How to Comply with Sanctions as a SaaS

Question

In the modern world, many countries have sanction laws, and lists. How to comply this for a small SaaS company? Which payment processors, or merchants of record provide such services as part of their offering?What does your SaaS do to comply with such laws?

vivegi · Accepted Answer

1. You have the option of not serving some countries. That is the most obvious one.
2. Ask the question to your payment processor on how they handle this.
3. If you (or your b2b clients) are in a regulated industry (for eg: US Healthcare or FinTech) and your employees or contractors handle Protected Health Information (PHI)/Personally Identifiable Information (PII), you may need to run every one of those employee's or contractor's information against the sanctions list (for the US this includes Federal and state lists) on a monthly basis. There are many companies that provide this as a service for a fee. (Ethico - formerly ComplianceLine is a company serving the healthcare industry for sanctions checks for US. https://ethico.com/)