In the highly regulated financial services sector, effective sanctions screening is a fundamental regulatory obligation. Financial institutions process hundreds of thousands of payment messages each day across multiple systems and channels, making it critical to ensure that the correct messages are identified and screened in line with sanctions policy. Failures in screening completeness can result in significant regulatory penalties, reputational damage, and financial loss.

OpusDatum was engaged to provide independent assurance that a global financial institution was screening the correct payment messages in accordance with its sanctions policy and regulatory obligations.

Our Client

Our client is a global financial services provider operating across retail, corporate, investment banking, and wealth management. With a substantial international presence across Europe, the Americas, Africa, and Asia, the institution operates in a complex regulatory environment with stringent sanctions compliance requirements.

Given the scale and diversity of its payment operations, the client required confidence that sanctions screening controls were applied consistently and accurately across its global messaging infrastructure.

The Challenge

To support its global customer base, the client processes large volumes of payment messages across multiple systems, routing transactions through complex technology and business rule configurations. Sanctions policy determines which payment messages must be screened and which sanctions lists—such as OFAC and HM Treasury—must be applied.

While certain domestic payments were excluded from screening under the policy, it was critical that all in-scope messages were correctly identified and routed to sanctions screening filters. However, the translation of policy requirements into system rules involved multiple hand-offs between business, technology, and operations teams. This created a risk that policy intent and system implementation were misaligned.

Risk owners required independent assurance that all required payments were being screened and that no material gaps existed. Where exceptions were identified, the client needed a clear understanding of root causes and practical remediation actions.

Our Approach

OpusDatum conducted an end-to-end sanctions screening completeness review using our proprietary methodology and LinkPro tool.

We began by mapping the client’s payment messaging ecosystem, identifying all systems involved in generating, routing, and processing payment messages. This allowed us to determine which systems were within scope and how messages flowed through the sanctions screening architecture.

For each in-scope system, we extracted several million historical payment messages from the client’s data warehouse and loaded them into a structured review environment. We then reviewed the client’s sanctions policy to define the precise screening rules, including message types, routing criteria, and applicable sanctions lists.

Applying these rules independently to the extracted data, we determined which payment messages should have been screened. To verify execution, we analysed sanctions screening filter logs to confirm whether each in-scope message was present and processed as expected.

Where discrepancies were identified, we documented potential screening gaps and conducted detailed root cause analysis. This involved examining routing logic, message attributes, and system configurations to understand why certain payments were not captured by the screening filters.

Findings were consolidated into a clear, evidence-based assurance report for senior management and risk owners. The report explained the nature of identified gaps, their underlying causes, and prioritised recommendations to strengthen sanctions screening controls.

Key Benefits & Measurable Outcomes

The engagement provided the client with clear, independent assurance that its sanctions screening processes aligned with documented policy requirements. Senior management gained transparency over a complex and previously opaque area of risk.

Identified screening gaps were addressed through targeted remediation, including system configuration changes, policy clarifications, and strengthened control oversight. Root cause analysis enabled the client to resolve issues at source rather than relying on manual or compensating controls.

As a result, the institution is now better positioned to demonstrate compliance to regulators, supported by documented evidence of screening completeness and effective governance. The enhanced control environment reduced regulatory and operational risk while reinforcing the client’s commitment to robust sanctions compliance.

Are You Confident You Are Screening the Right Messages?

Sanctions compliance depends not only on screening technology, but on certainty that the right messages are being screened in the first place.

If your organisation needs independent assurance over sanctions screening completeness or payment message routing, OpusDatum can help. Our expert-led reviews, supported by advanced analytics and proprietary tools, deliver clarity, confidence, and regulatory-ready assurance.

Contact us today to discuss how we can strengthen your sanctions screening controls and compliance posture.