What Does FIN-FSA Review On Sanctions Screening Means For Finnish Banks

Sanctions screening is under renewed focus after the FIN-FSA’s 2026 review showed errors in how Finnish banks detect sanctioned parties in real conditions. In the review conducted by Finanssivalvonta, only 5 of 17 firms achieved good results in transaction screening when names were modified.

This matters for financials institutions because sanctions screening rarely deals with perfect data. Slight changes in names, delays in updates, or incomplete coverage can lead to missed risks.

With tighter EU expectations and faster payment flows, regulators are now assessing how screening performs in practice. This blog discusses what the FIN-FSA review found, why it matters now, and what Finnish institutions can do going forward.

What Sanctions Screening Is Meant To Do In Practice  

Sanctions Screening exists to ensure that financial institutions do not provide services to individuals or entities subject to financial restrictions. More importantly, sanctions screening checks customers and transactions against official sanctions lists and flags potential matches for review.

In practice, sanctions screening operates across two main areas. Customer screening verifies individuals and businesses during onboarding and periodic reviews, while transaction screening monitors payments to identify whether sanctioned parties are involved.

These checks rely on matching names and identifiers against EU, UN, and national sanctions lists. However, effective sanctions screening goes beyond simple name matching. It depends on a sequence of connected steps working reliably:

• keeping sanctions lists updated without delay
• detecting variations in names over just exact matches
• generating and reviewing alerts with enough context
• filling SAR quickly when a true match is confirmed

The Fin-FSA review shows that weaknesses often appear within this process rather than in the existence of screening itself. A system may be in place, but if it cannot detect altered names or if updates are delayed, the overall control becomes less effective.

Why The Fin-FSA Thematic Review Is Important

The Fin-FSA review is of high importance because it tests sanctions screening in a way that shows real operational conditions rather than theoretical setup. The authority assessed 17 institutions using both system testing and a detailed questionnaire, focusing on how screening performs when data is incomplete or slightly altered.

This approach reflects a change in supervision. Regulators are no longer satisfied with policies or system descriptions alone. They want evidence that sanctions screening works consistently across different scenarios, including edge cases where risks are more likely to be missed.

Last year, EU expectations around sanctions controls increased through updated guidelines and faster payment infrastructures. This means institutions are expected to detect and act on sanctions exposure with minimal delay, even as transaction volumes and speed increase.

As a result, the FIN-FSA review signals how sanctions screening will be based on performance, responsiveness, and operational reliability rather than just system presence.

Important Findings For Financial Institutions From The Fin-FSA Review

The FIN-FSA review of Sanctions Screening shows that while most institutions have implemented screening systems, performance varies widely when tested under realistic conditions.

The following findings highlight systemic errors across detection accuracy, list coverage, update timing, and governance -

1. Differences between customer and transaction screening performance  

The review shows a clear difference between customer screening and transaction screening results. Customer screening generally performed better, especially in controlled test conditions. Transaction screening, however, showed weaker outcomes, particularly when tested with modified data.

This difference matters because transaction screening operates under stricter time constraints. Payments are processed quickly, leaving less time to detect and act on potential matches.

2. Exact-name matching is not a sufficient benchmark  

When tested with exact names, many institutions achieved acceptable results. However, 4 firms still showed poor detection even in this basic scenario, which indicates that minimum expectations are not consistently met across the sector.

Exact-name performance alone does not provide a complete picture of sanctions screening effectiveness. It reflects system capability under ideal conditions, not real-world data quality.

3. Modified-name testing exposes real-world detection gaps  

The most significant weakness appears when names are modified. In these tests, only 7 firms achieved good results in customer screening and only 5 firms did so in transaction screening.

This confirms that many sanctions screening systems struggle with variations such as spelling differences, missing elements, or alternative formats. These variations are common in real transactions and customer records, making this a practical risk rather than a theoretical one.

4. Weak detection of national asset-freezing list entries  

The review found that 8 firms detected names from Finland’s national asset-freezing decision list poorly or not at all.

