// case study
Integrated Sanctions Screening
A system for automated screening of customers and business partners against sanctions lists
For Západoslovenská distribučná we built an integrated sanctions screening system — a solution that continuously screens ZSDIS customers and business partners against international sanctions lists in real time. Screening sanctioned entities is a legal obligation, and failing to do so exposes the company to significant legal and reputational risk. As with our other solutions for ZSDIS, we built the entire system exclusively on open source technologies, with no dependency on any single vendor’s licenses.
A matching engine as the core of the solution
At the heart of the system is a matching engine that compares the databases of ZSDIS customers and business partners with the entities on sanctions lists. Comparing names for an exact match is not enough here — sanctioned entities appear in records in various forms, and searching for an exact match would miss most real cases.
- Approximate (fuzzy) name matching — the engine computes a similarity score, so it catches typos, differing diacritics, reordered names and various transliterations from other alphabets (Cyrillic, Arabic).
- Aliases and alternative names — sanctions lists record nicknames, alternative transliterations and historical names for entities; the engine compares against all of them.
- Legal entities as well as individuals — companies and individuals are evaluated differently, taking into account the relevant identifiers (name and identification data for companies; name, date of birth and nationality for individuals).
- Scoring and match thresholds — the engine assigns a score to each potential match and, according to a configurable threshold, decides which matches go to the compliance team for manual review.
Real-time screening
Screening runs continuously, not in scheduled batches. The whole architecture is event-driven and built on Apache Kafka, so the system reacts immediately in both directions:
- On an entity change — a new or changed customer or business partner on the ZSDIS side generates an event that immediately triggers the screening of that entity.
- On a sanctions-list change — when new entities are added to the lists, the system automatically re-screens the relevant existing entities. A new sanction thus also catches customers who were already in the records.
Sources of sanctions data
The system works with two independent sources — the official EU sanctions lists and the Datlab sanctions list. It regularly downloads both feeds and normalizes them into a single, unified structure that the matching then runs against. Consolidating multiple sources increases coverage and reduces the risk of a sanctioned entity slipping through unnoticed.
A web application for the compliance team
The second part of the solution is a web application in which compliance team members evaluate the matches found by the matching engine:
- Review and decision — the reviewer sees a potential match alongside the details of the sanctioned entity, compares them and decides whether it is a genuine match or a false positive.
- Queues and notifications — new matches appear as a queue of tasks that the team works through at a set time.
- Audit trail — every decision is recorded together with the user, the time and the justification, so the solution is ready for audit and regulatory inspection at any time.
The application’s frontend is built on Svelte/SvelteKit, the server side on Spring Boot (Java 25), with PostgreSQL as the store. The entire solution runs on the OpenShift platform.
Customer benefits
- Fulfilling a legal obligation — automated and demonstrable compliance with EU sanctions regulations.
- Automation instead of manual checking — continuous real-time screening replaces slow manual reviewing; the compliance team spends time only on genuine matches.
- Auditability — a complete history of matches and decisions, ready for audit at any time.
- No vendor lock-in — a solution built exclusively on open source technologies, giving the customer full control over it.