Sanctions Screening Tools Compared: From World-Check to Modern API Screening

Sanctions screening used to be a bank problem. Now it is everyone's problem

For most of the last thirty years, checking names against sanctions lists was something that happened deep inside large banks, run by compliance teams with seven-figure software budgets. That world has changed. Governments have pushed the same obligations down to estate agents, law firms, accountants, crypto exchanges, payment startups and ordinary businesses that send invoices abroad. If you move money across borders, or help someone else do it, you are very likely on the hook for sanctions screening whether you realise it or not.

This guide is for the people now caught by those rules and trying to work out what to actually buy. It covers three things: who needs screening and why, which watchlists genuinely matter, and how the available tools compare, from the old-school incumbents like World-Check to modern API services such as Ohmyfin. The goal is to help you pick the right tool for your size and risk, not to sell you the biggest one.

Who needs sanctions screening, and why it is not optional

Sanctions are legal restrictions that prohibit you from doing business with named people, companies, vessels and, in some cases, entire regions. Unlike most regulations, they are strict liability in many jurisdictions. You can break them by accident, with no intent to do anything wrong, and still face penalties. That is exactly why screening exists: it is the documented check that proves you looked before you acted.

Regulated financial firms

Banks, payment service providers, electronic money institutions, money transfer operators and crypto exchanges all sit at the front line. They are required to screen customers at onboarding, screen the parties to every payment, and re-screen their book as lists change. For them, screening is a licence condition, not a nice-to-have.

Designated non-financial businesses and professions

This is the group that has expanded the fastest. Regulators call them DNFBPs, and the label covers real estate agents and brokers, lawyers and notaries, accountants and auditors, company formation agents and dealers in high-value goods. A real estate agent closing a property deal is expected to screen the buyer, the seller and the people behind any company involved. Property is a favourite route for laundering money because the values are large and ownership can hide behind shell companies, so the sector draws heavy scrutiny. Law firms carry the same duty when they form companies, handle client funds or manage transactions. Missing a sanctioned client is not a paperwork slip. It can mean fines, criminal charges, and in property cases the seizure of the asset itself.

Cross-border businesses, and the bank relationship you cannot afford to lose

Even businesses that are not directly regulated feel the pressure, because their banks are. An importer paying a foreign supplier, a marketplace paying out to sellers in forty countries, a SaaS company invoicing clients abroad: all of them rely on a banking partner that is itself screening every transaction. If your payments keep triggering sanctions alerts, or you cannot show that you check who you pay, banks do something quietly brutal. They de-risk you. They close your account or refuse to open one, because the cost of keeping a risky customer is higher than the revenue you bring in.

For a cross-border business, losing a euro or dollar account is often worse than any fine. It can halt the whole operation. Running your own screening, and keeping the records to prove it, is how you protect that relationship. When a bank asks why you sent a payment to a particular counterparty, a screening report dated before the transfer is the answer that keeps your account open.

The global watchlists, and why there is no single list to check

The single most misunderstood point about screening is that there is no master list. Dozens of governments and bodies each publish their own, they do not agree with each other, and they update on their own schedules. A person can be clean on one list and blocked on another. Good screening checks across all of them at once and tells you which one produced the hit.

Diagram of the global sanctions watchlist landscape showing the major four lists (OFAC SDN, EU Consolidated, UK Sanctions List, UN Security Council), national lists like SECO, OSFI, DFAT and MFAT, and risk-signal lists for PEPs and adverse media
The watchlist landscape splits into three tiers: blocking lists, national lists, and risk signals.

The major four

Four lists do most of the work and are screened by almost every regulated business in the Western financial system.

  • OFAC SDN (United States). The Specially Designated Nationals list from the US Treasury's Office of Foreign Assets Control. Because so much global trade clears in US dollars or passes through US correspondent banks, the SDN list reaches far beyond America. A payment between two non-US companies can still be blocked if it touches the dollar.
  • EU Consolidated List (European Union). The aggregated financial sanctions adopted by the EU Council. Any euro transaction, or any business inside the EU, is bound by it. It does not always match the US list.
  • UK Sanctions List (United Kingdom). Administered through the Office of Financial Sanctions Implementation, part of His Majesty's Treasury. Since the separate OFSI consolidated list was retired in early 2026, the UK Sanctions List is the single source for UK designations. After Brexit the UK regime has drifted away from the EU in places, so London-cleared payments need their own check.
  • UN Security Council Consolidated List. The global baseline. Most countries fold UN designations into their own regimes, so it is the common floor that nearly everyone builds on.

