A sanctions hit at a regional internet registry is rarely a single switch. It is more often an ambiguous middle state: a name resembles a listed person, a beneficial owner needs disambiguation, a correspondent bank delays a wire, a payment processor declines without explanation, or a politically exposed director pushes an ordinary renewal into enhanced review. The address block may still route and no one may have decided that service is unlawful. Yet account standing, authenticated changes, transfer files, RDAP data, reverse DNS, RPKI support and customer assurance can all begin to wobble. AFRINIC's recent institutional stress makes that operational problem visible. The question is not whether a registry must obey sanctions law. It must. The question is whether sanctions screening is designed as a narrow business-continuity mechanism, so a prohibited dealing is stopped without turning uncertainty into an avoidable infrastructure shock.

The first risk is ambiguity, not revocation

The most dangerous moment in sanctions screening is often not the final prohibition. It is the period before anyone knows whether there is a prohibition at all. A member tries to renew. The card payment fails. The bank cannot say whether the rejection came from sanctions screening, country risk, a fraud model or an ordinary processor error. A wire enters correspondent-bank review. A shareholder name resembles a designated person. A public-sector customer appears in adverse media. A director is politically exposed but not sanctioned. A compliance team asks for ownership documents before accepting funds. The registry has not revoked an address block. It may not even have formed a legal view. But the member cannot obtain a clean standing confirmation, cannot move an authenticated transfer forward, cannot update an authorised contact, and cannot tell lenders or customers that the registry relationship is ordinary.

For most suppliers, that would be a commercial irritation. For a regional internet registry, it is a continuity event because the relationship sits below visible network operations. AFRINIC administers IPv4, IPv6 and ASNs for Africa and parts of the Indian Ocean. Its public materials describe services around WHOIS, RDAP, reverse DNS, internet routing registry functions and RPKI. Its resource-request processes move through tickets, hostmaster review, peer review, managerial approval, reservation and payment. Its fee materials connect billing to account standing. Its transfer materials require organisations involved in transfers to be in good standing before the request is considered. Its reverse-delegation rules also depend on current membership status and registered assignments.

That structure lets a compliance ambiguity travel sideways. A payment delay can become a standing question. A standing question can become a transfer delay. A transfer delay can affect financing, acquisition timing or customer assurance. A stale authorised contact can stop the right officer from correcting records during a crisis. A delayed reverse-DNS or RPKI support request can leave engineers managing avoidable uncertainty. The resource may keep routing, but the economic environment around it has already changed.

The first discipline is therefore service mapping. Accepting a new payment is not the same act as maintaining a public RDAP record. Approving an outbound transfer is not the same act as allowing the last verified technical maintainer to correct a contact field. Issuing new IPv4 space is not the same act as preserving an existing reverse-DNS delegation or the last verified RPKI state. If all of those surfaces collapse into the phrase "account under review", the registry has not practised compliance. It has bundled unrelated risks.

AFRINIC has already shown how expensive bundling can become. The Internet Governance Project's 2021 account of the dispute between AFRINIC and Cloud Innovation described a contested attempt to terminate Cloud Innovation's Registration Service Agreement and reclaim addresses, followed by Mauritian court relief that provisionally froze up to US$50 million of AFRINIC funds. The merits of each side's legal position are for courts and contracts. The narrower institutional lesson is enough here: when registry recognition, payment rails, litigation remedies and operational continuity are tied together, a dispute stops being a back-office matter.

Sanctions screening is another path to the same coupling. A hit may be real. A bank may be right to reject a transaction. A registry may be unable to deal with a designated party. But the existence of one unresolved question does not answer what must happen to every registry function touching the account. The continuity problem begins in that gap.

A registry screen touches more than a payment

Sanctions compliance and risk avoidance often look similar from outside, but they are economically different. Binding sanctions law has a source, a jurisdiction, a date, a restricted person or entity, a defined kind of dealing, and usually some path for licensing, reporting, challenge or clarification. Informal risk avoidance is more atmospheric. A bank may fear questions from a correspondent bank. A processor may dislike a country, name pattern, industry, beneficial owner or political exposure. A registry may worry that a controversial member will contaminate its own banking access. Staff may prefer delay because a mistaken approval is visible while a mistaken delay can hide inside a queue.

None of those reactions is irrational. They are also not the same thing. If a rule validly applicable to AFRINIC, its bank or a service provider prohibits a transaction with a designated person, the registry cannot treat neutrality as a licence to ignore the rule. If a court order restricts funds or communications, it must be respected. If host-state law requires reporting, freezing or rejection, the organisation must comply through the proper channel. But if the only fact is that a bank declined a card without giving reasons, or that a screening tool produced a possible match, the registry has a classification problem, not a sanctions verdict.

This difference matters because registry services are not a single product. The member relationship includes billing, account standing, resource requests, transfer processing, authenticated contacts, public registration data, reverse-DNS delegation, route-security support, governance credentials and ordinary support tickets. A legal restriction may touch one surface and not another. A bank may be unable to accept a payment while the existing public record remains lawful to maintain. A court may require preservation of status while ordinary RDAP publication continues. A transfer to a buyer may need to pause while a technical contact correction should go through. A beneficial-owner question may require senior review for new commercial benefits without requiring a break in last-known-good continuity.

