Quick Reference scope
Use this page as a compact review aid for the ACAMS Certified Global Sanctions Specialist (CGSS) exam, exam code CGSS. It is independent exam-prep support, not legal advice and not affiliated with ACAMS.
The CGSS exam rewards applied judgment: identifying sanctions risk, choosing controls, interpreting alert facts, recognizing evasion, and understanding how global sanctions regimes differ.
Sanctions mental model
Sanctions compliance is not only list screening. A strong answer usually considers:
- Who is involved: customer, beneficial owner, director, vessel owner, counterparty, intermediary bank, agent.
- What is involved: funds, goods, services, technology, securities, insurance, shipping, digital assets.
- Where the activity touches: jurisdiction of parties, origin/destination, transit points, booking location, currency, clearing route.
- Why the activity is occurring: legitimate purpose, humanitarian need, wind-down, license, evasion pattern.
- How the institution controls it: screening, due diligence, escalation, blocking/freezing/rejecting, reporting, testing.
Core sanctions terms and traps
| Term | Practical meaning | Exam trap |
|---|
| Sanctions | Legal or regulatory restrictions targeting countries, governments, entities, individuals, sectors, activities, or goods | Do not treat sanctions as identical to AML; overlap exists, but sanctions often require immediate interdiction |
| Embargo | Broad restriction on trade or activity with a country, region, or sector | “Comprehensive” restrictions are broader than list-based sanctions |
| Asset freeze / blocking | Restriction preventing access, movement, transfer, or use of targeted property or interests | A blocked asset is not simply returned to the sender unless law permits |
| Reject | Refusing or declining a transaction without taking control of the property | “Reject” and “block/freeze” are not interchangeable |
| Designated person | Individual or entity named on a sanctions list | Risk can extend to owned or controlled entities not explicitly listed |
| Ownership | A sanctions target’s direct or indirect equity interest in an entity | Thresholds and aggregation rules differ by jurisdiction |
| Control | Ability to direct actions, management, policy, assets, or decisions | Control can create risk even where ownership is below a numeric threshold |
| Primary sanctions | Restrictions applying to persons subject to the issuing jurisdiction | Do not assume only local residents are affected; jurisdiction can arise through currency, clearing, branches, or nexus |
| Secondary sanctions | Measures that can target non-jurisdictional persons for certain dealings with sanctioned parties or sectors | Secondary sanctions risk is often strategic and reputational, not just a screening question |
| Sectoral sanctions | Restrictions on certain activities, debt/equity, services, or industries rather than full blocking | A party may be listed but not fully blocked under every program |
| General license | Pre-authorized permission for a category of activity if conditions are met | Conditions, parties, time period, and reporting matter |
| Specific license | Case-specific authorization from a competent authority | Application pending is usually not authorization |
| Exemption | Activity carved out by law or regulation | Exemption scope may be narrow and jurisdiction-specific |
| Wind-down | Limited permission to exit existing activity | Wind-down is not permission to expand business |
| Facilitation | Assisting or approving prohibited activity by others | A non-sanctioned affiliate may still create facilitation risk |
| Circumvention / evasion | Structuring activity to avoid sanctions restrictions or detection | Evasion red flags can exist even when no list hit appears |
| False positive | Alerted party is not the sanctions target | Must be documented; repeated false positives may suggest tuning/data issues |
| True match | Alerted party is the sanctions target or prohibited party | Requires escalation and jurisdiction-specific disposition |
| Possible match | Insufficient information to clear or confirm | Do not process as normal until resolved under policy |
Major sanctions authorities and roles
| Authority / actor | Typical role in sanctions ecosystem | Candidate focus |
|---|
| United Nations Security Council | Issues UN sanctions measures implemented by member states | UN lists often create global baseline obligations through domestic implementation |
| United States OFAC | Administers and enforces many U.S. economic sanctions programs | Understand blocking, list-based programs, general/specific licenses, ownership concepts, and U.S. nexus |
| European Union | Adopts EU restrictive measures implemented across member states | EU sanctions often include asset freezes, sectoral measures, trade restrictions, and ownership/control analysis |
| United Kingdom OFSI / UK authorities | Implements and enforces UK financial sanctions | Recognize UK asset freeze, reporting, licensing, and ownership/control considerations |
| National competent authorities | Issue guidance, licenses, penalties, and local implementation rules | Always identify which jurisdiction’s law applies |
| Financial regulators | Expect risk-based sanctions compliance programs | Weak controls can create supervisory issues even without a completed prohibited transaction |
| Law enforcement / intelligence agencies | Investigate evasion, proliferation, corruption, terrorism, cyber activity | Typologies and red flags often come from enforcement patterns |
| Export control authorities | Restrict controlled goods, software, technology, and end uses | Export controls and sanctions overlap but are not the same |
| Institution board/senior management | Own risk appetite and resourcing | Governance failures are common enforcement themes |
| Compliance / sanctions team | Designs screening, escalation, reporting, testing, and training | Exam scenarios often test escalation and documentation discipline |
Sanctions types: what is restricted?
