EBA deadline December 30, 2025: No payment without screening – why companies need to act now

Companies that have not implemented suitable sanctions list screening by the end of 2025 risk not only compliance violations, but above all serious economic consequences. These range from blocked payments and delivery problems to massive audit findings and declining liquidity. The following section provides a comprehensive overview of the key obligations, implementation requirements, and practical options for action.

Classification and economic implications

The stricter EBA requirements oblige banks and payment institutions to check every payment comprehensively, automatically, and in an audit-proof manner against sanctions lists from December 30, 2025, onwards. If there is no clear check result or if there are unresolved hits, payments may not be executed. This creates an indirect obligation for companies: without their own sanctions compliance, there is an increased risk that payments will be blocked or delayed and business-critical processes will come to a standstill.

From a business perspective, this is no longer purely a regulatory issue: solvency, supply chain stability, and the trust of business partners are directly dependent on reliable sanctions compliance.

What happens without screening? The realistic risks

Companies without auditable sanctions list screening expose themselves to the following immediately relevant risks from the effective date:

• Blocked incoming payments: Banks will independently hold transactions if the screening is negative or clarification is required. Queries delay payment approvals by days or weeks
• Project and supply chain stoppages: Suppliers do not receive payments, projects are delayed, customers wait longer
• Audit findings: Internal and external audit bodies identify incomplete compliance processes as a risk requiring rectification
• Bank conflicts: Lack of screening documentation jeopardizes existing and future banking relationships
• Liquidity risks: Late payments make it difficult to manage your own liquidity and, if they accumulate, can jeopardize your solvency
• Liability risks: Violations of EU sanctions law or inadequate organization can result in legal consequences for the company and those responsible.
   

Practical example:

A mechanical engineering company receives a large payment from abroad. The bank recognizes a name similarity match on the sanctions list. Due to a lack of screening documentation, the money is blocked. The company cannot continue production, and the international customer threatens to impose a contractual penalty.

The EBA requirements in plain language

Die European Banking Authority definiert vier verbindliche Kernthemen für Institute, die dem Regelwerk unterliegen. 

1. Automated screening

As part of the sanctions check, all relevant customers, suppliers, business partners, and payment flows must be checked against the valid EU sanctions lists. The processes must be documented throughout and largely automated.

2. Daily or event-driven checks

Screenings must be carried out for every relevant transaction and for certain events, such as new payments, changes to master data, or other risk-relevant adjustments. It is no longer sufficient to carry out periodic or sporadic checks.

3. Evidence & audit trail

Results must be logged in an audit-proof manner and be accessible at any time. All checks (results, triggers, responses) must be traceable in an audit trail.

4. Documented processes & responsibilities

The audit processes and control mechanisms must be set out in writing in work instructions, including the assignment of clear responsibilities. There must be no unclear responsibilities.
 

The changeover and why time is of the essence

In parallel with the September 30 deadline, the implementation period is a decisive factor. The following steps and time frames are realistic to plan for:

1. Evaluation: Selection of the right software solution, testing for integration capability into the existing SAP system landscape, economic analysis (1–4 weeks)
2. Technical implementation: Interface connection to ERP and core systems (typically: SAP ECC, S/4HANA, interfaces to third-party systems) (4–8 weeks depending on complexity)
3. Definition and adaptation to internal processes: Determination of responsibilities and authorizations, documentation and adaptation to existing process and work structures, customizing in the software solution (2–4 weeks)
4. Employee training: Training for technical and specialist roles (1–2 weeks)
5. Test run & go-live: Pilot operation, acceptance tests, adjustments and optimizations if necessary, final operation of the solution (2–4 weeks)

Conclusion: In the best-case scenario, the process takes at least three to six months. Complex IT landscapes, internal company processes, and dynamic market changes can further extend the project duration.
 

What specific changes will there be in day-to-day business?

The new requirements will have a direct impact on payment, procurement, sales, and compliance departments:

• Payments will only be released after a positive sanctions list check by the payment service provider
• Event-driven verification requirement for risk-relevant changes (e.g., relocation of the company headquarters abroad)
• Automated notifications for sanctions list hits
• Obligation to document and archive all check results
• Consistent cooperation between IT, compliance, and accounting

Special features for internationally active companies

Companies involved in export, import, or with global supply chains are particularly exposed. Depending on the business model, other international regulations may also be relevant in addition to EU sanctions requirements, especially if payment methods, goods flows, or business partners have a foreign connection. Risk analyses and audit-proof logging of all relevant checks and decisions are therefore essential, also with regard to regulatory evidence.
 

