAC SDN list may be updated several times a month. The MSWiA list¹⁶ is updated by ministerial decision⁴. This is why a one-off check at the time of signing a contract is not sufficient — periodic re-screening is essential.

Do I need to retain screening documentation if the result was CLEAR?

Yes, absolutely. Screening documentation is evidence that the procedure was conducted properly — regardless of the result. The absence of documentation at the time of an inspection is treated by supervisory authorities as equivalent to no screening having taken place.

Legal Basis

A full overview of sanctions lists and their regimes is available in the article EU, UN, OFAC and MSWiA sanctions lists — a guide.

• Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine — CELEX 32014R0269
• Council Regulation (EU) No 833/2014 of 31 July 2014 concerning restrictive measures in view of Russia’s actions destabilising the situation in Ukraine — CELEX 32014R0833
• Act of 13 April 2022 on special solutions to counter support for aggression against Ukraine and to protect national security (Journal of Laws 2022, item 835) — eli.gov.pl
• Directive of the European Parliament and of the Council (EU) 2024/1226 of 24 April 2024 on the definition of criminal offences and penalties for the violation of Union restrictive measures — CELEX 32024L1226
• Act of 1 March 2018 on countering money laundering and terrorist financing — eli.gov.pl
• List of persons and entities subject to sanctions (MSWiA) — gov.pl/web/mswia
• EU Consolidated List (Financial Sanctions Files) — webgate.ec.europa.eu/fsd
• OFAC SDN List — ofac.treasury.gov
• EU Sanctions Map — sanctionsmap.eu

Footnotes

Information, not legal advice. This article is for informational and educational purposes only. It does not constitute legal advice. Legal status as of: 20 May 2026. The specific obligations applicable to your company depend on your business profile and require individual assessment — if in doubt, consult a lawyer or compliance adviser.