| Sanctions type | Typical target | What to check |
|---|
| List-based financial sanctions | Named individuals, entities, vessels, aircraft | Customer/counterparty screening, ownership/control, payment messages, aliases |
| Country or territory restrictions | Jurisdictions, regions, governments | Origin, destination, residence, citizenship, branch location, shipment route |
| Sectoral sanctions | Energy, defense, finance, mining, technology, maritime, other sectors | Activity type, maturity/tenor restrictions, services provided, financing structure |
| Trade sanctions | Imports, exports, reexports, brokering, goods | Product classification, end user, end use, shipping documents, transshipment |
| Arms embargo | Weapons, defense articles, military services | Dual-use goods, military end users, brokers, logistics |
| Proliferation sanctions | WMD, nuclear, missile, dual-use procurement networks | Front companies, technical goods, unusual shipping, scientific institutes |
| Human rights / corruption sanctions | Individuals or entities linked to abuse or corruption | PEP exposure, state-owned entities, intermediaries |
| Cyber sanctions | Hackers, ransomware actors, crypto wallets, infrastructure | Digital asset addresses, ransomware payments, incident response |
| Maritime sanctions | Vessels, owners, operators, cargo, ports | IMO number, AIS gaps, ship-to-ship transfers, flag changes |
| Capital markets restrictions | Securities, debt, equity, investment services | Issuer, maturity, derivative exposure, custodians, investment funds |
| Services restrictions | Professional, technical, accounting, trust, IT, insurance, maritime services | Service scope, location of benefit, end recipient |
| Travel bans | Individuals | Less central for many financial institutions but relevant to comprehensive sanctions understanding |
Sanctions vs AML/CFT
| Dimension | Sanctions | AML/CFT |
|---|
| Primary question | Is this party, activity, jurisdiction, or property prohibited or restricted? | Is the activity suspicious or linked to illicit proceeds or financing? |
| Timing | Often real-time interdiction before processing | Often monitoring before and after transactions |
| Action | Block/freeze, reject, decline, report, license, escalate | Investigate, file suspicious activity report where required, exit or monitor |
| Risk tolerance | Frequently zero tolerance for prohibited activity | Risk-based; suspicious does not always mean prohibited |
| Data need | Names, aliases, IDs, ownership, control, geography, vessel/goods data | Behavior, source of funds, expected activity, typologies |
| Common overlap | Terrorism, proliferation, corruption, narcotics, cyber, evasion | Sanctions evasion may also be money laundering |
Risk assessment reference
Inherent sanctions risk factors
| Risk category | Higher-risk indicators | Lower-risk indicators |
|---|
| Customer | PEPs, state-owned entities, import/export firms, money services, crypto firms, defense/energy entities, charities in conflict zones | Local retail customers with simple profiles and verified identity |
| Geography | Sanctioned or high-conflict regions, transshipment hubs, border areas, offshore secrecy jurisdictions | Domestic-only activity in lower-risk jurisdictions |
| Products | Correspondent banking, trade finance, private banking, securities, custody, crypto, insurance, maritime finance | Low-value, domestic, non-cross-border products |
| Channels | Non-face-to-face onboarding, third-party introducers, nested relationships, complex agents | Direct customer relationship with verified documentation |
| Transactions | Cross-border wires, vague remittance data, unusual currencies, rapid movement, no economic rationale | Recurring, transparent payments consistent with profile |
| Ownership | Complex layers, bearer shares, trusts, nominee directors, recent ownership changes | Transparent ownership with verifiable control structure |
| Screening data | Poor names, missing DOB/ID, non-Latin scripts, unstructured payment messages | Standardized identifiers, complete customer records |
| Prior issues | Previous sanctions alerts, adverse media, regulatory findings, control failures | Stable history, cleared alerts with strong documentation |
Residual risk and controls
| Control | Reduces which risk? | Evidence exam answers should mention |
|---|
| Customer due diligence | Hidden sanctioned ownership/control, false identity | Beneficial ownership, management, source of funds, business purpose |
| Real-time screening | Prohibited transactions before execution | Payment interdiction, sanctions list updates, alert audit trail |
| Batch screening | Existing customer/list changes | Periodic rescreening, event-triggered rescreening |
| Trade document review | Goods, end-use, vessel, port, route evasion | Invoices, bills of lading, HS/product description, shipping route |
