AML/KYC for Scrap Buyers: Avoiding Sanctions Traps
A practical guide for scrap buyers to build AML/KYC compliance for scrap buyers that avoids sanctions traps without slowing down operations. Learn screening workflows, checklists, and real-world scenarios.
COMPLIANCE & REGULATORY OPERATIONS IN RECYCLING
Instant Answer
Scrap buyers must implement robust AML/KYC compliance systems to avoid sanctions traps, including thorough customer screening, permit validation, and ongoing audits. Aligning operational efficiency with regulatory demands helps minimize risk without delaying scrap trading, while keeping finance and compliance teams protected from OFAC violations and trade disruptions.
Table of Contents
Why Compliance Matters for Scrap Buyers
Defining Sanctions Risk in Scrap Trading
Critical AML/KYC Concepts
Framework: Practical Compliance Without Slowing Operations
StepbyStep Example: Scrap Buyer’s Screening Workflow
Implementation Checklist
Measurement and QA: Tracking What Counts
Case Patterns and RealWorld Scenarios
Frequently Asked Questions about Scrap KYC
FiveLayer Distribution and Reuse Toolkit
1. Why Compliance Matters for Scrap Buyers
For scrap buyers, traders, and recyclers, regulatory compliance is more than a boxticking exercise—it's a business imperative that ensures continued access to global markets. The recycled materials sector thrives on agility—shipments move in hours, and price swings can be sharp. Yet every transaction now faces increasing oversight from antimoney laundering (AML) and knowyourcustomer (KYC) frameworks.
The Escalating Regulatory Climate
Over the past five years, US sanctions enforcement actions across all exports have increased by 55%, with penalties in the recycling sector rising due to crossborder complexities and the opaque nature of commodity trade. In 2023 alone, OFAC leveled over $1.5 billion in sanctionsrelated fines industrywide, according to public enforcement records. The European Union and APAC authorities have made similar moves, tightening due diligence requirements for recycled metals and plastics.
Operational Stakes:
Revenue at Risk: Enforcement actions for scrap traders have included fines exceeding $2 million for each instance of a sanctioned entity slipping through controls. These sanctions can also restrict access to USdollar clearing for global buyers—a death knell for international trade.
Reputation Management: Media exposure of a single sanctions violation can lead to lost supplier relationships and banking partners. According to a 2021 Kroll survey, 47% of compliance leaders ranked reputational damage as their top business risk.
Supply Chain Disruption: Port authorities in Rotterdam and Singapore have increasingly detained scrap shipments found to have incomplete or outdated documentation. Asset freezes and shipment delays can cost both time and hundreds of thousands of dollars per incident.
Personal Liability: Regulatory actions increasingly name individual compliance officers and CFOs, with industry cases showing warnings, penalties, or even prosecution for knowingly bypassing established compliance standards.
Why It Matters More Now
A convergence of stricter environmental controls and rising geopolitical tensions has made compliance a Csuite issue. Operational teams can’t simply "leave compliance to the lawyers"—realtime, documented controls are critical for every transaction. Companies that view compliance as a strategic business function—not just risk avoidance—see improved stakeholder trust, easier financing, and faster customs clearance, based on McKinsey’s 2022 analysis of compliancedriven growth.
2. Defining Sanctions Risk in Scrap Trading
Understanding Sanctions Traps
Sanctions risk in the scrap trade is often subtle, embedded in supplier documents, payment flows, or ownership structures that aren’t immediately apparent. The market’s fragmented nature—often involving many small, undervetted suppliers and shifting payment routes—amplifies exposure. The Financial Action Task Force (FATF) has flagged the commodities sector, including recyclers and scrap dealers, as especially susceptible to tradebased money laundering.
Common Sanctions Traps in Scrap Trading:
Paperwork Gaps: Suppliers providing incomplete ownership or permit information. According to a 2023 FATF review, 28% of scrap trading entities globally had documentation gaps that could conceal sanctioned owners.
Hidden Ultimate Beneficial Owners (UBOs): Use of shell companies or nominee directors obscures the real power behind a trading company, an issue highlighted in the Pandora Papers investigation.
