CGSS — ACAMS Certified Global Sanctions Specialist Quick Reference

Compact sanctions screening, risk, evasion, and controls reference for ACAMS CGSS exam preparation.

Quick Reference scope

Use this page as a compact review aid for the ACAMS Certified Global Sanctions Specialist (CGSS) exam, exam code CGSS. It is independent exam-prep support, not legal advice and not affiliated with ACAMS.

The CGSS exam rewards applied judgment: identifying sanctions risk, choosing controls, interpreting alert facts, recognizing evasion, and understanding how global sanctions regimes differ.

Sanctions mental model

Sanctions compliance is not only list screening. A strong answer usually considers:

  1. Who is involved: customer, beneficial owner, director, vessel owner, counterparty, intermediary bank, agent.
  2. What is involved: funds, goods, services, technology, securities, insurance, shipping, digital assets.
  3. Where the activity touches: jurisdiction of parties, origin/destination, transit points, booking location, currency, clearing route.
  4. Why the activity is occurring: legitimate purpose, humanitarian need, wind-down, license, evasion pattern.
  5. How the institution controls it: screening, due diligence, escalation, blocking/freezing/rejecting, reporting, testing.

Core sanctions terms and traps

TermPractical meaningExam trap
SanctionsLegal or regulatory restrictions targeting countries, governments, entities, individuals, sectors, activities, or goodsDo not treat sanctions as identical to AML; overlap exists, but sanctions often require immediate interdiction
EmbargoBroad restriction on trade or activity with a country, region, or sector“Comprehensive” restrictions are broader than list-based sanctions
Asset freeze / blockingRestriction preventing access, movement, transfer, or use of targeted property or interestsA blocked asset is not simply returned to the sender unless law permits
RejectRefusing or declining a transaction without taking control of the property“Reject” and “block/freeze” are not interchangeable
Designated personIndividual or entity named on a sanctions listRisk can extend to owned or controlled entities not explicitly listed
OwnershipA sanctions target’s direct or indirect equity interest in an entityThresholds and aggregation rules differ by jurisdiction
ControlAbility to direct actions, management, policy, assets, or decisionsControl can create risk even where ownership is below a numeric threshold
Primary sanctionsRestrictions applying to persons subject to the issuing jurisdictionDo not assume only local residents are affected; jurisdiction can arise through currency, clearing, branches, or nexus
Secondary sanctionsMeasures that can target non-jurisdictional persons for certain dealings with sanctioned parties or sectorsSecondary sanctions risk is often strategic and reputational, not just a screening question
Sectoral sanctionsRestrictions on certain activities, debt/equity, services, or industries rather than full blockingA party may be listed but not fully blocked under every program
General licensePre-authorized permission for a category of activity if conditions are metConditions, parties, time period, and reporting matter
Specific licenseCase-specific authorization from a competent authorityApplication pending is usually not authorization
ExemptionActivity carved out by law or regulationExemption scope may be narrow and jurisdiction-specific
Wind-downLimited permission to exit existing activityWind-down is not permission to expand business
FacilitationAssisting or approving prohibited activity by othersA non-sanctioned affiliate may still create facilitation risk
Circumvention / evasionStructuring activity to avoid sanctions restrictions or detectionEvasion red flags can exist even when no list hit appears
False positiveAlerted party is not the sanctions targetMust be documented; repeated false positives may suggest tuning/data issues
True matchAlerted party is the sanctions target or prohibited partyRequires escalation and jurisdiction-specific disposition
Possible matchInsufficient information to clear or confirmDo not process as normal until resolved under policy

