Hello, this is Hamamoto from TIMEWELL. Today I'm going to consolidate the full picture of the sanctions lists that anyone working on export control and economic security has to live with.
Since the beginning of 2026, the U.S. OFAC has replaced a string of general licenses related to Russia, the Commerce Department's BIS has added Chinese semiconductor-related companies to the Entity List, and the UK stopped updating its OFSI consolidated list on January 28 and consolidated everything into the single UK Sanctions List. On the Japanese side, METI expanded the Foreign End User List to 835 entities in the revision that took effect on October 9, 2025. The era when you could safely look at just one list is over. Below, I walk through the character and reading of each major sanctions list, along with how to assemble a cross-list screening workflow in real operations, all reflecting the status as of April 2026.
Why Understanding Sanctions Lists Became an Existential Issue for Japanese Companies
Ten years ago, dealing with sanctions lists was a task that only major banks, a subset of general trading companies, and a handful of defense-related firms needed to handle. Then Russia invaded Ukraine in 2022 and the G7 and EU stacked wartime-level sanctions packages on top of one another, so both the items in scope and the target countries expanded sharply. Semiconductors, CNC machine tools, bearings, EV battery materials, drone components, industrial software, even financial services — entire domains that ordinary B2B companies deal with daily got pulled into the sanctions perimeter.
Payment flows changed as much. Dollar-denominated transfers touch the U.S. financial network, euro transfers touch the EU, sterling and insurance markets touch the UK — any single hit will freeze the transaction itself. Add in U.S. OFAC secondary sanctions, the EU's anti-circumvention clauses, the UK's extended extraterritorial reach, and the international commitment provisions in Japan's FEFTA, and you end up in a structure where a purely domestic yen transaction between Japanese companies can still trip foreign sanctions depending on counterparty, destination, and end use.
What makes the shop floor painful is that no single "correct" unified list exists. On the U.S. side alone, you have the SDN, the Entity List, the Denied Persons List, the Unverified List, the Military End-User List, and the Section 1260H list, each serving a different purpose. The EU has nearly 20 sanctions regulations, each with its own annex. The UK is in the middle of a regime migration. And Japan has its own mechanism centered on the Foreign End User List and the catch-all regulation. Trying to track all of this manually is effectively impossible, and how you stand up a screening framework has become a board-level issue.
How to solve export compliance challenges?
Learn about TRAFEED (formerly ZEROCK ExCHECK) features and implementation benefits in our materials.
The U.S. OFAC SDN List Is the Core of Financial Sanctions
SDN stands for Specially Designated Nationals and Blocked Persons, the flagship financial sanctions list run by the Treasury Department's Office of Foreign Assets Control (OFAC). Assets of listed individuals and entities inside the United States are frozen, and U.S. persons and companies are, as a rule, prohibited from any transaction with them. More importantly, the SDN carries secondary sanctions that reach non-U.S. companies: a third-country company involved in a targeted transaction can itself end up on the SDN List.
The practical force of the SDN comes from its link to the dollar clearing infrastructure. Global trade finance ultimately routes through New York clearing banks via the correspondent banking network, so any transfer involving an SDN-listed party has effectively nowhere to go. Japanese megabanks and regional banks are no exception — if they let a SDN-related transfer through, they face the risk of corrective orders and fines from U.S. financial regulators, so if anything about a counterparty's identification or corporate registration looks off, they bounce the transfer. Even if the underlying export contract is airtight, no payment means no deal.
OFAC has kept moving in 2026. On April 17, 2026, it issued General License 134B for Russia-related transactions, conditionally allowing handling of Russian crude and oil products already in transit, fine-tuning the existing EO 14024-based sanctions. In the two weeks before mid-March, it also delisted several names, so this is a list with continuous case review — entries enter and exit. In operation, you need a daily workflow that tracks Recent Actions and the Federal Register's Notice of OFAC Sanctions Actions against your counterparties, affiliates, and end users. One thing that is easy to forget: under the "50% rule," any entity in which an SDN-listed party holds 50% or more of the voting rights or shares is itself treated as SDN, even if it is not explicitly listed. Without a database that lets you traverse parent-subsidiary relationships and beneficial ownership, you cannot run this check.
Commerce BIS's Entity List, Denied Persons List, and Unverified List
The physical flow of goods is controlled by the EAR lists administered by the Commerce Department's Bureau of Industry and Security (BIS). The best known is the Entity List, which designates foreign individuals and entities posing U.S. national security or foreign policy concerns and imposes licensing requirements on exports of EAR-covered items. Most entries carry a "Policy of Denial," so in practice the List functions as a de facto embargo.