The registry should therefore force a written basis for each restriction. "Payment declined" is not enough. "Screening review pending" is not enough. "Political sensitivity" is not a sanctions category. The file should answer who is bound by which rule; which list, order, law or contractual bank requirement is involved; which person or entity matched; what service is restricted; what services can continue; what evidence would clear the hit; what standing grace applies while the member attempts cure; and who can appeal.

AFRINIC's own billing language shows why the distinction is not clerical. The fee process moves from invoice issuance to payment due dates, moratorium, penalties and eventual closure procedures. AFRINIC's online payment materials state that when a credit-card payment fails, the organisation will not be told why and the member should contact the card provider and arrange an alternative method quickly to ensure continuous use of services and resources. That is sensible for ordinary billing. In a sanctions-screening event, it becomes decisive. If a bank declines without explanation, is the member unwilling to pay, or is the financial infrastructure temporarily blocking a payment attempt? If a correspondent bank asks for more information before crediting a wire, is the member delinquent, or is it in documented cure?

A continuity-minded registry should not let the financial rail answer the registry question by default. It should distinguish the member's obligation to pay, the member's attempt to pay, the bank's ability to move funds, and the legal ability to accept funds. If funds can be accepted through another lawful channel, that channel should be available without threatening unrelated services. If funds cannot be accepted until a screen clears, a documented standing grace should preserve existing resource recognition and continuity services while the question is resolved. If law requires rejection or freezing, the registry should state the basis and separate the effect on funds from the effect on records.

The purpose is not leniency. It is precision. A registry that cannot distinguish legal prohibition from institutional nervousness will export its uncertainty to every operator that depends on its records.

A hit is a question, not a verdict

Sanctions screening can look authoritative because it comes wrapped in lists, software, legal vocabulary and formal review processes. Operationally, the first output is often only a question. Screening tools compare legal names, aliases, transliterations, addresses, dates of birth, registration numbers, directors, beneficial owners, payors, payees, banks, countries, vessels, email domains and related parties against lists and adverse-information sources. They score similarity and produce hits. Human reviewers then decide whether the match is true, false, unresolved or outside the relevant legal scope.

That reality is especially important in AFRINIC's service region. Names move across Arabic, Chinese, Cyrillic, French, Portuguese and many African languages and naming conventions. Transliteration is imperfect. Corporate-service addresses may be reused. A company may share a common word with a designated entity. A director may have the same name as a listed person but a different date of birth. A lawful parent may own a restricted subsidiary, or a restricted parent may be separated from a lawful operating company in a way that matters under the applicable test. A state-owned telecom operator may be politically exposed without being sanctioned. A ministry customer may trigger enhanced review without making the network provider a prohibited party.

The economics depend on the review process, not on the existence of the database. A weak process treats the hit as a reason to freeze everything. A mature process classifies the risk by service. Is the pending action a new allocation, a renewal payment, a transfer, an authenticated contact change, a reverse-DNS update, an RPKI support issue, an RDAP correction or a governance vote? Does the matched person own or control the member under the relevant legal standard, or merely appear somewhere in the file? Is the issue with the member, a shareholder, a director, a customer, a source of funds, a bank or the payer of an invoice? Does the registry have enough information to decide, or is the bank the only institution with the relevant facts?

False positives are not harmless in this layer. They are market events. Suppose an ISP with a common name, a sanctioned-country customer or a politically exposed director is flagged during renewal. If AFRINIC pauses payment recognition and good standing while review proceeds, that ISP may need to explain the issue to customers, lenders, acquirers, data-centre partners and government counterparties. The explanation may be accurate but still damaging. The member may not be sanctioned. The funds may not be blocked. The hit may be a matching error. Counterparties will price the uncertainty immediately because registry standing is part of continuity.

Transfers make the cost even clearer. A buyer diligencing address space wants to know whether the seller is recognised, whether the block can move, whether accounts are in good standing, whether RDAP and reverse-DNS data can be updated, whether RPKI state can transition cleanly, and whether any hold could delay closing. A false-positive sanctions hit can create a discount even after it is cleared. The seller has not lost the resource. It has lost certainty. In a scarce IPv4 market, certainty is capital.

AFRINIC's broader history explains why verification cannot simply be relaxed. KrebsOnSecurity reported in 2019 on allegations that AFRINIC-linked IPv4 space had been misappropriated and sold, with researcher Ron Guilmette estimating the documented addresses at more than US$50 million in market value; AFRINIC's then chief executive said the organisation was investigating. The Internet Governance Project later connected scarcity and the gap between low registry fees and high market prices to the intensity of the Cloud Innovation conflict. The lesson is not that controls are unnecessary. It is that controls must be precise enough that anti-fraud and sanctions work does not damage lawful holders through error.

The practical safeguard is an evidence log. A material hold should record the list or source used, date and version, matched fields, match score or qualitative reason, reviewer, requested evidence, service affected, services preserved, decision deadline and appeal path. It should also record why lesser measures were or were not sufficient. Without that log, a registry cannot later show whether it complied with law or simply de-risked under pressure. With it, a member, court, auditor or successor operator can reconstruct what happened.