| Geolocation controls | Country/territory exposure | IP, address, phone, port, origin/destination, branch data |
| Technology tuning | False positives/false negatives | Threshold testing, model governance, sample validation |
| Independent testing | Program effectiveness | Audit findings, remediation tracking |
| Escalation governance | Inconsistent decisioning | Clear levels, legal review, sanctions officer approval |
| Training | Human error and missed red flags | Role-based sanctions training |
| Reporting process | Regulatory breach handling | Timely internal escalation, competent authority reporting where required |
Sanctions compliance program components
| Component | What good looks like | Weak answer to avoid |
|---|
| Governance | Board/senior management oversight, defined risk appetite, accountable sanctions officer | “Compliance owns everything” |
| Policies and procedures | Written, current, jurisdiction-aware, product-specific | Generic AML policy with one sanctions paragraph |
| Risk assessment | Enterprise-wide, refreshed for products, customers, geographies, transactions, third parties | One-time checklist with no action plan |
| Screening program | Customer, transaction, trade, vessel, securities, and third-party screening as applicable | Only screening new customers at onboarding |
| Data management | Complete, standardized, quality-controlled data | Overreliance on incomplete names |
| Alert management | Risk-ranked queues, documented disposition, escalation, QA | Closing alerts without rationale |
| Licensing process | Tracks scope, conditions, expiration, approvals, reporting | Treating a license as blanket approval |
| Block/reject process | Clear decision rules, segregation, asset controls, reporting | Returning funds automatically |
| Training | Tailored to front office, operations, trade, compliance, senior management | Same annual slide deck for all roles |
| Independent testing | Tests design and operating effectiveness | Only checking that a policy exists |
| Change management | Responds to new programs, list updates, system changes, acquisitions | No process for rapid sanctions changes |
| Third-party oversight | Vendor screening, data providers, correspondent banks, agents | Outsourcing without accountability |
Screening universe: who and what to screen
| Area | Screen these data points | Common miss |
|---|
| Customer onboarding | Legal name, aliases, trade names, DOB, ID, nationality, address, registration number | Screening only the applicant, not beneficial owners/controllers |
| Beneficial ownership | Direct and indirect owners, intermediate entities, trustees, settlors, protectors, beneficiaries where relevant | Ignoring aggregate ownership by multiple sanctioned parties |
| Management/control | Directors, senior managers, authorized signers, powers of attorney | Focusing only on shareholders |
| Existing customers | Customer file, periodic changes, trigger events, list updates | No rescreening after new sanctions designation |
| Payments | Originator, beneficiary, banks, intermediaries, remittance text, addresses, countries | Screening only names in structured fields |
| Trade finance | Buyer, seller, banks, carriers, vessels, ports, goods, insurers, freight forwarders | Ignoring documents because no customer name matches |
| Securities | Issuer, counterparty, custodian, broker, underlying exposure, fund holdings | Missing sanctioned issuer exposure through funds or derivatives |
| Maritime | Vessel name, IMO number, MMSI, flag, owner, operator, manager, charterer, cargo, ports | Relying on vessel name only; names change |
| Digital assets | Customer, wallet address, exchange, blockchain exposure, ransomware indicators | Treating crypto as outside sanctions screening |
| Vendors/third parties | Agents, suppliers, consultants, distributors, introducers | Not screening non-customer relationships |
| Employees | New hires, contractors, payroll beneficiaries where relevant | Overlooking employment or payroll restrictions |
Name screening logic
| Issue | Why it matters | Practical control |
|---|
| Exact match | Fast, high-confidence for unique identifiers | Use legal name plus identifiers |
| Fuzzy match | Captures misspellings, transliteration, reordered names | Calibrate thresholds by risk and language |
| Transliteration | Arabic, Cyrillic, Chinese, Persian, Korean, and other scripts vary widely | Use aliases, phonetics, native script where available |
| Common names | High false positives | Require DOB, passport, address, nationality, ID, relationship context |
| Aliases / AKAs | Sanctions targets often use multiple names | Include known aliases and weak aliases with appropriate weighting |
| Abbreviations | Corporate names may use initials or local suffixes | Normalize legal entity suffixes and punctuation |