Major sanctions authorities and roles

Authority / actorTypical role in sanctions ecosystemCandidate focus
United Nations Security CouncilIssues UN sanctions measures implemented by member statesUN lists often create global baseline obligations through domestic implementation
United States OFACAdministers and enforces many U.S. economic sanctions programsUnderstand blocking, list-based programs, general/specific licenses, ownership concepts, and U.S. nexus
European UnionAdopts EU restrictive measures implemented across member statesEU sanctions often include asset freezes, sectoral measures, trade restrictions, and ownership/control analysis
United Kingdom OFSI / UK authoritiesImplements and enforces UK financial sanctionsRecognize UK asset freeze, reporting, licensing, and ownership/control considerations
National competent authoritiesIssue guidance, licenses, penalties, and local implementation rulesAlways identify which jurisdiction’s law applies
Financial regulatorsExpect risk-based sanctions compliance programsWeak controls can create supervisory issues even without a completed prohibited transaction
Law enforcement / intelligence agenciesInvestigate evasion, proliferation, corruption, terrorism, cyber activityTypologies and red flags often come from enforcement patterns
Export control authoritiesRestrict controlled goods, software, technology, and end usesExport controls and sanctions overlap but are not the same
Institution board/senior managementOwn risk appetite and resourcingGovernance failures are common enforcement themes
Compliance / sanctions teamDesigns screening, escalation, reporting, testing, and trainingExam scenarios often test escalation and documentation discipline

Sanctions types: what is restricted?

Sanctions typeTypical targetWhat to check
List-based financial sanctionsNamed individuals, entities, vessels, aircraftCustomer/counterparty screening, ownership/control, payment messages, aliases
Country or territory restrictionsJurisdictions, regions, governmentsOrigin, destination, residence, citizenship, branch location, shipment route
Sectoral sanctionsEnergy, defense, finance, mining, technology, maritime, other sectorsActivity type, maturity/tenor restrictions, services provided, financing structure
Trade sanctionsImports, exports, reexports, brokering, goodsProduct classification, end user, end use, shipping documents, transshipment
Arms embargoWeapons, defense articles, military servicesDual-use goods, military end users, brokers, logistics
Proliferation sanctionsWMD, nuclear, missile, dual-use procurement networksFront companies, technical goods, unusual shipping, scientific institutes
Human rights / corruption sanctionsIndividuals or entities linked to abuse or corruptionPEP exposure, state-owned entities, intermediaries
Cyber sanctionsHackers, ransomware actors, crypto wallets, infrastructureDigital asset addresses, ransomware payments, incident response
Maritime sanctionsVessels, owners, operators, cargo, portsIMO number, AIS gaps, ship-to-ship transfers, flag changes
Capital markets restrictionsSecurities, debt, equity, investment servicesIssuer, maturity, derivative exposure, custodians, investment funds
Services restrictionsProfessional, technical, accounting, trust, IT, insurance, maritime servicesService scope, location of benefit, end recipient
Travel bansIndividualsLess central for many financial institutions but relevant to comprehensive sanctions understanding

Sanctions vs AML/CFT

DimensionSanctionsAML/CFT
Primary questionIs this party, activity, jurisdiction, or property prohibited or restricted?Is the activity suspicious or linked to illicit proceeds or financing?
TimingOften real-time interdiction before processingOften monitoring before and after transactions
ActionBlock/freeze, reject, decline, report, license, escalateInvestigate, file suspicious activity report where required, exit or monitor
Risk toleranceFrequently zero tolerance for prohibited activityRisk-based; suspicious does not always mean prohibited
Data needNames, aliases, IDs, ownership, control, geography, vessel/goods dataBehavior, source of funds, expected activity, typologies
Common overlapTerrorism, proliferation, corruption, narcotics, cyber, evasionSanctions evasion may also be money laundering

Risk assessment reference

Inherent sanctions risk factors

Risk categoryHigher-risk indicatorsLower-risk indicators
CustomerPEPs, state-owned entities, import/export firms, money services, crypto firms, defense/energy entities, charities in conflict zonesLocal retail customers with simple profiles and verified identity
GeographySanctioned or high-conflict regions, transshipment hubs, border areas, offshore secrecy jurisdictionsDomestic-only activity in lower-risk jurisdictions
ProductsCorrespondent banking, trade finance, private banking, securities, custody, crypto, insurance, maritime financeLow-value, domestic, non-cross-border products
ChannelsNon-face-to-face onboarding, third-party introducers, nested relationships, complex agentsDirect customer relationship with verified documentation
TransactionsCross-border wires, vague remittance data, unusual currencies, rapid movement, no economic rationaleRecurring, transparent payments consistent with profile
OwnershipComplex layers, bearer shares, trusts, nominee directors, recent ownership changesTransparent ownership with verifiable control structure
Screening dataPoor names, missing DOB/ID, non-Latin scripts, unstructured payment messagesStandardized identifiers, complete customer records
Prior issuesPrevious sanctions alerts, adverse media, regulatory findings, control failuresStable history, cleared alerts with strong documentation