Sanctions screening must cover all applicable lists, including national measures. Missing coverage of required lists creates blind spots that cannot be identified through standard EU or UN list testing alone.

5. Delays in sanctions list updates  

Several firms reported updating sanctions lists within 24 hours. However, FIN-FSA states that sanctions obligations apply immediately once published.

This creates a mismatch between operational processes and regulatory expectations. Even short delays can allow transactions involving newly sanctioned parties to be processed before controls are updated.

6. Governance and resourcing gaps  

The review highlights that sanctions screening responsibilities were not always clearly defined. In some cases, roles related to list management, system configuration, and alert handling were not adequately structured.

In addition, some firms lacked sufficient resources for maintaining and testing their screening systems. This affects both detection quality and the ability to respond to regulatory changes.

7. Outsourcing and third-party reliance  

More than half of the firms had outsourced parts of their sanctions screening system maintenance. These firms generally showed weaker detection performance compared to those managing systems internally.

This indicates that outsourcing can introduce errors if monitoring is not strong. Institutions must remain fully accountable for how their screening systems operate, regardless of who maintains them.

8. Testing practices are not always sufficient  

The review also points to limitations in how institutions test their sanctions screening systems. Testing was not always comprehensive, and in some cases did not reflect real-world variations in data.

Without regular and realistic testing, weaknesses in matching logic or list coverage may remain undetected until an actual failure occurs.

How Finnish Institutions Can Address The Gaps Identified In The Fin-FSA Review  

The Fin-FSA review does not suggest that Sanctions Screening frameworks are absent. It shows that specific parts of these frameworks are not performing reliably under supervisory testing.

Addressing these gaps requires targeted changes in how screening is configured, tested, and operated.

1. Move Beyond Exact-match Logic In Screening Configuration  

The review makes it clear that reliance on exact-name matching is not sufficient. Performance dropped significantly when names were modified, which reflects real-world data conditions.

Institutions need to reassess how their matching logic is configured. This includes tuning fuzzy matching thresholds, incorporating phonetic matching where relevant, and ensuring that alias handling is comprehensive. Configuration should be tested against realistic variations, not just clean datasets.

2. Introduce Structured Testing Using Modified Datasets  

FIN-FSA’s use of modified-name testing highlights a gap in internal validation practices. Many institutions appear to rely on testing that does not reflect real data variation.

A more effective approach is to introduce structured test datasets that include misspellings, partial names, reordered formats, and transliteration differences. These tests should regularly be run and tied to measurable performance thresholds, so weaknesses can be identified and addressed before supervisory review.

3. Align Sanctions List Updates With Real-Time Obligations  

The review identifies a mismatch between 24-hour update cycles and the requirement for immediate application of sanctions. Institutions should review how sanctions lists are ingested and applied within their systems.

This may involve automating list updates, reducing dependency on manual processes, and ensuring that updates are triggered as soon as new measures are published. The focus should be on minimizing the errors between publication and enforcement.

4. Ensure Full Integration Of National And EU Sanctions Lists  

The weak detection of names from Finland’s national asset-freezing list shows that list coverage is not always complete.

Institutions should verify that all required lists are integrated into their screening systems, including national measures. This includes confirming that list updates are applied consistently across both customer and transaction screening processes.

5. Strengthen Transaction Screening Specifically  

The review shows that transaction screening is consistently weaker than customer screening. To address this, institutions should focus on how transaction data is processed and screened.

This includes improving data quality checks, ensuring that relevant fields are captured and standardized, and reviewing how matching logic is applied to payment data. Given the speed of transactions, controls in this area need to be both accurate and responsive.

6. Establish Clear Ownership Of Sanctions Screening Operations  

Governance gaps identified in the review indicate that responsibilities are not always clearly defined.

Institutions should assign clear ownership for key components of sanctions screening, including list management, system configuration, testing, and alert handling. Defined accountability helps ensure that issues are identified and resolved without delay.

7. Improve Oversight Of Outsourced Screening Components  

The correlation between outsourcing and weaker detection performance suggests that third-party arrangements require closer monitoring.

