CGSS — ACAMS Certified Global Sanctions Specialist Exam Blueprint

Independent CGSS exam blueprint for ACAMS Certified Global Sanctions Specialist candidates reviewing sanctions frameworks, screening, investigations, evasion, and compliance controls.

How to Use This Exam Blueprint

Use this independent Exam Blueprint as a practical readiness map for the ACAMS Certified Global Sanctions Specialist (CGSS) exam from ACAMS. It does not assign official weights or claim to reproduce the exam. Instead, it helps you check whether you can apply sanctions concepts to realistic compliance decisions.

Work through the checklist in three passes:

  1. Concept pass: Can you define the vocabulary and explain the purpose of each control?
  2. Scenario pass: Can you decide what to do when facts are incomplete, cross-border, or conflicting?
  3. Documentation pass: Can you support your decision with clear rationale, escalation, and evidence?

Exam identity

ItemDetails
Official providerACAMS
Official exam titleACAMS Certified Global Sanctions Specialist (CGSS)
Official exam codeCGSS
Page purposeIndependent exam blueprint and final-review blueprint
Readiness targetApply global sanctions concepts to customer, transaction, ownership, screening, investigation, and compliance-program scenarios

Core topic-area readiness table

Readiness areaWhat to reviewReady when you can…Quick self-check
Sanctions purpose and policy goalsWhy sanctions are imposed; foreign policy, national security, human rights, terrorism, proliferation, corruption, cyber, conflict, and other policy objectivesExplain the difference between a sanctions objective and an AML objective“Is this risk about illicit finance generally, or about a prohibited/restricted party, place, sector, good, or activity?”
Sanctions authorities and regimesGlobal, supranational, national, and regional sanctions sources; how institutions identify applicable regimesDescribe why one transaction may trigger multiple regimes“Which jurisdictions, currencies, parties, branches, and touchpoints matter?”
Types of sanctionsList-based, territorial, sectoral, activity-based, trade, arms, travel, asset-freeze/blocking-style, investment, securities, and services restrictionsClassify a scenario by restriction type before deciding what to do“Is the issue who, where, what, sector, ownership, service, or transaction type?”
Sanctions lists and identifiersNames, aliases, dates of birth, addresses, nationalities, government IDs, vessels, aircraft, entities, crypto addresses, and other identifiersCompare potential matches using more than name similarity“What identifiers confirm, weaken, or leave unresolved the match?”
Ownership and controlDirect ownership, indirect ownership, aggregation, control rights, beneficial ownership, nominee structures, and management influenceIdentify when a non-listed entity may still require sanctions review“Who ultimately owns, controls, benefits, or directs the entity?”
Customer and counterparty due diligenceCustomer profile, beneficial owners, controllers, counterparties, geography, expected activity, products, services, and risk changesIdentify missing facts that must be obtained before disposition“What do I need to know before clearing or escalating?”
Payment and transaction screeningOriginator, beneficiary, banks, intermediaries, remittance text, addresses, vessel or shipment data, and reference fieldsExplain why transaction screening is not the same as onboarding screening“Which transaction fields create sanctions exposure?”
Trade finance and maritime riskBills of lading, invoices, ports, vessels, flag states, cargo, end use, end users, insurers, shippers, freight forwarders, and transshipmentSpot sanctions red flags in trade documents“Do the documents tell a consistent story?”
Sectoral and activity restrictionsSector-based limits, securities or financing restrictions, energy, defense, technology, dual-use goods, and services restrictions where applicableAvoid assuming that absence from a list means no sanctions risk“Could the activity itself be restricted?”
Screening systems and alert logicExact matching, fuzzy matching, transliteration, aliases, threshold tuning, batch screening, real-time interdiction, and list updatesExplain false positives, potential matches, true matches, and unresolved alerts“Why did the system generate this alert, and what evidence supports the disposition?”
Investigations and escalationAlert triage, evidence gathering, legal/compliance escalation, disposition, hold/release decisions, and documentationWrite a defensible case note for a sanctions alert“Would another reviewer understand my decision from the file?”
Licensing, exemptions, and exceptionsGeneral authorizations, specific permissions, humanitarian considerations, wind-down-style concepts, and regime-specific conditionsTreat authorizations as conditional, not blanket permission“What facts must be true for the authorization to apply?”
Reporting and recordkeepingInternal escalation, regulator-facing reporting where applicable, audit trail, evidence retention, and management informationIdentify when a matter may require more than routine alert closure“Who must know, and what must be documented?”
Evasion and circumventionFront companies, nominees, payment stripping, unusual routing, transshipment, ownership changes, maritime deception, and virtual asset typologiesDistinguish weak coincidence from meaningful red flag pattern“What behavior suggests concealment or avoidance?”
Compliance program designGovernance, risk assessment, policies, controls, screening, training, testing, audit, remediation, and third-party oversightMap a weakness to the control that should prevent or detect it“Is this a policy gap, data gap, system gap, training gap, or governance gap?”
Ethics and professional judgmentIndependence, escalation discipline, documentation quality, conflicts, pressure to process, and risk-based decisionsChoose a cautious, well-supported response when facts are incomplete“Am I clearing because the evidence supports it, or because processing is urgent?”