Language belongs in the same discipline. A registry notice should not imply that a member is sanctioned because an automated screen produced a hit. It should not broadcast suspicion when private evidence can clear it. "Payment-screening review pending; existing resource recognition preserved" is economically different from "account under sanctions review." The difference is not cosmetic. In infrastructure markets, words change price.

Payment rails can turn standing into infrastructure risk

Registry fees can look small because they are measured against administrative service, not against the value of the networks that depend on recognition. AFRINIC's published fee structure includes annual membership categories and charges tied to resource holdings or requests. Those figures are modest beside the revenue carried by a network, the value of a large IPv4 block in a secondary market, or the cost of renumbering customers. But the invoice is not the main economic object. Standing is.

Standing links payment to operational confidence. AFRINIC's billing timetable includes due dates, moratorium periods, penalties and closure processes. Its transfer information requires good standing for organisations involved in transfers. Reverse-delegation changes depend on active membership and registered assignments. A payment delay caused by screening can therefore become more than an unpaid bill. It can become a question over whether a member can complete a transfer, update operational records, maintain confidence with counterparties or preserve the appearance of ordinary registry recognition.

That is why payment continuity needs its own design. A bank's refusal to process a payment is not automatically a member's refusal to pay. A processor's decline is not automatically delinquency. A correspondent bank's information request is not necessarily a legal prohibition. Treating the member as non-paying while the member is trying to satisfy an invoice through a blocked rail converts financial-institution caution into registry-service impairment.

The least disruptive answer is payment segregation. The registry should maintain separate concepts for invoice obligation, attempted payment, bank acceptance, legal ability to receive, account standing and resource recognition. If the member has attempted lawful payment and is cooperating with evidence requests, standing should be preserved for a defined period unless a binding rule prevents it. If one rail is blocked but another lawful rail is available, the member should be able to use it. If funds must be held in suspense or escrow while a bank review proceeds, the file should say what that means for standing. If law requires rejection, freezing or reporting, the registry should document the legal basis and the services affected.

Segregation also protects the registry. The 2021 court-related freeze described by the Internet Governance Project showed how quickly financial restraint can affect institutional function. The NRO's 2023 public statement on the appointment of an official receiver welcomed a court-supervised process that would maintain status quo and preserve business value while members continued to receive registry services. Whatever one thinks of later disputes, the continuity logic is clear. Payment accounts, disputed funds, ordinary operating cash, member renewals and transfer-related payments should not all depend on one practical choke point without a service plan.

For sanctions screening, the plan should be explicit before the crisis. Members should know what happens if a wire is delayed, if a card is rejected, if a correspondent bank asks for beneficial-ownership evidence, if a payment comes through a sanctioned bank, if a court order affects funds, or if a designated party attempts payment. The plan should state which rails exist, what currencies and payment methods are accepted, how evidence of attempted payment is recorded, whether suspense or escrow arrangements exist, when standing grace applies, which services continue during review and when a payment problem becomes a legal prohibition rather than an operational issue.

The standing grace is critical. It should not be infinite, and it should not permit every service. A member under payment-screening grace may have existing recognition preserved while new allocations or transfers remain subject to additional review. That is a reasonable separation. It tells the market that the member is not in ordinary delinquency, tells the registry that funds have not been ignored, and tells banks that the registry is not using their private caution as a hidden verdict.

The worst outcome is silent status drift. A member attempts payment, the bank delays, the registry waits, the invoice ages, the account stops looking clean, and counterparties infer that the member has a sanctions problem. No one made a final legal decision, yet the economic effect has already occurred. A continuity-minded registry prevents that drift by naming the state of the file.

Beneficial ownership belongs in the file, not the rumour market

Sanctions screening does not stop at the member's legal name. It asks who ultimately owns or controls the entity, who can instruct it, who directs it, who pays, who receives funds, and whether any relevant person is designated, politically exposed, subject to asset freezes or otherwise restricted. For a regional registry, that creates a difficult overlap between member-identity verification, governance authority and business continuity.

AFRINIC's recent election disputes show why authority documentation cannot be treated as mere paperwork. The Register reported that the June 2025 board election was suspended shortly before the end of in-person voting because questions had arisen over powers of attorney. ISPA South Africa alleged that authorised representatives found someone else had attempted to vote on their behalf using powers they said they had not provided. AFStar also alleged fraudulent powers of attorney. The receiver later annulled the election, citing concerns about voter documentation and the need to protect transparency and fairness. Those are allegations and institutional responses in a contested environment, not final proof of every claim. They nevertheless show that identity, authority and documentary integrity can decide institutional power.

The same is true in sanctions screening. A power of attorney, director register, beneficial-owner statement or authorised-contact change determines who can pay, appeal, receive notices, approve transfers, update RDAP, manage reverse DNS, make RPKI requests and communicate with the registry. If a beneficial-owner check fails, the registry may be right to pause a high-risk transaction. It should not convert an unresolved document question into a broad service penalty before the member can cure.