Institutions should ensure that they have visibility into how outsourced systems operate, including how matching logic is configured and how updates are applied. Regular performance reviews and independent testing can help maintain control over outsourced functions.

8. Build Continuous Testing And Monitoring Into Operations  

The review shows that weaknesses often remain undetected until formal supervisory testing.

To address this, testing should become a continuous process rather than a periodic activity. Monitoring performance metrics, reviewing false positives and false negatives, and regularly updating test scenarios can help maintain system effectiveness over time.

How Lucinity Supports Stronger Sanctions Screening Operations 

The FIN-FSA review highlights specific operational gaps in Sanctions Screening, particularly around detection accuracy, workflow consistency, and explainable. These areas align with how investigation tools are used within compliance operations, especially at the stage where alerts are reviewed and validated.

1. Luci AI Agent - One of the challenges identified in the review is the difficulty of identifying matches when names are modified or incomplete. In this context, Luci AI Agent is used to prepare investigation cases by gathering relevant data, organizing evidence, and presenting it in a structured format.

In cases where Sanctions Screening workflows involve multiple systems, the Luci Plugin allows analysis to be performed directly within existing tools. This can include summarizing information, extracting relevant details, or assisting with documentation without requiring analysts to switch between systems.

2. Case Manager - The review shows variation in how institutions perform, particularly in transaction screening. Case Manager provides a unified workspace where alerts from different sources can be reviewed within a single interface.

It supports a more consistent review process by consolidating alerts, customer data, and transaction details. This becomes relevant in scenarios where screening results depend on how information is interpreted and connected during investigation.

3. Customer 360 - The Fin-FSA findings indicate that detection is affected by how well institutions can interpret incomplete or varied data. Customer 360 provides a consolidated view of customer information, combining transaction data, profile details, and behavioral insights.

This broader context can assist in understanding whether a potential match is relevant, especially when screening outputs are not clear-cut.

4. Regulatory Reporting - The review emphasizes the importance of auditability and clear documentation. Regulatory Reporting and SAR Manager tools support the creation and management of structured reports, including audit trails and standardized narratives.

These tools can be used to document investigation outcomes in a consistent format, which is relevant for demonstrating how Sanctions Screening decisions were reached.

Final Thoughts

The Fin-FSA review shows that sanctions screening effectiveness is defined by how systems perform under real conditions, not how they are designed on paper. Gaps in handling modified names, delays in list updates, and incomplete list coverage highlight the need for closer alignment between controls and day-to-day operations.

As expectations continue to tighten, institutions are being assessed on consistency, responsiveness, and the ability to explain outcomes. This changes sanctions screening from a background control to a visible and continuously evaluated process.

The key insights from this review can be summarised as follows.

• Sanctions Screening must be evaluated based on real-world performance, especially in detecting modified names and handling time-sensitive updates.
• Transaction screening requires stronger focus due to speed and data limitations.
• Full coverage of all required sanctions lists, including national lists, is essential.
• Governance and oversight remain central, even when parts of the process are outsourced.
• Lucinity tools support investigation workflows by structuring case data, improving visibility, and maintaining consistent documentation across Sanctions Screening processes.

To learn how Finnish financial institutions can support sanctions screening outcomes with Human AI, visit Lucinity today!

FAQs  

1. Why is sanctions screening performance weaker with modified names?
Sanctions screening performance is weaker with modified names because many systems rely heavily on exact matching, they struggle with variations in spelling, formatting, or incomplete data, which are common in real-world scenarios.

2. How often should Sanctions Screening lists be updated?
Sanctions screening lists should be updated immediately upon publication, as delays can create exposure to processing transactions involving newly sanctioned entities.

3. Why is transaction sanctions screening more challenging?
Transaction screening operates under time pressure and often uses less structured data, making it harder to detect matches compared to customer screening.

4. How are Lucinity tools used in sanctions screening workflows?
Lucinity tools such as Luci AI Agent and Case Manager are used to prepare cases, organize data, and support consistent documentation, helping analysts review sanctions screening alerts more effectively.