Sanctions screening and anti-money laundering (AML) compliance have traditionally been associated with banks, insurance companies, and other financial institutions. For decades, the obligation to verify who you do business with sat squarely within the financial sector. That is no longer the case.
EU sanctions regulations apply directly to every person and entity in the European Union — not just financial institutions. If your company enters into a commercial relationship with a sanctioned party, processes a payment involving a sanctioned entity, or provides services that violate restrictive measures, you face serious legal consequences regardless of your industry.
At the same time, Belgium's AML framework has progressively expanded the range of businesses subject to customer identification, transaction monitoring, and suspicious activity reporting obligations. Lawyers, accountants, real estate agents, dealers in high-value goods, and a growing list of other professionals now fall within scope.
This article explains what the current framework requires, who is affected, and how to build proportionate compliance processes.
EU sanctions — formally called restrictive measures — are adopted by the Council of the European Union through regulations that are directly applicable in all member states. They do not need to be transposed into national law. When a sanctions regulation is published, it takes immediate effect across the EU.
Sanctions can take several forms: asset freezes (requiring that funds and economic resources belonging to or controlled by designated persons are frozen), trade restrictions (prohibiting the export, import, or transit of specific goods or services to or from certain countries), travel bans (preventing designated persons from entering or transiting through the EU), and sectoral restrictions (targeting specific sectors of a country's economy, such as energy, finance, or technology).
For businesses, asset freeze obligations are typically the most operationally relevant. If a person or entity you deal with appears on the EU consolidated sanctions list, you are required to freeze their assets and must not make funds or economic resources available to them, whether directly or indirectly. There is no de minimis threshold. The obligation applies to transactions of any value.
Unlike AML obligations, which target specific categories of regulated entities, EU sanctions apply to everyone. Article 215 TFEU sanctions regulations bind all natural and legal persons within the EU, as well as EU nationals and EU-incorporated entities operating anywhere in the world.
This means that if your company is established in Belgium — or if you are a Belgian national doing business abroad — you must ensure that you do not enter into transactions or business relationships that violate applicable sanctions. The obligation extends to verifying that your contractual counterparts, their beneficial owners, and the end-users of your goods or services are not subject to restrictive measures.
In practice, this affects import and export businesses dealing with sanctioned jurisdictions or goods categories, technology companies providing software, cloud services, or technical assistance to restricted parties, professional services firms advising clients with connections to sanctioned jurisdictions, manufacturing companies exporting dual-use goods, logistics and shipping companies facilitating trade with affected regions, and any business with a geographically diverse client base or supply chain.
Belgium's anti-money laundering framework is built on the EU's Anti-Money Laundering Directives, currently the Fourth and Fifth AML Directives, as transposed by the Belgian Act of 18 September 2017 on the prevention of money laundering and terrorist financing (the AML Act).
The AML Act imposes obligations on a defined list of "obliged entities" — organisations that, by the nature of their activities, are considered gatekeepers to the financial system. The list includes credit institutions and financial services providers, insurance companies, payment institutions, auditors, external accountants, and tax advisors, notaries, lawyers (when they participate in financial or real estate transactions or provide certain corporate services), real estate agents, dealers in goods when payment is made in cash for EUR 10,000 or more, providers of services related to virtual currencies, and trust and company service providers.
If your business falls into one of these categories, you are subject to the full range of AML obligations: customer due diligence, ongoing monitoring, suspicious transaction reporting, and internal compliance arrangements.
The core AML obligation is customer due diligence (CDD) — knowing who your customer is, understanding the nature of the business relationship, and assessing the risks involved.
Standard CDD requires you to identify and verify the identity of the customer using reliable and independent sources, identify the beneficial owner of any legal entity you deal with and take reasonable measures to verify their identity, understand the purpose and intended nature of the business relationship, and conduct ongoing monitoring of the business relationship, including scrutinising transactions to ensure they are consistent with your knowledge of the customer.
Enhanced due diligence (EDD) is required in higher-risk situations — when dealing with politically exposed persons (PEPs), customers from high-risk jurisdictions identified by the EU or FATF, complex or unusual transaction patterns, or any other situation where the risk of money laundering or terrorist financing is elevated. EDD involves obtaining more detailed information about the source of funds and wealth, applying more intensive monitoring, and securing senior management approval for establishing or continuing the business relationship.
Simplified due diligence is permitted in lower-risk scenarios, but only where a documented risk assessment supports the conclusion that the risk is genuinely low.
Identifying the beneficial owner of your counterpart is a central element of both sanctions compliance and AML due diligence. The beneficial owner is the natural person who ultimately owns or controls the legal entity you are dealing with.
Under Belgian law, the beneficial owner is generally any natural person who directly or indirectly holds more than 25% of the shares or voting rights, or who exercises control through other means. Where no beneficial owner can be identified under these criteria, the senior managing official is considered the beneficial owner by default.
Belgium maintains a UBO Register (Ultimate Beneficial Owners Register) administered by the FPS Finance. Belgian entities are required to register their beneficial owners, and obliged entities under the AML Act must consult the register as part of their due diligence — though they must not rely on it exclusively. The register is a starting point, not a substitute for independent verification.
Effective sanctions screening requires checking your counterparts against the relevant sanctions lists before entering into a business relationship and on an ongoing basis throughout the relationship.
The primary lists to screen against include the EU consolidated list of persons, groups, and entities subject to financial sanctions (maintained by the European Commission), the Belgian list of persons subject to national financial sanctions (maintained by the National Security Council), and depending on your business activities, the OFAC SDN list (US sanctions), the UK sanctions list, and the UN consolidated list.