The Entity List has accelerated further in recent years. On December 2, 2024, Commerce added 140 China-related companies in a single move aimed at containing advanced semiconductor manufacturing capacity, effectively listing virtually the entire Chinese equipment ecosystem — NAURA Technology, Piotech, ACM Research, Beijing Huafeng, Beijing Semicore, Hwatsing, KINGSEMI, and others. In September 2025, it added 32 more, 23 of which were China-related and 13 of which were semiconductor or IC-related, including research entities like Shanghai Fudan Microelectronics, the Chinese Academy of Sciences' Aerospace Information Research Institute, and Sino IC Technology. Beyond semiconductors, Hong Kong and UAE trading firms involved in diversion to Russia and Iran have been added on a continuing basis, reaching into Japanese companies' resale channels.
Alongside the Entity List, the Denied Persons List (DPL) and Unverified List (UVL) should be on your radar. The DPL consists of individuals and companies whose export privileges have been revoked for EAR violations; as a rule, you cannot transact EAR-covered items with DPL-listed parties, and even placing directors or providing technical assistance is restricted. The UVL consists of counterparties for whom BIS could not confirm existence or end use during a post-shipment verification (end-use check). To continue transacting, you must obtain a UVL Statement from the end user, or you cannot use any License Exceptions. Landing on the UVL counts as a Red Flag that you must resolve on each occasion; leaving it unresolved prejudices future licensing decisions. These three lists form a hierarchy: unresolved UVL transactions get moved to the Entity List; repeated violations from the Entity List get elevated to the DPL. Once a party lands on any of them, getting off is extraordinarily difficult.
EU, UK, and UN Sanctions Lists — Read Them Scheme by Scheme
EU sanctions are structured around individual sanctions regulations (Council Regulations) adopted by the EU Council, each with its own annex that carries the designated individuals and entities. These are pulled together in the EU Consolidated List of Sanctions, accessible via the European Commission's Financial Sanctions Database (EU-FSD) and the EU Sanctions Map. The 14th package in June 2024 introduced "No Russia Clause" contract terms and a "Best Efforts" obligation for preventing circumvention. The 15th package on December 16, 2024 added 54 individuals and 30 entities, extending coverage to Russia's shadow fleet and Chinese suppliers of drone components. On February 6, 2026, the European Commission proposed the 20th package, which includes a full ban on maritime services for Russian crude, the addition of 20 regional banks, and anti-circumvention measures around crypto assets. The tricky part about EU sanctions is that enforcement authorities and penalties differ across all 27 member states — the same violation will be processed differently in Germany, France, or the Netherlands.
The UK stopped updating its existing OFSI Consolidated List of Asset Freeze Targets as of 9:00 AM UK time on January 28, 2026, consolidating everything into the UK Sanctions List (UKSL) as the sole official source. This implements the "single list" direction announced in the Cross-government Review of May 2025. Designations made on or after January 28 are no longer assigned OFSI Group IDs and are managed by Unique ID only. That change has a non-trivial impact on corporate screening systems. You need to swap out the URLs and ID fields you feed to your database connectors, and if the migration lags, entries managed by the new ID get missed and cases invisible under Group-ID-based lookups slip through. The UN Security Council's Consolidated List also needs to be checked in parallel; as of April 15, 2026, it has on the order of 1,000 entries across individuals and entities. Because the underlying resolutions and reasons for designation differ across sanctions committees — ISIL/Al-Qaida (1267), DPRK (1718), Somalia (751), and so on — you can't stop at "hit or no hit." You have to identify which resolution applies, or you will mis-apply Japan's FEFTA response.
Japan's Foreign End User List Is the Linchpin of the Catch-All Regulation
Japan's economic sanctions run on two pillars: FEFTA asset-freeze measures that give domestic effect to UN Security Council resolutions, and the catch-all regulation. The centerpiece of the latter is the Foreign End User List published by METI. It provides exporters with information on foreign-based entities with concerns related to weapons of mass destruction and similar categories. Exports to listed entities are likely to meet the objective "customer" criterion of the catch-all regulation, which effectively forces you into a license application.
The Foreign End User List was revised twice in 2025, and the latest status is as follows. The revision effective February 5, 2025 brought it to 15 countries and regions with 748 entities (+42), and the subsequent revision issued September 29, 2025 and effective October 9, 2025 expanded it to 15 countries and regions with 835 entities (+87). A significant change in this revision is that, in addition to the traditional WMD concerns, entities subject to conventional-weapons catch-all regulation are now published together, extending the impact to companies handling defense-related or dual-use goods. The list is distributed as a PDF and searchable Excel, but the practical difficulty on the ground is variation in romanized spelling and distinguishing entities with the same name. Chinese entity names translated into English have multiple accepted spellings, and transliteration from Cyrillic or Arabic into the Latin alphabet varies by institution. Without the exact official English name and registration number of your end user in your master data, matching errors are unavoidable.
