The Dark Side of Sanctions Screening
Authoritarian governments have found a way to weaponise our compliance infrastructure. The screening tools and de-risking practices we rely on daily are being used to extend political repression across borders — and the system is working exactly as designed.
If you work in AML or sanctions compliance, you've spent years building and refining screening processes designed to catch the right people. Sanctioned individuals, terrorists, money launderers. The system is supposed to protect the financial system from bad actors.
But what happens when an authoritarian government turns that same system into a weapon against its own citizens?
That's exactly what's happening right now, and it raises uncomfortable questions for every compliance officer who relies on automated screening.
How the mechanism works
The process is disturbingly simple. A government — Russia is the clearest example, but Belarus, Turkey, and China use similar tactics — designates political opponents as "terrorists" or "extremists" under its domestic law. These designations then flow automatically into the global compliance databases that we all use: Dow Jones Risk & Compliance, LexisNexis, Refinitiv World-Check.
From there, our screening systems pick them up. An alert fires. The compliance team sees a terrorism flag. And in most banks, the response is predictable: request additional documentation, escalate, and — more often than not — exit the client. Because that's what our policies tell us to do.
The result is that a Russian journalist who criticised the Kremlin, a Belarusian human rights worker, or a teenager who posted something online gets treated by our systems exactly the same way as someone with genuine links to terrorist financing. Their accounts are frozen or closed. Their financial life in Europe becomes impossible. And the authoritarian regime that targeted them has achieved its goal — using our infrastructure.
The scale is significant
This isn't a handful of edge cases. Russia's list of designated "terrorists and extremists" has grown to over 20,000 names, with hundreds being added every month. Many are ordinary people whose only offence was political dissent. Reports indicate that around one in ten of those designated is a minor.
These aren't names that most compliance teams will ever look at individually. They flow through automated screening, generate alerts, and trigger standard de-risking procedures. The system works exactly as designed — and that's the problem.
Why we struggle with this
The compliance industry has a well-known asymmetry: there are severe penalties for missing a genuine risk, but essentially no consequences for being overly cautious. When a screening alert fires on a politically designated individual, the rational decision for any bank is to exit the relationship. It's cheaper than investigating, and no regulator will ever fine you for being too careful.
This incentive structure, combined with the fact that screening processes are heavily automated, means that the system is structurally incapable of distinguishing between a genuine terrorist and a political dissident. We screen against lists. We don't — and largely can't — assess whether the underlying designation was legitimate.
The data providers themselves are in a similar position. They aggregate information from official sources. When a government designates someone, that's a fact. Whether the designation was politically motivated isn't something a data aggregator is set up to evaluate.
What FATF doesn't check
At the root of this is a gap in how international AML standards work. FATF sets the global framework. Its recommendations require countries to designate terrorists and freeze their assets. FATF then evaluates whether countries are implementing these procedures correctly — whether accounts are frozen on time, whether screening is in place.
What FATF does not assess is whether the terrorism charges themselves are justified. It checks the process, not the substance. This is the systemic blind spot that authoritarian regimes exploit.
What should practitioners think about?
I don't have a neat solution. This is a genuinely hard problem that sits at the intersection of compliance, geopolitics, and human rights. But I think there are a few things worth considering:
First, awareness matters. Most compliance officers process screening alerts without ever questioning where the underlying data comes from or whether a designation might be politically motivated. That's understandable — we're busy, and the volume of alerts is relentless. But developing a basic awareness of which countries are known to weaponise their terrorism designations would help teams make better-informed decisions.
Second, the industry needs to talk about de-risking more honestly. We know that blanket de-risking of entire nationalities or categories of clients is a blunt instrument. Regulators have said as much. But the incentive structure still pushes banks in that direction. Until there's some form of regulatory safe harbour for servicing individuals with asylum or protected status, banks will keep making the rational but harmful choice.
Third, data providers could do more. Adding context to designations — flagging countries with patterns of political abuse, or noting when a designation comes from a jurisdiction with a known track record of weaponising its terrorism lists — would help compliance teams make better judgments. Some of this is starting to happen, but it's not yet standard practice.
Finally, individuals who are wrongly designated need a realistic path to clear their names. Currently, the burden falls entirely on the person — who is often a refugee with limited resources. Independent review mechanisms and fast-track processes for asylum holders would help, but they don't exist yet.
The uncomfortable truth
As AML practitioners, we've built a system that's very good at what it does. But "what it does" includes enabling authoritarian governments to extend their repression across borders, using our screening tools, our databases, and our risk-averse compliance culture as the delivery mechanism.
That's not a comfortable thought. But it's one we need to sit with, because this problem is only going to grow.
Further reading:
- Alexandra Prokopenko, "The Kremlin Has Weaponized Western Financial Checks to Punish Russian Dissidents," Carnegie Politika, November 2025
- Alexandra Prokopenko, "How Russia weaponised global banking to silence dissidents," Financial Times, February 2026