| Data quality | Missing DOB, registration number, or address increases uncertainty | Remediate source data, do not just lower thresholds |
| Threshold tuning | Too low creates noise; too high misses risk | Validate using samples, known test cases, and QA |
| Suppression rules | Can reduce repeat false positives | Must be controlled, justified, reviewed, and not suppress real changes |
| List updates | New designations require prompt rescreening | Maintain list update controls and audit logs |
Alert disposition decision path
flowchart TD
A[Alert generated] --> B{Sufficient data to compare?}
B -- No --> C[Request data / hold or pause activity per policy]
B -- Yes --> D{Identity match?}
D -- No --> E[False positive: document rationale]
D -- Yes --> F{Party or activity prohibited/restricted?}
F -- No --> G[No prohibition found: document legal/program basis]
F -- Yes --> H{License, exemption, or authorization applies?}
H -- Yes --> I[Verify scope, conditions, parties, dates, reporting]
H -- No --> J{Required disposition}
J --> K[Block/freeze]
J --> L[Reject/decline]
J --> M[Escalate/report to authority where required]
Alert handling checklist
| Step | Key question | Evidence to capture |
|---|
| Identify | Who or what triggered the alert? | Name, list, program, field, transaction, timestamp |
| Compare | Does the customer/counterparty match the listed party? | DOB, ID, address, nationality, registration, ownership, vessel IMO |
| Contextualize | Is there jurisdictional nexus or restricted activity? | Currency, clearing route, branch, location, service type |
| Ownership/control | Is an unlisted entity owned or controlled by sanctioned persons? | Ownership chart, control rights, directors, voting, contracts |
| License/exemption | Is activity permitted under defined conditions? | License text, legal review, conditions, approvals |
| Decide | Block/freeze, reject, decline, clear, or escalate? | Decision maker, rationale, policy reference |
| Report | Is regulator or authority notification required? | Internal escalation record and reporting evidence |
| Remediate | Does the alert reveal a control weakness? | Data fix, tuning, training, relationship review |
Ownership and control: high-yield distinctions
| Concept | Exam-ready interpretation |
|---|
| Direct ownership | Sanctioned party directly owns shares or equity in an entity |
| Indirect ownership | Ownership passes through one or more intermediate entities |
| Aggregate ownership | Multiple sanctioned parties’ ownership interests may need to be combined under some regimes |
| Control without ownership | Sanctioned party can direct decisions, appoint management, control assets, or influence policy |
| Listed parent | Subsidiaries may be restricted depending on ownership/control rules |
| Listed subsidiary | Parent is not automatically sanctioned solely because a subsidiary is listed, but relationship risk is high |
| Minority stake | May still matter if control rights exist or sectoral restrictions apply |
| Nominees/fronts | Formal ownership may hide actual sanctioned control |
| Jurisdiction difference | OFAC commonly uses a 50 percent or greater aggregate ownership concept for blocked persons; EU and UK analysis can place significant weight on ownership and control facts |
| Best exam answer | Do not rely only on list name. Analyze direct/indirect ownership, aggregate interests, control, and applicable jurisdiction |
Blocking, freezing, rejecting, and exiting
| Action | General meaning | When it may appear in scenarios |
|---|
| Block / freeze | Restrict access to property or funds and prevent movement | True match to blocked person; asset freeze obligation |
| Reject / decline | Refuse to process without taking control of property | Transaction prohibited but no blocking obligation under applicable rule |
| Return | Send funds back | Not always allowed; do not assume without legal basis |
| Exit relationship | Terminate customer relationship | May be necessary for risk management, but consider blocked property and reporting obligations |
| Hold / suspend | Pause while investigating | Appropriate for possible match or missing data |
| License request | Seek authorization from competent authority | Potentially lawful activity but no existing authorization |
| Continue with conditions | Proceed only if license/exemption fully applies | Must verify conditions and document rationale |
Licensing and authorization
| Item | What to verify | Common trap |
|---|
| Parties | All parties are within authorization scope | License covers one entity but not affiliates or owners |
| Activity | Exact activity is permitted | A humanitarian license does not permit unrelated commercial activity |
| Goods/services | Items match scope | Dual-use or restricted technology may need separate review |
