There is a phrase that Marta Gonzalez Perez, Head of Sanctions & AML Regulatory Advisory - Compliance & Ethics, Euroclear Belgium, returns to more than once in conversation: the idea of the "plain vanilla" sanction. An individual is listed. You freeze everything. The job is done. It was never quite that simple… but compared to what the function demands today, it has the quality of a more forgiving era.

"These days, that doesn't happen anymore," she says. "In addition to the speed, the volumes and the divergence between regimes, you also face an increased complexity where some activity is permitted, and some activity is not. If you multiply that across at least three or four main sanction programmes that you need to follow carefully, it makes it quite challenging when it comes to the operational part of it."

Gonzalez Perez speaks from a vantage point that few in the industry share. Euroclear operates at the heart of European capital markets infrastructure, processing trillions of euros in securities settlements annually, connecting issuers, investors and financial intermediaries across dozens of jurisdictions. Her role, a second-line advisory function serving the group's operating entities, including Euroclear Bank and the network of local central securities depositories, requires her to maintain consistent compliance standards across the group whilst navigating regulatory requirements that are neither consistent nor stable.

"Sanctions have become almost a daily need for adaptation," she says. "It's important to follow closely the sanctions regimes applicable in different jurisdictions, figuring out whether those are aligned, whether there are divergences, or whether there are contradictions among them."

The Timing Problem

Of the multiple challenges she identifies, it is the divergence in timing between different sanctions authorities that generates the most acute operational pressure. When major regimes - the EU, the UK and the US - designate the same party at different moments, each step in the sequence demands a fresh cycle of system adaptation, legal analysis and manual intervention.

She describes the process with the precision of someone who has lived through it repeatedly. The UK designates first. An institution must now comply with those sanctions - but if a transaction has no UK connection, certain activity may still be permitted. To manage that distinction, assets must be segregated into monitored accounts. Manual steps are inserted into processes designed for automated, straight-through settlement. That takes time and resources. Three days later, the US follows. The process begins again.

"You cannot, because one sanction authority decides that a party is to be sanctioned, limit all the activities," she explains. "But you need to have the systems supporting that targeted approach - and systems in the financial sector, particularly in the securities sector, are not designed to be broken down. Flows are meant to happen automatically. If you need to intervene and put manual stops in place, that creates delays which in turn create additional risks in terms of liquidity, market efficiency and settlement efficiency."

The consequence is that sanctions compliance has ceased to be a second-line function applied to selected parts of the business. "Now it is a corporate-wide management of risk with involvement of everyone."

The Compliance Trap

One of the more counterintuitive arguments Gonzalez Perez advances is the risk of doing too much. In a sanctions environment characterised by uncertainty and serious consequence for breach, the institutional reflex is conservatism. When in doubt, block. When the guidance is ambiguous, apply the stricter interpretation. Do not give regulators any basis for criticism.

She understands that instinct but argues it carries its own dangers. Over-compliance creates unnecessary operational friction, generates reputational costs for counterparties who are not in fact restricted, and can produce the kind of systematic de-risking that regulators and policymakers have repeatedly identified as damaging to financial inclusion and market functioning.

"You run the risk of doing too much," she says. "And if you do too much, that can create additional risks. So it's a very important balancing exercise. Follow up closely. Be sure of what you have to do. And try to make sure your systems are supporting a targeted approach."

Public-Private Partnership: What Works and What Does Not

On the question of collaboration between the public and private sectors, Gonzalez Perez is thoughtful about where genuine value is being created and where the aspiration still falls short of the reality.

Industry associations, she argues, are an underappreciated mechanism for amplifying private sector voices. When a broad community of firms approaches a regulatory authority with a shared concern - that a particular provision is difficult to interpret, that a compliance expectation is technically unworkable, that the intent of a measure is being lost in its implementation - the response is qualitatively different from an individual institution raising the same concern alone.

"It has more value than if you go on your own," she says. "We provide common feedback to the authorities, and we see a certain positive response from the side of the competent authorities."

She is equally clear, however, that bilateral dialogue with supervisors remains indispensable - both in its formal dimension, where documented guidance provides a defensible basis for institutional decisions, and in its informal dimension, where the mutual acknowledgement of complexity can produce more workable outcomes than strict adherence to the letter of guidance that was not written with the specific situation in mind.

What she would like to see more of is collaboration between the authorities themselves. The cascade of operational complexity she describes - UK goes first, US follows, EU adapts - is precisely the kind of sequencing that joined-up inter-authority dialogue could reduce, even if perfect synchronisation is unlikely. "I would appreciate more effort between the authorities themselves to open that line of dialogue and collaboration, to make sure that measures are as aligned as possible."

Board Engagement and Strategic Risk

The elevation of sanctions to board-level attention has been one of the more visible institutional responses to the regulatory and geopolitical pressures of recent years. At Euroclear, Gonzalez Perez describes sanctions as a strategic risk - receiving the kind of senior management attention and resource allocation that designation implies.

The nature of that attention has also changed. "In the past, the board was hearing about sanctions in case there was a problem, in case there was a breach or a potential breach. Nowadays they are receiving information on how well we are doing, what are the difficulties we are facing, where we are in terms of reporting." The shift from reactive to proactive reporting at board level is, she suggests, both a consequence of the Russian sanctions and a more permanent feature of the governance landscape.

AI: Positive but Not Transformative… Yet

On artificial intelligence, Gonzalez Perez is measured. Euroclear, as market infrastructure, does not position itself as an early adopter of emerging technology. But the direction of travel is clear, and her assessment of the potential is genuinely optimistic - within limits she is careful to define.

"I think there is a lot of potential," she says. "If we can simplify certain of the processes that are more standard - the collection of a document, making sure that it meets all the necessary criteria, that it contains all the necessary data points, that those data points are stored in a way where they can be properly monitored - that will help us to do our job more efficiently, will free up time of employees that today are doing maybe not such high-value tasks, and will help us to improve in the fight against financial crime."

But she is equally clear on the boundary. "I am not a believer that technology will replace human judgement. Without the human value that the ones in contact with clients bring to the picture, you don't get the total understanding of the things that are happening and why."

One Piece of Advice

Asked what single piece of advice she would offer senior leaders responsible for sanctions and AML compliance, her answer is characteristically direct and rather more searching than the conventional reassurances the question might invite.

"Don't think that you have it all under control," she says. "Keep on challenging yourself. Look back. Look forward. Listen to the experts across the organisation - not necessarily only to your legal team or your compliance team, but to everyone. And try to build an end-to-end flow of how you monitor and control, making sure that both AML and sanctions are managed in the organisation from the very first reading of what is required, through to the documentation of decisions made and reporting sent internally and externally."

The convergence of AML and sanctions at regulatory level makes the integration of KYC data across both functions not a future ambition but an immediate operational requirement. "KYC information collected in the process of AML compliance is crucial for sanctions compliance, and vice versa. Try to have teams that can look at things holistically."

It is, she acknowledges, easier to state than to deliver. But in a sanctions environment that has ceased to offer the comfort of plain vanilla, it may be the only posture that holds.

Marta Gonzalez Perez, Head of Sanctions and AML Regulatory Advisory at Euroclear Belgium, was a panellist at Transform Finance's 4th Annual FinCrime Leaders Summit Europe, Amsterdam 2026. This article is based on her appearance on the Transform Finance FinCrime Podcast Series.

Watch the Full Podcast Episode Here!