Exposure Lists
The regulatory, third-party, and custom lists Altana screens your supply chain against — more than 180 in all.
Most exposure work starts with a list. A regulator publishes a roster of restricted parties; a customs authority issues a forced-labor detention order; an export-control agency names entities subject to additional licensing; a multilateral bank debars a contractor for fraud. List-based exposure is the family of exposures Altana surfaces when a company, facility, or shipment in your supply chain matches a recognized list. Every match is anchored to the source list, the issuing authority, and the date the entry was added — so you can show your work to a regulator or an auditor.
Altana maintains a broad, continuously refreshed catalog of these lists. It spans four kinds of source:
- Government regulatory lists — sanctions programs, export-control rosters, forced-labor designations, debarment lists, and similar, published by national and multilateral authorities.
- Licensed third-party risk intelligence — curated risk datasets and corporate-affiliation lists from established risk-data providers, available where your deployment is licensed for them.
- Altana-derived lists — proprietary lists Altana produces, such as geographic geofences and model-derived risk lists (for example, transshipment-risk lists).
- Custom lists — lists built to your requirements, including lists derived from news and NGO reporting and lists built by graph propagation from a seed set you define.
How a list matches your supply chain
Lists reach the supply chain graph in one of two ways, and it helps to know which kind you are looking at.
Entity-driven lists are built around a set of named risk entities — specific companies, individuals, or vessels known to represent the concern. Altana compares those named entities against the companies and facilities in the graph using entity resolution, so a match holds even when names, transliterations, and addresses don't line up exactly. Most regulatory lists — sanctions rosters, the export-control entity lists, debarment lists — are entity-driven.
Model-driven lists have no named entities to resolve. Instead, membership is the output of a model run over the graph: an entity is a member because the model includes it, not because its name matched a roster. The model can be simple or sophisticated. A simple model is little more than a rule — for example, "any company that operates a facility in a specific region," such as Russia or the Xinjiang Uyghur Autonomous Region. A sophisticated model produces a learned judgment — for example, the likelihood that a company is engaged in illicit narcotics synthesis and distribution, scored from the patterns Altana can observe across the network. Geofences sit at the simple end; transshipment-risk and narcotics-risk lists sit at the sophisticated end. In every case the list carries the same provenance and flows through the same review workflow as a regulatory list, and model-driven flags are surfaced with confidence and explanation so you can weigh them before acting.
Issuing authorities and categories
The issuing authority is the government body, regulator, multilateral institution, or data provider that publishes a list — OFAC for the SDN programs, BIS for the Entity List, the EU for its consolidated sanctions list, the UN for Security Council designations, a customs authority for forced-labor detentions. Every list match carries its issuing authority so you can trace the flag back to the public source.
Altana groups lists into exposure categories that organize them by the kind of restriction they enforce. The categories let you tune importance and routing at the kind-of-risk level rather than list by list:
- Broad sanctions — wide-scope blocking programs (OFAC SDN, EU and UK consolidated lists, UN designations).
- Financial sanctions — targeted financial restrictions short of full blocking (sectoral sanctions, correspondent-account restrictions).
- Export controls — license requirements and denials for controlled goods, software, and technology.
- Forced labor — forced-labor entity lists, detention orders, and region-based presumptions.
- Terrorism — designated terrorist organizations and individuals.
- Criminal indictments and wanted persons — narcotics traffickers, transnational criminal organizations, enforcement actions.
- Corruption and fraud — debarment lists and enforcement actions tied to corrupt or fraudulent practices.
- Countermeasures — retaliatory or counter-policy designations issued by foreign governments.
- Special entities and persons — state-ownership, state-affiliation, and military-affiliation lists, and other high-risk designations.
- Deforestation and environmental — deforestation-risk areas and environmental embargoes.
- Transportation safety — maritime and aviation safety designations.
- Weapons proliferation — designations tied to the spread of weapons of mass destruction and their precursors.
- Uncategorized — a working bucket for lists not yet assigned a category, including some Altana-derived lists.
How a list match becomes a workflow
When a supplier or facility in your network matches a list, Altana opens an exposure record and tracks its lifecycle through a status workflow. A typical flow:
- Unassessed — the exposure has been surfaced but no one has reviewed it.
- In review — an analyst has picked it up and is working through the evidence.
- Of concern — the review found the exposure to be material; it is escalated.
- Cleared — due diligence resolved the question and the exposure no longer requires action.
Status changes are recorded in the audit log alongside who acted and what evidence was attached. The status determines whether downstream workflows continue to flag the supplier or treat it as resolved.
Custom and derived lists
The regulatory catalog answers the questions every importer shares. Your compliance program also has questions that are specific to you — a material you won't source from certain countries, a roster your legal team maintains, a concern raised in an investigation that no regulator has yet codified. Altana lets you encode those as custom lists, using the same entity-driven and model-driven mechanics as the built-in catalog.