Sanctions framework and vocabulary checks

Can you explain these core concepts?

  • The difference between sanctions, AML, counter-terrorist financing, anti-bribery/corruption, and export control objectives.
  • Why sanctions compliance is often jurisdiction-specific and may depend on location, currency, nationality, incorporation, branch, ownership, or transaction touchpoints.
  • The difference between a listed person/entity and a restricted activity.
  • The difference between direct sanctions exposure and broader reputational, correspondent, or secondary-risk exposure.
  • Why sanctions restrictions may apply to customers, beneficial owners, counterparties, vessels, goods, services, locations, securities, technology, and transactions.
  • Why a sanctions program cannot rely only on annual customer reviews.
  • Why “not on a list” is not the same as “not restricted.”
  • Why “humanitarian” or “charitable” purpose may still require controls, documentation, and authorization analysis.

Sanctions source documents to recognize

Source or artifactWhat it tells youReadiness prompt
Sanctions law, regulation, order, or measureThe legal basis and scope of restrictionsCan you identify who and what is restricted without overgeneralizing?
Sanctions list entryNames, aliases, identifiers, program tags, and other reference dataCan you compare the list entry to the customer or transaction facts?
Guidance, FAQ, advisory, or interpretive noteHow an authority explains application, risk, or compliance expectationsCan you use guidance without treating it as universal across regimes?
General authorization, exemption, or license-type documentConditions under which otherwise restricted activity may be allowedCan you identify the exact conditions that must be satisfied?
Specific permission or licenseApproval tied to defined facts, parties, timing, or activityCan you explain why it may not cover a different transaction?
Enforcement action or penalty noticeExamples of control failures, evasion, or governance weaknessesCan you extract the compliance lesson without memorizing only facts?
Internal policy or procedureInstitution-specific operating rulesCan you distinguish internal risk appetite from legal requirements?
Screening alert recordSystem-generated potential match or rule hitCan you document the disposition and evidence trail?

Sanctions regime and restriction types

Restriction typeWhat to knowScenario cue
List-based sanctionsA person, entity, vessel, aircraft, wallet, or other identifier appears on a sanctions listName match, alias match, ID match, vessel match, wallet match
Territorial or geographic sanctionsRestrictions relate to a country, region, territory, or locationAddress, port, origin, destination, IP, shipping route, place of incorporation
Sectoral sanctionsRestrictions target specific sectors, industries, financing, securities, services, or activity typesEnergy, defense, finance, technology, mining, capital markets, or restricted services fact pattern
Activity-based sanctionsThe prohibited conduct matters even if the party is not listedFacilitation, circumvention, export, import, investment, brokering, financing, or services
Trade and goods restrictionsGoods, technology, end use, end user, or shipment route may be restrictedInvoice, commodity description, dual-use concern, transshipment, vague cargo
Asset-freeze/blocking-style restrictionsDealing with property or interests in property may be restricted under applicable rulesExisting customer becomes listed; funds or securities are detected
Travel or immigration-related sanctionsRestrictions may affect entry, visas, or movementUsually less operational for transaction processing but important conceptually
Arms embargo or defense restrictionsMilitary goods, services, training, brokering, or defense-related support may be restrictedDefense goods, security services, military end user
Secondary or extraterritorial riskA party may face consequences for certain dealings even without a direct domestic nexusNon-domestic transaction involving high-risk sanctioned activity

