Article

Sanctions compliance isn’t just for banks: Why continuous monitoring is critical

Jul 07, 2025 · Authored by Crystal Trout

In June 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) levied a $216 million penalty against a Silicon Valley venture capital firm for violating U.S. sanctions. This wasn’t a global bank or crypto exchange. It was a private fund manager – a reminder that no financial institution is immune from sanctions enforcement, regardless of size, sector or perceived risk profile. 

This case should serve as a serious wakeup call for every venture capital firm, private equity fund, registered investment advisor (RIA), wealth manager, fintech company and corporate treasury operation.  

We cannot emphasize enough that compliance expectations extend well beyond traditional banks. U.S. entities have a legal obligation to comply with sanctions regulations, whether or not you hold customer deposits or operate across borders. 

The risks of a “check-the-box” approach 

At its core, the venture capital firm failed to properly screen investors and counterparties against OFAC and other global sanctions lists. As a result, the firm inadvertently facilitated business with a sanctioned Russian entity through one of its investments. 

Many firms conduct sanctions screening only at the time of onboarding, or perform cursory annual reviews. But sanctions risk is dynamic – new entities and individuals are added to global watchlists regularly, sometimes overnight, in response to shifting geopolitical events. A name that cleared compliance last quarter could be prohibited today. 

This is why compliance can’t be a “set it and forget it” process. Perpetual know your customer (pKYC) and continuous sanctions screening should be standard operating procedures for any business engaged in capital markets, financial services or international commerce. A comprehensive compliance program not only reduces risk, but also builds trust among employees, investors and other stakeholders. 

Compliance obligations are industry-agnostic 

One of the most important takeaways from this case is that sanctions compliance isn’t industry-specific. Every U.S. business, regardless of sector, is legally bound to avoid dealings with restricted persons, entities and jurisdictions. This includes not only financial institutions, but also manufacturers, supply chain operators and any company with global exposure. 

Even a routine payment to a vendor, a capital call transfer or an equity transaction could result in a sanctions violation if proper controls aren’t in place. And the consequences can be severe, with penalties great enough to erase long-term profits, not to mention the reputational damage and operational disruption that comes with enforcement actions. 

The case for continuous monitoring 

The most effective sanctions compliance programs are built around continuous, proactive monitoring and a risk-based approach. Some best practices include: 

• Identify all counterparties and beneficial owners: Know exactly who you’re doing business with, and document ownership structures for any investment targets, vendors and intermediaries. 
• Implement perpetual screening: Regularly scan all relevant parties against up-to-date OFAC, United Nations, European Union and other international sanctions lists. Screening should be continuous or near-real-time – not a one-time event. 
• Use reliable technology and screening methods, and verify it: Sanctions screening solutions have improved dramatically, but no system is infallible. AI-based platforms may miss nuances in spelling, translation or common names. It’s critical to validate screening results, particularly for potential matches. While some in-house programs can be effective, relying on common methods like scraping the OFAC website for internal searches or using databases that could be outdated is risky. Sanctions lists change frequently, and the intricacies of restricted party screening require specialized tools and expertise. Teams should leverage purpose-built tools and expert resources to ensure accuracy, consistency and compliance. If using a third-party technology, ensure that the latest versions of watchlists are in the algorithm and incorporate periodic spot checks 
• Maintain strong documentation and controls: Have clear policies and procedures in place, document every decision, and train staff regularly. Decentralized or inconsistent compliance efforts are a major risk factor. 

Too often, financial institutions fall short due to incomplete due diligence, faulty sanctions screening software, or non-standard payment and transaction practices. The venture capital firm case underscores the importance of centralizing and formalizing compliance efforts – relying on goodwill, legacy processes or annual “check-ups” is no longer defensible. 

Another frequent misstep is underestimating the scope of sanctions regulations. U.S. sanctions are not optional, nor are they limited to international banks or multinational corporations. Entities under U.S. jurisdiction will be held accountable. Even something as simple as a personal purchase abroad from a sanctioned business could trigger liability. 

Getting proactive – before it’s too late 

In today’s environment of increasing geopolitical volatility and economic sanctions, regulators are expanding their scope and investors are demanding stronger compliance controls. Now is the time for financial institutions and corporates alike to reassess their sanctions compliance frameworks. 

For many firms, partnering with a third party can be the most efficient, effective way to meet these expectations. At Baker Tilly, we help clients manage the complexities of sanctions compliance and perpetual KYC – from program design to continuous monitoring and advisory support. Our clients value the peace of mind that comes from working with experienced specialists who understand the nuances of these regulations, stay ahead of evolving requirements, and deliver scalable solutions tailored to each business. 

Additionally, while much of the conversation around sanctions screening focuses on regulatory enforcement and avoiding penalties, there’s a broader market integrity issue at stake. Sanctions exist to combat financial crime, terrorism and human rights abuses. The recent geopolitical tensions in the Middle East, including threats of terrorism cells being activated, reinforce the importance of performing due diligence on your customers in this manner, as well as ensuring ever-changing sanctions list changes are being used to monitor you customer base continuously. By conducting proper due diligence and monitoring, firms play an active role in safeguarding the global financial system. 

In either case, regulatory enforcement is no longer a distant concern for non-bank financial firms. The stakes are too high – and the tools to manage these risks are too accessible – to leave compliance to chance. So, whether or not new AML regulations come into force in the coming months, the need for vigilant, continuous sanctions screening is here to stay. To discuss your organization’s current program and needs, reach out to one of our Financial Crimes specialists.