[alphager]

No, they don't. The banks know perfectly well that this doesn't catch terrorists. But by law they are liable if a terrorist uses their services if they don't have a program to detect terrorists. A key-word match on Iran, bomb, ISIS, etc. is enough in the eyes of the regulator.

[ndriscoll]

No it isn't (at least in the US). Banks have to adhere to Know Your Customer laws, and have to refuse services related to any person or group that's been sanctioned. OFAC has a search tool for such persons[0], but notably says that even using their tool isn't enough to avoid liability. Just saying "we looked for 'bomb supplies' in the memo" isn't going to cut it.

You might see dumb things because banks will do anything they can think of to ensure they comply, and enough in the eyes of the regulator is that they don't allow banned transactions.

[0] https://sanctionssearch.ofac.treas.gov/

[joncrocks]

Person, group or Country. e.g. Iran.

Yes, you're meant to do KYC checks, but also be on the look out for things that your non-sanctioned customers might be doing (post KYC checks) that involves interacting with Sanctioned entities.

Hence lots of pattern matching on names of sanctioned countries/organisations/people.