Customer, counterparty, and ownership/control readiness

Parties and data points to evaluate

Party or data elementWhy it mattersCan you review it?
Customer or account holderPrimary onboarding and ongoing screening subjectCan you compare legal name, trade name, alias, address, IDs, and activity?
Beneficial ownerListed or sanctioned ownership may affect an otherwise non-listed entityCan you trace ownership through layers?
Controller or senior managerControl can create sanctions concern even without majority economicsCan you identify veto rights, board control, signatory authority, or management direction?
Authorized signer or power of attorneyA listed person may operate through another accountCan you identify who can move value?
CounterpartySanctions exposure may arise from the other side of the transactionCan you screen and assess counterparties, not just customers?
Intermediary bank or correspondentPayment path can create jurisdictional and sanctions touchpointsCan you analyze all banks in the payment chain?
Originator and beneficiaryPayment screening depends on both sides of the transferCan you identify incomplete or inconsistent payment fields?
Vessel, aircraft, or vehicleTransportation assets may be listed, renamed, reflagged, or indirectly controlledCan you validate unique identifiers where available?
Goods, technology, or servicesThe item or service may be restricted even if parties are not listedCan you identify end use, end user, and route concerns?
Geographic touchpointsLocation drives territorial, sectoral, and evasion riskCan you evaluate address, origin, destination, port, IP, branch, and routing facts?

Ownership and control calculation checks

The CGSS exam is not best approached as a pure calculation exam, but sanctions scenarios often require basic ownership logic. Be ready to calculate simple direct and indirect ownership, then apply the relevant regime, guidance, and internal escalation standard.

\[ \text{Indirect ownership through a chain} = \text{Ownership}_1 \times \text{Ownership}_2 \times \cdots \]

Checklist:

  • Identify direct ownership versus indirect ownership.
  • Trace ownership through each entity in the chain.
  • Recognize that aggregation rules may vary by regime or policy.
  • Recognize that control may exist through rights, influence, management, veto power, or contractual arrangements.
  • Avoid clearing an entity solely because a percentage appears low.
  • Escalate when ownership is opaque, recently changed, nominee-based, or inconsistent with the customer profile.
  • Document assumptions, data sources, and unresolved ownership gaps.

Ownership/control scenario prompts

Scenario cueWhat to ask
A listed person owns a parent company that owns a customerWhat is the indirect ownership percentage, and does control also exist?
Several sanctioned persons each own minority stakesDoes applicable guidance or internal policy require aggregation?
A non-listed relative manages the companyIs this a nominee, front, or legitimate independent manager?
Ownership changed shortly before onboardingWas the change designed to avoid sanctions restrictions?
A shareholder has veto rights over major decisionsCould control exist even without majority ownership?
Corporate records are unavailable or inconsistentIs enhanced due diligence or escalation required before processing?

Screening and alert-handling readiness

Screening data fields to know

Data fieldScreening relevanceCommon weakness
Legal namePrimary match fieldOverreliance on exact spelling
Alias, former name, trade nameCaptures known variationsMissing local-language or transliterated names
Date and place of birthHelps distinguish individualsTreating partial DOB conflicts as automatic clearance
Nationality or citizenshipSupports identification and risk contextAssuming nationality alone proves a match
Address and geographyIdentifies location and territorial riskIgnoring branch, port, or shipping address
Government ID, passport, tax IDStrong identifier when availableFailing to compare document numbers carefully
Entity registration numberDistinguishes companies with similar namesNot validating current corporate records
Beneficial ownership dataIdentifies hidden sanctions exposureNot screening owners and controllers
Payment reference textDetects restricted parties, vessels, goods, or locationsIgnoring free-text fields
Vessel name and IMO-style identifierHelps detect maritime sanctions riskScreening only vessel names, not unique identifiers
Crypto wallet or blockchain indicatorRelevant where virtual assets appearTreating virtual assets as outside sanctions controls
List source and timestampSupports audit trailNot preserving the basis for disposition

Alert workflow to be comfortable with

    flowchart TD
	  A[Sanctions alert or list update] --> B[Collect customer, counterparty, and transaction facts]
	  B --> C[Compare identifiers and context]
	  C --> D{Match resolved?}
	  D -->|False positive| E[Document rationale and close per procedure]
	  D -->|True or likely match| F[Hold or restrict activity per procedure]
	  D -->|Unresolved| G[Escalate and request more information]
	  F --> H[Assess ownership, control, activity, and jurisdiction]
	  G --> H
	  H --> I[Determine reporting, licensing, blocking/freezing, rejection, or other required action where applicable]
	  I --> J[Record evidence, approvals, and final disposition]

Can you handle screening questions?

