5 Jan 2026
Module 2 — Types of Sanctions (List-Based, Country/Region, Sectoral, Secondary)
A practical taxonomy of sanctions types with examples and employee takeaways for EU and US regimes.
Module 2 — Types of Sanctions (EU + US)
Goal of this module
After this module, you should be able to:
- Name the main types of sanctions used in EU and US regimes.
- Understand how each type creates compliance and business risk for PSPs, acquirers, processors, neo banks, and marketplaces.
- Know why sanctions controls must cover more than only the customer name.
Why this matters for your role (payments + platforms)
Sanctions risk is not limited to “bad customers.” In your day-to-day work, sanctions risk appears in:
- Onboarding: merchants, sellers, customers, vendors, partners, service providers.
- Transactions: card payments, bank transfers, payouts, refunds, chargebacks, crypto on/off-ramps.
- Platforms: marketplace listings, fulfillment, cross-border shipping, digital services delivery.
- Operational touchpoints: customer support, disputes, invoicing, underwriting, account management.
A compliant program needs both:
- Who is involved (party screening), and
- What/where/how the activity happens (geography, sector, product/service, ownership/control, routing).
The 4 main sanctions types (quick map)
| Sanctions type | What it targets | Typical control pattern | Common failure mode |
|---|---|---|---|
| List-based | Named persons/entities/vessels/aircraft | Screening + escalation | Assuming “no exact match = safe” |
| Country/region-based | Certain countries/regions | Geo + product/service restrictions | Missing indirect routing/transshipment |
| Sectoral | Specific sectors/activities | Rules on instruments/services/terms | “Party is allowed” but transaction structure is not |
| Secondary (US-driven) | Non-US persons dealing with certain targets/activities | Risk-based escalation + de-risking | Treating it as “not our law” |
1) List-based sanctions (designated people and entities)
Authorities publish lists of designated individuals and entities.
Typical restrictions (how it works)
Most list-based sanctions revolve around:
- Asset freeze: you must not deal with the funds/economic resources of a designated party.
- No making funds/economic resources available: you must not provide funds, services, or value to a listed party, directly or indirectly.
- Deal bans / service bans: certain services are prohibited (depends on the regime and program).
What this means for PSPs, acquirers, processors, neo banks, marketplaces
List-based sanctions can arise in everyday scenarios:
- Merchant acquiring: onboarding a merchant who is listed, or owned/controlled by a listed person.
- Marketplaces: enabling seller accounts, listings, or payouts that generate value for a listed party.
- Payments processing: processing transactions where a listed party is payer, payee, or beneficial owner.
- Neo banks: providing accounts, cards, wallets, credit, or other financial services to a listed party.
- Indirect value: refunds, credits, fee rebates, promotions, or chargeback payouts benefiting a listed party.
Practical screening reality: names are messy
Names may appear with:
- aliases and alternative spellings,
- different alphabets and transliterations,
- partial names, reversed order, missing middle names,
- patronymics and naming conventions (region-dependent),
- inconsistent or missing dates/places of birth.
Operational takeaway: screening is not only “exact match.” It is match + context.
Important extension: ownership/control can “pull in” non-listed parties
Even if a counterparty is not explicitly listed, restrictions may extend if the party is owned or controlled by a listed person/entity (tests vary by regime).
Why this matters: A business can look “clean by name” but still be restricted due to ownership/control.
What you must do
If there is a match or close match:
- Pause onboarding/transaction (do not proceed).
- Escalate to Compliance/Sanctions with supporting information (names, DOB, nationality, address, IDs, ownership, transaction details).
- Do not “self-clear” based only on name similarity.
2) Country / region-based sanctions
Some sanctions restrict business with specific countries or regions.
What these sanctions typically restrict
Country/region measures often include:
- Trade restrictions: goods, technology, dual-use items, and related services.
- Services restrictions: software support, cloud/IT services, consulting, auditing, legal services (varies by regime).
- Financial restrictions: financing, insurance/reinsurance, certain investments.
- Government-related restrictions: dealings with certain state bodies or state-owned entities.
Why “not listed” does not mean “not restricted”
A transaction may still be restricted due to:
- Destination (where goods/services end up),
- End-user (who ultimately uses it),
- End-use (what it will be used for),
- Routing/transshipment (indirect paths),
- IP/device/geolocation signals indicating restricted locations,
- Shipping/fulfillment location for marketplaces.
Practical examples (industry-relevant)
- Marketplace: seller is not listed, but shipping address is a restricted region → delivery may be prohibited.
- PSP/Acquirer: merchant provides digital services into restricted geographies → service delivery can be restricted.
- Neo bank: transfer involves a bank/beneficiary in a restricted region → flow may be restricted even if customer is not listed.
What you must do
Country/region sanctions require controls beyond name screening:
- Geographic controls: residence/country, shipping/billing, IP/device signals, bank country.
- Product/service controls: what is being sold or provided.
- Routing awareness: beneficiary bank, intermediaries, corridor risk.
