Why complex ownership structures make sanctions compliance so challenging

In this article, we’ll explain the challenges of knowing your customer in complex ownership structures, what current regulations require, why this is so difficult in practice, and how financial institutions can strengthen their approach.

Published 2025-09-25
Focused view of a hand holding a coin, with blurred dark background.

For financial institutions, keeping sanctioned individuals and entities out of the financial system is not just a regulatory box-tick; it’s central to protecting market integrity. Falling short can trigger steep penalties and weaken the trust that underpins customer relationships and long-term business growth.

But it’s not enough to simply check names against sanctions lists and block accounts from individuals who appear there. 

With regulations like the U.S. Office of Foreign Assets Control (OFAC) 50 Percent Rule, and similar EU and UK regimes, banks, investment firms, crypto firms, and credit institutions can face penalties for working with entities that aren’t explicitly listed but are majority owned or controlled by sanctioned individuals.

In other words, sanctions compliance is not about “who’s on the list”, but who’s behind the entities you do business with.

In this article, we’ll explain the challenges of knowing your customer in complex ownership structures, what current regulations require, why this is so difficult in practice, and how financial institutions can strengthen their approach.

What regulators say about sanctioned entities

Complex ownership structures are a tactic used by sanctioned individuals and entities to mask control and evade restrictions. 

Regulators across jurisdictions have recognised this risk, which is why regulators worldwide, including those in the US, EU, and UK, have all introduced strict rules to prevent sanctioned parties from hiding behind layers of corporate ownership.

In the US, the Office of Foreign Assets Control (OFAC) created the 50 Percent Rule to tackle this issue. 

The rule states that if one or more sanctioned parties - individually or collectively - directly or indirectly own 50% or more of an entity, that entity is automatically considered blocked, even if it is not explicitly named on the Specially Designated Nationals (SDN) list.

Many European companies follow the OFAC rule because doing business in US dollars or with US institutions often brings them under US jurisdiction, even if they’re based in Europe. 

Non-compliance can lead to heavy fines, loss of access to US financial markets, and reputational damage.

Key points that apply under OFAC and are mirrored or expanded upon by EU and UK rules include:

  • Direct and indirect ownership: Sanctioned individuals’ stakes held through multiple layers of companies are aggregated to determine control.
  • Joint ownership: If two or more sanctioned individuals collectively hold 50% or more, the threshold is met, and the entity is blocked.
  • Beyond listed entities: Entities can be subject to restrictions even if they are not explicitly named on sanctions lists, creating hidden compliance risks.

The EU and UK have gone further in some respects. Their sanctions regimes also look at control beyond ownership percentages. 

For example, a sanctioned individual’s ability to appoint board members or exercise significant influence over corporate decisions can trigger sanctions, even if their ownership interest is below 50%.

Across all three jurisdictions, regulators expect financial institutions and companies to put in place strong due diligence to ensure they are not indirectly facilitating business for sanctioned individuals or entities.

Why this is so difficult in practice

It is significantly more challenging for firms to comply with sanctions regulations when ownership and control structures are complex.

For example, corporate structures may span across multiple jurisdictions and involve a number of shell companies. 

Without reliable data, compliance teams could easily spend countless hours manually stitching together different sources of information to investigate ownership links, which can slow down operations and leave gaps in coverage.

Furthermore, different regulators (OFAC, EU, UK, etc.) enforce slightly different rules. This creates uncertainty and increases the risk of missed red flags, even when firms believe they are fully compliant.

How to approach compliance: focusing on ownership and control

To close these gaps, financial institutions need screening that goes beyond sanctions lists and covers ownership and control.

The Dow Jones Sanctions Control & Ownership (SCO) is specifically designed to address this gap. It uncovers hidden risks in complex structures by capturing:

  • Percentage of ownership: All cases where sanctioned subjects own ≥10% of a company’s shares (and ≥1% in comprehensively sanctioned regions like Crimea, Cuba, Iran, North Korea and Syria).
  • Positions of influence: Entities where sanctioned individuals hold board, C-suite or equivalent positions of control.
  • Asset freeze targets and sectoral sanctions: Individuals and firms subject to asset freezes and those with whom transactions are prohibited due to their involvement in specific sectors of the global economy.
  • Sanctions control and ownership coverage: Regardless of ownership percentage, subsidiaries are tracked to prevent bad actors from exploiting loopholes.

Crucially, the SCO dataset is continuously updated, with more than 49,000 profiles – an increase of 10,000 in just 12 months – reflecting the fast-moving nature of global sanctions activity.

Integrating SCO data into Trapets Screening

At Trapets, we’ve integrated the Dow Jones SCO list directly into our Screening solution.

This means financial institutions can:

  • Detect hidden ownership and control links that trigger sanctions obligations.
  • Reduce manual investigations and improve operational efficiency.
  • Ensure consistency across sanctions screening within a single workflow.
  • Comply with OFAC’s 50 Percent Rule, as well as EU/UK control-based sanctions and other global frameworks.

Contact our team today for a demo and build a compliance process that is both robust and regulator-ready.