National and regional lists

Below the major four sits a long tail of national lists that matter the moment your business touches that country. Switzerland publishes through SECO, Canada through OSFI, Australia through DFAT and New Zealand through MFAT. Ukraine, Japan, Singapore and many others maintain their own. In total there are well over a hundred distinct sanctions and watchlist sources worldwide. You do not need all of them, but you do need the ones that match where your customers and counterparties actually are. This is the practical reason to use a tool: keeping a hundred-plus lists current by hand is impossible.

PEPs and adverse media: signals, not always blocks

Two other categories get screened alongside sanctions, and they work differently. A politically exposed person, or PEP, is someone in a position of public trust, such as a minister, judge, senior official or their close family and associates. Being a PEP is not illegal and is not a block. It is a flag that the person carries a higher risk of bribery or corruption, so you are expected to apply enhanced due diligence and look more closely before proceeding.

Adverse media is negative news: reports linking a person or company to fraud, organised crime, terrorism financing or corruption. It is not a sanctions list at all. It is an early warning that often surfaces risk long before any regulator acts. A name can carry serious adverse media with no sanction attached. The catch with both PEP and adverse media screening is noise. Common names produce huge numbers of false positives, and in some programmes the large majority of alerts turn out to be the wrong person. The value of a good tool is as much in cutting that noise as in catching the real hit.

What a sanctions screening tool actually does

Underneath the marketing, every screening tool runs roughly the same pipeline. Understanding it makes the differences between products easier to judge.

Pipeline diagram of a modern sanctions screen: submit a name, normalize and transliterate it, fuzzy-match against 140 plus lists, score the match with secondary identifiers, decide to clear, review or block, then record an audit report and monitor for changes
From the name you submit to an answer you can defend, in well under a second.

You submit a name, and optionally a date of birth, nationality or identity number. The tool normalizes it, which includes transliterating non-Latin scripts. A sanctioned Russian or Iranian name can be spelled a dozen ways in English, so handling Cyrillic, Arabic and Chinese characters properly is where weaker tools quietly miss people. It then runs fuzzy matching across every list at once, because "Vladimir" and "Wladimir" should both hit. Each potential match gets a confidence score, and this is where secondary identifiers earn their keep. A date of birth or nationality lets the tool clear a harmless namesake instead of dumping the alert on a human. You then decide, against a threshold you control, whether to clear, review or block. Finally, the good tools record the whole thing as a timestamped report and keep watching, because a name that is clean today can be designated tomorrow.

Two features separate serious tools from toy ones. The first is ongoing monitoring: re-screening your existing customers automatically as lists change, rather than only at onboarding. The second is the audit trail: a report you can hand to a regulator or a bank that proves what you checked, when, and what you found.

The tools, from old-school to modern

The market has formed in three waves, and understanding the generations explains why prices and onboarding times differ so wildly.

Comparison of three generations of sanctions screening tools: legacy data subscriptions like World-Check, Dow Jones and LexisNexis; SaaS platforms like ComplyAdvantage; and API-first or open-data tools like OpenSanctions, sanctions.io, Castellum.AI and Ohmyfin
Three generations of screening, from enterprise data houses to screening as a single API call.

World-Check, by LSEG (formerly Refinitiv)

World-Check is the grandfather of the industry and still the reference point everyone else is measured against. Now owned by the London Stock Exchange Group, it is built on a research operation of hundreds of analysts who hand-curate profiles across more than two hundred countries, covering sanctions, PEPs, adverse media and state-owned enterprises, updated daily. The data is genuinely deep. The trade-offs are price and friction. It is sold on enterprise contracts that typically run into five or six figures a year, the sales process takes weeks, and integration can take months. For a tier-one bank that needs the depth and has the team to use it, World-Check earns its keep. For a small firm that needs to screen a few names a day, it is wildly oversized.

Dow Jones Risk & Compliance

Dow Jones is World-Check's closest peer, another data originator with a strong reputation, especially for adverse media research drawn from its newsroom heritage. Its strength is the breadth and quality of the underlying data. Its weakness, as long-time users point out, is that it leans toward being a data feed rather than a finished workflow, so getting it into day-to-day operations often means bolting it onto another platform. It sits at the same enterprise price point as World-Check.

LexisNexis WorldCompliance and Bridger Insight

LexisNexis is the third of the big legacy data houses. Its WorldCompliance data feeds its Bridger Insight XG screening platform, and the combination is flexible and comprehensive. The cost of that flexibility is implementation: the tooling is powerful but heavy, and getting the most out of it usually means real IT effort and configuration. Like its peers, it is built and priced for larger institutions.