There are at least three separate identity questions. The first is legal existence: does the member exist, in which jurisdiction, under which registration number and with what current status? The second is authority: who may bind the member, submit evidence, pay invoices, request changes and represent it in disputes? The third is sanctions control: is the member owned or controlled, under the applicable legal standard, by a sanctioned person or entity? These questions may overlap, but they should not be merged. A missing certificate of incumbency is not a sanctions hit. A disputed proxy is not proof of prohibited control. A politically exposed director is not the same as a designated owner. A shareholder dispute is not a reason to damage unrelated network services unless a court or rule requires it.

The economics of opacity are severe. If beneficial-ownership review becomes a rumour market, members will over-lawyer ordinary interactions, delay legitimate updates, hide complexity, or treat the registry as a hostile counterparty. Counterparties will fill missing facts with worst-case assumptions. Banks may become more cautious because the registry cannot explain its own file. A precise process lowers costs because members know what evidence keeps the account clean.

The strongest tool is a private, auditable identity ledger. It should distinguish legal name, trading names, registration number, registered office, directors, authorised representatives, technical maintainers, billing contacts, payors, beneficial owners, controllers and power-of-attorney holders. It should record expiry dates and the effect of expiry. If a document is questioned, the notice should say which function is affected: voting, billing, transfer approval, support authorisation, contact maintenance or resource recognition. A voting proxy defect should not automatically impair reverse DNS. A billing-contact defect should not automatically stop an RPKI maintenance request. A true beneficial-owner sanctions issue may require deeper action, but even then the registry should identify the legal basis and preserve unaffected services where lawful.

Member notice is part of the economics. A member should not learn from a failed transaction or a third-party rumour that its account is under review. It should receive a plain notice stating what is being reviewed, what evidence is needed, what services continue, what services pause, what deadline applies, and how to appeal or escalate urgent continuity needs. Confidentiality can be preserved without silence. Silence is not due process; at the registry layer, it is risk multiplication.

Political exposure should trigger evidence, not punishment

Few compliance categories are easier to mishandle than politically exposed persons. A PEP label normally means a person holds, or has held, public office or is close to someone who does. It calls for enhanced due diligence. It is not itself a sanctions listing. In AFRINIC's service region, that distinction matters because public ownership, government procurement, telecom licensing and critical-infrastructure relationships are common features of network operations. Many legitimate operators may have directors, owners, customers or authorising officials linked to the state.

The danger is that PEP screening becomes a political filter. A registry serves state-owned carriers, ministries, universities, public research networks, regulators, health systems, education networks, public-sector data centres, private ISPs with government contracts, banks, IXPs and independent operators. In some jurisdictions, public ownership or public-sector proximity is normal. If every PEP connection becomes a soft reason to delay, affected networks face a continuity tax that operators in less politically entangled markets may not face. That is not compliance. It is risk aversion distributed through administrative discretion.

The right response is evidence, not automatic impairment. A PEP-linked member may need to supply ownership charts, proof of authority, source-of-funds evidence, procurement records, licences, board approvals or confirmation that no listed person owns or controls it. The registry may need senior review. It may need to monitor changes more carefully. But existing resource recognition, public registration records, security objects and ordinary support should remain stable unless a binding legal condition says otherwise.

This distinction protects public networks as well as private ones. Governments and public agencies rely on number resources for emergency services, taxation portals, education systems, research networks, public websites, health platforms and critical communications. A sanctions-screening culture that treats every public-sector association as suspect can damage infrastructure in the name of protecting it. The opposite error is also real: a registry that never scrutinises public-sector relationships can miss genuine sanctions, procurement fraud, asset-freeze exposure or control problems. The answer is documented proportionality.

PEP treatment should therefore be service-specific. A new transfer involving a politically exposed beneficial owner may require senior legal review. A request to correct RDAP contact data for an existing public agency may require proof of authority but should not be treated as a market transaction. A payment from a ministry account may require bank diligence without causing existing reverse-DNS delegation to lapse while the bank asks questions. A disputed public official may create an authority issue, but that is a governance fact to verify, not a reason to penalise the network.

The registry's vocabulary matters. Recognition is not approval. Maintaining a last verified public record for a public agency does not endorse the politics of that agency. Preserving RPKI continuity for a network with public-sector ownership does not certify every director as low risk. The registry's function is strongest when it keeps the record accurate and the service effects narrow. It becomes dangerous when it experiences recognition as political blessing and delay as political prudence.

A well-run PEP process lowers costs for everyone. Members know what to disclose. Banks see that the registry can produce a reasoned file. Courts receive records rather than impressions. Customers avoid sudden unexplained holds. The registry can show that enhanced review is not hidden political discrimination. In a region where public and private network infrastructure often overlap, that discipline is not optional.

Host-state law and foreign banks pull the registry apart

AFRINIC is incorporated and operates under Mauritius law. That fact has mattered throughout its crisis. Mauritian courts have dealt with receivership, member-register questions, election disputes, bank restraints and winding-up applications. But AFRINIC serves networks across a wider region, uses banks and service providers with their own legal exposures, and operates inside a global numbering system in which other RIRs, ICANN, the NRO, operators and counterparties all care about continuity. Sanctions screening sits at exactly that crossing.

A host-state court may require one action. A foreign bank's correspondent obligations may create another constraint. A payment-card network may apply private rules. A transit provider, cloud provider, insurer or customer may use its own sanctions policy. A member may be lawful in its home state and still difficult for a foreign bank to process. A state-owned operator may serve critical domestic infrastructure while appearing in enhanced due-diligence categories outside its jurisdiction. A university, regulator or telecom ministry may be a legitimate resource holder while triggering review because public ownership appears in the file.

