Why Traditional Screening Has Reached Its Limits
- Chris Hilton
- Jun 9
- 4 min read
Lessons from Deutsche Bank's Recent OFSI Fine
In 2026, the UK's Office of Financial Sanctions Implementation (OFSI) fined Deutsche Bank after payments were processed involving a Russian customer whose ownership structure had become linked to a sanctioned party.

What makes the case particularly interesting is that the failure was not simply a missed sanctions match. A previously acceptable counterparty became connected to sanctioned exposure through evolving ownership structures and indirect corporate relationships. The issue was not necessarily whether the entity itself could be identified; rather, the issue was whether the risk surrounding that entity had changed.
In many ways, the case perfectly illustrates a growing challenge in financial crime compliance. Modern financial crime rarely presents as a suspicious entity in isolation. More often, it emerges through relationships between entities, counterparties, transactions, and ownership structures. Yet many compliance systems today still fundamentally treat risk as an attribute of an individual customer or transaction at a specific point in time.
That disconnect is becoming strategically significant. Across forward-looking financial institutions, compliance leaders are beginning to recognise that traditional screening architectures, built around static lists, fuzzy-name matching, and isolated workflows, are struggling to keep pace with the way modern financial crime actually operates.
The Deutsche case highlights the problem clearly. A customer or counterparty may initially appear low-risk, while the ownership structures, counterparties, and transactional relationships surrounding that entity evolve into something materially different later.
In other words: risk is no longer static.
And increasingly, watchlist screening is no longer simply a list-screening problem. It is becoming a continuous connected-risk intelligence problem. The future of compliance will not be defined by better string matching. It will be defined by the ability to understand:
connected entities,
evolving ownership,
behavioural anomalies,
counterparty relationships,
and how risk propagates through networks over time.
That represents a profound shift in the purpose of, and approach to, screening itself.
Why Time Matters: The Missing Dimension in Screening
One of the most important aspects of the Deutsche/OFSI case is that the sanctioned exposure did not arise from a straightforward list-match failure. The exposure emerged because the underlying ownership network changed. That distinction matters enormously.
Traditional screening systems are largely designed to identify direct matches made between a customer or counterparty and an entity on a watchlist. But modern financial crime increasingly exploits:
indirect exposure
evolving ownership
counterparties
intermediaries
network complexity across jurisdictions.
A sanctioned actor may never appear directly in a customer or payment record. Instead, exposure may emerge through:
beneficial ownership
indirect control
shell-company networks
counterparties
transaction routing
or rapidly changing corporate structures.
Importantly, many of these changes are event based and, sometimes, behavioural in nature. This is the critical shift now emerging within financial crime compliance. Risk increasingly lies not only in the actor itself, but in:
the evolution of the surrounding network,
the behaviour of the entity,
and the changing nature of its relationships.
Traditional screening systems were not designed to model this type of connected and evolving risk. That is one reason why static screening is increasingly struggling to keep pace with modern financial crime.
The Missing Dimension in Modern Screening
Over the past decade, financial institutions have invested heavily in understanding relationships. Graph analytics, ownership intelligence, and network analysis have significantly improved the industry's ability to uncover hidden connections. That is an important step forward. But relationships alone do not tell the full story.
Understanding how those relationships change over time is often where risk becomes visible. A beneficial owner who has remained stable for years is fundamentally different from one who has changed three times in six months. A counterparty network that expands rapidly into new jurisdictions may warrant closer attention than one that has remained operationally consistent. A corporate structure that undergoes repeated restructuring may tell a different risk story from one that remains unchanged.
Which means change over time (entity behaviour that looks like known good, or bad, or which is just different compared to its own baseline or its peer group) becomes a risk signal. Viewed on a single day, an entity may appear entirely benign. Viewed across six months, the same entity may reveal a pattern of behaviour that materially alters its risk profile.
Prior to sanctions escalation following the Ukraine conflict, numerous Russian-linked entities restructured ownership, counterparties, and commercial relationships rapidly. Viewed individually, many of those changes may have appeared operationally benign. Viewed collectively - and across time - they may have represented statistically unusual behaviour patterns associated with elevated risk.
In each case, the individual entities may appear legitimate. The significance lies in the pattern of change. This is why behavioural context is becoming increasingly important within financial crime compliance.
Institutions are beginning to recognise that risk is not simply a characteristic of an entity. Increasingly, it is a characteristic of how that entity behaves and how its relationships evolve over time.
Beyond Static Screening
Traditional screening is not disappearing. List-based controls remain essential components of financial crime compliance. But the assumptions underpinning traditional screening architecture are beginning to change fundamentally.
Modern financial crime rarely presents as a suspicious customer, account, or transaction in isolation. Increasingly, it emerges through relationships, ownership structures, transaction flows and network activity and, significantly, changes to these observed over time,
The institutions that adapt fastest will likely be those capable of understanding not only who their customers and counterparties are, but how their relationships, behaviours, and risk profiles evolve over time. Because increasingly, financial crime does not hide in a customer record. It often hides in the changes happening around it.
A predictive capability emerges here - we’ll talk about this in the next blog!
Learn more about Chris: Chris Hilton
Check out DarkSkreen: DarkSkreen
#KYC, #FRAML, #Screening, #SanctionsScreening, #AML, #FinancialCrime, #FinCrime, #Compliance, #RegTech, #SanctionsCompliance, #OFSI, #DeutscheBank, #WatchlistScreening, #ConnectedRisk, #RiskIntelligence, #CounterpartyRisk, #BeneficialOwnership, #EntityResolution, #GraphAnalytics, #NetworkRisk, #ContinuousMonitoring, #DueDiligence, #CustomerDueDiligence, #EnhancedDueDiligence, #FinancialCrimeCompliance
