Marco Dias
- The recent FCA review of sanctions systems and controls reveals a shift in regulatory expectations, focusing on how effectively sanctions controls perform in practice rather than whether they simply exist.
- It highlights common weaknesses in firms’ frameworks, particularly around data quality, oversight and the gap between design and execution.
- It also underscores the need for stronger governance, better data and clearer evidence of control effectiveness to meet increasing regulatory scrutiny.
The Financial Conduct Authority’s (FCA) review of sanctions systems and controls highlights a clear shift in regulatory expectations. Sanctions compliance is no longer assessed only on whether screening processes exist. Increasingly, regulators now focus on performance – how effectively controls operate in practice, and whether firms can demonstrate that effectiveness with confidence.
The FCA also made it clear that, while most sanctions reports currently come from firms in the payments, retail banking and wholesale financial markets sectors, it expects reporting from the insurance and digital assets sectors to increase. This reinforces that sanctions screening is no longer limited to traditional financial services firms; all firms will be held accountable by regulators.
Across more than 150 firms assessed, the FCA identified recurring weaknesses in sanctions frameworks. Gaps in oversight, inconsistent processes and operational inefficiencies are emerging as the real points of failure.
Where sanctions controls are falling short
A key theme is the gap between framework design and day-to-day execution. Many firms have clearly defined sanctions processes. Fewer can show that those processes deliver consistent and reliable outcomes.
The FCA highlights challenges across due diligence, alert handling and screening effectiveness, alongside delays in reporting breaches and difficulties managing frozen assets and licences.
These findings reflect a broader regulatory shift from assessing inputs to evaluating outcomes. Firms are expected to demonstrate that their sanctions frameworks can identify, assess and manage risk through robust governance, effective screening and timely escalation processes.
This becomes increasingly complex where data is fragmented or processes remain manual. Limited visibility across systems can introduce delays and inconsistency, increasing operational risk. Centralised approaches – bringing together data, workflows and monitoring – can help close this gap.
The growing importance of data quality and timeliness
The review highlights the importance of data quality. Effective sanctions screening depends on accurate, complete and timely information. When data quality falls short, so too does screening performance, leading either to missed risks or an overproduction of false alerts.
It also emphasises the central role of third-party providers in supporting sanctions screening, while pointing to gaps in how some firms oversee, validate and optimise those services.
As expectations increase, firms are placing greater focus on how they evidence control performance, governance and decision-making – particularly where these rely on external data and screening solutions.
Regulators expect firms to validate their data regularly. They also expect evidence that data is complete and up to date. Structured risk intelligence, which covers sanctions, politically exposed persons and wider financial crime risks, can play an important role in strengthening this foundation.
Oversight cannot be outsourced
While third-party providers play a critical role in sanctions screening, accountability remains firmly with the firm. The FCA is clear: organisations must understand how their screening systems operate – how data is sourced, how matches are generated and how decisions are made. Without this visibility, firms risk losing control of their compliance posture and may struggle to explain outcomes under regulatory scrutiny.
This reinforces that responsibility for sanctions compliance remains firmly with the regulated firm, regardless of any third-party providers it uses. At the same time, the FCA's findings highlight the value of working with trusted providers such as LSEG Risk Intelligence that offer transparency and robust governance, enabling firms to evidence control effectiveness rather than relying on opaque, off-the-shelf solutions.
Another key area of focus was risk assessment, including the poor articulation of sanctions and proliferation financing risk and unsupported risk conclusions. This reinforces the importance of solutions built on high-quality, wide-ranging and near real-time intelligence – with structured, provenanced data – that enable stronger oversight while making it easier to evidence decisions and demonstrate control effectiveness.
From screening outputs to control effectiveness
The FCA’s findings reflect a wider shift: the focus is moving beyond screening outputs. It is no longer enough to show that alerts are generated. Regulators are evaluating whether the entire control environment — data, governance, validation and testing — operates effectively.
This raises new operational questions. How quickly can new sanctions be applied? How reliable is the underlying data? How robust is control testing? These are no longer secondary considerations – they are central to effective compliance.