Residual risk and controls

ControlReduces which risk?Evidence exam answers should mention
Customer due diligenceHidden sanctioned ownership/control, false identityBeneficial ownership, management, source of funds, business purpose
Real-time screeningProhibited transactions before executionPayment interdiction, sanctions list updates, alert audit trail
Batch screeningExisting customer/list changesPeriodic rescreening, event-triggered rescreening
Trade document reviewGoods, end-use, vessel, port, route evasionInvoices, bills of lading, HS/product description, shipping route
Geolocation controlsCountry/territory exposureIP, address, phone, port, origin/destination, branch data
Technology tuningFalse positives/false negativesThreshold testing, model governance, sample validation
Independent testingProgram effectivenessAudit findings, remediation tracking
Escalation governanceInconsistent decisioningClear levels, legal review, sanctions officer approval
TrainingHuman error and missed red flagsRole-based sanctions training
Reporting processRegulatory breach handlingTimely internal escalation, competent authority reporting where required

Sanctions compliance program components

ComponentWhat good looks likeWeak answer to avoid
GovernanceBoard/senior management oversight, defined risk appetite, accountable sanctions officer“Compliance owns everything”
Policies and proceduresWritten, current, jurisdiction-aware, product-specificGeneric AML policy with one sanctions paragraph
Risk assessmentEnterprise-wide, refreshed for products, customers, geographies, transactions, third partiesOne-time checklist with no action plan
Screening programCustomer, transaction, trade, vessel, securities, and third-party screening as applicableOnly screening new customers at onboarding
Data managementComplete, standardized, quality-controlled dataOverreliance on incomplete names
Alert managementRisk-ranked queues, documented disposition, escalation, QAClosing alerts without rationale
Licensing processTracks scope, conditions, expiration, approvals, reportingTreating a license as blanket approval
Block/reject processClear decision rules, segregation, asset controls, reportingReturning funds automatically
TrainingTailored to front office, operations, trade, compliance, senior managementSame annual slide deck for all roles
Independent testingTests design and operating effectivenessOnly checking that a policy exists
Change managementResponds to new programs, list updates, system changes, acquisitionsNo process for rapid sanctions changes
Third-party oversightVendor screening, data providers, correspondent banks, agentsOutsourcing without accountability

Screening universe: who and what to screen

AreaScreen these data pointsCommon miss
Customer onboardingLegal name, aliases, trade names, DOB, ID, nationality, address, registration numberScreening only the applicant, not beneficial owners/controllers
Beneficial ownershipDirect and indirect owners, intermediate entities, trustees, settlors, protectors, beneficiaries where relevantIgnoring aggregate ownership by multiple sanctioned parties
Management/controlDirectors, senior managers, authorized signers, powers of attorneyFocusing only on shareholders
Existing customersCustomer file, periodic changes, trigger events, list updatesNo rescreening after new sanctions designation
PaymentsOriginator, beneficiary, banks, intermediaries, remittance text, addresses, countriesScreening only names in structured fields
Trade financeBuyer, seller, banks, carriers, vessels, ports, goods, insurers, freight forwardersIgnoring documents because no customer name matches
SecuritiesIssuer, counterparty, custodian, broker, underlying exposure, fund holdingsMissing sanctioned issuer exposure through funds or derivatives
MaritimeVessel name, IMO number, MMSI, flag, owner, operator, manager, charterer, cargo, portsRelying on vessel name only; names change
Digital assetsCustomer, wallet address, exchange, blockchain exposure, ransomware indicatorsTreating crypto as outside sanctions screening
Vendors/third partiesAgents, suppliers, consultants, distributors, introducersNot screening non-customer relationships
EmployeesNew hires, contractors, payroll beneficiaries where relevantOverlooking employment or payroll restrictions

