The intersection of sanctions law and international payments is one of the most legally complex areas in financial services. European banks and payment institutions process billions of transactions per day, many of which involve counterparties, currencies, or jurisdictions subject to sanctions regimes maintained by the European Union, the United States, the United Nations, and individual member states. The legal consequences of processing a prohibited transaction range from significant fines to the withdrawal of US dollar correspondent banking access — a sanction that would be commercially fatal for any international institution. Understanding the layered structure of the sanctions environment and the compliance infrastructure required to navigate it is essential for financial institutions, their legal advisors, and corporate clients that rely on cross-border payment services.
The Multi-Layered Sanctions Architecture
European financial institutions are subject to multiple overlapping sanctions regimes that apply simultaneously and do not always align. At the international level, UN Security Council sanctions are implemented through EU Regulations that apply directly in all member states without further national transposition. Current UN sanctions programmes target, among others, North Korea, Iran, Libya, and ISIL/Al-Qaida-affiliated entities.
EU autonomous sanctions extend significantly beyond UN measures and are adopted by the Council of the EU through Regulations based on the Common Foreign and Security Policy framework. EU sanctions do not require UN Security Council authorisation and have been used extensively to respond to geopolitical events: the sanctions on Russia following the 2014 annexation of Crimea were dramatically expanded after the February 2022 full-scale invasion and now constitute the most complex and operationally demanding sanctions programme in European history. EU sanctions on Belarus, Iran, Myanmar, Venezuela, Syria, and a range of individuals designated for human rights violations and other grounds add further layers of complexity.
US sanctions, administered by the Office of Foreign Assets Control (OFAC), apply to US persons and US-incorporated entities globally, to transactions conducted in US dollars anywhere in the world, and to foreign entities that conduct transactions through the US financial system or that own or control US property. For European banks with US dollar correspondent banking relationships, US branches, or any other US nexus, OFAC sanctions have near-extraterritorial reach. OFAC has imposed multi-billion dollar fines on European banks for processing dollar transactions that violated US sanctions, including the landmark settlements with BNP Paribas (USD 8.9 billion), Deutsche Bank, Commerzbank, and others in the decade following 2012.
The Russia Sanctions: Operational Complexity at Scale
The Russia sanctions introduced after February 2022 illustrate the operational challenge that large-scale sanctions programmes create for European financial institutions. The EU sanctions on Russia now encompass: asset freezes and prohibitions on making funds available to a large and expanding list of designated individuals and entities; sectoral sanctions prohibiting transactions with certain Russian state-owned financial institutions and energy companies; prohibitions on providing a wide range of services including legal, accounting, advertising, market research, and IT services to Russian entities; restrictions on the provision of specialized financial messaging services (SWIFT disconnection of designated banks); prohibitions on transactions related to Russian sovereign debt; and export and import controls on hundreds of categories of goods.
The practical consequence for payment institutions is that processing a payment with any Russian nexus requires screening against the sanctions lists, assessing whether the goods or services involved fall within the prohibitions, checking whether the payment involves a sanctioned financial institution in the correspondent chain, and in many cases obtaining legal advice on whether a specific transaction is caught. This compliance burden has caused many European banks to reduce or eliminate Russia-related payment flows entirely through a process known as de-risking, which has its own regulatory complications as supervisors have raised concerns about financial exclusion and access to banking services for non-sanctioned Russian individuals.
Screening Technology and Its Limitations
At the core of sanctions compliance in payments is automated screening of payment messages against sanctions lists. Banks and payment institutions run payment data — including sender name, receiver name, account numbers, addresses, and payment descriptions — against a consolidated list derived from EU, OFAC, HM Treasury, UN, and other sanctions databases. Screening software generates alerts when a payment message contains a name or identifier that matches or fuzzy-matches an entry on the sanctions list.
The challenge is that sanctions lists contain hundreds of thousands of entries, and payment messages often contain incomplete or abbreviated information. Name matching is particularly problematic: a payment from Mohammed Al-Hassan, a non-sanctioned individual, may generate alerts because similar names appear on sanctions lists relating to terrorism financing or Iran. The volume of false positives in large-scale payment processing is enormous, and institutions must invest in the analyst capacity to review and clear alerts quickly enough to meet payment processing timescales.
Ownership and control screening adds further complexity. OFAC’s 50% rule provides that any entity owned 50% or more by a sanctioned person is itself sanctioned even if not explicitly listed. EU regulations contain equivalent provisions. Determining the ultimate beneficial ownership of a corporate counterparty — and checking that ownership chain against sanctions lists — requires access to beneficial ownership registries, corporate databases, and, in many cases, direct inquiry to the counterparty. For high-volume payment processors, applying this analysis to every transaction is impractical, which creates both compliance gaps and legal uncertainty about the standard of care required.