  • Explain exact matching, fuzzy matching, phonetic matching, and transliteration at a practical level.
  • Distinguish a false positive from a potential match and a confirmed match.
  • Identify why a name-only match is rarely enough for final disposition.
  • Identify why missing identifiers may require escalation, not automatic clearance.
  • Explain the risk of both overly loose matching and overly restrictive tuning.
  • Describe batch screening, real-time transaction interdiction, and periodic rescreening.
  • Explain why list updates can create risk for existing customers, pending transactions, and previously cleared relationships.
  • Document a screening decision in a way that a reviewer, auditor, or regulator could follow.

Transaction, trade, maritime, and sectoral scenario checks

Scenario typeFacts to identifyDecision focus
Cross-border wire paymentOriginator, beneficiary, banks, currency, addresses, purpose, remittance textAre any parties, locations, banks, or references restricted?
Correspondent banking transactionRespondent bank, nested relationships, underlying customer, payment pathIs the institution exposed to indirect or nested sanctions risk?
Trade financeApplicant, beneficiary, goods, invoice, bill of lading, ports, carrier, insurer, end userAre goods, parties, route, or end use restricted or suspicious?
Maritime shipmentVessel name, unique vessel identifier, flag, owner, operator, route, AIS behavior, ship-to-ship transfersIs the vessel or route linked to sanctions evasion?
Securities or capital markets activityIssuer, instrument type, maturity or terms where relevant, sector, exchange, beneficial ownerIs the instrument, issuer, or sector subject to restrictions?
Insurance or reinsuranceInsured, beneficiary, vessel, cargo, route, claim, covered activityIs the institution supporting restricted activity?
Real estate or high-value asset purchaseBuyer, seller, beneficial owner, source of funds, nominee, property locationIs value being stored or moved for a sanctioned person?
Virtual asset transactionWallet, exchange, mixer, blockchain exposure, customer profile, geographyIs there exposure to a listed wallet, sanctioned service, or evasion pattern?
Charitable or humanitarian activityBeneficiary, implementing partner, location, goods/services, authorization basisDo the conditions for permissible activity actually apply?
Professional servicesClient, service type, jurisdiction, beneficiaries, project purposeIs the service itself restricted or facilitative?

Investigation and disposition checklist

A sanctions investigation should answer: Who is involved, what is happening, where is it connected, which rules may apply, what evidence supports the decision, and who approved the outcome?

Case file contents to recognize

  • Alert source, date, system, rule, and list reference where available.
  • Customer or transaction snapshot at the time of review.
  • Names and identifiers compared.
  • Ownership and control analysis.
  • Geographic and jurisdictional touchpoints.
  • Product, service, goods, vessel, or sector analysis.
  • External and internal data sources used.
  • Missing facts and how they were resolved or escalated.
  • Rationale for false positive, potential match, true match, or unresolved disposition.
  • Legal, sanctions advisory, or senior compliance escalation where needed.
  • Hold, release, reject, freeze/block, exit, license-review, or other action where applicable.
  • Reporting or notification decision where applicable.
  • Reviewer approval and audit trail.
  • Remediation, tuning, training, or policy update if the case revealed a control weakness.

Disposition traps

TrapWhy it is weakBetter approach
“Name is similar but not exact, so clear”Sanctions lists often contain aliases, transliterations, and incomplete dataCompare all identifiers and context
“No list hit, so no sanctions issue”Activity, sector, geography, or ownership may still be restrictedAnalyze the full fact pattern
“Customer said it is humanitarian, so process”Humanitarian activity may be conditional and documentation-dependentVerify authorization basis and conditions
“The payment already processed, so no issue”Post-transaction detection may still require investigation and escalationDocument timing, cause, and remediation
“Ownership is below a threshold, so no concern”Control, aggregation, or regime-specific rules may still matterAnalyze ownership and control together
“A prior alert was cleared, so all future alerts are cleared”Facts, lists, ownership, and activity can changeReassess based on current data