Name screening logic

IssueWhy it mattersPractical control
Exact matchFast, high-confidence for unique identifiersUse legal name plus identifiers
Fuzzy matchCaptures misspellings, transliteration, reordered namesCalibrate thresholds by risk and language
TransliterationArabic, Cyrillic, Chinese, Persian, Korean, and other scripts vary widelyUse aliases, phonetics, native script where available
Common namesHigh false positivesRequire DOB, passport, address, nationality, ID, relationship context
Aliases / AKAsSanctions targets often use multiple namesInclude known aliases and weak aliases with appropriate weighting
AbbreviationsCorporate names may use initials or local suffixesNormalize legal entity suffixes and punctuation
Data qualityMissing DOB, registration number, or address increases uncertaintyRemediate source data, do not just lower thresholds
Threshold tuningToo low creates noise; too high misses riskValidate using samples, known test cases, and QA
Suppression rulesCan reduce repeat false positivesMust be controlled, justified, reviewed, and not suppress real changes
List updatesNew designations require prompt rescreeningMaintain list update controls and audit logs

Alert disposition decision path

    flowchart TD
	    A[Alert generated] --> B{Sufficient data to compare?}
	    B -- No --> C[Request data / hold or pause activity per policy]
	    B -- Yes --> D{Identity match?}
	    D -- No --> E[False positive: document rationale]
	    D -- Yes --> F{Party or activity prohibited/restricted?}
	    F -- No --> G[No prohibition found: document legal/program basis]
	    F -- Yes --> H{License, exemption, or authorization applies?}
	    H -- Yes --> I[Verify scope, conditions, parties, dates, reporting]
	    H -- No --> J{Required disposition}
	    J --> K[Block/freeze]
	    J --> L[Reject/decline]
	    J --> M[Escalate/report to authority where required]

Alert handling checklist

StepKey questionEvidence to capture
IdentifyWho or what triggered the alert?Name, list, program, field, transaction, timestamp
CompareDoes the customer/counterparty match the listed party?DOB, ID, address, nationality, registration, ownership, vessel IMO
ContextualizeIs there jurisdictional nexus or restricted activity?Currency, clearing route, branch, location, service type
Ownership/controlIs an unlisted entity owned or controlled by sanctioned persons?Ownership chart, control rights, directors, voting, contracts
License/exemptionIs activity permitted under defined conditions?License text, legal review, conditions, approvals
DecideBlock/freeze, reject, decline, clear, or escalate?Decision maker, rationale, policy reference
ReportIs regulator or authority notification required?Internal escalation record and reporting evidence
RemediateDoes the alert reveal a control weakness?Data fix, tuning, training, relationship review

Ownership and control: high-yield distinctions

ConceptExam-ready interpretation
Direct ownershipSanctioned party directly owns shares or equity in an entity
Indirect ownershipOwnership passes through one or more intermediate entities
Aggregate ownershipMultiple sanctioned parties’ ownership interests may need to be combined under some regimes
Control without ownershipSanctioned party can direct decisions, appoint management, control assets, or influence policy
Listed parentSubsidiaries may be restricted depending on ownership/control rules
Listed subsidiaryParent is not automatically sanctioned solely because a subsidiary is listed, but relationship risk is high
Minority stakeMay still matter if control rights exist or sectoral restrictions apply
Nominees/frontsFormal ownership may hide actual sanctioned control
Jurisdiction differenceOFAC commonly uses a 50 percent or greater aggregate ownership concept for blocked persons; EU and UK analysis can place significant weight on ownership and control facts
Best exam answerDo not rely only on list name. Analyze direct/indirect ownership, aggregate interests, control, and applicable jurisdiction

Blocking, freezing, rejecting, and exiting

ActionGeneral meaningWhen it may appear in scenarios
Block / freezeRestrict access to property or funds and prevent movementTrue match to blocked person; asset freeze obligation
Reject / declineRefuse to process without taking control of propertyTransaction prohibited but no blocking obligation under applicable rule
ReturnSend funds backNot always allowed; do not assume without legal basis
Exit relationshipTerminate customer relationshipMay be necessary for risk management, but consider blocked property and reporting obligations
Hold / suspendPause while investigatingAppropriate for possible match or missing data
License requestSeek authorization from competent authorityPotentially lawful activity but no existing authorization
Continue with conditionsProceed only if license/exemption fully appliesMust verify conditions and document rationale