| Geography | Covered jurisdictions and transit points | Shipment transits restricted territory not considered |
| Time | Effective period or wind-down window | Expired authorization relied upon |
| Conditions | Reporting, payment route, recordkeeping, value limits if applicable | Ignoring conditions turns permitted activity into a breach |
| Counterparties | Banks, carriers, insurers, brokers also allowed | Payment cannot be completed because intermediary is restricted |
| Documentation | Approval retained and linked to transaction | “Legal said OK” without record |
Payments and correspondent banking
| Payment element | Sanctions relevance |
|---|
| Originator | Customer or third party may be sanctioned or linked to sanctioned ownership |
| Beneficiary | Ultimate recipient may be target, front company, or controlled entity |
| Originating bank | Bank may be located in high-risk jurisdiction or subject to restrictions |
| Intermediary bank | Creates jurisdictional nexus and screening exposure |
| Beneficiary bank | Could be listed, sectorally restricted, or located in embargoed territory |
| Remittance information | Free text may reveal sanctioned goods, vessels, locations, or purpose |
| Address data | City/country clues can identify restricted geography |
| Currency | Certain currencies create clearing nexus through specific jurisdictions |
| Nested activity | Respondent bank may process for hidden downstream banks or clients |
| Payable-through accounts | Third-party access increases transparency and sanctions risk |
Payment red flags
| Red flag | Why it matters |
|---|
| Vague payment purpose such as “consulting,” “services,” or “goods” | May hide restricted activity |
| Sudden change in route, bank, or counterparty | Possible attempt to avoid screening |
| Use of shell entities with no clear business | May conceal sanctioned ownership |
| Payments just below review thresholds | Possible structuring |
| Instructions to omit names, countries, vessels, or goods | Direct evasion indicator |
| High-risk jurisdiction address with unrelated customer profile | Geographic inconsistency |
| Multiple intermediaries without business rationale | Obscures counterparties and funds flow |
| Repeated false-positive-like names with incomplete data | May indicate intentional ambiguity |
Trade finance and export-control overlap
| Topic | Sanctions angle | Exam focus |
|---|
| Goods | Goods may be banned, restricted, dual-use, luxury, energy-related, military, or technology-sensitive | Do not stop at party screening |
| End user | Final recipient may differ from buyer | Identify ultimate consignee and beneficial user |
| End use | Civilian goods can support restricted military, nuclear, cyber, or surveillance programs | Ask whether use is consistent with customer profile |
| Route | Transshipment can conceal sanctioned destination | Review ports, carriers, freight forwarders, and route changes |
| Documents | Invoices, bills of lading, packing lists, certificates may conflict | Inconsistencies are red flags |
| Financing | Letters of credit, guarantees, collections, insurance may be restricted services | Screen all parties and activity |
| Pricing | Over/under-invoicing can mask value transfer | Links sanctions evasion and trade-based money laundering |
| Brokers/agents | Intermediaries may be fronts for sanctioned buyers | Identify role and compensation |
| Product classification | Export controls may apply even without sanctions designation | Escalate to trade/export specialists where needed |
Trade document red flags
| Red flag | What it suggests |
|---|
| Goods description vague or inconsistent across documents | Concealment of restricted goods |
| Customer lacks experience in product category | Possible procurement front |
| Unusual routing through known transshipment hubs | Destination concealment |
| Last-minute change of vessel, port, consignee, or bank | Sanctions avoidance |
| End-use certificate generic or unverifiable | Weak assurance |
| Freight forwarder refuses to provide routing details | Transparency issue |
| Shipment inconsistent with destination economy | Diversion risk |
| Dual-use goods shipped to research, military, aerospace, or energy-linked entity | Proliferation or sectoral risk |
Maritime sanctions reference
| Indicator | Risk signal | Control response |
|---|
| AIS disabled or gaps near high-risk waters | “Dark activity” to hide location | Review voyage history and satellite/maritime intelligence where available |
| Ship-to-ship transfer | Cargo origin/destination may be concealed | Check locations, counterpart vessels, cargo documents |
| Frequent flag changes | Attempt to avoid scrutiny | Review flag history and registry credibility |
| Vessel name changes | Hiding prior designation or adverse media | Use IMO number, not name alone |