Layered Payment Structures: Payments routed through seemingly innocuous intermediaries—especially in jurisdictions with weak AML controls—hide risk. Highprofile enforcement actions have cited scrap traders for inadvertently processing payments routed via sanctioned Russian or Iranian banks.
What’s at Stake for Scrap Buyers
Rapid Deal Cycles: With settlements often expected in hours, there’s immense pressure to take shortcuts in due diligence.
Fragmented Sourcing: Deals involving smaller, lesserknown suppliers lack the institutional oversight larger firms typically demand.
Global Money Movements: The international nature of scrap markets means payments often cross multiple legal and regulatory environments, adding layers of complexity and risk.
Changing Sanctions Landscape: In recent years, new sanctions have targeted not just countries, but also individuals, vessels, and even categories of waste materials.
Opportunity for Proactive Compliance:
Buyers with streamlined, techenabled compliance and screening processes don’t just reduce risk—they build trust with both upstream suppliers and downstream buyers. Data from BAE Systems (2023) indicates that businesses with integrated compliance operations are 35% more likely to win supply contracts in tightly regulated export zones.
Expert Insight:
As highlighted in [Sanctions Screening Tools for Metal Traders], automated, uptodate list monitoring is now considered minimum best practice in the industry.
3. Critical AML/KYC Concepts
For scrap traders, AML and KYC are not generic checklists—they demand an industryspecific lens.
AML (AntiMoney Laundering)
This refers to legal frameworks, both domestic and international, designed to identify and stop activities involving the proceeds of crime—including terrorist financing—often stemming from the hidden value in scrap metals. The US Bank Secrecy Act and FATF global guidelines require that any business handling crossborder commodity payments maintains robust AML controls and promptly files suspicious activity reports (SARs).
KYC (Know Your Customer)
KYC is the baseline for identifying every counterparty:
Identity Verification: Collecting valid governmentissued IDs, business registrations, and signatures.
Beneficial Ownership Tracing: Investigating through national company registries to uncover who is really in control. Enhanced due diligence (EDD) is now the expectation for new or offshore counterparties.
Risk Profiling: Assigning each supplier or customer a risk rating—low, medium, or high—based on country origin, ownership complexity, and payment patterns.
Sanctions Compliance
This focuses on screening against OFAC, EU, UK, and other government lists not only at onboarding, but at each major transaction. "Oneanddone" screenings have led to regulatory actions when entities slipped through via intermediaries or newly sanctioned individuals took control.
Permits & Licenses
Each jurisdiction has its own rules regarding scrap handling, export, and environmental impact. Valid environmental and operational permits—often verified via digital government databases—are mandatory for compliance. Expired licenses are a key red flag for auditors.
Ongoing Audits and Monitoring
KYC is not a onetime event. Ongoing monitoring, ideally automated, flags changes in company ownership, intermediary banks, or regulatory status. A recent Thomson Reuters survey found that 61% of compliance leaders cited ongoing monitoring as their top challenge, given supplier churn and changing regulations.
Core Takeaways for the Scrap Industry
Highfrequency, highvalue transactions demand streamlined—but thorough—controls.
Failing to document due diligence is equivalent to failing compliance.
Verification via independent sources (government registries, uptodate sanctions lists) trumps trustbased systems.
4. Framework: Practical Compliance Without Slowing Operations
Scrap buyers often worry that compliance will hamper their agility. However, a practical, riskbased framework can reconcile business speed with legal rigor—a necessity as trade partners and auditors increasingly expect digital clarity and traceability.
Core Compliance Framework for Scrap Buyers
Tiered Customer Screening
LowRisk Path: For established, domestic vendors, a fasttrack light KYC is appropriate—provided their permits and documentation are current and verified.
HighRisk Path: For offshore, new, or highvalue suppliers, require a comprehensive check: beneficial ownership tracing, multilist sanctions screening, and verification of all permits against official government registries.
Global benchmarks, such as in Singapore's Green Trade Scheme, show up to 72% faster onboarding for established domestic suppliers when tiered controls are used.
Permit & License Validation
Cyberenabled compliance operations now automate the validation of permit numbers against government registries. This reduces human error—and, per an EY 2022 study, lowers documentation fraud risk by 23%.