What firms should prioritise next
The FCA’s review highlights clear areas for action:
- Strengthen data quality and governance
- Improve screening effectiveness, accuracy and consistency
- Establish robust testing and validation processes
- Ensure full auditability of decisions and escalation pathways
Technology can support this evolution. Real-time screening, continuous monitoring and embedded controls across onboarding and payments can help firms move faster, without compromising compliance.
What this means for firms
Sanctions regimes are becoming more complex, both in the pace and scale of change. This creates greater pressure on compliance teams and systems. The FCA’s findings reinforce a clear message: effective sanctions compliance depends on performance. It is not enough to design controls; firms must demonstrate that those controls work.
Firms that invest in strong data, consistent screening and clear governance will be better positioned not only to manage risk, but to respond confidently to increasing regulatory scrutiny.
Final perspective
Sanctions compliance is evolving towards a model defined by performance, transparency and accountability.
Firms that take a proactive approach – strengthening data, enhancing screening and embedding governance – will be better equipped to operate in a complex and fast-moving regulatory environment.
How LSEG Risk Intelligence can help
Against this backdrop of increasing complexity and scrutiny, having the right data and visibility in place is essential. LSEG Risk Intelligence helps organisations strengthen their approach to sanctions compliance by bringing together high-quality data, ownership insights and screening capabilities into a single, trusted framework.
World-Check On Demand helps compliance teams move beyond basic screening by combining high-quality, deeply curated intelligence with full provenance and near real-time updates.
This enables earlier identification of potential exposure as sanctions evolve – supporting faster escalation, more confident decision-making and a more defensible approach to managing sanctions risk in high-expectation regulatory environments.
Legal Disclaimer
Republication or redistribution of LSE Group content is prohibited without our prior written consent.
The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.
Copyright © 2026 London Stock Exchange Group. All rights reserved.
The content of this publication is provided by London Stock Exchange Group plc, its applicable group undertakings and/or its affiliates or licensors (the “LSE Group” or “We”) exclusively.
Neither We nor our affiliates guarantee the accuracy of or endorse the views or opinions given by any third party content provider, advertiser, sponsor or other user. We may link to, reference, or promote websites, applications and/or services from third parties. You agree that We are not responsible for, and do not control such non-LSE Group websites, applications or services.
The content of this publication is for informational purposes only. All information and data contained in this publication is obtained by LSE Group from sources believed by it to be accurate and reliable. Because of the possibility of human and mechanical error as well as other factors, however, such information and data are provided "as is" without warranty of any kind. You understand and agree that this publication does not, and does not seek to, constitute advice of any nature. You may not rely upon the content of this document under any circumstances and should seek your own independent legal, tax or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the publication and its content is at your sole risk.
To the fullest extent permitted by applicable law, LSE Group, expressly disclaims any representation or warranties, express or implied, including, without limitation, any representations or warranties of performance, merchantability, fitness for a particular purpose, accuracy, completeness, reliability and non-infringement. LSE Group, its subsidiaries, its affiliates and their respective shareholders, directors, officers employees, agents, advertisers, content providers and licensors (collectively referred to as the “LSE Group Parties”) disclaim all responsibility for any loss, liability or damage of any kind resulting from or related to access, use or the unavailability of the publication (or any part of it); and none of the LSE Group Parties will be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, howsoever arising, even if any member of the LSE Group Parties are advised in advance of the possibility of such damages or could have foreseen any such damages arising or resulting from the use of, or inability to use, the information contained in the publication. For the avoidance of doubt, the LSE Group Parties shall have no liability for any losses, claims, demands, actions, proceedings, damages, costs or expenses arising out of, or in any way connected with, the information contained in this document.
LSE Group is the owner of various intellectual property rights ("IPR”), including but not limited to, numerous trademarks that are used to identify, advertise, and promote LSE Group products, services and activities. Nothing contained herein should be construed as granting any licence or right to use any of the trademarks or any other LSE Group IPR for any purpose whatsoever without the written permission or applicable licence terms.
