Summary
- LACNIC sanctions-screening analysis asks how name matching, beneficial ownership, banking evidence and compliance lists can protect lawful records without freezing live networks by mistake.
- When IPv4 scarcity turns registry entries into capital facts, a false positive can affect transfer timing, customer continuity, routing evidence, reverse DNS, RDAP and RPKI confidence.
- A credible ledger keeps sanctions screening narrow, evidence-bound, reviewable and reversible rather than converting compliance into hidden capital control over portable address value.
A file that looks smaller than it is
The first document in a sanctions case rarely announces itself as infrastructure policy. It looks like a compliance file. A name has been checked against public or bank-maintained lists. A company has been compared with a register. A shareholder chain has been drawn, perhaps cleanly, perhaps with a gap where a holding company stands between the operating network and the ultimate economic owner. A payment route has been reviewed. A bank has asked a question. A registry officer has marked the case for escalation. The file may contain passports, incorporation extracts, corporate resolutions, invoices, declarations, and a few lines explaining why a match is probably innocent or why the case must wait for more evidence.
Nothing in that file says that customers may lose reachability, that reverse DNS may be delayed, that an RPKI change may become uncertain, that a transfer may fail, or that a block of IPv4 addresses may become harder to finance. It does not look like capital control. It looks like evidence discipline. In a lawful compliance system, that is what it should be. A registry serving Latin America and the Caribbean cannot pretend that sanctions rules, anti-money-laundering obligations, terrorism-financing controls, bank requirements and corporate-identity checks do not exist. It receives payments, signs service agreements, maintains a public registry, handles transfer requests, and deals with legal entities whose names, owners, directors and payment routes may cross several jurisdictions. A mature institution has to know whom it is dealing with.
The danger begins when the file changes character. A screening note should identify evidence, define uncertainty and create a path for cure. It should not become a general licence to immobilise scarce resources, judge the commercial acceptability of a corporate structure, or convert registry access into broad gatekeeper discretion. Sanctions screening can be lawful and necessary. It becomes economically dangerous when the registry forgets the difference between checking a counterparty and governing the continuity of the networks behind that counterparty.
LACNIC is a useful case because its region is structurally cross-border. A network may be incorporated in one country, financed from another, operated across several markets, and dependent on vendors, banks, cloud platforms, transit providers and customers outside the formal service region. A local internet service provider may be owned by a regional holding group. A hosting company may receive outside investment. A content, fintech or enterprise-connectivity operator may use infrastructure in Miami, Sao Paulo, Santiago, Bogota or Mexico City while serving customers elsewhere. The registry record compresses that economic complexity into a small set of names, contacts and resources.
Compliance departments do not experience this complexity as theory. They experience it as a queue of decisions. Is the applicant the operating company or the holding company? Does a director share a name with a listed person? Does a bank refuse payment because a country, address, beneficial owner or customer segment triggers a risk rule? Does a transfer request involve a counterparty whose ownership changed recently? Is a corporate resolution valid in the registry's working language? Does a nominee shareholder hide control, or merely reflect ordinary legal practice? If a match is unresolved, can services continue while evidence is gathered? If services are restricted, which services, for how long and under whose review?
These questions are not exotic. They are the ordinary machinery of modern compliance. Yet in the number-resource layer they acquire unusual force because the registry does not simply sell a replaceable service. It maintains recognised status for identifiers that other systems trust. IPv4 addresses are not only rows in a database. They sit inside firewalls, customer allowlists, cloud routing, abuse desks, contractual commitments, security appliances, payment systems, logs, partner integrations and finance documents. A compliance flag that would be a payment delay in an ordinary service relationship can become a continuity event when it touches the recognised status of those identifiers.
The institutional-economics question is therefore narrow but severe. How can LACNIC conduct lawful sanctions screening without turning itself into a sanctions office for the internet economy of the region? How can it respect the laws and banking constraints that bind it without converting those constraints into discretionary control over scarce IPv4 capital? The answer is not to abolish screening. The answer is to keep screening as evidentiary discipline and prevent it from expanding into a hidden system of allocation, immobilisation and business judgment.
That distinction also separates this problem from a simple debate about sovereignty or cross-border compliance costs. The issue is not whether a regional institution should resist outside pressure, nor whether operators should be spared the expense of legal compliance. The issue is subtler. Screening can be the lawful production of evidence, yet still become an economic control if the registry applies it too broadly across transfers, RDAP, reverse DNS, RPKI and account continuity. Once scarce IPv4 resources are involved, discretion over time and recognition becomes discretion over capital.