The registry should not pretend these conflicts are easy. It should make them explicit. Which law binds AFRINIC itself? Which restriction belongs to the bank? Which restriction belongs to the member's own jurisdiction? Which restriction belongs to a foreign counterparty but not to the registry? Which condition is a private risk policy rather than law? The answer decides the remedy.

For example, a host-state court order may preserve a disputed corporate status while allowing ordinary registry services to continue. A bank may reject a wire from a sanctioned bank while the member itself remains lawful. A foreign sanctions list may prevent a service provider from dealing with a designated entity without requiring the registry to remove historical public records. A payment processor may refuse a card from a high-risk country while bank transfer remains possible. A member's customer may be prohibited, but that does not automatically make the member prohibited unless ownership, control, facilitation or another relevant legal condition is met.

The economics of this distinction are the economics of optionality. If every external concern becomes a registry-wide ban, members cannot change payment rails, supply documents, isolate the restricted transaction, seek a licence, restructure authorised contacts or preserve existing services. If the registry maps the legal source, members and courts can choose proportionate options.

AFRINIC's institutional situation increases the need for precision. The Register reported in 2025 that AFRINIC had been unable to elect a board since 2022 and was subject to complex litigation. In 2026 it reported that AFRINIC had a new board, improved morale, a forthcoming budget and action plan, while still facing ongoing disputes. ICANN's 2026 intervention in a winding-up application, as reported by The Register, was framed around ensuring the Mauritian court understood that numbering resources are not AFRINIC assets available for distribution in liquidation. That is a narrow continuity point, not a general exemption from local law. A court decides the legal questions before it. The registry then has to translate those legal facts into the least disruptive operational outcome.

Sanctions screening should follow the same discipline. The registry should not become an informal foreign-policy clearinghouse. It should not use host-state uncertainty to avoid service. It should not allow foreign banks to define member legitimacy beyond their own transaction. Nor should it ignore a law that truly binds it. The task is layered compliance: obey the rule that applies, identify the service affected, preserve unrelated continuity, and leave larger political judgments to institutions with the mandate to make them.

Litigation stress makes continuity design non-optional

Sanctions screening is difficult in ordinary conditions. Litigation, receivership or insolvency turns it into triage. AFRINIC has had to operate in that environment. Public reporting has described years of litigation with Cloud Innovation, the freezing of bank accounts in 2021, receivership in 2023 and 2024, failed or contested election processes in 2025, a later board election, and continuing court activity into 2026. The point is not to assign all fault to one actor. The point is that a registry under legal stress has less capacity to absorb ambiguous compliance work.

When an institution is stable, a sanctions hit can move through compliance, legal, finance and member services with time to classify it. Under receivership or acute litigation, every hold becomes more expensive. Staff may be cautious. Banks may be nervous. A receiver or new board may hesitate to make discretionary decisions. Members may suspect politics. Courts may be asked to intervene before the registry has built a complete operational record. The compliance queue becomes part of the crisis rather than a way out of it.

Insolvency adds a separate problem. A winding-up application or receivership forces a court to distinguish the corporate shell from the registry function. ICANN's 2026 intervention, according to The Register's reporting, argued that number resources administered through AFRINIC are not corporate assets available for distribution. Public arguments from AFRINIC critics and reform advocates have made a related operational point in different language: protect RDAP, WHOIS, reverse DNS, RPKI and running networks; do not treat institutional survival and service continuity as identical. Those arguments come from interested positions, but the operational distinction is real. A registry can be financially stressed while its records remain crucial. A company can be under court supervision while members still need service.

Sanctions screening should therefore be designed for institutional stress, not only for calm conditions. The rules should tell a receiver, court, interim board, bank or emergency service provider which services continue by default and which can pause. They should preserve the last verified state of resources while disputes are decided. They should block unauthorised transfers and fraudulent changes. They should maintain lawful publication services. They should log contested payments. They should not require a receiver to choose between ignoring sanctions risk and shutting down unrelated services.

This is where continuity escrow belongs. The escrow is not only money. It is a package of records, keys, procedures and authorities that allows the registry function to survive legal stress. Authoritative registry data should be versioned. RDAP and WHOIS publication should have last-known-good continuity plans. Reverse-DNS delegation state should be recoverable. RPKI repositories, manifests, revocation information and trust-anchor dependencies should have a tested succession path. Compliance holds should be marked so an emergency operator can understand whether a case is true, false, unresolved, bank-only, court-driven or legally binding.

The evidence log must travel with that continuity package. If a member's payment, transfer or update is paused because of a sanctions hit, a successor or interim operator needs to know the reason. Otherwise a temporary hold can become permanent through ignorance. The file must outlive the personnel who opened it.

AFRINIC's crisis has made abstract continuity language concrete. Banks can freeze, courts can restrain, receivers can preserve, elections can fail, global coordination bodies can intervene, and members can litigate. A sanctions-screening framework built only for ordinary administration will not be enough. The test is whether it still protects lawful compliance and running networks when the registry itself is under pressure.