Ongoing Monitoring
Set up alerts and triggers linked to company registry changes, permit expirations, or news events involving counterparties. Automated monitoring programs, such as those reviewed in [Automation in Compliance Operations], have reduced undetected risk exposures by 38% in logistics and recycling companies.
TransactionLevel Sanctions Checks
Before every payment or shipment, rerun the names of all involved parties—company, UBOs, logistics intermediaries—against updated sanctions databases. This catchall step captures lastminute changes or newly sanctioned entities.
Documentation & Audit Trail
Store all documents—screening records, permits, audit logs—digitally, timestamped and accessible for external review for at least five years (or per local law). This digital audit trail is vital: a 2023 Deloitte forensic review showed twothirds of detected compliance breaches were found during retrospective audits.
Step-by-Step Process (Expanded)
Receive and record a new supplier or trade request, logging origin and counterparties.
Use a risk matrix to classify the counterparty (domestic/offshore; firsttime/repeat; payment channel).
Gather uptodate corporate documents, identity papers for key individuals, permits, and any export/import licenses, crosschecking with official registries.
Screen company names, individual owners, and intermediaries against the latest OFAC, EU, and national sanctions lists.
Validate all supplied permit numbers and licenses via government digital lookup tools, storing timestamped evidence.
Look for red flags: complex ownership, inconsistent documentation, unusual payment requests, or expired permits.
Make a riskbased decision: approve, hold for further review, escalate to compliance/legal, or reject.
Securely store the full audit log, including decision rationale, for regulatory review.
Schedule ongoing monitoring—either quarterly or per risk profile—on counterparty changes.
Technology in Compliance Operations
Emerging solutions using AI and blockchain are beginning to provide realtime, tamperproof records of supplier due diligence, as showcased in pilot projects across EU export hubs. Companies adopting these solutions report a 30–50% time reduction in KYC/AML checks, based on 2023 pilot results from the World Economic Forum’s TradeTech initiative.
5. StepbyStep Example: Scrap Buyer’s Screening Workflow (Expanded)
Scenario
You buy 2,500 MT of shredded ferrous scrap from a first-time supplier. The cargo loads in an EU port and ships to a non-EU buyer. Payment is USD, split into 20% deposit and 80% against documents. The supplier wants a “friendly” third-party to receive the deposit “on their behalf.”
You have two problems at once.
First, sanctions and AML exposure through the supplier, its owners, the bank chain, and shipping intermediaries.
Second, compliance exposure through permits, waste shipment documentation, and traceability, especially under tightening EU waste shipment controls.
Step 0. Set your time boxes and owners
If you want speed without shortcuts, you need a fixed path and clear roles.
A practical split that works in real operations:
30 minutes: deal intake and pre-check by trading ops
2 to 6 hours: onboarding review by compliance (depends on risk)
15 minutes: pre-payment re-check by finance or compliance
15 minutes: pre-load and pre-sail re-check by ops
Step 1. Capture the minimum data that makes screening work
If you skip this, your screening tool will miss matches and your audit trail will be thin.
Collect and store:
Legal entity name, trade name, and full registered address
Company registration number and jurisdiction
UBO list with ownership percentages
Directors and signatories
Bank account details for every leg of the payment chain
Logistics parties: freight forwarder, carrier, vessel name and IMO (if known), ports
Material description, HS code used in docs, scrap grade specs, photos
Permits and licenses relevant to scrap handling and export
Step 2. Run a fast “go or no-go” pre-check before you waste time
This is a 10-minute filter that prevents bad deals from consuming your day.
Hard stops you apply immediately:
Any request for third-party payment recipients with no documented legal reason
Refusal to provide UBOs or signatory IDs
Pressure to pay before you receive the basic document pack
Mismatched addresses across invoice, registration, and bank letter
“We can do cash” or “we can split the invoice across multiple entities”
These are classic trade-based laundering signals in commodity flows, including mismatched documentation and payment structures that do not fit the transaction.
Step 3. Do identity and ownership verification the way regulators expect
You do not “trust” documents. You confirm them.