Lists built to your requirements
A custom client-defined list captures a rule your business enforces — for example, flag any supplier of a particular material from a set of countries, or screen against an internal do-not-source roster. You provide the entities or the rule; Altana resolves and applies it across your supply chain graph the same way it applies a regulatory list, and the resulting exposures flow through the same status workflow.
Lists derived from news and NGO reporting
Risk often surfaces in reporting before it appears on any government list. An investigative article names a set of factories; an NGO publishes a report tying named companies to a labor or environmental concern. Altana can turn that named-entity set into an entity-driven list: the named entities are resolved against the graph, and matches open exposures you can triage. Because the match runs through entity resolution, it holds up against the name and address variation that makes manual cross-referencing of a report so slow.
Lists built by graph propagation
Some of the most useful lists are not a fixed roster at all — they are produced by starting from a seed set of named entities and propagating along the relationships in the graph. The seed set is not limited to regulatory lists; it is whatever you decide is significant. Two families of propagation are common:
- Ownership propagation. Start from a seed set and follow ownership edges to find the entities that inherit the concern. This is how a list expands to cover majority-owned subsidiaries, or applies a control threshold such as the OFAC 50% Rule, or walks a fixed number of levels up and down an ownership chain. Ownership-based exposure is covered in detail on its own page.
- Supply-chain propagation. Start from the facilities of listed entities and follow shipment relationships upstream and downstream — reasoning about how a flagged input flows into finished goods — to find the products and suppliers a concern touches several tiers away. This is the engine behind forced-labor and material-pathway exposure in a multi-tier value chain.
A propagation list combines two ingredients: a set of named entities (the seed) and a propagation motif (the relationship pattern to follow). Change the seed and the same motif answers a new question; change the motif and the same seed expands differently. This is what lets Altana turn a short, authoritative roster into supply-chain-wide coverage without you hand-tracing every link.
How you'll see this in Altana
- Lists are managed in Settings: an administrator configures which lists are active, sets importance per category, and uploads or commissions organization-specific lists.
- Exposure records show the list, the issuing authority, the category, the date the entry was added, the way it matched (entity-driven or model-driven), and the matched company or facility.
- Status transitions and reviewer notes appear on the exposure record and in the audit log on the affected company profile.
- Filtering by category focuses a review — "show me every forced-labor exposure across my tier 1 suppliers" or "find financial-sanctions exposures in this product's value chain."
- Custom and propagation-derived lists appear alongside regulatory lists in the same surfaces and the same status workflow. See Custom Exposures & Integrations for how to set them up.
Key terms
- Exposure list
- A list of parties, facilities, or designations that, when matched against your supply chain, opens an exposure for review.
- Entity-driven list
- A list built around named risk entities, matched against the graph through entity resolution. Most regulatory lists are entity-driven.
- Model-driven list
- A list whose membership is the output of a model run over the graph, with no named entities to resolve. Models range from simple rules (a company operating a facility in a given region) to sophisticated learned judgments (the likelihood a company is engaged in illicit narcotics synthesis and distribution). Geofences, transshipment-risk, and narcotics-risk lists are model-driven.
- Issuing authority
- The government body, regulator, multilateral institution, or data provider that publishes a list (OFAC, BIS, EU, UN, a customs authority, etc.).
- Exposure category
- The grouping that organizes lists by the kind of restriction they enforce — broad sanctions, financial sanctions, forced labor, export controls, and so on.
- Exposure status workflow
- The lifecycle states tracked per exposure: Unassessed, In review, Of concern, and Cleared.
- UFLPA
- The U.S. Uyghur Forced Labor Prevention Act, which presumes goods produced wholly or in part in the Xinjiang Uyghur Autonomous Region are made with forced labor and barred from entry. Surfaced through the published entity list and through a geographic overlay covering the region.
- Withhold Release Order (WRO)
- An order issued by a customs authority directing the detention of goods suspected of being produced with forced labor. A common driver of forced-labor exposures.
- Propagation motif
- The relationship pattern a propagation list follows from its seed set — for example, ownership edges to reach subsidiaries, or shipment edges to reach upstream suppliers.
- Seed set
- The set of named entities a propagation list starts from. Not limited to regulatory lists; it is whatever you decide is significant.
Appendix: representative list coverage
The tables below catalog representative lists in each category, with their issuing authority. They illustrate the breadth of the catalog rather than enumerate all 180-plus lists, and they exclude the derivative propagation variants (such as majority-owned-subsidiary expansions) that Altana generates from a base list. Sanctions programs in particular are often maintained as many country- and program-specific lists under one authority; a few are broken out here to show the grain. List contents change frequently — for the live contents of any program, consult the issuing authority directly.