RDAP, reverse DNS, RPKI and queues need separate treatment

Compliance departments like binary account status because it simplifies control. Networks do not work that way. A member account touches many services, and those services carry different operational consequences. RDAP and WHOIS affect public registration data, abuse response and investigations. Reverse DNS affects naming, reputation and operational diagnostics. IRR objects and routing data support routing practice. RPKI affects route-origin assertions and relying-party confidence. Billing affects standing. Transfer processing affects market mobility. Voting credentials affect institutional control. Ordinary support queues affect the member's ability to keep the file accurate.

AFRINIC's public materials support this separation. The organisation describes member services, resource management, reverse DNS, WHOIS, DNSSEC, RPKI, IRR and RDAP as distinct areas. Its policy materials treat abuse contacts, ASN registration, temporary resources and reverse delegation as separate topics. Resource requests move through defined review stages. Each surface has its own purpose. A continuity-minded sanctions policy should ask the compliance question at that level, not at the level of an undifferentiated account freeze.

If a rule prohibits making new resources available to a designated entity, does it also require removing a historical RDAP record? The answer must be analysed, not assumed. If a bank will not accept payment, does that require declining an urgent abuse-contact correction that would make the public record more accurate? If beneficial ownership is under review, should existing RPKI state continue while new ROA creation or key changes receive independent approval? If a transfer buyer is under review, must the seller's unrelated reverse-DNS changes pause? If a support ticket corrects a typographical error in a public contact, does it need the same treatment as a request to move a /16?

The least-disruptive service map is the practical answer. It should group registry services by continuity importance and compliance sensitivity. Publication of existing records, preservation of last verified recognition, maintenance of security state and correction of inaccurate contact data usually sit close to continuity. New allocations, transfers, refunds, new contractual benefits and receipt of funds sit closer to prohibited-dealing analysis. Governance votes and powers of attorney sit in a third category because they affect institutional control rather than network operation. Emergency cases need their own rules: hijacking mitigation, critical RPKI repair, public-safety network continuity and court-preservation orders.

Support queues deserve special attention because delay itself can be the denial. A sanctions hit that does not legally require refusal may still slow a ticket for weeks. During that period, a member may miss a transaction window, fail to update records after a merger, lose a customer that required clean reverse DNS, or operate with stale contacts during an incident. The registry may later say it never refused the service. Economically, the delay did the work.

Queue labelling and deadlines reduce that harm. A compliance hold should not disappear into ordinary support. It should carry a service label, a deadline for first review, a deadline for member evidence, an escalation path for urgent continuity, and a date by which the registry clears, narrows, extends with reasons, or refuses with legal basis. If the registry needs more time because a bank or authority has not answered, it should preserve standing where lawful and explain what continues. If the member has not supplied evidence, the registry should state what evidence is missing and what service effect follows.

RPKI is the hardest case because it combines security, authority and reliance. A registry should not alter security assertions carelessly during a sanctions or ownership dispute. It also should not let a compliance queue create stale or broken security state that harms routes or relying parties. The conservative posture is last-verified-state preservation, limited emergency changes, independent review for new authority, and clear logging. Security continuity should be treated as an engineering requirement, not a bargaining chip.

Scarcity explains why overcorrection is tempting

No fair account should ignore why registries screen, verify and sometimes overreact. AFRINIC's history includes real reasons for suspicion. KrebsOnSecurity reported in 2019 on allegations that address records associated with defunct or acquired African businesses had been manipulated and that address blocks had been sold through companies linked to a former AFRINIC policy coordinator; AFRINIC said at the time that it was investigating. The Internet Governance Project's 2021 analysis connected that history to later efforts by AFRINIC to clean records and respond to perceived misuse. AFRINIC's exhaustion materials show a scarce pool managed through soft-landing phases, ticket order, completeness review, hostmaster evaluation and payment. Scarcity, corruption allegations and the low-fee/high-value gap make lax verification dangerous.

Overcorrection has its own economics. An institution embarrassed by weak controls may try to repair legitimacy by making every member prove too much, too often and under too much discretion. It may demand more customer-use evidence than is necessary for registry accuracy. It may treat unusual commercial models as suspicious. It may read regional-development arguments into old allocations. It may make transfer or payment review a way to express unease about the secondary market. It may believe that a hard stance protects the community when it actually transfers uncertainty to lawful networks.

The sanctions-screening version is easy to imagine. A name hit appears. The registry remembers past fraud. The bank asks questions. Staff fear being blamed for letting a risky payment through. Public controversy already surrounds the member. The account is placed on hold. Transfer processing stops. Support becomes cautious. The member complains. The registry cites compliance. Counterparties hear the word "sanctions" and step back. Weeks later the hit is cleared or narrowed, but the transaction has failed and the discount remains.

That pattern is not unique to AFRINIC. It is how screening systems behave when false positives, institutional fear and service bundling meet. A registry emerging from governance crisis is especially vulnerable because every decision is read politically. If it clears the member, critics may accuse it of weakness. If it holds the member, the member may accuse it of weaponising compliance. Only a documented service map and evidence trail can protect the institution from both accusations.

