Sanctions compliance is no longer just about transaction monitoring – it is a fast-evolving, high-stakes discipline shaped by geopolitical volatility, data opacity and the ingenuity of bad actors. That was the resounding message from a panel at the Global RegTech Summit, moderated by Corlytics CEO John Byrne, and featuring SW Burger of Gard, Gulli Zaripova of SMBC, Adam Wickens of Relm.
From maritime insurance to financial services and crypto underwriting, each panellist brought unique sectoral insight to a shared challenge: the escalating difficulty of detecting and responding to sanctions evasion in real time. Detecting and responding to sanctions breaches now demands speed, collaboration, and above all, deeply embedded control frameworks.
As John Byrne pointed out, “The biggest penalties aren’t tied to bad intentions – they’re tied to bad controls.”
Today, enforcement is unforgiving, and the margin for error is shrinking. Fines in the billions are issued not because firms intended to breach sanctions, but because they failed to detect and prevent breaches quickly enough.
“It’s brilliant having robust controls,” he continued. “But how do you make sure they’re actually followed? You can write down an amazing rulebook, but if no one follows it, it’s not worth the paper you printed it on.” This resonates across the compliance landscape, where enforcement actions increasingly focus not on intent, but on the absence of timely and effective controls.
Technology plays a crucial role, but the panel was united in cautioning against over-reliance on AI on its own. As John Byrne mentioned, “AI can do the filtering, the routine checks – but it’s the more obscure risks, the nuanced ownership structures, where humans still need to be in the loop.” The risks are no longer just transactional. They’re systemic, nested in opaque structures and jurisdictional mismatches that machines alone cannot decipher.
For firms grappling with divergent sanctions regimes, from the US and EU to UK and Japan, sanctions enforcement has become unpredictable and, at times, geopolitically driven. Gulli Zaripova shared how institutions must often navigate conflicting obligations, while SW Burger, Sanctions Defence Lawyer at Gard, one of the world’s largest marine insurers, detailed real-life cases of forged documentation and vessel cloning, showing the limits of even the best KYC processes.
“The criminals often have more time, more incentive, and more ingenuity,” John Byrne said. “Which means firms need to be twice as proactive, testing not just their systems, but the people operating them.”
This is where real-time sanctions compliance comes into play – not only through advanced surveillance and screening but through skilled, empowered compliance teams who know how to respond under pressure.
SW Burger shared insights into the layered tactics bad actors use to mask illicit activity, revealing the scale of deception:
“As good as your data is, it doesn’t mean it’s as clean as it should be,” he warned. While AI can support detection, he argued, it’s often human intuition that spots what automation misses. “A 26-year-old in government housing in Shanghai suddenly owning six vessels worth $50 million each? AI might miss it. A human will ask questions.”
Gulli Zaripova, sanctions compliance advisor at SMBC, echoed this view. AI plays an essential role in screening and flagging risks, but it is not a substitute for human judgment.
“AI should help humans, not replace them,” she said, calling for ongoing training, peer collaboration, and active dialogue with regulators. Cross-sector conversations like this one, she added, are crucial to staying ahead of ever-more-creative criminal tactics.
Adam Wickens, representing Relm, a specialist insurer in crypto and cannabis, described the ease with which bad actors can fabricate convincing documentation online. “There’s no global source of truth,” he said. “Relying solely on AI is dangerous.” He stressed the need for data cleansing, validation processes, and a culture of compliance that empowers people to challenge what doesn’t feel right.
The human element
Across the board, the panellists agreed: people are both the weakest link and the greatest strength in sanctions compliance.
“You can have all the right controls,” said SW Burger. “But if they’re not followed, they’re just words on a page.” Wickens added, “The first step is testing your people,” pointing to recent social engineering incidents, like the Coinbase breach, as reminders that human vulnerability remains a persistent threat.
There is a challenge of regulatory divergence. Global firms must navigate conflicting regimes, each with different thresholds, ownership rules and enforcement priorities.
And updates can drop without warning. “Unpredictability is the only constant,” said SW Burger. “We sometimes find ourselves scrambling to respond overnight when new designations are issued late on a Friday.”
Speed is the real challenge
One of the panel’s most urgent takeaways was the widening gap between regulatory expectations and operational realities. Firms are expected to comply with new sanctions the moment they’re announced – even if it’s Friday at 5 pm “You can’t regulate by ambush,” said Adam Wickens. “Expecting full compliance within seconds of a designation is just not operationally realistic.”
Still, tolerance for delay is minimal. Which means controls must be not only robust, but agile.
Compliance today isn’t about ticking boxes, it’s about moving fast enough to keep up with a shifting geopolitical landscape. As SW Burger shared, in one case, a payment was processed mere hours before the recipient bank was sanctioned. This resulted in frozen funds and months of remediation. In the present-day world, speed is a competitive and regulatory imperative.
Gulli Zaripova returned to the theme of collaboration. “AI can flag the risks,” she said, “but it’s humans who make the judgment calls, especially when navigating divergence between regimes or reputational risks that exceed legal thresholds.” She advocated for deeper engagement between firms and regulators: “We’re all trying to do the right thing – but often under pressure, and without the full picture.”
What’s next
All three panellists called for greater transparency, faster information-sharing, and stronger links between regulators and industry. Adam Wickens summed it up: “We’d rather not send millions of dollars to a now-sanctioned entity because we weren’t told in time.”
Sanctions compliance has outgrown legacy checklists. It now demands real-time responsiveness, critical thinking and systems designed to flex with global risk. The companies that will succeed aren’t just those with the best tools, but those who empower the right people to use them wisely.
In this fast-moving space, the smartest compliance strategies blend technology with human insight – and the courage to act before the dust settles.
As the panel concluded, sanctions compliance isn’t about a silver bullet – it’s about constant iteration, cross-functional collaboration and embedding enforcement-grade controls into the heart of your risk strategy. The human factor isn’t a vulnerability – it’s your best chance at staying ahead.
Anna Antimiichuk, Head of communications, Corlytics
At Corlytics, we help firms embed regulatory intelligence into every layer of compliance. To find out more about our approach to real-time risk, get in touch