Evasion and circumvention readiness

Red flags to recognize

Red flag patternWhy it mattersScenario cue
Use of shell or front companiesMay obscure sanctioned ownership or controlNewly formed company with vague business purpose
Nominee directors or shareholdersMay hide the true beneficiaryDirectors with no clear commercial role
Recent ownership transferMay be designed to avoid restrictionsTransfer shortly before sanctions, onboarding, or shipment
Payment stripping or altered informationConceals sanctioned party, location, or purposeMissing originator details or changed remittance text
Unusual intermediariesMay route around controlsThird-country broker with no economic rationale
Transshipment through nearby jurisdictionsMay conceal origin or destinationGoods route through a neighboring or free-trade hub
Inconsistent trade documentsMay indicate false end user, cargo, or routeInvoice, bill of lading, and packing list do not align
Maritime deceptionMay hide vessel identity or routeName changes, flag changes, AIS gaps, ship-to-ship transfers
Use of family members or associatesMay enable indirect access to funds or servicesRelative controls account activity for a restricted person
Virtual asset obfuscationMay conceal value movementMixer, chain-hopping, high-risk exchange, or listed wallet exposure
Sudden business model shiftMay indicate sanctions avoidanceCustomer begins trading restricted-sector goods unexpectedly
Pressure for urgency or secrecyMay discourage proper review“Process today; details will follow later”

Can you apply red flags?

  • Explain why a red flag is not proof, but does require inquiry.
  • Combine multiple weak indicators into a stronger risk narrative.
  • Identify when a pattern suggests sanctions evasion rather than ordinary operational complexity.
  • Decide what information to request before processing.
  • Escalate when a customer refuses to provide basic ownership, shipment, or counterparty information.
  • Link evasion findings to control improvements, not just case closure.

Sanctions compliance program checklist

Program componentReady when you can explain…Evidence or artifact
Governance and accountabilityWho owns sanctions risk and how decisions are escalatedBoard or committee reporting, roles and responsibilities
Sanctions risk assessmentHow products, customers, geography, transactions, channels, and third parties create riskRisk methodology, inherent risk, controls, residual risk
Policies and proceduresHow staff identify, escalate, document, and resolve sanctions issuesWritten standards, workflows, approval matrices
Customer due diligenceHow onboarding and ongoing review capture sanctions-relevant factsKYC files, beneficial ownership records, risk ratings
Screening controlsWho and what is screened, when, against which sources, and with what logicScreening configuration, list management, test results
Transaction monitoring/interdictionHow payments, trade, and activity are reviewed before or after processingAlert queues, interdiction rules, payment holds
Investigation proceduresHow alerts are triaged, documented, escalated, and dispositionedCase notes, evidence attachments, reviewer signoff
Licensing and authorization reviewHow exceptions, exemptions, and permissions are validatedLegal analysis, authorization conditions, approval records
Reporting and recordkeepingHow reportable matters are identified and preservedInternal logs, regulator-facing records where applicable
Training and awarenessHow staff learn relevant risks for their rolesTraining materials, attendance, scenario exercises
Independent testing and auditHow control design and operating effectiveness are assessedTesting plans, findings, remediation tracking
Data quality managementHow names, addresses, ownership, and transaction fields remain usableData standards, exception reports, remediation actions
Third-party oversightHow vendors, agents, brokers, correspondents, and processors are controlledDue diligence files, contracts, monitoring
Issue managementHow failures are corrected and prevented from recurringRoot-cause analysis, action plans, validation evidence
Management informationHow leaders see sanctions risk and control performanceMetrics, KRIs, trend reports, escalations

Scenario decision-point matrix

If the scenario says…First question to askAvoid this mistakeLikely readiness action
Customer name resembles a listed personWhich identifiers match and which do not?Clearing on spelling difference aloneCompare DOB, address, IDs, nationality, aliases, and context
Beneficial owner is linked to a listed partyIs there direct or indirect ownership or control?Screening only the legal entityTrace ownership and escalate unclear control facts
Payment references a sanctioned locationIs the location origin, destination, beneficiary address, port, or narrative text?Ignoring free-text payment fieldsHold or escalate until location role is understood
Trade route includes a high-risk transshipment pointIs there a legitimate commercial reason?Treating route complexity as normal without evidenceReview documents, counterparties, vessel, cargo, and end user
Customer claims activity is authorizedWhich authorization applies and what conditions must be met?Treating authorization as blanket approvalVerify facts, conditions, scope, and documentation
Existing customer appears on a new list updateWhat accounts, assets, pending transactions, and related parties are affected?Focusing only on new onboardingReview exposure, restrict activity if required, escalate
A securities transaction involves a restricted sectorIs the issuer, instrument, maturity/terms, or service restricted under applicable rules?Looking only for name-list hitsAnalyze sectoral and activity restrictions
A vessel was recently renamedIs the unique vessel identifier, owner, operator, or route linked to sanctions risk?Screening only the new nameReview vessel history and identifiers
A customer refuses ownership informationIs there a legitimate reason, or is this concealment?Processing because no match existsEscalate due diligence gap
Internal staff are pressured to process urgentlyAre sanctions checks complete?Letting business urgency override controlsFollow hold/escalation procedure and document pressure if relevant