Licensing and authorization

ItemWhat to verifyCommon trap
PartiesAll parties are within authorization scopeLicense covers one entity but not affiliates or owners
ActivityExact activity is permittedA humanitarian license does not permit unrelated commercial activity
Goods/servicesItems match scopeDual-use or restricted technology may need separate review
GeographyCovered jurisdictions and transit pointsShipment transits restricted territory not considered
TimeEffective period or wind-down windowExpired authorization relied upon
ConditionsReporting, payment route, recordkeeping, value limits if applicableIgnoring conditions turns permitted activity into a breach
CounterpartiesBanks, carriers, insurers, brokers also allowedPayment cannot be completed because intermediary is restricted
DocumentationApproval retained and linked to transaction“Legal said OK” without record

Payments and correspondent banking

Payment elementSanctions relevance
OriginatorCustomer or third party may be sanctioned or linked to sanctioned ownership
BeneficiaryUltimate recipient may be target, front company, or controlled entity
Originating bankBank may be located in high-risk jurisdiction or subject to restrictions
Intermediary bankCreates jurisdictional nexus and screening exposure
Beneficiary bankCould be listed, sectorally restricted, or located in embargoed territory
Remittance informationFree text may reveal sanctioned goods, vessels, locations, or purpose
Address dataCity/country clues can identify restricted geography
CurrencyCertain currencies create clearing nexus through specific jurisdictions
Nested activityRespondent bank may process for hidden downstream banks or clients
Payable-through accountsThird-party access increases transparency and sanctions risk

Payment red flags

Red flagWhy it matters
Vague payment purpose such as “consulting,” “services,” or “goods”May hide restricted activity
Sudden change in route, bank, or counterpartyPossible attempt to avoid screening
Use of shell entities with no clear businessMay conceal sanctioned ownership
Payments just below review thresholdsPossible structuring
Instructions to omit names, countries, vessels, or goodsDirect evasion indicator
High-risk jurisdiction address with unrelated customer profileGeographic inconsistency
Multiple intermediaries without business rationaleObscures counterparties and funds flow
Repeated false-positive-like names with incomplete dataMay indicate intentional ambiguity

Trade finance and export-control overlap

TopicSanctions angleExam focus
GoodsGoods may be banned, restricted, dual-use, luxury, energy-related, military, or technology-sensitiveDo not stop at party screening
End userFinal recipient may differ from buyerIdentify ultimate consignee and beneficial user
End useCivilian goods can support restricted military, nuclear, cyber, or surveillance programsAsk whether use is consistent with customer profile
RouteTransshipment can conceal sanctioned destinationReview ports, carriers, freight forwarders, and route changes
DocumentsInvoices, bills of lading, packing lists, certificates may conflictInconsistencies are red flags
FinancingLetters of credit, guarantees, collections, insurance may be restricted servicesScreen all parties and activity
PricingOver/under-invoicing can mask value transferLinks sanctions evasion and trade-based money laundering
Brokers/agentsIntermediaries may be fronts for sanctioned buyersIdentify role and compensation
Product classificationExport controls may apply even without sanctions designationEscalate to trade/export specialists where needed

Trade document red flags

Red flagWhat it suggests
Goods description vague or inconsistent across documentsConcealment of restricted goods
Customer lacks experience in product categoryPossible procurement front
Unusual routing through known transshipment hubsDestination concealment
Last-minute change of vessel, port, consignee, or bankSanctions avoidance
End-use certificate generic or unverifiableWeak assurance
Freight forwarder refuses to provide routing detailsTransparency issue
Shipment inconsistent with destination economyDiversion risk
Dual-use goods shipped to research, military, aerospace, or energy-linked entityProliferation or sectoral risk