Compliance as evidence, not entitlement
A serious compliance regime begins with evidence. It asks what can be verified, what remains uncertain, what law applies, what the institution is required to do, and what steps can reduce risk without causing avoidable collateral harm. Evidence has boundaries. It can show that a name matches a listed person. It can show that the match is a false positive. It can show that a company is majority-owned by a prohibited person, or that an apparent connection is only a naming coincidence. It can show that a payment cannot be processed through a particular bank. It can show that a transfer file lacks authority from the current registrant. It can show that a beneficial-owner declaration is incomplete.
Evidence does not by itself decide the outer scope of institutional power. That is the step many administrative systems slide over. Once a compliance team finds uncertainty, the institution may begin to behave as if uncertainty creates entitlement. The registry may hold the update, hold the transfer, hold the account change, hold the certificate request, hold the reverse-DNS change or hold the public-record correction until the uncertainty disappears. Some holds are prudent. A forged transfer should not proceed. A duplicate claim should not be recorded. A sanctioned counterparty may need to be blocked if binding law requires it. But uncertainty does not entitle the registry to use the entire dependency stack as leverage.
The proper question is proportionality by function. Which registry function is actually at risk? If the risk concerns payment, the payment path may be suspended or rerouted while core publication services continue. If the risk concerns authority to approve a transfer, the transfer can pause while the last verified registration remains intact. If the risk concerns beneficial ownership, the registry can request clarification and set a cure period without contaminating routing-security assertions or reverse-DNS continuity. If the risk concerns a legal prohibition on providing services to a named party, the registry should identify the precise services that the prohibition reaches and avoid turning a narrow legal duty into a general punishment.
The evidence discipline should therefore separate three questions that are often confused. First, who is the member, who can sign, who owns or controls the member, and who is the authorised contact? Second, does a binding rule prohibit the registry or its financial intermediaries from dealing with that person or entity? Third, what must remain stable so that networks, customers and relying parties are not harmed while the first two questions are being resolved? A sound system can investigate identity and legal eligibility without immediately destroying continuity.
The separation also protects compliance staff from impossible expectations. If every uncertainty is treated as a possible reason to impair the whole account, the reviewer becomes a de facto controller of network continuity without the mandate, tools or liability surface that such control would require. If the question is narrowed to evidence, law and functional scope, the reviewer can make a defensible decision. A clear file is safer than a powerful file.
The distinction is especially important where sanctions lists are blunt instruments. They are designed for enforcement in financial and legal systems, not for the fine-grained maintenance of internet identifiers. A listed person may be clearly prohibited. An entity may be majority-owned by a listed person. A company may merely share a similar name. A downstream customer may be located in a high-risk jurisdiction without controlling the resource holder. A shareholder may own a minority stake without operational control. A holding company may consolidate invoices without directing network operations. Treating all of these cases alike does not protect the internet. It turns nuance into immobilisation.
For LACNIC, the better posture is narrow. The registry may require accurate corporate identity. It may require authority documents. It may screen counterparties when law or bank obligations demand it. It may refuse to record a transaction that lacks evidence of control. But it should not treat the compliance file as a licence to review the social desirability of the holder's business model, the nationality of its customers, the political sensitivity of a market, or the commercial wisdom of a transfer. When those questions belong to governments, courts, banks or counterparties, the registry should not absorb them merely because it controls the database switch.
Narrowness is not weakness. It is the condition that lets screening retain legitimacy. A sanctions case is strongest when the institution can say exactly what fact was checked, what rule applied, what service was affected, what evidence would cure the concern and what review remains available. It is weakest when the institution can only say that the case is sensitive and therefore everything must wait. Sensitivity may justify care. It does not justify unlimited reach.
The sanctions office problem
The phrase sanctions office sounds official. It suggests a unit with access to government lists, legal interpretations, escalation channels and a mandate to stop prohibited dealings. A bank may need something like that. A multinational carrier may need one. A registry may need a compliance function that checks sanctions exposure. The question is whether the registry becomes, in practical effect, a sanctions office over number-resource mobility for the region. The difference is not semantic. It is institutional.
A sanctions office inside a bank controls the bank's own risk. It may refuse a payment, close an account, block a transaction or report suspicious activity under the laws that govern it. Those actions can be severe, but the bank is not normally the global source of validity for the asset whose owner it screens. If one bank refuses, another may be available, subject to law and risk appetite. If all banks refuse, the problem is financial exclusion, not technical invalidation of the asset itself. A registry occupies a different position. Its recognition is part of the infrastructure through which number resources remain legible to the market and to network operations.