| Complex ownership | Sanctioned owner/operator may be hidden | Screen owner, operator, manager, charterer |
| Port calls near restricted jurisdictions | Possible sanctions exposure | Compare stated route to AIS/port data |
| Inconsistent cargo documents | Concealment or diversion | Escalate trade investigation |
| Aged vessel with opaque insurance | Higher evasion risk | Review insurer, P&I club, classification society |
| Unusual charter structure | Control may sit with sanctioned party | Review charterer and beneficial ownership |
| Commodity mismatch | Oil, coal, arms, dual-use, or luxury goods risks | Apply product-specific restrictions |
Securities, investment, and capital markets
| Scenario | Sanctions issue |
|---|
| Listed issuer is sanctioned | Trading, custody, dividends, corporate actions may be restricted |
| Issuer is owned by sanctioned party | Unlisted entity restrictions may apply |
| Sectoral debt/equity restriction | Security may be restricted even if issuer is not fully blocked |
| Fund holds sanctioned securities | Investor exposure may require divestment, blocking, or restrictions depending on law |
| Derivative references sanctioned issuer | Economic exposure may be restricted |
| Corporate action | Rights issue, dividend, coupon, conversion, redemption can involve prohibited dealing |
| Custody account | Holding assets may be permitted or frozen depending on regime; movement may be restricted |
| Investment adviser | Advice or facilitation may be restricted even if adviser does not hold assets |
Digital assets and sanctions
| Topic | Sanctions relevance |
|---|
| Wallet screening | Sanctions lists may identify digital currency addresses |
| Exchange exposure | Direct or indirect exposure to sanctioned exchange, mixer, ransomware wallet, or darknet market |
| Chain hopping | Movement across assets or chains can obscure origin |
| Mixers/tumblers | May indicate obfuscation and sanctions evasion |
| Ransomware | Payment may involve sanctioned actors or wallets |
| DeFi protocols | Counterparty identification can be difficult; smart contracts do not remove sanctions risk |
| Travel rule data | Where available, supports originator/beneficiary transparency |
| Geolocation | IP, device, and residency data may show restricted jurisdiction nexus |
Evasion typologies
| Typology | Red flags | Controls |
|---|
| Shell/front company | No website, nominee directors, shared address, recent incorporation | Enhanced due diligence, ownership verification |
| Transshipment | Goods routed through unrelated third country | Route review, end-use checks, document consistency |
| Name manipulation | Misspellings, initials, reordered names | Fuzzy screening, alias matching, manual review |
| Ownership restructuring | Sanctioned owner transfers shares to relatives/associates | Historical ownership review, adverse media |
| Use of family/associates | Payments to close associates of designated person | Relationship mapping |
| Vessel deception | AIS gaps, name/flag changes, ship-to-ship transfers | Maritime screening and voyage analytics |
| Document falsification | Conflicting invoices, altered bills of lading | Document authentication and escalation |
| Nested banking | Hidden downstream respondent activity | Correspondent due diligence and payment transparency |
| Use of cash/crypto | Harder traceability | Wallet analytics, source-of-funds review |
| Humanitarian cover | Claimed aid with high-value unrelated goods | Verify license/exemption and goods scope |
| Professional enablers | Lawyers, agents, accountants, trust providers obscure control | Third-party due diligence |
| Dual-use procurement | Small orders, technical goods, academic/research fronts | End-use/end-user review |
Proliferation financing focus
| Indicator | Why high-yield |
|---|
| Dual-use goods | Ordinary commercial items can support military or WMD programs |
| Small procurement orders | Networks may buy components in low quantities to avoid attention |
| Academic or research front | Technical end users may support restricted programs |
| Freight forwarders in transshipment hubs | Conceals destination and end user |
| Payment from unrelated third party | Masks true buyer |
| Inconsistent technical specifications | Buyer may not understand goods or may hide application |
| Links to sanctioned vessels, ports, or state entities | Elevates sanctions and proliferation risk |
| Refusal to provide end-use details | Strong escalation trigger |
Humanitarian activity: permitted does not mean uncontrolled
| Question | Why it matters |
|---|
| Is there a general license, exemption, or specific authorization? | Humanitarian intent alone is not enough |
| Are all parties covered? | NGOs, banks, suppliers, carriers, and local partners must be checked |