For most Belgian businesses, the EU consolidated list is the minimum requirement. If you have US nexus — dollar-denominated transactions, US persons in your ownership structure, or US-origin goods in your supply chain — OFAC compliance becomes relevant as well.
Screening must be performed at onboarding (before entering into a new business relationship or processing a new transaction), on an ongoing basis (when sanctions lists are updated — which happens frequently — your existing relationships must be rescreened), and on a risk-based schedule (the frequency of rescreening should reflect the risk profile of your counterparts and the nature of your business).
The practical challenge is that sanctions lists are updated frequently and contain thousands of entries, often with transliteration variants, aliases, and limited identifying information. Manual screening is feasible for small transaction volumes, but most businesses with any significant client base will need to implement automated screening tools that can match against multiple lists and handle fuzzy matching for name variants.
If your screening process produces a potential match, you must assess whether it is a true positive (the person or entity you are dealing with is genuinely the sanctioned party) or a false positive (a coincidental name match). This assessment should be documented regardless of the outcome.
If the match is confirmed as a true positive, the consequences depend on the type of sanctions in place. For asset freeze designations, you must immediately freeze any funds or economic resources held by or on behalf of the designated person, refrain from making any funds or economic resources available to them, and report to the competent authority — in Belgium, the FPS Finance (Treasury) for EU financial sanctions.
You must not tip off the designated person about the measures being taken. The obligation is to act and report, not to consult with the counterpart.
For entities subject to AML obligations, the duty to report suspicious transactions adds another layer. If you know, suspect, or have reasonable grounds to suspect that funds are the proceeds of criminal activity or are related to terrorist financing, you must file a suspicious transaction report with the Belgian Financial Intelligence Processing Unit (CFI/CTIF).
The reporting obligation applies regardless of the amount of the transaction and regardless of whether the transaction is carried out. Attempted suspicious transactions must also be reported. The obligation is ongoing — if suspicion arises after a transaction has been completed, you must still report.
Importantly, the tipping-off prohibition applies: you must not disclose to the customer or any third party that a report has been filed or that an investigation is being considered. Breach of the tipping-off prohibition is a criminal offence.
Both the sanctions framework and the AML Act require businesses to have proportionate internal arrangements. For AML-obliged entities, this includes designating a senior manager responsible for AML compliance, appointing an AML compliance officer (AMLCO) who has sufficient authority, resources, and access to relevant information, conducting a business-wide risk assessment that identifies and evaluates the money laundering and terrorist financing risks to which the business is exposed, implementing written policies, procedures, and internal controls that are proportionate to the risks identified, providing regular training to staff who are in positions to detect suspicious transactions, and maintaining records of customer identification documents, transaction records, and risk assessments for at least ten years.
For sanctions compliance, the internal arrangements may be less formally prescribed but must be equally effective: clear procedures for screening, escalation, and reporting, assigned responsibilities, and documented decision-making.
Sanctions violations are treated seriously across the EU. Regulation (EU) 2024/1226 on the criminalisation of sanctions violations entered into force in 2024, harmonising criminal penalties across member states. Violations can result in criminal prosecution, substantial fines, and imprisonment.
In Belgium, the AML supervisory framework involves multiple authorities depending on the type of obliged entity — the National Bank of Belgium for financial institutions, the FSMA for certain financial services providers, and various professional bodies for lawyers, accountants, and real estate agents. Administrative sanctions for AML non-compliance can include fines, public censure, and restrictions on business activities.
Beyond formal penalties, a sanctions or AML compliance failure can result in significant reputational damage, loss of banking relationships, and commercial consequences that far exceed the regulatory fine itself.
Assuming it does not apply to you. Many non-financial businesses assume that sanctions and AML compliance is exclusively a banking obligation. EU sanctions apply to everyone. And the list of AML-obliged entities extends well beyond the financial sector. The first step is determining whether and how the obligations apply to your specific activities.
Screening only at onboarding. Sanctions lists are updated frequently. A counterpart who was clean when you onboarded them may be designated next month. Ongoing screening is not optional — it is a legal requirement.
Relying solely on the UBO Register. The UBO Register is a useful resource but it is not always accurate or complete. You must take reasonable measures to verify beneficial ownership independently, particularly in higher-risk situations.
No documented procedures. Having a vague awareness of sanctions obligations without documented screening processes, escalation procedures, and decision records creates serious exposure. Regulators expect to see written procedures that are implemented in practice — not just awareness.
Ignoring indirect exposure. You may not deal directly with a sanctioned person, but if your supply chain, payment flows, or service delivery involves sanctioned parties or jurisdictions, the obligation still applies. The prohibition on making economic resources "available, directly or indirectly" catches a wide range of arrangements.
At Pitch, we advise businesses on the design and implementation of sanctions and AML compliance frameworks. Our approach is practical and proportionate — we help you understand which obligations apply to your specific business, build screening and due diligence processes that fit your operations, and ensure that your internal procedures meet regulatory expectations without creating unnecessary operational burden.
Where sanctions compliance intersects with your broader commercial activities — export controls, trade restrictions, contract drafting, and corporate transactions — our integrated practice across corporate, IP, IT, and data protection law ensures that compliance is embedded in your business processes rather than bolted on as an afterthought.
We also advise on the data protection implications of sanctions screening and AML due diligence, helping you navigate the tension between your obligations to collect and retain identification data and your GDPR obligations to process personal data lawfully and proportionately.
Pitch is the law firm for innovators and creatives. If you need to build or review your sanctions and AML compliance framework, get in touch or schedule a meeting with our team.
%402x.svg){kind=small}
%402x.svg){kind=icon}
%402x.svg){kind=icon}