ComplyAdvantage and the SaaS wave

The second generation arrived with cloud platforms aimed at the firms the incumbents priced out. ComplyAdvantage is the best known. Rather than reselling someone else's data, it builds its own aggregated dataset straight from the source lists and registries, applies its own matching, and wraps it in a modern dashboard with case management. Tools in this group, which also includes names like Sanction Scanner and Napier, brought screening down to mid-market pricing and cut onboarding from months to days. The trade-off is that you adopt their workflow and dashboard, which is excellent if you want a ready-made system and less ideal if you want to embed screening inside your own product.

OpenSanctions and the open-data movement

OpenSanctions took a different path: publish the consolidated sanctions, PEP and watchlist data as an open dataset that anyone can download, self-host or query through a hosted API. It is transparent, metered on a pay-as-you-go basis, and free for journalists, NGOs and academic research. It is closest to a clean data layer rather than a full compliance suite, so adverse media and case management are not its focus, but for developers who want raw, well-structured list data it is a strong and honest option.

sanctions.io, Castellum.AI and the API-first tools

The newest generation treats screening as a single API call. Services like sanctions.io and Castellum.AI offer simple, cost-effective REST APIs covering sanctions, PEPs and, in some cases, adverse media, export controls and beneficial ownership. You sign up, get a key, and start screening in minutes instead of negotiating a contract. This is the model built for fintechs, SaaS products and lean compliance teams that want screening inside their own systems rather than in a separate vendor dashboard.

Ohmyfin

Ohmyfin sits firmly in this modern, API-first generation, and it is the option this guide knows best because it is a sister project to Bank Pulse. It screens against more than a hundred and forty global watchlists at once, including OFAC, the EU and UK lists, the UN list and the national registries, with fuzzy matching and proper transliteration for Cyrillic, Arabic and CJK names built in. A few details set it apart for the businesses described earlier in this article:

  • Pay-as-you-go pricing. It uses a credit model rather than an annual enterprise contract. A single screen, a downloadable compliance report and a full year of monitoring on one entity each cost a single credit. There is no minimum commitment, which is what makes it realistic for a small firm or a developer.
  • A real developer API. Screening is a straightforward REST call. You send a name and an optional match threshold, and you get back scored matches, the lists searched, a report ID and a tamper-evident hash. Test keys return mock data so you can build and integrate before you spend anything.
  • MCP for AI assistants. Ohmyfin exposes a screening tool over the Model Context Protocol, so an AI assistant such as Claude can run a sanctions check directly inside a conversation. There is a free tier of a few screens a day through this route, with no card required, which is a genuinely modern way to let non-technical staff check a name.
  • Audit-ready PDF reports. Every screen can be exported as a PDF sealed with a SHA-256 hash, so the report can be verified later and cannot be quietly edited. This is exactly the document you hand a bank or an auditor to prove you checked.
  • Ongoing monitoring built in. Add an entity to monitoring and it is re-screened automatically as lists change, with alerts by email or signed webhook when a match appears, a listing is added or removed, or a score shifts.

The honest framing is this: Ohmyfin is not trying to replace World-Check inside a global bank. It is built for the much larger group of businesses that never needed that and could never justify the cost, but are now required to screen anyway.

Side-by-side comparison

No table captures every nuance, but this is the shape of the market at a glance.

Tool Generation Data and coverage Pricing model API and automation Best fit
World-Check (LSEG) Legacy data house Very deep, analyst-curated, 200+ countries Enterprise annual contract API available, long onboarding Tier-1 banks and large institutions
Dow Jones R&C Legacy data house Deep data, strong adverse media Enterprise annual contract Data feed, needs a platform Large firms with their own workflow
LexisNexis Legacy data house Comprehensive, WorldCompliance + Bridger Enterprise, configuration heavy Flexible, IT-intensive Enterprises needing custom setups
ComplyAdvantage SaaS platform Own aggregated data, AI matching Mid-market subscription API plus full dashboard Fintechs and growing regulated firms
OpenSanctions Open data Open sanctions, PEP and watchlist data Pay-as-you-go, free for non-profits API and self-host, raw data Developers wanting clean list data
sanctions.io / Castellum.AI API-first Sanctions, PEP, some adverse media Simple usage-based plans API-first, quick start Developers and lean teams
Ohmyfin API-first 140+ lists, transliteration, monitoring Credit-based, pay-as-you-go, free tier REST API, MCP for AI, PDF reports Small firms, DNFBPs, developers

How to choose the right tool for you

Match the tool to your profile rather than to the longest feature list.