Scarcity raises the threshold of harm. When IPv4 was abundant, a slow registry update could be annoying. In a scarce market, the same delay can affect asset value. The Internet Governance Project noted in 2021 that IPv4 market prices had risen sharply and cited pricing under which a /16 could be worth around US$2 million. Prices change, but the structural point does not. A hold on recognition, transfer, payment or standing touches capital, not just paperwork. A sanctions-screening error can destroy value without ever saying "revocation".

The right lesson from AFRINIC's history is not that compliance should be weak. It is that compliance should be bounded. Fraud controls should target fraud. Sanctions controls should target prohibited dealings. Identity controls should target authority. Payment controls should target funds movement. Registry accuracy controls should target the public record. When all of these controls merge into one broad discretionary posture, the registry recreates the conditions for the next crisis.

The operating rule is prohibited dealing versus lawful continuity

The core sentence in a registry sanctions policy should be simple: a prohibited dealing is not the same as unrelated registry continuity. The sentence does not answer every legal question. It organises them.

If a binding rule prohibits the registry from allocating new resources to a designated entity, the registry should not allocate. If a rule prohibits accepting funds through a designated bank, the registry should not accept those funds through that channel. If a court freezes a party's right to transfer, the registry should not complete the transfer. If a law requires rejection, freezing, licence application or reporting, the registry must act within the law. Compliance in those cases is not optional.

But a prohibition on one dealing should not automatically disable every service. Existing public records may need to remain visible for accuracy and investigations. Existing RPKI state may need preservation to avoid routing harm, subject to legal advice. Reverse DNS may need to remain stable unless a legal order or technical-integrity issue requires change. RDAP corrections that reduce confusion may be lawful and desirable even while commercial transactions are paused. An appeal route may need to remain open even for a restricted party. A court may need the last verified registry state preserved rather than altered.

This distinction matters because registry services affect non-parties. Customers, security teams, abuse reporters, lenders, buyers, public agencies and other operators rely on continuity around the record. A sanctions rule may target a party. A registry service impairment can spill into the network. The registry's job is to prevent that spill unless law requires it.

The rule can be translated into a practical sequence. First, identify the legal or operational source of the concern. Second, identify the exact dealing or service it affects. Third, choose the least disruptive registry action that satisfies the obligation. Fourth, preserve and log unaffected services. Fifth, give the member a notice that states the evidence needed, timeline, appeal path and urgent-continuity channel. If the registry cannot answer those points, it is not ready for a broad hold.

The remedies are operational rather than rhetorical. A narrow legal-basis rule prevents "sanctions compliance" from becoming a label for general discomfort. A least-disruptive service map separates invoice acceptance, standing recognition, new allocations, transfers, contact changes, RDAP/WHOIS publication, reverse DNS, IRR updates, RPKI maintenance, emergency security actions, governance voting and routine support. Standing grace prevents a bank screen from turning into delinquency while a cooperating member attempts lawful payment. A false-positive appeal path gives the member a named route to supply registration documents, identity information, ownership charts, bank letters, court orders or legal opinions. Evidence logs make proportionality auditable. Payment segregation prevents one blocked rail from becoming resource uncertainty. Continuity escrow protects authoritative data, change history, service dependencies, RPKI succession material, reverse-DNS state and compliance-hold metadata if the institution is incapacitated.

Notice language should be equally disciplined. A member should know what happened, what rule or review applies, what services continue, what services pause, what evidence is needed, what deadline applies, who reviews the case and how urgent network-continuity issues are handled. A transfer counterparty asking about standing should not receive a binary answer that hides the reason for a hold. "Good standing preserved under payment-screening grace; transfer approval pending funds review" is more informative and less destructive than "not in good standing." "Existing resource recognition preserved; beneficial-owner evidence under review for requested transfer" is different from "account under sanctions review." Infrastructure markets need amber categories because many risks are neither clear nor fatal.

Due process here is not a moral ornament. It is an economic tool. A member that knows the affected service and the cure path can act. It can supply documents, obtain bank clarification, seek legal advice, ask a court for direction, notify counterparties accurately or restructure a transaction. A member facing only a vague compliance hold cannot reduce uncertainty. Its counterparties will assume the worst because the file gives them nothing to price.

Operators should prepare before a hit lands

The operator's role is not passive. A network that depends on AFRINIC resources should treat sanctions screening, payment continuity and account standing as board-level risk, not as an annual invoice chore. This is especially true for operators with valuable IPv4 holdings, government customers, public-sector ownership, cross-border financing, politically exposed directors, complex beneficial ownership, high-risk customer geographies or transfer plans.

The first task is a registry dependency map. Which resources are held? Which services depend on current AFRINIC credentials? Which contacts are authorised? Which email addresses receive invoices and compliance notices? Which bank account pays dues? Which customers rely on reverse DNS? Which RDAP, WHOIS, route objects and RPKI records need maintenance? Which contracts reference registry standing? Which lenders, insurers, buyers or customers require proof of clean recognition? A sanctions screen becomes less dangerous when the operator already knows which external promises are tied to the registry file.

The second task is evidence readiness. Corporate registration documents, beneficial-owner charts, director identification, powers of attorney, board resolutions, licences, tax records, bank letters, source-of-funds explanations and contact authorisations should not be assembled for the first time after a screen hits. They should be current and internally consistent. AFRINIC's election disputes show the institutional cost of documentary uncertainty in governance; sanctions screening shows the same cost in service continuity.