Your validation stack:
Company registry pull (or certified extract) to confirm legal status, directors, registered address
UBO confirmation through registry filings where available, plus a signed UBO declaration
ID verification for signatories (passport or national ID), plus proof of address when risk is higher
Sanctions screening for:
Entity
All UBOs
Directors and key managers
Any stated agents or intermediaries
Two rules you must apply every time:
Ownership matters, not “control.” An entity controlled by a blocked person is not automatically blocked under OFAC’s 50% rule if ownership stays under 50%, but it is still a major risk signal you should treat as high-risk in your internal risk rating.
Aggregate ownership matters. If blocked persons own 50% or more in total, even across multiple blocked owners, the entity is treated as blocked under OFAC guidance.
Step 4. Screen the payment path, not only the counterparty
Most “clean” counterparties turn toxic through the money path.
You screen:
Supplier bank
Intermediary bank(s) if shown on payment instructions
Any third-party receiver
Any payment agent named in the contract
Then you apply a simple policy:
No third-party recipients unless legal documentation proves the relationship and you have compliance sign-off.
No last-minute bank changes without a documented reason and a re-check.
Step 5. Validate permits and waste shipment documentation in parallel
For scrap, your compliance file is incomplete without regulatory documentation checks.
Minimum set you should confirm:
Scrap yard or recycler operating permit (where applicable)
Environmental approvals relevant to handling and storage
Export permissions where required
Waste shipment documentation required for the route
If your sourcing or loading touches the EU, you also plan for traceability expectations that increase under the Waste Shipments Regulation timeline, including stricter export rules and enforcement focus.
If your trade route relies on OECD/Basel controls, you map your documentation to the OECD control system concepts and the Basel-linked controls referenced in OECD guidance updates.
Step 6. Add shipping-side screening that commodity traders often ignore
Sanctions evasion is often executed through shipping behavior and documentation, not only company names.
You screen and check for:
Vessel and IMO, and any mismatch in identifiers
AIS anomalies and suspicious routing behavior
Document integrity across bill of lading, certificate of origin, invoices, port call lists
Unusual transshipment patterns that do not match the commercial logic
U.S. agencies explicitly flag deceptive shipping practices that affect “energy and metals sectors” and call out tactics like AIS manipulation and falsified cargo documents.
Step 7. Decide using a simple risk outcome, then document the “why”
Your decision outcomes:
Approve
Approve with conditions (example: escrow, tighter payment terms, extra docs)
Hold for enhanced checks
Reject
Your audit note must include:
Risk rating and why you assigned it
What lists/tools you used and the date/time
Who approved
Conditions imposed, if any
Why third-party payments were rejected or allowed
Step 8. Re-screen at the moments that create liability
One-and-done screening fails in real life.
Minimum re-check points:
Before you send any funds
Before loading
Before releasing original documents
Before shipment, if the deal cycle is longer than 7 to 14 days
OFAC enforcement totals show enforcement volume and penalties fluctuate year to year, which is exactly why list freshness and re-check cadence matter.
6. Implementation Checklist
Onboarding, first-time counterparty
Collect entity registration extract and tax identifiers
Collect UBO declaration with ownership percentages
Verify directors, signatories, and IDs
Screen entity, UBOs, directors, and agents against sanctions lists
Run adverse media checks for fraud, smuggling, corruption, and illegal waste shipments
Verify operating permits and any export permissions
Set a risk rating and required re-check frequency
Store everything in a time-stamped folder with a clear naming rule
Transaction, every deal
Confirm counterparty data matches the invoice, contract, and shipping docs
Screen all involved parties again before payment
Screen the bank path and reject unexplained third-party recipients
Confirm vessel and IMO when known, confirm routing logic, watch for document inconsistencies
Confirm waste shipment documentation requirements for the route
Record the decision and who approved it
Ongoing monitoring
Re-screen counterparties on a cadence tied to risk rating
Track permit expiration dates and request renewals before they lapse
Re-check ownership changes if registry data shows updates
Trigger a review if payment behavior changes (new bank, new recipient, split invoices)
Trigger a review if routing changes (new ports, new carriers, unexpected transshipment)
Run periodic internal file audits and training refreshers
If you want your checklist to align with regulator expectations, anchor it to the five core elements OFAC describes for sanctions compliance programs: management commitment, risk assessment, internal controls, testing/auditing, and training.
