What Is Sanctions Resolution? And Why Most Screening Programs Do Not Have It

Sanctions screening is not the same as sanctions compliance.

Screening detects potential matches against sanctions lists. Compliance depends on what happens next: investigation, decision, and documentation. That process, sanctions resolution, is where compliance quality is actually determined. And it is the part that has almost no dedicated tooling.

This article explains the difference between screening and resolution, why that distinction matters operationally, and why the gap between the two is the largest unaddressed problem in trade compliance today.

What Are Sanctions Lists?

Sanctions lists are government-maintained registers of individuals, companies, and entities that businesses are legally prohibited or restricted from dealing with.

The major regimes include OFAC (the US Treasury Department's Office of Foreign Assets Control, which maintains the Specially Designated Nationals list), the EU Consolidated List, the UK Sanctions List maintained by HM Treasury, and the UN Security Council Consolidated List. These lists change frequently, sometimes daily, as geopolitical situations evolve. A counterparty cleared last week may be designated today.

Businesses with international operations are legally required to screen against these lists before engaging in transactions.

What Is Sanctions Screening?

Screening software compares entity names (customers, suppliers, business partners) against sanctions lists using matching algorithms to identify potential matches. When a potential match is found, the system generates an alert. A sanctions alert is a notification that a screened entity may correspond to an entry on a sanctions list. Alerts require human review to determine whether the match is genuine or a false positive.

False positives occur when different entities share similar names, spellings, or transliterations. Common names, abbreviations, and non-Latin character sets, particularly transliterated Arabic, Chinese, or Cyrillic names, increase false positive rates significantly. Depending on the organisation, false positives can represent the vast majority of all alerts generated.

Screening is detection. It identifies potential risk. It does not investigate, decide, or document. When a screening tool generates an alert, its job is done.

What Is Sanctions Resolution?

Sanctions resolution is the process of investigating alerts, making decisions, and documenting the outcome. It begins where screening ends.

It includes evaluating match quality, gathering external context, comparing entity details against designation records, making a clear-or-escalate decision, and recording the evidence and reasoning in a form that withstands regulatory scrutiny.

Most screening tools do not perform alert resolution. The investigation, judgment, and documentation fall entirely on human analysts. This is not a limitation of any particular vendor. It is how the screening market was built.

How Sanctions Alerts Are Actually Investigated

When a screening tool generates an alert, a compliance analyst works through the five-step sanctions alert investigation process.

Evaluate the match

Is this a genuine potential match, or a false positive triggered by a common name, transliteration issue, or partial string overlap? In practice, this requires understanding why the matching algorithm flagged this particular combination. Many screening tools do not make that transparent.

Gather external context

The analyst searches for additional information: company websites, corporate registration records, news articles, ownership structures. This almost always means toggling between multiple systems and conducting manual web research. There is no single interface that assembles the relevant context automatically.

Check designation details

If the alert references a sanctioned entity, the analyst verifies whether the designation actually applies, checking jurisdiction, sanctions programme, and whether the specific activity is restricted. This requires familiarity with the relevant regulatory regime, which varies significantly between OFAC, EU, UK, and UN programmes.

Make a decision

Based on the evidence, the analyst makes one of three decisions. Clear the alert as a false positive if the match is not genuine. Escalate for further review if the case is ambiguous or requires additional expertise. Block the transaction if the evidence supports a genuine match against a sanctioned entity.

Document everything

The reasoning, the sources consulted, the decision reached, and the supporting evidence must be recorded in a form that holds up under regulatory scrutiny. Potentially years after the fact.

Straightforward false positives take five to ten minutes. Ambiguous matches involving entities in sensitive jurisdictions or layered ownership structures take 30 minutes to 1 hour - and in some cases days. Multiply that across hundreds or thousands of alerts per month and the operational burden becomes clear. One global manufacturer reported 2,500 blocked purchase orders per month requiring manual review. Only one true positive requiring a business partner blockade had been identified in two to three years.

The screening tool did exactly what it was designed to do. The resolution burden landed entirely on people.

Why Screening Tools Do Not Perform Resolution

This is a consequence of how sanctions screening software works: every part of the architecture is optimised for list coverage, matching algorithms, and false positive reduction at the detection stage. Once an alert is generated, the screening tool's work is complete. This made sense when alert volumes were manageable and sanctions regimes were relatively stable. It no longer does.