Another Japan-specific caution: even if a counterparty is not on the Foreign End User List, if the intended use or the character of the customer raises concerns about diversion to WMD or conventional weapons, the subjective criterion of the catch-all regulation requires you to file a license application. The Foreign End User List is a "watch list" that signals probable concern when an entity is on it; it is not a "safe list" that clears an entity simply because it is not on it. Miss this point, treat list screening as the complete screen, and you will get cited during a later export license audit or post-entry customs audit. METI's Security Export Control Policy Division also publishes supplementary materials such as "examples of goods of particular concern" and the "clear and simple guidelines," and the expected practice is to reach a judgment by cross-referencing these.
To Cross-Check Multiple Lists in Practice, You Need Something Like TRAFEED
As the above shows, a Japanese company that wants to screen without gaps has to hit at least five streams simultaneously: the U.S. CSL (Consolidated Screening List, which covers 13 lists in a single search), the EU Financial Sanctions Database, the UK Sanctions List, Japan's Foreign End User List, and the UN Consolidated List. On top of that, adjacent sources that are not technically sanctions — the U.S. DOD Section 1260H list (Chinese military-related companies), the U.S. CMC (Chinese Military Companies) list, the NS-CMIC list, Canada's SEMA list, Australia's DFAT list, and each company's own watch list — are all in daily use. Trying to update and cross-match all of that with one or two people in a mid-market compliance department simply does not scale.
What makes this even harder is spelling variation and ownership depth. For the same Chinese company, you'll receive English corporate name, simplified Chinese, pinyin, parent name, brand name, and office location as inconsistent data. Russian companies have multiple transliteration conventions between Cyrillic and Latin, and Middle Eastern companies combine Arabic script with various English spellings. On top of that, you have to read through ownership structures that the outward corporate name won't reveal — the SDN's 50% rule, the EU's ownership and control test, Japan's "beneficial owner" concept. And the more complex the flow, the more separately you have to screen each party — importer, destination, end user, forwarder, customs broker, settlement bank — because one sanctioned party anywhere in the chain halts the whole transaction.
TRAFEED (formerly ZEROCK ExCHECK), developed by TIMEWELL, is the AI agent built to run this cross-list screening without crushing the team. Enter the counterparty, destination, and cargo information, and in roughly five seconds it cross-references the major lists, extracts candidates via fuzzy matching that accounts for spelling variants and abbreviations, and surfaces entities of concern based on 50% rule and ownership relationships. List updates are handled automatically on the backend, so regime changes like the UK Sanctions List consolidation of January 28, 2026 do not force your team to manually swap data sources. The design is aligned with METI's criteria and supports multilingual entity names and aliases, so it detects matches in Chinese, Russian, Persian, and Arabic as well as English. Your team gets to spend its time on the final call for each candidate, rather than burning hours manually scanning entire lists. For details, see the TRAFEED service page.
Wrap-Up: Three Principles for Building Your Screening Framework Now
To close, three principles for companies that are about to revisit their sanctions-screening framework.
First, stop relying on a single list. Look only at the SDN, only at the Entity List, or only at the Foreign End User List, and there will always be a hole — at the money entry point, in the goods flow, or under the catch-all regulation. Make it standard practice to run all five streams — U.S. CSL, EU-FSD, UK Sanctions List, METI Foreign End User List, and UN Consolidated List — against the same counterparty at the same time.
Second, automate update tracking. OFAC moves on a daily cadence, EU annexes change with each sanctions package, and the UK restructured the list itself in January 2026. A framework where KYC checks stall the week the designated person is on leave will not hold up to management scrutiny. Migrating list ingestion, change detection, and hit notification onto tooling that runs it for you is the realistic choice from a headcount perspective as well.
Third, retain the rationale for each screening result. If an export control violation is suspected, customs and METI will ask an objective question: "What did your company see at the time of shipment, and how did you reach your judgment?" If you can show when you matched against which version of which list, which rule produced the hit, and who approved it, you can demonstrate that you exercised reasonable care even if concerns are raised. When you introduce automation, verify that it retains not just hit/no-hit outcomes but also the search log and judgment log in a form the company can actually explain.
Sanctions lists will not stop moving. Looking at the trend since 2022, target countries and items will continue to expand — additions vastly outnumber removals, and that balance is likely to hold. The earlier you build the framework, the better the return on investment; the longer you wait, the heavier the cost of tracing past transactions becomes. At TIMEWELL, I'll keep supporting Japanese companies — through TRAFEED — in getting off the war of attrition. If you need help with sanctions screening, please reach out through the TIMEWELL contact page.