USE CASES VOOR COMPLIANCE WORKFLOWS · GUIDEUPDATED 2026-03-20
Use Cases voor Compliance Workflows
Third-Party Screening: Workflow, Checklist & Best Practices
Screen third parties, vendors, and counterparties for sanctions, PEP exposure, and ownership risk before onboarding or contract renewal.
Use this workflow when screening non-customer third parties involved in operations. It helps teams apply one standard for sanctions, ownership, and media-risk checks across contractors, service providers, and strategic partners.
§01What this workflow covers
SCOPE- Sanctions list screening across OFAC, EU, UN, and UK regimes in a single pass.
- PEP (Politically Exposed Person) detection for key principals and beneficial owners.
- Beneficial ownership and UBO screening to surface hidden control risk.
- Adverse media and negative news checks for reputational risk signals.
- Ongoing re-screening and monitoring to catch new sanctions designations post-onboarding.
- API integration for automated third-party screening workflows at scale.
- Batch processing for large third-party portfolios across procurement and compliance teams.
- Audit trail and evidence package for compliance documentation and regulatory review.
§02Key statistics
DATA- Compliance failures linked to third parties
- 74%
- 74% of compliance failures involve a third-party relationship (Thomson Reuters, 2024 estimate)
- EU AMLD6 requirement
- Enhanced due diligence
- The EU's AMLD6 requires enhanced due diligence for all high-risk third-party relationships
- Compliance incident reduction
- 65% fewer
- Companies with automated third-party screening report 65% fewer compliance incidents
- Average OFAC violation settlement
- $2.1M
- Average cost of an OFAC violation settlement: $2.1M (2020–2024 average)
- Active entries across major sanctions regimes
- 15,000+
- Global sanctions lists contain over 15,000 active entries across major regimes
§03Compliance glossary
TERMS- third-party screening
- The systematic process of vetting external parties — vendors, suppliers, agents, distributors — against sanctions lists, PEP databases, and adverse media before and during a business relationship.
- beneficial owner
- An individual who ultimately owns or controls a company, typically defined as holding 25% or more of shares or voting rights.
- PEP (Politically Exposed Person)
- An individual who holds or has held a prominent public position, making them a higher risk for bribery and corruption. Includes heads of state, senior politicians, and their close associates.
- entity resolution
- The process of accurately identifying a legal entity across multiple data sources, accounting for name variations, transliterations, and aliases.
§04Authoritative references
SOURCES- 01OFAC Compliance Commitments
U.S. Department of the Treasury
- 02EU Sanctions Map
European Commission
- 03FATF Guidance on Risk-Based Approach
Financial Action Task Force
§05Expert perspective
NOTE“Third-party screening is no longer optional — regulators expect documented, repeatable processes for every counterparty relationship.”
“The risk isn't just the party you know — it's the beneficial owner two layers removed that creates the real exposure.”
§06Frequently asked questions
Q&A- What is third-party screening in compliance?
- Third-party screening is the systematic process of vetting external parties — vendors, suppliers, agents, distributors, and contractors — against sanctions lists, PEP databases, watchlists, and adverse media databases. It is a core compliance control that helps organisations identify and manage risk from external relationships before and during engagement.
- What does a third-party screening process involve?
- A third-party screening process typically includes: identifying all third parties subject to review, checking each against major sanctions regimes (OFAC, EU, UN, UK), screening key principals for PEP status, mapping beneficial ownership to identify ultimate controlling parties, reviewing adverse media for reputational risk, and documenting outcomes in a structured audit trail for compliance records.
- How often should third-party screening be performed?
- Third-party screening should be performed at onboarding and repeated at least annually. Higher-risk third parties — those operating in sensitive jurisdictions, sectors, or with complex ownership structures — should be screened more frequently, including on any material change such as ownership restructuring, contract renewal, or new sanctions designations affecting relevant regimes.
- What is the difference between third-party screening and due diligence?
- Third-party screening refers specifically to checking parties against sanctions lists, watchlists, PEP databases, and adverse media — typically automated and applied consistently to all third parties. Due diligence is a broader concept that may also include financial analysis, legal review, site visits, and reference checks. Screening is a component of due diligence, not a replacement for it.
- Which sanctions lists should be included in third-party screening?
- A comprehensive third-party screening programme should cover at minimum: OFAC SDN (United States), EU Financial Sanctions List, UN Security Council Consolidated List, UK OFSI Consolidated List, and HM Treasury Asset Freeze targets. Depending on the business's jurisdictions and counterparty profile, additional lists — such as SECO (Switzerland), DFAT (Australia), or sector-specific lists — may also be required.
- How do you screen a large list of third parties efficiently?
- Large third-party portfolios are best handled through batch screening — uploading a structured list of entities to a screening platform that processes all records simultaneously against multiple sanctions and watchlist databases. Results are prioritised by match score, with high-confidence matches flagged for analyst review and lower-risk records cleared automatically, significantly reducing manual workload.
- What is entity screening and how does it differ from individual screening?
- Entity screening refers to checking legal entities — companies, foundations, trusts, and organisations — against sanctions and watchlist databases. Individual screening checks natural persons. Entity screening is typically more complex because companies may have aliases, multiple registered names, transliterations, and layered ownership structures that must all be considered when determining a match. Most screening workflows handle both entity and individual records in the same pass.
- What software is used for third-party compliance screening?
- Third-party compliance screening software typically combines a multi-source sanctions database, a fuzzy-matching engine to handle name variations and transliterations, PEP and adverse media data, and a case management or audit trail layer. Platforms like ScreenVeritAI automate the full screening workflow — from batch upload through match review and evidence documentation — and offer API integration for embedding screening into existing compliance or procurement systems.
Q.01
Q.02
Q.03
Q.04
Q.05
Q.06
Q.07
Q.08