An effective sanctions compliance program (SCP) must be comprehensive and integrated throughout an organization's operations. The correct approach is to apply screening to all business activities to identify and mitigate sanctions risks wherever they may arise. This includes, but is not limited to, customers, transactions, vendors, supply chain partners, third-party intermediaries, and employees. Limiting the scope of screening to specific areas, such as only customers, creates significant compliance gaps and exposes the organization to the risk of violations and severe penalties. A holistic, risk-based approach covering all business lines is a fundamental expectation of regulators.

A. Exclude vendors and other intermediaries from the screening.

This is incorrect because vendors and intermediaries represent a significant third-party risk and can be used, wittingly or unwittingly, to circumvent sanctions.

B. Include only customers and their transactions in the screening.

This scope is too narrow. A comprehensive SCP must also address risks from suppliers, beneficial owners, employees, and other third parties involved in business operations.

D. Exclude beneficial owners of distributors from the screening.

This is incorrect as it directly contravenes regulations like OFAC's 50 Percent Rule, which mandates that entities owned 50% or more by sanctioned parties are also considered blocked.

1. ACAMS Certified Global Sanctions Specialist (CGSS) Study Guide, 2nd Edition. Chapter 4, "Sanctions Compliance Programs," emphasizes that an effective SCP requires a holistic risk assessment covering all business areas, including customers, products, services, and geographic locations. It explicitly states the need to screen third parties like vendors and intermediaries.

2. U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC). (2019). A Framework for OFAC Compliance Commitments. Section C, "Internal Controls," states that an effective SCP includes policies and procedures to "identify, interdict, escalate, report... and keep records pertaining to activity that may be prohibited." This implicitly covers all business activities, and the framework explicitly mentions screening customers, supply chain, intermediaries, and counterparties.

3. Wolfsberg Group. (2019). Guidance on Sanctions Screening. This guidance document for financial institutions recommends that screening should be applied to customers, related parties (including beneficial owners), transactions, and third-party providers to manage sanctions risk effectively across the organization. (See Section II: "Where to Screen").