Sanctions look-back reviews are a critical regulatory mechanism deployed where financial institutions have failed to maintain effective sanctions screening or transaction monitoring controls. These exercises often require institutions to retrospectively analyse years of historical payment activity to identify potential sanctions breaches and report them to enforcement authorities. Given the legal, financial, and reputational consequences, regulators typically mandate the use of independent third parties to ensure objectivity, completeness, and credibility.

OpusDatum supported a Tier 1 banking group in delivering a large-scale, regulator-mandated sanctions look-back programme following enforcement action by US authorities.

Our Client

Our client is a Tier 1 British banking and financial services group headquartered in London, with significant retail, corporate, and investment banking operations across the UK and the US, and a presence in more than 40 countries worldwide.

Following a US regulatory investigation, the institution was issued with a Cease & Desist Order requiring a comprehensive, global overhaul of its sanctions compliance framework. Central to this mandate was the execution of a sanctions look-back review covering historic USD payment activity across multiple years and jurisdictions.

The Challenge

The client was required to conduct a retrospective review of nearly a decade of USD-denominated payments to identify potential breaches of US economic sanctions. This included transactions involving sanctioned countries, individuals, and entities, with findings required to be reported to US authorities, including the Department of Justice and the Office of Foreign Assets Control.

As with several institutions subject to similar enforcement actions, the client faced allegations that key data elements had been removed from payment messages—a practice commonly referred to as “stripping”—to obscure sanctioned connections from US correspondent banks. Although customer due diligence and sanctions screening controls existed, they had not been applied consistently across geographies or over time, and were not always aligned to evolving sanctions regimes.

The programme was vast in scope, involving multiple internal and external stakeholders, including legal counsel, sanctions and compliance teams, payment operations, IT and data specialists, and internal audit. Compounding this complexity, much of the historical payment data was archived across multiple legacy data warehouses, requiring extensive extraction, normalisation, and reconciliation before analysis could begin.

Our Approach

OpusDatum played a critical role in the design and execution of the sanctions look-back programme, working as part of a multi-disciplinary remediation team.

We collaborated closely with internal and external legal counsel, compliance leadership, and other advisers to ensure that the programme met regulatory expectations and could withstand scrutiny by US enforcement authorities.

Using our proprietary LinkPro tool, we extracted complete historical payment data from multiple archival systems and data repositories, enabling a comprehensive population of transactions to be reviewed. We then conducted forensic payment analysis to reconstruct individual transaction flows, examining payment “legs” to determine true origin, destination, and involvement of sanctioned parties.

A controlled review methodology was designed and implemented to ensure completeness, consistency, and auditability. This included built-in quality assurance checks to prevent gaps, duplication, or evidential weaknesses across the review population.

Through our HorizonIQ platform, we identified relevant transactions, assessed supporting documentation, and developed detailed evidential narratives explaining how and why payments were processed, including the mechanisms used to disguise sanctioned involvement where applicable. We also analysed transaction patterns to identify repeated or systematic circumvention techniques indicative of broader control failures.

Finally, we designed, implemented, and operated Voluntary Self-Disclosure processes to support accurate investigation, escalation, and reporting of potential sanctions breaches to US regulators.

Key Benefits & Measurable Outcomes

The sanctions look-back programme enabled the client to engage constructively with US authorities and ultimately agree a Deferred Prosecution Agreement. The institution was able to report sanctions violations with confidence, supported by comprehensive, regulator-ready evidence packs.

Beyond meeting immediate enforcement requirements, the engagement drove significant enhancement of the client’s global sanctions compliance framework. This included the development and implementation of a strengthened global sanctions policy, explicitly prohibiting transactions involving entities designated under UN, EU, UK, and US sanctions regimes.

The client also invested heavily in market-leading customer and payment screening technologies, strengthening governance, oversight, and consistency across global operations. Following completion of the look-back, OpusDatum continued to support the wider remediation programme, helping embed long-term control improvements and reduce residual sanctions risk.

Protect Your Business from Sanctions Enforcement Risk

Sanctions look-back reviews are among the most complex and high-stakes regulatory exercises a financial institution can face. Independent expertise, forensic capability, and robust governance are essential.

If your organisation is subject to regulatory scrutiny or requires support with a sanctions look-back review, OpusDatum can help. Our expert-led reviews, supported by proprietary tools including LinkPro and HorizonIQ, deliver credible assurance, regulatory confidence, and lasting compliance improvement.

Contact us today to discuss how we can support your sanctions compliance and enforcement remediation needs.