Common weak areas and exam traps

Weak areaWhat candidates often missHow to fix it
Treating sanctions as only list screeningSanctions can also be activity-, sector-, territory-, and ownership-basedClassify every scenario by party, place, ownership, sector, and activity
Ignoring indirect exposureCounterparties, intermediaries, vessels, and owners may create riskMap all relevant parties and touchpoints
Overgeneralizing one regime’s ruleSanctions terms and consequences varyUse “under the applicable regime” thinking
Weak ownership analysisCandidates stop at the immediate shareholderTrace through layers and consider control
Poor documentation mindsetCorrect conclusion may still be unsupportedPractice writing concise case rationales
Confusing AML and sanctions red flagsSome overlap exists, but sanctions risk turns on restricted parties, places, goods, sectors, and activityState the sanctions-specific concern
Assuming humanitarian activity is automatically allowedConditions, parties, goods, and location still matterVerify the authorization basis
Missing maritime identifiersVessel names can changeLook for unique identifiers, owners, operators, flags, and route behavior
Ignoring data qualityBad screening data causes missed hits and excessive false positivesReview data completeness and normalization
Clearing unresolved alertsLack of evidence is not evidence of no riskEscalate or obtain more facts
Not connecting case failures to controlsExams may test program remediation logicIdentify whether the root cause is data, policy, system, staffing, or governance
Forgetting ongoing monitoringSanctions risk changes after onboardingInclude rescreening, list updates, and customer activity changes

Final-week CGSS review checklist

Use this as a closing readiness test before moving into timed practice.

Sanctions concepts

  • I can explain major sanctions objectives without confusing them with general AML objectives.
  • I can distinguish list-based, territorial, sectoral, trade, activity, and ownership/control restrictions.
  • I can explain why multiple regimes may be relevant to one transaction.
  • I can identify when legal or senior sanctions escalation is needed.

Screening and investigations

  • I can disposition a name-screening alert using identifiers and context.
  • I can explain false positive, potential match, confirmed match, and unresolved alert logic.
  • I can document an alert investigation clearly.
  • I can identify when list updates affect existing customers or pending transactions.
  • I can explain why tuning, data quality, and list management matter.

Ownership and customer due diligence

  • I can trace direct and indirect ownership through a simple structure.
  • I can explain why control can matter even when ownership is not obvious.
  • I can identify missing beneficial ownership or controller information.
  • I can recognize nominee, shell-company, and recent-transfer concerns.

Transaction, trade, and sectoral scenarios

  • I can identify all parties in a payment chain.
  • I can review trade documents for goods, route, vessel, port, end user, and insurer risk.
  • I can identify maritime sanctions red flags.
  • I can spot when a sector or activity restriction may matter even without a list hit.
  • I can evaluate humanitarian or licensed activity cautiously.

Compliance program

  • I can describe the components of a sanctions compliance program.
  • I can map a failure to a root cause and remediation step.
  • I can explain the role of governance, training, testing, audit, and management reporting.
  • I can distinguish policy requirements, system controls, analyst judgment, and legal escalation.
  • I can identify evidence an auditor or regulator would expect to see in a sanctions file.

Last readiness self-test

For any CGSS-style sanctions scenario, you should be able to answer these questions without guessing:

  1. Who are the parties, owners, controllers, intermediaries, and beneficiaries?
  2. Where are the geographic touchpoints?
  3. What product, service, good, vessel, security, or activity is involved?
  4. Which restriction type may apply: list, ownership/control, territory, sector, trade, activity, or authorization condition?
  5. What facts are missing before a decision can be made?
  6. What should happen next: clear, request information, hold, escalate, restrict, report, seek authorization review, or remediate?
  7. What documentation would support the decision?

Practical next step

Pick your two weakest rows from the topic-area readiness table. For each one, write three short scenarios and force yourself to identify the parties, restriction type, missing facts, escalation path, and documentation. Then move into mixed CGSS practice questions so you can test judgment under exam-style timing.