| Are goods/services within scope? | Food and medicine may differ from equipment, vehicles, or technology |
| Is there diversion risk? | Sanctioned government, militia, or intermediary may capture goods |
| Are payments routed through restricted banks? | Payment chain can create separate sanctions issue |
| Are records sufficient? | Institutions need evidence of basis for processing |
Investigation file essentials
| File element | Purpose |
|---|
| Alert details | Shows what triggered review and when |
| Party identifiers | Supports match or false-positive rationale |
| Screening list/program | Identifies applicable sanctions regime |
| Ownership/control analysis | Documents indirect risk review |
| Transaction/activity description | Shows scope of potential restriction |
| Jurisdictional nexus | Explains why a regime applies |
| License/exemption analysis | Supports permitted activity conclusion |
| Decision and approver | Creates accountability |
| Reporting record | Shows required internal/external action |
| QA/remediation notes | Captures control improvement |
Common CGSS scenario traps
| Scenario wording | Likely trap | Better approach |
|---|
| “No exact list match” | Evasion, alias, ownership, or control may still exist | Review identifiers, aliases, UBOs, and activity |
| “Customer is not in sanctioned country” | Counterparty, goods, vessel, payment route, or beneficial owner may create exposure | Analyze the full transaction chain |
| “General license exists” | Conditions may not be met | Verify parties, activity, dates, goods, reporting |
| “Funds should be returned” | Block/freeze may be required | Determine required disposition under applicable regime |
| “False positives are high” | Lowering thresholds may increase false negatives | Tune with testing, not convenience |
| “Trade is humanitarian” | Diversion or payment chain may be prohibited | Confirm scope and counterparties |
| “Entity is not listed” | Owned/controlled entity may be restricted | Perform ownership/control analysis |
| “Foreign branch processed it” | Parent, currency, clearing, or jurisdictional nexus may matter | Map applicable legal nexus |
| “Screening vendor handles sanctions” | Accountability remains with institution | Require oversight, testing, and governance |
| “Customer has long relationship history” | New sanctions or ownership changes can alter risk | Rescreen and refresh due diligence |
Scenario decision matrix
| If the facts show… | Most defensible exam action |
|---|
| Exact match to blocked person and no authorization | Escalate, stop activity, block/freeze or reject as required, report where required |
| Possible match with missing DOB/ID | Pause activity under policy and gather more identifiers |
| False positive with strong identifier mismatch | Clear with documented rationale and QA trail |
| Entity owned by sanctioned persons | Treat as restricted if applicable ownership/control rules are met |
| Activity potentially covered by license | Confirm license scope and conditions before processing |
| Sanctioned country appears only in shipping route | Review trade, transit, port, and service restrictions before clearing |
| Goods are dual-use and end user is opaque | Escalate to sanctions/export-control review |
| Payment message omits expected counterparty data | Request clarification; consider evasion risk |
| Repeated alerts for same customer | Review customer risk rating and data quality, not only individual alerts |
| New sanctions issued affecting existing customers | Rescreen impacted population and review pending transactions |
Last-week review checklist
- Know the difference between blocking/freezing, rejecting, returning, and declining.
- Practice ownership/control analysis, including direct, indirect, aggregate, and control scenarios.
- Review sanctions screening data fields beyond customer name: UBOs, vessels, goods, banks, ports, remittance text.
- Be able to explain why a license is conditional and not blanket permission.
- Distinguish sanctions, AML/CFT, export controls, and proliferation financing.
- Memorize major evasion patterns: shell companies, transshipment, AIS gaps, document manipulation, third-party payments.
- In scenarios, identify the applicable jurisdictional nexus before deciding.
- Do not assume “not listed” means “not restricted.”
- For trade finance, always ask: goods, end user, end use, route, vessel, banks, and documents.
- For alerts, document the decision path: match analysis, legal/program basis, escalation, disposition, reporting.
Practical next step
Use this Quick Reference as a checklist while completing timed CGSS practice scenarios. For each missed question, write down whether the miss was about list screening, ownership/control, licensing, trade/maritime risk, jurisdictional nexus, or alert disposition, then drill that category again.