Sanctions Screening Policy¶
| Code | AML-007 |
| Domain | AML / Financial Crime |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD07 |
| Review date | 2027-03-25 |
Regulations: NZ Sanctions legislation · AU Autonomous Sanctions Act · FATF 40 Recommendations¶
Purpose¶
Govern the platform's obligations to screen customers, transactions, and counterparties against sanctions lists maintained by RBNZ, OFAC, UN, EU, and other relevant sanctions authorities.
Scope¶
All customers, transactions, payees, and correspondent relationships of the platform in NZ and AU.
Policy statements¶
The platform SHALL screen all customers and transactions against applicable sanctions lists in real time at the point of transaction initiation. Transactions SHALL be blocked immediately upon a positive match.
Applicable sanctions lists SHALL include at minimum: NZ Police sanctions lists (United Nations Security Council), OFAC SDN list, UN consolidated sanctions list, and AU Department of Foreign Affairs and Trade sanctions list.
Sanctions screening lists SHALL be updated within four hours of an official list publication. The system SHALL alert the CO immediately if a list update cannot be processed within this timeframe.
A positive sanctions match SHALL result in immediate transaction block and case creation. The CO SHALL be notified immediately. If the match is confirmed, the account SHALL be frozen and the relevant regulator notified within the timeframe required by applicable law.
Sanctions alerts SHALL be reviewed and dispositioned within the timeframes set in the AML/CFT procedures. False positive dispositions SHALL be recorded with a rationale.
The platform SHALL not process payments to or from sanctioned countries or entities. The payments engine SHALL enforce this at the payment initiation gate.
Sanctions screening performance SHALL be tested at least semi-annually. Test results SHALL be reported to the Board Risk Committee.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-007 | Account state machine | GATE |
Account is automatically restricted if sanctions match is confirmed — no agent override without approval |
| MOD-013 | Real-time sanctions screener | GATE |
No payment can be made to or from a confirmed sanctions match — enforced as hard GATE, not advisory |
| MOD-014 | List change propagation | AUTO |
Existing customers screened against new designations without manual trigger — no gap between list update and re-screening |
| MOD-015 | False positive management | LOG |
False positive decisions are auditable — reasoning recorded, not just the outcome |
| MOD-020 | Pre-payment validation suite | GATE |
Sanctions screen is one of the mandatory pre-payment gates — cannot be bypassed |
| MOD-045 | Secrets & key management | AUTO |
Sanctions list decryption keys managed centrally — no offline copy possible |
| MOD-135 | Batch payment and payroll file processing | AUTO |
Each payment item in the batch passes through the transaction screening engine before being submitted; items that generate a screening alert are quarantined and the batch continues with remaining items. |
| MOD-141 | Intra-bank transfer engine | AUTO |
Intra-bank transfers pass through the same transaction screening as external payments; internal transfers are a known layering typology and screening is not bypassed for intra-bank routing. |
| MOD-145 | Payment hold & friction engine | ALERT |
Payments held for risk review generate an alert in the AML case management system for compliance assessment. |
| MOD-154 | Correspondent banking risk gate | GATE |
Every correspondent institution and named intermediary in a payment chain is screened against sanctions lists before routing — a sanctions hit blocks the payment regardless of prior approval. |
Part of AML / Financial Crime · Governance overview
Compiled 2026-05-22 from source/entities/policies/AML-007.yaml