- Escalate if geography signals conflict or appear manipulated.
3) Sectoral sanctions
Sectoral sanctions target a specific part of an economy (e.g., energy, finance, defense) or specific activities.
What sectoral sanctions can restrict
Sectoral measures often restrict:
- Financing terms and instruments (e.g., certain debt/equity activities in defined contexts),
- Specific equipment/technology and related technical assistance,
- Certain services (e.g., brokering, underwriting, project-related services),
- Transactions linked to specific projects or extraction/production activities.
Why sectoral sanctions are operationally tricky
You may be allowed to deal with the party in general, but not:
- in a specific transaction type,
- with a specific instrument,
- under specific terms (e.g., tenor),
- for a specific purpose (end-use),
- involving a specific sector/project.
Practical examples (payments + platforms)
- Acquiring: merchant is not fully prohibited, but the activity relates to a restricted sector or project → certain service structures can be restricted.
- Neo bank: credit/financing features may trigger restrictions even when basic account services might not.
- Marketplace: listings include controlled equipment/technology intended for restricted sector use.
What you must do
Sectoral sanctions require:
- Strong merchant/customer due diligence (what they do, where they operate, who they serve).
- Controls over products and services you provide (especially financing-like features).
- Escalation when deals touch restricted sectors, projects, or transaction structures.
4) Secondary sanctions (US-driven risk pattern)
Secondary sanctions create risk for non-US persons if they engage in certain targeted dealings.
Why it matters even if you are not a US company
Secondary sanctions risk can lead to:
- Banking de-risking: correspondent/sponsor banks refusing to process payments.
- USD clearing exposure: heightened controls or relationship termination.
- Commercial fallout: partners (banks, schemes, processors, vendors) ending relationships based on risk appetite.
- Reputational impact: adverse media and regulatory attention.
What you must do
Treat secondary sanctions risk as material:
- Flag and escalate higher-risk corridors, counterparties, and sectors.
- Assume that “technically permissible” activity can still be commercially blocked.
- Document decisions and rationale (audit trail).
5) Export controls (sanctions-adjacent)
Export controls regulate goods, software, and technology exports, including dual-use items. They frequently intersect with sanctions.
Why this matters for your industry
Even if you do not ship goods directly:
- Marketplaces enable sales of controlled goods/technology and facilitate payment/delivery.
- Digital services (software, cloud access, technical support) can be “exports” depending on delivery/user location.
- Payments can facilitate transactions tied to controlled items or restricted end-uses.
Escalate if you suspect:
- controlled end-use (e.g., military or proliferation-related),
- restricted end-user,
- mismatches between stated business and goods/services,
- bypass attempts (VPNs, proxy addresses, inconsistent shipping/billing).
What you must screen beyond the name (minimum mindset)
In real-world operations, “name-only” screening is not sufficient. Controls commonly need to consider:
- Identity attributes: DOB, nationality, residence, place of birth, IDs.
- Entity data: registration number, directors, UBOs, ownership/control.
- Geography signals: billing/shipping, IP/device location, bank country, corridors.
- Transaction context: payer/payee, purpose, goods/services, routing, intermediaries.
- Platform context: seller location, fulfillment location, delivery destination, digital delivery region.
Common mistakes to avoid
- “No exact match, so it’s safe.” (False: close matches require context review.)
- “Counterparty isn’t listed, so it’s allowed.” (False: geography/sector/ownership can still restrict.)
- “Secondary sanctions don’t apply to us.” (Risky: banks/partners may block activity.)
- “Sanctions = export controls.” (Related, but not identical; manage overlap carefully.)
Knowledge check (5 questions)
- List-based sanctions only apply when there is an exact name match. True or false?
- A transaction can be restricted due to destination/end-use/end-user, even if no party is listed. True or false?
- Sectoral sanctions can allow dealing with a party but restrict how you deal (instrument/term/service). True or false?
- Secondary sanctions risk can create real-world impact for non-US companies. True or false?
- For marketplaces and PSPs, sanctions controls should consider more than names (geography + transaction context). True or false?
Answers
- False. Screening is risk-based; close matches require context review and escalation.
- True. Country/region measures and end-use/end-user restrictions can apply without a listed party.
- True. Sectoral sanctions often restrict specific transaction structures, services, or instruments.
- True. Even absent direct jurisdiction, banks and partners may refuse or terminate relationships.
- True. Geography, ownership/control, routing, and transaction purpose can all create sanctions risk.
Continue
Next, learn the practical controls your company should implement (screening, escalation, blocks, audit trails, and governance).
Related reading
Training•
Module 6 — Checklists and Templates (Audit-Ready)
Print-ready employee checklists: daily safety checklist, escalation template, and evidence pack checklist.
Training•
Module 5 — Industry Scenarios (PSP, Marketplace, Fintech/Crypto, Freight Forwarder)
Practical scenarios with red flags, correct actions, and evidence pack requirements for high-risk industries.
Training•