Broad sanctions
| List | Issuing authority |
|---|---|
| Specially Designated Nationals and Blocked Persons List (SDN), consolidated | OFAC (U.S. Treasury) |
| SDN country and program lists — Belarus, Central African Republic, Cuba, Democratic Republic of the Congo, Ethiopia, Iran, Iraq, Lebanon, Libya, Myanmar (Burma), Nicaragua, North Korea, Somalia, Sudan, Syria, Ukraine/Russia-related, Venezuela, Western Balkans, Zimbabwe, and others | OFAC (U.S. Treasury) |
| Global Magnitsky human-rights sanctions | OFAC (U.S. Treasury) |
| Non-SDN Chinese Military-Industrial Complex Companies List | OFAC (U.S. Treasury) |
| Non-SDN Menu-Based Sanctions List (CAATSA) | OFAC (U.S. Treasury) |
| Consolidated sanctions list | European Union |
| UK Sanctions List / financial-sanctions targets | UK HM Treasury (OFSI) |
| Security Council Consolidated List | United Nations |
| Sanctions / restricted-party list | Switzerland (SECO) |
| State-level Iran and Sudan divestment / scrutinized-company lists | U.S. states |
Financial sanctions
| List | Issuing authority |
|---|---|
| Sectoral Sanctions Identifications List (SSI) | OFAC (U.S. Treasury) |
| Correspondent Account or Payable-Through Account Sanctions (CAPTA) | OFAC (U.S. Treasury) |
| Foreign Sanctions Evaders List | OFAC (U.S. Treasury) |
| List of Foreign Financial Institutions subject to correspondent-account restrictions | OFAC (U.S. Treasury) |
Export controls
| List | Issuing authority |
|---|---|
| Entity List | BIS (U.S. Commerce) |
| Military End User (MEU) List | BIS (U.S. Commerce) |
| Denied Persons List | BIS (U.S. Commerce) |
| Unverified List | BIS (U.S. Commerce) |
| Chinese military companies designations | U.S. Department of Defense |
| Debarred parties (defense-trade controls) | U.S. Department of State (DDTC) |
| Chemical and biological weapons concern designations | U.S. Department of State |
| Aircraft subject to General Prohibition 10 | BIS (U.S. Commerce) |
| Dual-use and military export-control designations | EU and UK authorities |
Weapons proliferation
| List | Issuing authority |
|---|---|
| Weapons of Mass Destruction Proliferators and Their Supporters | OFAC (U.S. Treasury) |
| Nonproliferation sanctions designations | U.S. Department of State |
Forced labor
| List | Issuing authority |
|---|---|
| UFLPA Entity List | U.S. Department of Homeland Security |
| UFLPA Xinjiang region geofence | Altana (geospatial overlay) |
| Withhold Release Orders and forced-labor detentions | U.S. Customs and Border Protection |
| North Korea forced-labor provisions | U.S. Government |
| "Dirty List" of employers tied to slave labor | Brazil (Ministry of Labor) |
| Forced-labor entity lists from licensed risk-intelligence providers | Third-party (licensed) |
| Named-entity lists derived from NGO and investigative reporting | NGO / custom |
Terrorism
| List | Issuing authority |
|---|---|
| Specially Designated Global Terrorist (SDGT) designations | OFAC (U.S. Treasury) |
| Foreign Terrorist Organizations | U.S. Department of State |
| Listed terrorist entities | Public Safety Canada |
| Al-Qaida and ISIL (Da'esh) sanctions | United Nations |
Criminal indictments and wanted persons
| List | Issuing authority |
|---|---|
| Specially Designated Narcotics Traffickers (Kingpin designations) | OFAC (U.S. Treasury) |
| Transnational Criminal Organizations | OFAC (U.S. Treasury) |
| Foreign Corrupt Practices Act enforcement actions | U.S. DOJ / SEC |
Corruption and fraud
| List | Issuing authority |
|---|---|
| Debarred and ineligible firms and individuals | World Bank |
| Sanctioned firms and individuals | Inter-American Development Bank and other multilateral development banks |
| Excluded parties (healthcare programs) | U.S. states and federal program authorities |
| Warning letters | U.S. Food and Drug Administration |
Countermeasures
| List | Issuing authority |
|---|---|
| Unreliable Entity List | China (Ministry of Commerce) |
| Retaliatory / countermeasure sanctions | China (Ministry of Foreign Affairs) |
Special entities and persons
| List | Issuing authority |
|---|---|
| Chinese military companies designations | U.S. Department of Defense |
| Section 889 covered-entity designations | U.S. Government |
| State-ownership and state-affiliation lists | Licensed third-party providers |
| Securities-regulator investment-caution lists | National and provincial securities regulators |
Deforestation and environmental
| List | Issuing authority |
|---|---|
| EU Deforestation Regulation (EUDR) risk areas | European Union |
| Environmental embargoed areas | Brazil (IBAMA) |
| Deforestation-risk geospatial overlays | Third-party / Altana (geospatial) |
Transportation safety
| List | Issuing authority |
|---|---|
| Maritime and vessel safety designations | Maritime and port-state authorities |
Altana-derived and custom
| List | Source |
|---|---|
| Geofences (region-of-concern boundaries) | Altana (geospatial, model-driven) |
| Transshipment-risk and narcotics-risk lists | Altana (model-driven) |
| Facilities-in-region-of-concern lists | Altana (graph-derived) |
| Client-defined lists, news- and NGO-derived lists, propagation lists | Custom (see above) |