Maritime sanctions reference

IndicatorRisk signalControl response
AIS disabled or gaps near high-risk waters“Dark activity” to hide locationReview voyage history and satellite/maritime intelligence where available
Ship-to-ship transferCargo origin/destination may be concealedCheck locations, counterpart vessels, cargo documents
Frequent flag changesAttempt to avoid scrutinyReview flag history and registry credibility
Vessel name changesHiding prior designation or adverse mediaUse IMO number, not name alone
Complex ownershipSanctioned owner/operator may be hiddenScreen owner, operator, manager, charterer
Port calls near restricted jurisdictionsPossible sanctions exposureCompare stated route to AIS/port data
Inconsistent cargo documentsConcealment or diversionEscalate trade investigation
Aged vessel with opaque insuranceHigher evasion riskReview insurer, P&I club, classification society
Unusual charter structureControl may sit with sanctioned partyReview charterer and beneficial ownership
Commodity mismatchOil, coal, arms, dual-use, or luxury goods risksApply product-specific restrictions

Securities, investment, and capital markets

ScenarioSanctions issue
Listed issuer is sanctionedTrading, custody, dividends, corporate actions may be restricted
Issuer is owned by sanctioned partyUnlisted entity restrictions may apply
Sectoral debt/equity restrictionSecurity may be restricted even if issuer is not fully blocked
Fund holds sanctioned securitiesInvestor exposure may require divestment, blocking, or restrictions depending on law
Derivative references sanctioned issuerEconomic exposure may be restricted
Corporate actionRights issue, dividend, coupon, conversion, redemption can involve prohibited dealing
Custody accountHolding assets may be permitted or frozen depending on regime; movement may be restricted
Investment adviserAdvice or facilitation may be restricted even if adviser does not hold assets

Digital assets and sanctions

TopicSanctions relevance
Wallet screeningSanctions lists may identify digital currency addresses
Exchange exposureDirect or indirect exposure to sanctioned exchange, mixer, ransomware wallet, or darknet market
Chain hoppingMovement across assets or chains can obscure origin
Mixers/tumblersMay indicate obfuscation and sanctions evasion
RansomwarePayment may involve sanctioned actors or wallets
DeFi protocolsCounterparty identification can be difficult; smart contracts do not remove sanctions risk
Travel rule dataWhere available, supports originator/beneficiary transparency
GeolocationIP, device, and residency data may show restricted jurisdiction nexus

Evasion typologies

TypologyRed flagsControls
Shell/front companyNo website, nominee directors, shared address, recent incorporationEnhanced due diligence, ownership verification
TransshipmentGoods routed through unrelated third countryRoute review, end-use checks, document consistency
Name manipulationMisspellings, initials, reordered namesFuzzy screening, alias matching, manual review
Ownership restructuringSanctioned owner transfers shares to relatives/associatesHistorical ownership review, adverse media
Use of family/associatesPayments to close associates of designated personRelationship mapping
Vessel deceptionAIS gaps, name/flag changes, ship-to-ship transfersMaritime screening and voyage analytics
Document falsificationConflicting invoices, altered bills of ladingDocument authentication and escalation
Nested bankingHidden downstream respondent activityCorrespondent due diligence and payment transparency
Use of cash/cryptoHarder traceabilityWallet analytics, source-of-funds review
Humanitarian coverClaimed aid with high-value unrelated goodsVerify license/exemption and goods scope
Professional enablersLawyers, agents, accountants, trust providers obscure controlThird-party due diligence
Dual-use procurementSmall orders, technical goods, academic/research frontsEnd-use/end-user review

Proliferation financing focus

IndicatorWhy high-yield
Dual-use goodsOrdinary commercial items can support military or WMD programs
Small procurement ordersNetworks may buy components in low quantities to avoid attention
Academic or research frontTechnical end users may support restricted programs
Freight forwarders in transshipment hubsConceals destination and end user
Payment from unrelated third partyMasks true buyer
Inconsistent technical specificationsBuyer may not understand goods or may hide application
Links to sanctioned vessels, ports, or state entitiesElevates sanctions and proliferation risk
Refusal to provide end-use detailsStrong escalation trigger