The third task is payment redundancy. The operator should know whether it can pay by bank transfer, card, alternative account, parent-company account, escrow or another lawful method. It should preserve proof of attempted payment. It should not wait until late-payment penalties begin before asking a bank why a transaction failed. If it operates in or near a high-risk jurisdiction, it should pre-clear payment channels where possible and know who can provide bank letters quickly.

The fourth task is contract language. Customers, lenders and buyers should not be promised impossible certainty. They should be told how registry-risk events are handled: standing grace, evidence production, continuity notices, alternative routing arrangements, emergency contacts and dispute escalation. A company that sells high-availability service on top of number resources must explain what happens if the registry account enters payment or sanctions review.

The fifth task is account hygiene. Operators should regularly verify authorised contacts, billing contacts, technical maintainers, two-factor access where used, corporate names, registered addresses and notification channels. They should know who can instruct the registry during a merger, insolvency, leadership change or public-sector transition. They should avoid letting a former employee, consultant or disputed proxy remain the only practical path into the account. In a sanctions or beneficial-ownership review, outdated authority records can make a solvable problem look suspicious.

The sixth task is governance monitoring. AFRINIC's board status, bylaw review, litigation, resource-transfer policy, fee changes, service status, support performance and external interventions can all affect registry risk. The Register's reporting that AFRINIC had 773,376 unallocated IPv4 addresses in 2026 and that its new board was preparing budgets and strategy is not trivia for affected members. It helps operators judge whether the institution is returning to ordinary capacity or still operating under stress.

None of this requires treating the registry as an enemy. It requires not treating the registry as invisible. The best time to prepare a sanctions false-positive file is before a false positive. The best time to test payment channels is before the due date. The best time to check who can instruct the account is before a disputed power of attorney appears. The best time to map RPKI and reverse-DNS dependencies is before a support queue slows. Boards understand continuity risk for data centres, cloud providers, insurers, banks and major customers. The registry layer belongs in the same discussion.

What to watch at AFRINIC now

The immediate watchpoints are practical rather than symbolic. The first is whether AFRINIC's rebuilt governance publishes clear account-standing rules for payment-screening events. If a member's payment is delayed by a bank, processor or list match, does standing continue while evidence is reviewed? Does the member receive a labelled status? Are transfer and support effects separated? The answer will show whether billing is being treated as a continuity surface rather than a simple debt timer.

The second watchpoint is member identity after the election disputes. A serious reform would distinguish voting authority, resource authority, billing authority, beneficial ownership and technical maintainer access. It would not let a defect in one category contaminate all others. It would create evidence standards for powers of attorney and beneficial-owner statements before the next fight begins. If documentary review remains opaque, every future compliance hold will be read through factional suspicion.

The third watchpoint is public language. AFRINIC may need to warn members about fraud, litigation, misleading statements or legal orders. It should avoid using compliance vocabulary as a public-relations weapon. If a court order concerns a particular statement, say that. If a payment is under bank review, say that. If a member is legally prohibited, cite the basis through the proper channel. Broad language creates market risk because banks, buyers and customers hear more than the institution may intend.

The fourth watchpoint is service-continuity reporting. AFRINIC's future legitimacy will be strengthened less by slogans than by measurable performance: RDAP uptime, WHOIS availability, reverse-DNS turnaround, RPKI repository health, ticket-age distribution, payment-review timelines, appeal outcomes and data-quality corrections. The NRO's 2023 statement thanked AFRINIC staff for maintaining operations during difficult times. The next stage should turn that resilience into published service discipline.

The fifth watchpoint is interaction with banks and courts. If future litigation or compliance events affect funds, the registry should show that member services are insulated where lawful. If a court is asked to freeze, restrain or preserve, the registry should provide a service map explaining which orders would damage non-parties and which narrower alternatives exist. Courts cannot preserve continuity well if the registry does not explain its own architecture.

The sixth watchpoint is whether the wider RIR and ICANN framework treats continuity as functional rather than institutional. Emergency assistance, derecognition and successor operation may be necessary tools. They should not become a way to protect incumbent discretion. The useful question is always whether records, publication services, security state and lawful member reliance survive. It is not whether the existing institution wins every argument about authority.

Finally, watch the market. If buyers discount AFRINIC resources because of payment, transfer, sanctions or litigation risk, the market is measuring confidence. If banks ask for more registry-risk warranties, if customers demand continuity clauses, or if lenders refuse to treat address holdings as stable, those are price signals. They may be uncomfortable, but they are more honest than official reassurance.

AFRINIC is not the only registry exposed to these issues. It is the clearest stress case because scarcity, litigation, receivership, election turmoil, corruption allegations, public controversy and recovery efforts have converged in one institution. That makes it a useful place to define a rule that should apply everywhere: sanctions compliance must be lawful, specific and auditable; business-continuity harm must be minimised; and the registry's fear of risk must not become a substitute for law. Refusing a prohibited dealing is compliance. Disabling unrelated continuity is power. A registry that remembers the difference can obey law without becoming another source of avoidable infrastructure risk.