List delivery and updates
Sanctions lists change constantly. The gap between a designation being published and your systems knowing about it is pure exposure.
L0 Explain simply
An everyday analogy: the banned list at the gate is not printed once — new posters arrive continually, some are corrected, and some are taken down after appeals. A gatekeeper working from last month's stack will wave through people banned last week and keep stopping people who were cleared. Worse, some visitors are already inside the building: when a new poster arrives, someone has to walk the floors and re-check everyone against it, not just future arrivals at the gate. Keeping the stack current, and re-checking the people already inside every time it changes, is the whole discipline of list updates and rescreening.
L1 Core concepts
Issuers add, amend, and delist entries continuously, publishing updates through official channels and machine-readable files. Legal obligations generally attach from the moment a designation takes effect — not from when a bank happens to load the file — so ingestion speed is a compliance parameter, not a convenience. Two controls follow. Transaction screening picks up new names automatically for future payments once the list is loaded. Rescreening covers everyone already inside: the existing customer base is re-checked when lists change, either by re-running everything on a schedule or by screening the customer base against the delta — the set of added and changed entries. Delisting matters too: removed entries should stop generating alerts, and holds based on them need review.
L2 Practitioner view
The practical questions are latency and verification. How long passes between an issuer publishing an update and the new entries being live in every screening system — onboarding, payments, batch? Institutions measure this end-to-end, because a vendor feed, an overnight batch, and a weekly sync each add lag, and major geopolitical events produce bursts of designations exactly when the exposure is highest. Ingestion is validated, not trusted: record counts, structural checks, and alerting when a load fails silently. Rescreening scope is a documented choice — full-base rescreening is thorough but expensive; delta screening is fast but depends on correctly identifying what changed. After large updates, teams also expect and staff for an alert spike rather than letting queues silently grow.
L3 Technical details
Design details that separate well-run programmes: update processing is idempotent and versioned, so every screening decision can be tied to the exact list version in force when it was made — essential when reconstructing why a payment passed on Tuesday that would alert on Thursday. Amendments are treated as carefully as additions, because a corrected birthdate or an added alias changes matching behaviour for existing customers. Delisting triggers a review workflow rather than silent suppression, since funds frozen under an entry may need a deliberate release decision. And the customer-base extract used for rescreening has its own freshness problem: rescreening yesterday's customer file against today's list quietly excludes today's new accounts. Institutions differ on cycle times; what they share is the need to know and defend them.
Sources & standards1
- Market practice
Wolfsberg Group Sanctions Screening Guidance ↗ — The Wolfsberg Group · List management and lookbacks
Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.
L4 Standards & sources
The authoritative update channels are the issuers' own publications. OFAC announces SDN List changes as recent actions on its website and publishes machine-readable data files, with subscription channels notifying each change. The UN Security Council publishes the consolidated list, updated whenever the Council or one of its sanctions committees adds, amends, or delists an entry. The UK moved to a single-list arrangement on 28 January 2026: the OFSI consolidated list was withdrawn, and the UK Sanctions List is now the sole source for UK designations; new entries carry a unique ID rather than an OFSI group ID. What these sources define is publication; ingestion is the institution's problem. Regulators expect updates to be picked up and existing customers rescreened without undue delay — the concrete interval is a documented internal decision, not a number the lists prescribe.
Sources & standards2
- Official requirement
Specially Designated Nationals and Blocked Persons List (SDN List) ↗ — US Department of the Treasury, Office of Foreign Assets Control · SDN List publication, recent actions, and data files
Updated continuously; machine-readable formats are distributed via OFAC's Sanctions List Service. Every list entry appearing in this site's examples is fictional.
- Official requirement
United Nations Security Council Consolidated List ↗ — United Nations Security Council · Consolidated list publication and committee updates
Published in XML, HTML, and PDF formats and updated as committees act; each name is subject to the measures of its specific sanctions committee, not one uniform regime.
Sources for this topic3
- Market practice
Wolfsberg Group Sanctions Screening Guidance ↗ — The Wolfsberg Group · Reference data and list management
Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.
- Official requirement
Specially Designated Nationals and Blocked Persons List (SDN List) ↗ — US Department of the Treasury, Office of Foreign Assets Control · SDN List publication and updates
Updated continuously; machine-readable formats are distributed via OFAC's Sanctions List Service. Every list entry appearing in this site's examples is fictional.
- Simplified educational illustration
Payments Signal editorial teaching models — Payments Signal
What this simplifies: Update cadences, cycle times, and ingestion architectures vary widely between issuers, vendors, and institutions; the Tuesday/Thursday example is illustrative. When each jurisdiction's obligations legally take effect is a matter for the specific regime's legal acts.
Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.
Deepest material on this page: L4 — Standards & sources. Where a topic stops short of implementation depth, that is a deliberate coverage decision, not an oversight — see coverage.