Humanitarian activity: permitted does not mean uncontrolled

QuestionWhy it matters
Is there a general license, exemption, or specific authorization?Humanitarian intent alone is not enough
Are all parties covered?NGOs, banks, suppliers, carriers, and local partners must be checked
Are goods/services within scope?Food and medicine may differ from equipment, vehicles, or technology
Is there diversion risk?Sanctioned government, militia, or intermediary may capture goods
Are payments routed through restricted banks?Payment chain can create separate sanctions issue
Are records sufficient?Institutions need evidence of basis for processing

Investigation file essentials

File elementPurpose
Alert detailsShows what triggered review and when
Party identifiersSupports match or false-positive rationale
Screening list/programIdentifies applicable sanctions regime
Ownership/control analysisDocuments indirect risk review
Transaction/activity descriptionShows scope of potential restriction
Jurisdictional nexusExplains why a regime applies
License/exemption analysisSupports permitted activity conclusion
Decision and approverCreates accountability
Reporting recordShows required internal/external action
QA/remediation notesCaptures control improvement

Common CGSS scenario traps

Scenario wordingLikely trapBetter approach
“No exact list match”Evasion, alias, ownership, or control may still existReview identifiers, aliases, UBOs, and activity
“Customer is not in sanctioned country”Counterparty, goods, vessel, payment route, or beneficial owner may create exposureAnalyze the full transaction chain
“General license exists”Conditions may not be metVerify parties, activity, dates, goods, reporting
“Funds should be returned”Block/freeze may be requiredDetermine required disposition under applicable regime
“False positives are high”Lowering thresholds may increase false negativesTune with testing, not convenience
“Trade is humanitarian”Diversion or payment chain may be prohibitedConfirm scope and counterparties
“Entity is not listed”Owned/controlled entity may be restrictedPerform ownership/control analysis
“Foreign branch processed it”Parent, currency, clearing, or jurisdictional nexus may matterMap applicable legal nexus
“Screening vendor handles sanctions”Accountability remains with institutionRequire oversight, testing, and governance
“Customer has long relationship history”New sanctions or ownership changes can alter riskRescreen and refresh due diligence

Scenario decision matrix

If the facts show…Most defensible exam action
Exact match to blocked person and no authorizationEscalate, stop activity, block/freeze or reject as required, report where required
Possible match with missing DOB/IDPause activity under policy and gather more identifiers
False positive with strong identifier mismatchClear with documented rationale and QA trail
Entity owned by sanctioned personsTreat as restricted if applicable ownership/control rules are met
Activity potentially covered by licenseConfirm license scope and conditions before processing
Sanctioned country appears only in shipping routeReview trade, transit, port, and service restrictions before clearing
Goods are dual-use and end user is opaqueEscalate to sanctions/export-control review
Payment message omits expected counterparty dataRequest clarification; consider evasion risk
Repeated alerts for same customerReview customer risk rating and data quality, not only individual alerts
New sanctions issued affecting existing customersRescreen impacted population and review pending transactions

Last-week review checklist

  • Know the difference between blocking/freezing, rejecting, returning, and declining.
  • Practice ownership/control analysis, including direct, indirect, aggregate, and control scenarios.
  • Review sanctions screening data fields beyond customer name: UBOs, vessels, goods, banks, ports, remittance text.
  • Be able to explain why a license is conditional and not blanket permission.
  • Distinguish sanctions, AML/CFT, export controls, and proliferation financing.
  • Memorize major evasion patterns: shell companies, transshipment, AIS gaps, document manipulation, third-party payments.
  • In scenarios, identify the applicable jurisdictional nexus before deciding.
  • Do not assume “not listed” means “not restricted.”
  • For trade finance, always ask: goods, end user, end use, route, vessel, banks, and documents.
  • For alerts, document the decision path: match analysis, legal/program basis, escalation, disposition, reporting.

Practical next step

Use this Quick Reference as a checklist while completing timed CGSS practice scenarios. For each missed question, write down whether the miss was about list screening, ownership/control, licensing, trade/maritime risk, jurisdictional nexus, or alert disposition, then drill that category again.