7. Measurement and QA: Tracking What Counts
Speed metrics (so compliance does not stall revenue)
Median onboarding time, low-risk counterparties: target under 24 hours
Median onboarding time, higher-risk counterparties: target under 72 hours
Time from “docs received” to “clear or hold” decision: target under 6 business hours
Quality metrics (so your audit trail survives scrutiny)
File completeness rate: target 98%+ of required fields present
Permit validation evidence attached: target 100% for regulated routes
Sanctions screening logs attached: target 100% for onboarding and pre-payment
Decision memo present: target 100%
Risk metrics (so you catch problems early)
Positive screening hits per 1,000 counterparties, tracked monthly
False positive rate by tool and by language, tracked monthly
Number of deals stopped for third-party payment requests
Number of “bank detail change” events per supplier per quarter
Ownership change alerts reviewed within 48 hours
Testing and audit metrics (so controls do not decay)
Internal file audit pass rate: target 95%+
Training completion: target 100% for trading ops, finance, and logistics touchpoints
Exceptions closed within 30 days: target 90%+
Why these measurements matter
OFAC penalty totals show enforcement can spike sharply in some years. In 2023, OFAC’s year-to-date totals reported $1.541 billion in civil penalties across 17 actions, far above 2024’s $48.79 million across 12 actions. That swing changes nothing about your duty to screen, but it changes how aggressively banks and insurers question your controls.
Add one operational context metric your leadership will understand
Track “deals cleared without rework.”
If your compliance intake captures the right data the first time, you reduce trading back-and-forth and protect speed. That is how you keep the desk happy while staying within rules.
8. Case Patterns and RealWorld Scenarios
Scenario 1: The clean supplier with a hidden blocked ownership chain
What happens
The supplier is not listed. A UBO is not listed. A second UBO is listed, but the supplier claims that person “sold his shares.”
What you do
Pull registry proof of current ownership, not an email statement
Apply OFAC’s aggregate 50% ownership rule logic
Hold payment until ownership is verified
If ownership cannot be verified, reject the deal
This is where teams fail when they rely on self-attested ownership and do not document independent checks.
Scenario 2: Third-party payment recipient “for convenience”
What happens
Supplier asks you to send funds to a different entity “managed by our accountant.”
What you do
Treat as a hard stop until a documented legal basis exists
Re-screen the new recipient and its owners
Require a signed assignment agreement and board authorization, then compliance sign-off
If you cannot document it, do not pay
This pattern maps to trade-based laundering indicators around payment structures that do not fit the transaction.
Scenario 3: Vessel identity confusion and routing irregularities
What happens
Your carrier changes the vessel. The IMO number in one document does not match another. Routing adds an unexpected transshipment.
What you do
Treat it as a sanctions evasion risk until verified
Confirm IMO and vessel identity, then re-check involved parties
Require corrected shipping documents before loading or sailing
If AIS and routing look inconsistent, escalate and pause
U.S. guidance flags AIS manipulation, identifier tampering, and falsified documents as common evasion methods that matter for metals cargo.
Scenario 4: Counterparty acquired a new subsidiary and your screening misses it
What happens
You onboarded an entity years ago. It later acquires or uses an affiliate that appears in shipping documents. Your screening only covers the original entity name.
What you do
Re-screen affiliates named on bills of lading, invoices, and packing lists
Re-check ownership and business names during periodic refresh
Add an internal rule: “No shipment docs with un-screened parties”
OFAC enforcement actions repeatedly cite process gaps where screening does not cover all parties involved in the transaction flow.
Scenario 5: Permit is valid, but waste shipment documentation is incomplete
What happens
The yard has a valid permit. The shipment paperwork lacks required accompanying information or has inconsistencies in waste classification.
What you do
Treat it as a shipment hold risk, not a minor admin issue
Require corrected documentation before departure
Capture evidence of your review in the file
EU policy direction is moving toward higher traceability and tighter enforcement on waste shipments, with major provisions applying from May 21, 2026.