The Correspondent Banking Nexus and Secondary Sanctions Risk
The most asymmetric element of the sanctions compliance environment for European institutions is the exposure to US secondary sanctions. US secondary sanctions are measures that penalise non-US persons for conduct that does not involve US persons, US territory, or the US financial system, but which the US has designated as sufficiently contrary to US foreign policy objectives that it warrants restriction. The most significant secondary sanctions currently in force relate to Iran and Russia: non-US banks that engage in material transactions with certain Iranian or Russian entities risk being cut off from the US financial system — losing their US dollar correspondent banking relationships and their ability to process dollar-denominated transactions globally.
For European institutions, secondary sanctions create a genuine conflict between EU law and US law. The EU’s Blocking Statute (Council Regulation 2271/96, updated in 2018 to address US Iran sanctions) prohibits EU persons from complying with certain designated US extraterritorial measures and provides a cause of action in EU courts for EU persons harmed by compliance with those measures. In practice, however, the financial consequences of losing US dollar access so dramatically outweigh the legal consequences of violating the Blocking Statute that most European institutions comply with US secondary sanctions requirements rather than invoking the EU Blocking Statute — a choice that is commercially rational but legally complicated.
Licensing and Humanitarian Exemptions
Both EU and US sanctions regimes include licensing mechanisms that allow otherwise prohibited transactions to proceed where a specific authorisation is granted. OFAC general licences provide blanket authorisation for categories of transactions (for example, the processing of personal remittances to Iran below specified thresholds, or transactions with certain Russian subsidiaries of non-sanctioned entities), while specific licences authorise individual transactions on application. The EU provides similar licensing mechanisms through the competent authorities of member states.
The humanitarian exception for payments related to food, medicine, and other essential goods is one of the most practically important and contested areas. UN and US sanctions regimes nominally include humanitarian carve-outs, but the practical difficulty of documenting the humanitarian purpose and the correspondent banking community’s extreme risk-aversion regarding any sanctions-adjacent transaction has resulted in a well-documented chilling effect on legitimate humanitarian payments to sanctioned jurisdictions. European banks cite sanctions compliance uncertainty as a reason for refusing to process payments related to humanitarian operations in Yemen, Syria, and other sanctioned contexts, creating operational problems for NGOs and aid agencies that legal analysis might suggest should be permissible.
Legal Exposure and Enforcement Trends
Sanctions violations by European financial institutions have historically been among the largest financial penalties in banking regulation. The BNP Paribas settlement in 2014 — involving the processing of dollar transactions for Sudanese, Iranian, and Cuban counterparties — set a benchmark that has shaped the industry’s approach to compliance investment. More recent enforcement actions, including the EUR 300 million fine imposed on Deutsche Bank by the European Central Bank in 2023 for deficiencies in its anti-money laundering and sanctions controls, signal that European supervisory authorities are intensifying their own enforcement posture independently of US actions.
EU sanctions enforcement has historically been fragmented because the EU Regulation prohibits the conduct but enforcement and prosecution is a matter for individual member states. The EU’s proposed Directive on the definition of criminal offences and penalties for the violation of Union restrictive measures, which was agreed in principle in 2023 and is being implemented by member states, creates a harmonised criminal law framework for sanctions violations across the EU for the first time — including personal criminal liability for individuals who intentionally circumvent sanctions. This development significantly elevates the personal risk exposure of compliance officers, directors, and executives of financial institutions and corporates.
Practical Implications for Corporate Clients
The sanctions compliance environment has direct operational consequences for corporate clients of European financial institutions. Banks increasingly apply enhanced due diligence requirements to clients in sectors or geographies with elevated sanctions exposure, including commodities trading, shipping, financial services to emerging markets, and technology exports. Clients that cannot provide clear documentation of their supply chain, ultimate beneficial ownership, and end-use of goods may find that banks refuse transactions or terminate relationships.
For corporates involved in cross-border M&A, sanctions due diligence has become a standard component of the legal and commercial diligence process. An acquisition of a target with undisclosed sanctions exposure — whether through ownership of a sanctioned subsidiary, a commercial relationship with a sanctioned counterparty, or goods that include restricted technology — can create post-closing liability for the acquirer. Representations and warranties insurance in M&A transactions now routinely excludes sanctions-related claims, placing the burden of comprehensive pre-closing sanctions due diligence firmly on the acquirer.
Conclusion
Sanctions compliance in international payments has evolved from a niche regulatory speciality into a central operational and legal function for any European financial institution with cross-border activity. The combination of the EU’s expanding autonomous sanctions programme, OFAC’s extraterritorial reach through secondary sanctions and correspondent banking leverage, and the EU’s new harmonised criminal enforcement framework creates a compliance environment of exceptional complexity. Institutions that invest in the technology, legal expertise, and governance frameworks required to navigate this environment can manage the risk. Those that treat sanctions compliance as a checkbox function rather than a substantive legal and operational discipline face exposure that the enforcement record of the past decade has demonstrated to be very real.