  • A large bank or established financial institution. The depth and analyst research of World-Check, Dow Jones or LexisNexis is hard to beat, and you have the team to run it. The cost is the point of entry, not the obstacle.
  • A fintech, payment firm or EMI. You want screening inside your product with a clean API and a dashboard for your compliance staff. A SaaS platform like ComplyAdvantage or a capable API-first service fits well.
  • A DNFBP: estate agent, law firm, accountant. You screen a manageable number of names, you need a defensible report for each, and you cannot justify an enterprise contract. A pay-as-you-go tool with PDF reports, such as Ohmyfin, matches the actual obligation without the overhead.
  • A developer or SaaS builder. You want to embed checks programmatically. Look at the API-first and open-data options, and weigh whether you also want monitoring and audit reports out of the box or just raw data.
  • An occasional checker. If you only need to verify a counterparty now and then, a free tier or per-search tool beats any subscription. The MCP free tier on Ohmyfin, or a free OpenSanctions query, covers this.

Three questions cut through most sales pitches. Does it cover the specific lists for the countries you deal with? Does it re-screen automatically, or only once at onboarding? And can it produce a dated report you can show your bank or regulator? If a tool cannot do all three, it is not really doing the job.

A quick look at the developer path

For the technically minded, the gap between generations is clearest in how you start. With a legacy provider you book a call. With a modern API you send a request. An illustrative screen against the Ohmyfin API looks like this:

curl -X POST https://ohmyfin.ai/api/v4/sanctions/screen \
  -H "KEY: test-your-api-key" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Ivan Petrov", "threshold": 0.8 }'

The response comes back as JSON with any matches, their scores, the source list for each, the number of lists searched, a report identifier and a hash for the audit record. A test key returns mock data, so you can wire screening into an onboarding flow or a payment check and see exactly how it behaves before a single credit is spent.

Common mistakes in sanctions screening

  • Screening once and never again. A customer who was clean at onboarding can be sanctioned next year. Without ongoing monitoring, you would never know.
  • Only checking OFAC. The US list is the most famous, not the only one. A counterparty can be clean on OFAC and listed in the EU or UK.
  • Ignoring secondary identifiers. Screening on a bare name with no date of birth or nationality buries your team in false positives and trains everyone to click "clear" without thinking.
  • Keeping no audit trail. If you cannot prove you screened, then as far as a regulator or bank is concerned, you did not.
  • Treating every PEP or adverse media hit as a block. These are signals to look closer, not automatic refusals. Mishandling them either freezes legitimate business or waves through real risk.

Frequently asked questions

Is sanctions screening legally required for small businesses?

It depends on your sector and country, but the trend is firmly toward yes. Regulated firms and DNFBPs such as estate agents, law firms and accountants generally must screen. Even unregulated businesses are pushed into it by their banks, which can close accounts over unscreened high-risk activity.

How many sanctions lists do I need to check?

At minimum the major four: OFAC SDN, the EU Consolidated List, the UK Sanctions List and the UN Security Council list. Beyond that you add the national lists for the countries you deal with. A good tool checks a hundred or more at once so you do not have to choose.

What is the difference between a sanction, a PEP and adverse media?

A sanction is a legal block: you cannot transact with the named party. A PEP is a person in a position of public trust, which is not a block but a reason for extra due diligence. Adverse media is negative news that flags risk early, with no legal restriction attached on its own.

Do I need an expensive tool like World-Check?

Only if you are a large institution that needs its depth and has a team to use it. Most small and mid-sized firms are better served by a modern pay-as-you-go service that covers the same core lists, produces an audit report, and costs a fraction of an enterprise contract.

How does ongoing monitoring work?

Instead of screening a name once, you place the entity under monitoring and the tool re-screens it automatically as lists change, alerting you when a new match appears or an existing one changes. This is what keeps you compliant between onboarding and the next manual review.

The bottom line

Sanctions screening has moved from a specialist bank function to a baseline requirement for anyone handling cross-border money. The watchlists are fragmented, the obligations are strict, and the cost of getting it wrong runs from fines to a lost bank account. The good news is that the tools have caught up with the spread of the rules. You no longer have to choose between an enterprise contract you cannot afford and doing nothing. If you are looking up a bank before sending a payment, Bank Pulse shows the sanctions flags on every bank record. For full name and entity screening, with an API, AI access, audit-ready PDF reports and pay-as-you-go pricing, take a look at ohmyfin.ai/sanctions. The right tool is the one that matches your risk, not the one with the longest history.