| Pitfall | Consequence | Mitigation | |---------|-------------|------------| | | Misses real‑time updates; version lag can cause violations. | Pair PDF with the live XML feed. | | Treating the list as a “black‑list” only | Overlooks “Tier‑2” jurisdictions that require enhanced due diligence, not outright blocking. | Apply a risk‑based approach; use the “Sanction Type” field to tailor controls. | | Ignoring the “Digital Assets” section | Exposes the firm to crypto‑related AML breaches. | Extend KYC/AML screening to blockchain addresses. | | Copy‑pasting the list into internal docs without attribution | Potential copyright/licensing breach if the list is not public domain. | Follow the license statement; provide proper attribution when redistributing. | | Hard‑coding entity names | Breaks when entities change names or are added/removed. | Store the list in a database and reference IDs rather than static text. |