The sanction screening regime rolls on. The global geopolitical situation and the associated increase in sanctioned entities has led to an expansion in regulatory requirements.
In May 2025, the UK updated its Sanctions and Anti-Money Laundering Act (SAMLA) – a quiet but profound regulatory shift. For the first time, non-financial businesses are squarely in the crosshairs of compliance requirements that were once the exclusive domain of banks and insurers.
Utilities, telecoms, estate agents, law firms, retailers, importers, exporters — even government bodies—are now required to conduct sanctions-related checks. The intent is clear: prevent the flow of goods, services, and resources to sanctioned individuals or entities, no matter where they sit in the value chain.
The devil, of course, lies in the details. It’s not just about screening obvious names on a list. The law now requires identifying entities owned or controlled, formally or informally, by sanctioned persons. Even “significant influence” can trigger obligations. The reporting threshold has also been lowered from “reasonable belief” to “reasonable grounds to suspect”—broadening the net considerably. Organisations need systems and datasets that capture not just the sanctioned entities but also their associations, family members and the like.
So what does this mean for a utility provider or a law firm? The implications are profound. It means new processes, new systems, and candidly, new risks. Compliance is no longer optional. Non-compliance can mean civil penalties and even criminal charges.
The good news is that the technology and data industry has stepped up with relevant solutions. At the heart of compliance are three essential steps:
- Screening & Classification – Checking customers, partners, and vendors against official sanctions lists.
- Assessment & Reporting – Investigating flagged cases, documenting decisions, and reporting high-risk entities to regulators.
- Ongoing Monitoring – Ensuring newly onboarded clients / suppliers as well as existing relationships are regularly refreshed and reviewed.
Across the process, it is essential to have auditable and trackable activity trails that stand up to regulatory scrutiny.
Consider this real-world illustration: a telecom provider with 1,000,000 customers and 30,000 new sign-ups each month. A one-time screening of all existing customers flagged 300 sanctioned users—regulators were notified immediately and the customers earmarked. Each month, new users are screened, with a handful denied service. And once a year, the entire customer base is re-screened, with relevant regulatory reports filed by before deadlines hit.
This is the new normal. Non-financial businesses must now act with the same vigilance as banks in ensuring they are not inadvertently enabling sanctioned individuals. Enforcement begins in November 2025.
The biggest challenge we see across the ecosystem is the intensifying scarcity of talent. The community of risk and compliance professionals has been rightsized for existing demand (largely by the financial services sector). The rest of the corporate sector is going to need similar expertise, and fast. There is likely to be an expensive and messy war for talent. Screening and Monitoring outsourcing is one solution but keep in mind that the responsibility for being compliant cannot be outsourced.
At RZOLUT, we are already working with our partners as well as end clients to help overcome this emerging challenge in a cost effective and technology-first manner—bringing to bear our decades of domain expertise and global experience. If you are a non-financial business navigating these changes, the question is not whether to act, but how quickly. Get going now!