Ongoing geopolitical tensions have added thousands of new designations across US, EU, and UK lists. Iran, Belarus, and export-controlled technology destinations continue to grow. More designations mean more potential matches. More potential matches mean more alerts. More alerts mean more investigation hours. The screening tools are doing exactly what they were designed to do. The downstream workload scales with them.

The result is a structural gap. Companies have sophisticated, mature technology for detection and almost nothing for resolution.

The Operational Cost of Manual Resolution

The burden of manual resolution creates four compounding problems.

Time cost

A company processing 1,000 alerts per month at an 80% false positive rate in sanctions screening consumes 30 to 40 hours of analyst time monthly on false positives alone.

At eight minutes per alert and a fully loaded analyst cost of €45 per hour, that is over €6 per alert. Just for investigation time.

Most mid-market companies employ one to four dedicated compliance analysts. Screening resolution can consume a material share of total team capacity.

Consistency risk

An analyst reviewing their fiftieth alert of the day does not bring the same attention as they brought to their first. Two analysts reviewing the same alert may reach different conclusions depending on their experience, their interpretation of internal policy, and how much time they have. This is not a training failure. It is what happens when a judgment-intensive task is performed manually at volume without structural guardrails. The inconsistency compounds across regions, subsidiaries, and shifts. It is precisely the kind of variance that regulators look for.

Knowledge loss

When an experienced analyst leaves, their judgment, pattern recognition, and institutional knowledge of recurring entities and edge cases leave with them. The next analyst starts from scratch. There is no system of record for how previous decisions were made or why. Every organisation that has lost a senior compliance analyst knows the months it takes to rebuild that capability. If it can be rebuilt at all.

Audit exposure

This is where the other three problems converge.

Evidence is stored manually. Screenshots saved to shared drives. Decisions recorded in spreadsheets. Sources scattered across email threads.

When regulators request proof of due diligence, compliance teams face days of manual reconstruction across multiple systems. What auditors look for in sanctions compliance programs does not focus primarily on whether a company has a screening tool. Most companies do. What auditors examine is the quality and consistency of the decisions made on the alerts that screening produces. Can you demonstrate that every alert was investigated? Can you show what information the analyst had at the point of decision? Would a different analyst, given the same information, have reached the same conclusion? These are resolution questions, not screening questions.

OFAC recorded $1.5 billion in settlements and penalties in 2023. A penalty against a US machine tool manufacturer for Russia-related violations in early 2025 confirmed that non-financial, trade-intensive companies are firmly in scope. The reputational and operational cost of a public enforcement action, including loss of export privileges, customer attrition, and legal fees, typically exceeds the fine itself.

The Category Gap

The market offers software for finding alerts. It does not offer software for resolving them.

No mainstream screening platform investigates the alerts it generates. No mainstream platform assembles the external context an analyst needs (corporate registry data, ownership structures, adverse media, web presence) and presents it alongside the alert. No mainstream platform produces structured analysis explaining why a match was flagged and what evidence supports or contradicts it. And no mainstream platform generates audit-ready documentation as a default output of the decisioning process. That entire workflow, from alert to documented, defensible decision, is unserved by current tooling. It runs on manual effort, institutional memory, and good intentions.

Closing this gap requires infrastructure purpose-built for investigation, decision, and documentation. Not a better version of detection. The distinction between screening and resolution is not semantic. It describes two fundamentally different operational problems that require different capabilities.

The Choice

There are two ways to handle sanctions alerts.

Manual resolution: analysts investigate each alert individually, switching between systems, gathering evidence by hand, documenting decisions in fragmented formats. This works at low volume. It does not scale, it does not produce consistent outcomes, and it creates the kind of audit exposure that keeps compliance leaders up at night.

Systematic resolution: purpose-built infrastructure that automates context gathering, structures analysis, applies consistent decision logic, and produces audit-ready documentation by default. The analyst reviews a completed analysis rather than building one from scratch. Their expertise goes where it matters, the genuinely difficult cases, rather than being consumed by mechanical assembly work.

Most companies are still manual. They have invested in screening. They have not invested in resolution. A screening tool can be accurate and your compliance process can still be weak. If alert investigation is manual, inconsistent, and poorly documented, detection alone does not protect you.

‍