Scenario 6: High-pressure timing, “send deposit now”
What happens
You get told the cargo will be sold to someone else in 20 minutes.
What you do
Run your fast pre-check only, then either:
clear deposit under strict conditions, or
refuse and move on
Do not send funds without bank-path screening and a documented owner check when risk is high
This is how you keep speed without gambling the firm.
Scenario 7: “Green” scrap claims, but contamination risk creates regulatory exposure
What happens
The seller describes the cargo as clean, but photos show mixed streams. That can change the control procedure and documentation requirements.
What you do
Require grade photos, inspection reports, and contamination statements
Align documentation to the relevant control approach and codes where applicable
Document your basis for classification
OECD guidance highlights the importance of classification and contamination considerations in transboundary recoverable waste controls.
9. Frequently Asked Questions about Scrap KYC
How often should you re-screen counterparties?
Tie it to risk.
Low risk: at least annually, plus pre-payment on each deal
Medium risk: quarterly, plus pre-payment
High risk: monthly, plus pre-payment, plus pre-load checks
Do you need to screen logistics parties too?
Yes. You screen what can create liability.
That includes freight forwarders, carriers, vessels when known, and any agents shown in shipping documents.
What if the supplier refuses to disclose UBOs?
Treat it as a no.
If you cannot identify who owns the company, you cannot justify the risk, especially when enforcement guidance and banking expectations center on ownership transparency.
Is “control” the same as “ownership” under OFAC’s 50% rule?
No. OFAC’s 50% rule is ownership-based, not control-based, but “control without ownership” should still move your internal risk rating to high and trigger enhanced checks.
What documents do you keep, and for how long?
Keep what proves your decision.
At minimum: registry extracts, UBO declaration, ID checks, screening logs with timestamps, permits, shipping docs, payment instructions, and your decision memo. Your retention period depends on jurisdiction and your bank requirements, but you should treat multi-year retention as standard for trade compliance files.
What is the fastest safe way to clear low-risk repeat suppliers?
Pre-build a complete file once, then refresh on schedule.
Use a short pre-payment re-check each deal, and an annual refresh of corporate and permit documents.
Why does this matter so much in scrap, specifically?
Scale and scrutiny.
Steel scrap alone is central to decarbonisation. worldsteel reports that every tonne of steel scrap used avoids 1.5 tonnes of CO2 and avoids large raw material inputs, and that steelmaking can use up to 100% scrap in EAF routes. That scale keeps regulators and banks focused on controls across the trade.
10. FiveLayer Distribution and Reuse Toolkit
Layer 1. Your “Deal Intake” form, the minimum fields that prevent rework
Use one standard intake for every deal, even when it is a WhatsApp-origin lead.
Fields you never skip:
Legal entity name and registration number
Jurisdiction and registered address
UBOs and ownership percentages
Signatory names and IDs
Bank details for all legs
Logistics parties and ports
Material description and grade, plus photos
Permit list and expiry dates
Layer 2. Your “Red Flag Rules” that trigger an automatic hold
Hard-stop triggers:
Third-party payment recipient without a documented legal reason
Refusal to provide UBOs or signatory IDs
Invoice entity differs from contract entity
Last-minute bank changes without explanation
Routing changes that do not fit the commercial logic
Shipping docs with inconsistent identifiers
Layer 3. Your “Decision Memo” template, one page, always completed
Include:
Risk rating
What you screened (entity, people, bank path, shipping parties)
What you validated (permits, registry evidence, waste shipment documentation as relevant)
Decision and conditions
Approver name and timestamp
Layer 4. Your “Testing Pack” for monthly internal QA
Each month, pick 10 completed deals.
Check:
Full file exists and is readable
Screening logs are time-stamped and match the transaction date
Bank path was reviewed
Permits were validated where required
Decision memo explains the outcome
Layer 5. Your “External Trust Pack” for banks, insurers, and key buyers
This reduces friction when a bank asks, “Show me your controls.”
Include:
Your policy summary aligned to OFAC’s five-component compliance program structure
Your screening cadence rules
Your internal QA process
Your incident escalation path
OFAC lays out the five essential components it expects to see in sanctions compliance programs, which gives you a clean structure for this trust pack.