Why Controls, and the Humans Behind Them, Are Critical for Sanctions Compliance

- Anna Antimiichuk, Head of Communications at Corlytics
- 27.05.2025 09:00 am #HumanOversight #RiskManagement
Sanctions compliance has become a high-stakes, fast-moving discipline, no longer limited to transaction monitoring, but shaped by geopolitical instability, data opacity, and increasingly sophisticated evasion tactics. That was the resounding message from a panel at the Global RegTech Summit in London, moderated by Corlytics CEO John Byrne and featuring SW Burger of Gard, Gulli Zaripova of SMBC, and Adam Wickens of Realm.
From marine insurance to global banking and crypto underwriting, each panellist offered sector-specific insights into a shared challenge: keeping pace with the accelerating complexity of sanctions enforcement in real time.
“The biggest penalties aren’t tied to bad intentions - they’re tied to bad controls,” said John Byrne.
Today, enforcement is unforgiving. Billion-dollar fines are being issued not because firms acted maliciously, but because they failed to detect and prevent breaches quickly enough. Having policies in place is no longer sufficient: controls must be embedded, enforced, and executed with speed.
“You can write a brilliant rulebook, but if no one follows it, it’s not worth the paper,” Byrne warned.
The panel underscored a fundamental truth: effective compliance is about more than systems. It’s about the people operating them.
People before platforms
While technology, particularly AI, has a vital role to play in screening and filtering, it’s not a panacea. Byrne cautioned against over-reliance: “AI can handle the routine. But the more obscure risks, the tangled ownership structures, those still require human judgment.”
Gulli Zaripova echoed this, drawing attention to the difficulty of navigating divergent sanctions regimes across countries: “AI should support humans, not replace them.” Institutions, she argued, need ongoing training, peer collaboration and sustained engagement with regulators to stay ahead.
SW Burger, a sanctions defence lawyer at Gard, provided compelling real-world examples, from forged shipping documents to vessel cloning, where even the most rigorous KYC checks can fail.
“The criminals often have more time, more ingenuity. That’s why you don’t just test your systems, you test your people,” Byrne said.
Controls in practice
What emerged clearly was the importance of pressure-tested, real-time response capabilities. Firms must be able to act decisively the moment new designations drop - even at 5 pm on a Friday.
“Expecting compliance within seconds of a designation is unrealistic,” noted Adam Wickens of Realm. “But tolerance for delay is close to zero.”
The key isn’t just robustness, it’s agility. Controls must work under pressure. And people must be empowered to question, escalate and act when the stakes are highest.
“A 26-year-old in government housing in Shanghai suddenly owning six vessels worth $50 million each? AI might miss it. A human won’t,” SW Burger remarked.
Zaripova reinforced the point: in moments of regulatory divergence or heightened reputational risk, it’s people, not algorithms, who are forced to make the judgement calls.
The human factor
All panellists agreed: people are both the weakest link and the strongest defence. Compliance strategies must start with training, testing, and trust.
“The first step is testing your people,” Adam Wickens said, citing recent social engineering attacks like the Coinbase breach. “The human layer is where many firms still fall short.”
But the solution isn’t just internal. Burger called for more transparency and earlier communication from regulators: “We can’t risk sending millions to a sanctioned entity because we weren’t told in time.”
The new compliance imperative is clear. It’s not enough to have the right tech. You need the right people, and they need the clarity, tools and authority to act.
What now?
Sanctions compliance has evolved beyond checklists. It requires a responsive, risk-aware culture, where human insight is integrated into every step of the control process.
The companies that succeed will be those that don’t just implement systems, but continuously test them and empower their people to challenge what doesn’t feel right.
Compliance, including sanctions compliance, today isn’t about a silver bullet. It’s about agility, iteration and embedding real enforcement-grade controls into your operations. And most of all, it’s about people.