Example:
A European logistics company has to process payments to partners in third countries. If the payment service provider's mandatory sanctions screening detects anomalies or unresolved hits, the transaction is blocked until the matter has been clarified. Error-free, scalable systems with reliable interfaces are particularly important here.

How do companies choose a suitable screening solution?

Selection criteria:

• Full integration into existing ERP systems (including SAP ECC, S/4HANA)
• Precise and modern search algorithms and methods
• Flexibility in adapting to individual business processes
• Event-driven checking of various types of master data
• Extendibility to additional types of master data
• Degree of automation of the screening process
• Ability to control and define permissions in the system
• Use of various sanctions and PEP lists
• Interactive and simple user interface for processing sanctions cases
• Audit-proof documentation of all steps

Practical implementation with Marlin Compliance Screening (MCS)

Marlin Compliance Screening (MCS) meets all regulatory requirements under the EBA Directive and can be seamlessly integrated into existing SAP systems and corporate structures. Companies benefit from:

• Integration into SAP ECC and S/4HANA
  Seamless on-premise integration in the SAP system with flexible adaptation to processes via customizing
• High-performance screening technology
  Language-independent state-of-the-art screening technologies and methods
• Multidimensional checking options
  Checking when creating new entries and changing master, transaction, bank, and personnel master data as well as CPD master records
• Extensive selection of sanctions and PEP lists
  Use of a wide variety of lists (Reguvis, C4I, Dow Jones, individual lists, ISO SDS lists, etc.)
• Audit-proof documentation
  All steps and results are documented completely and in an audit-proof manner

This solution helps companies minimize operational risks and fulfill their own compliance tasks systematically, efficiently, and verifiably.

Expert recommendation: Understand compliance as an ongoing 

Robust sanctions list screening should not be viewed as a one-time project. Ongoing maintenance of processes, regular training, and continuous adaptation to new legal requirements ensure long-term solvency and avoid unexpected risks.

Recommended measures after implementation:

• Regular internal audits to review effectiveness and process quality
• Continuous and active adaptation to new regulatory requirements
• Ongoing validation and updating of test parameters (e.g., in the event of changing lists)
• Definition of responsibilities and deputy arrangements
• Documented response and escalation management for dealing with hits

FAQ: Frequently asked questions from consulting practice

How often do sanctions lists need to be updated?
Sanctions lists must always be used in their currently valid version. In practice, daily or automated updates have proven effective in ensuring that changes are taken into account in a timely manner.

Does every company have to screen sanction lists?
Non-payment service providers are not legally obliged to carry out their own sanction list screening. Payment service providers, on the other hand, must check every transaction in accordance with the applicable regulations. In practice, therefore, screening is also becoming increasingly indispensable for other companies in order to avoid payment blocks, delays, and costly clarification processes.

Are only banks liable?
Banks and payment service providers bear primary responsibility for ensuring that they do not execute transactions to sanctioned persons. Companies themselves can be held liable if they violate EU sanctions law or fail to comply with their obligation to cooperate in clarifying sanctions-related issues, thereby enabling illegal transactions.

How can existing processes be integrated efficiently?
Solutions with standardized interfaces to existing ERP systems and the early involvement of compliance and IT departments are recommended to ensure smooth processes and consistent data processing.
 

Outlook: Regulatory change and compliance

The EBA guidelines mark an important milestone in European payment regulation. In the coming years, further requirements are likely to be added, particularly in the areas of supply chains, sustainability, and extended due diligence obligations. The trend is toward more integrated, transparent, and digitized compliance processes.

Companies that establish modern, scalable systems at an early stage gain flexibility and responsiveness. Risks can be minimized in advance, resulting in competitive advantages through stable payment processes.

Conclusion for companies and decision-makers

From December 30, 2025, auditable sanctions list screening will be mandatory for payment service providers and will therefore also be of crucial importance for other industries and companies. Without clear clarification information and transparent business partner data, companies risk payment blockages, delays, and operational instability. The necessary lead time for selection, implementation, and training should be planned realistically.

Marlin Compliance Screening supports companies in reliably meeting regulatory requirements, identifying business risks at an early stage, and ensuring smooth payment transactions in the long term.