
Within the banking industry, Know Your Customer (or, simply, KYC) requirements help financial services firms assess potential customer risk, as well as to ensure compliance with laws like those around money laundering. To do so, KYC requirements dictate that banks must be able to verify and demonstrably prove their customers’ identities, account for their financial history and activities, and know what kind of risk each customer poses from a financial, reputational and criminal standpoint.
Banks have put into place rigorous due diligence and risk monitoring processes to adhere to KYC requirements. But organizations in virtually every other industry can benefit from this heightened level of risk management as well, despite not being held to the same KYC expectations.
Sanctions risk assessment checklist
We’ve studied KYC requirements along with other key knowledge areas to create a thorough checklist any organization can use to better assess the risks it faces. While gaps in the list may still exist – after all, no one checklist can account for every variable across a dynamic risk landscape – this checklist is still extensive, and it can help reduce the odds that certain risks are going overlooked.
Here are the elements of our sanctions risk assessment checklist.
Customers and third parties
Customers, contributors to your supply chain and other third-party entities perhaps pose the greatest risk to your organization (with your internal employees coming in a close second, if not outright tying for first place).
What customer and third-party risk to check for:
- Have individuals and entities been checked against published sanctions and Specially Designed Nationals (SDNs) lists?
- Do you have visibility into the controlling interest behind individual customers, suppliers or other third parties?
Your product or service
- Does your product or service have a dual-use or military application?
- Does it require an export license?
- Is it subject to an embargo?
The receiving country
- Is the country a known facilitator for sanctioned countries or regimes?
- Is there a payment risk?
- Is the country’s legal system reliable?
- Does the country have an elevated corruption risk?
The end-use of your product or service
- Have you confirmed the intended end-use of your product or service?
- Are there sanctions that might apply to that end-use?
- Do you have an end-use statement and sanctions clause built into your sales contracts?
The end-user
- Can you verify whether the end-user and its ultimate beneficiary are subject to sanctions?
- Do you have an end-user statement and sanctions clause built in your sales contracts? (This is particularly important if the end-user is unknown.)
The transaction
- Is the transaction allowable under applicable sanctions?
- Are there any sanctions applicable to the location of the delivery?
- Will third parties, such as agents on your company’s behalf or transporters moving your product, be involved in the transaction?

How to confirm the actual sanctions risk your organization faces
As you make your way down the elements of this checklist and cross reference it with your existing one, you may wonder how to determine which of these questions translate into an actual risk for your organization, if at all.
That’s where comprehensive due diligence and risk monitoring capabilities enter the picture. And LexisNexis has a suite of solutions that can help quickly identify actual risk. Our solutions are powered by intuitive functionality, which increases efficiency, and built on an unmatched content source universe, which makes your risk management in depth and reliable.
You can download a print-friendly version of our sanctions risk checklist here. It also includes a chart the details the features that LexisNexis solutions offer to help you quickly and confidently identify risk. You can also learn more about our due diligence and risk monitoring capabilities here.