That position magnifies mistakes. If LACNIC treats a sanctions concern as a reason to block a payment, the member may need another lawful payment route. If it treats the same concern as a reason to freeze transfers, the member's asset mobility is impaired. If it treats the concern as a reason to suspend access to certification, RDAP updates or reverse-DNS changes, downstream customers and relying parties may be affected. If it treats the concern as a reason to question the entire membership relationship, a compliance review becomes an existential threat. The same underlying concern produces different economic effects depending on how high in the dependency stack the registry applies it.
The sanctions office problem is therefore a problem of vertical reach. A registry can comply with a legal prohibition at the level where the prohibition applies. It should be cautious about projecting that prohibition upward into all registry functions. A payment problem is not automatically a registration problem. A shareholder question is not automatically a routing-security problem. A transfer concern is not automatically a reason to disrupt the last verified operational state. A beneficial-owner inquiry is not automatically proof that a customer, lessee or affiliate must be treated as a prohibited actor.
The registry should therefore commit itself to a clear sanctions-screening architecture. It should identify the list types used, the match thresholds, the evidence required to clear a match, the difference between a payment hold and a registry-status hold, the services that continue during review, the authority for any restriction, the appeal route, the cure period, the confidentiality boundary and the conditions under which an independent order is needed before irreversible harm occurs. The aim is not to help bad actors evade screening. The aim is to let lawful holders, customers and counterparties understand what kind of risk they are carrying.
The better model is a registry that treats itself as an evidence custodian, not a regional sanctions sovereign. It can receive information, verify identity, comply with binding legal duties and record dispute metadata where necessary. It can refuse to process prohibited transactions. But it should preserve the last verified operational state unless a clear legal rule, independent order or narrow emergency requires disruption. It should not use sanctions language to expand into moral screening, political filtering or market supervision. Once it does, the registry ceases to be a neutral ledger and becomes a hidden allocator of continuity.
Banking lists and registry records are not the same thing
Modern sanctions screening is partly a banking story. A registry may never intend to become an enforcement actor, yet its bank may force questions onto the registry relationship. A payment from a member may be blocked because a name, country, correspondent bank, intermediary or ownership hint triggers a list. A bank may ask the registry to supply more information about a payer or refuse to process funds until a match is resolved. The registry then faces a practical problem: it cannot receive ordinary payment from a member whose resources remain in the database and whose customers remain online.
That is a serious operational issue. But a bank's list and a registry's record serve different functions. The bank's list is a risk-control tool for financial transactions. The registry's record is a public coordination tool for unique identifiers. The bank may say, in effect, that it will not touch this money. The registry should not automatically translate that into a statement that the holder no longer holds the resource, cannot maintain reverse DNS, cannot preserve RPKI validity, or cannot transfer resources under a lawful process. A payment rail is not the same as registry truth.
Confusing the two creates hidden capital control. If the only practical way to keep recognition is to satisfy the registry's bank, then the bank's risk appetite becomes an indirect condition of IPv4 mobility. A holder may not be legally sanctioned, may control its resources, may serve lawful customers and may have accurate records, yet still face impaired registry status because a payment intermediary is uncomfortable. The registry may describe the issue as billing or compliance, but the market will experience it as a restriction on the asset. That is not a small distinction. It changes how buyers, lenders and counterparties value the resource.
A mature registry must therefore maintain separation between payment compliance and ledger continuity. If a payment cannot be accepted through one channel, the institution can identify lawful alternatives. If no lawful payment can be accepted because binding sanctions prohibit dealing with the member, the registry must document that constraint and tailor the restriction to the law. If the problem is uncertainty rather than prohibition, services essential to public coordination should continue while the member has a defined cure window. If fees accumulate during review, the accounting treatment should be clear so that the member is not later accused of non-payment caused by the registry's own blocked payment path.
LACNIC's regional context makes the separation more important. Latin America and the Caribbean include economies with different levels of dollar dependence, correspondent-banking access, political risk and corporate-register quality. Some legitimate firms may face higher payment friction because of where they operate, not because they are sanctioned actors. Others may use holding structures to manage tax, financing, regional expansion or investment. A registry that over-identifies banking friction with registry risk will impose uneven costs across the region. The result will not be neutrality. It will be a bias toward firms whose banking profile resembles that of the compliance centre.
The registry should instead treat banking signals as inputs, not commands. A blocked payment may be evidence that further review is needed. It may be evidence that a payment channel should change. It may be evidence that a legal prohibition applies. But it is not by itself evidence that an address block should be immobilised, that customers should be exposed to continuity risk, or that a transfer should be frozen indefinitely. The ledger must remain disciplined by its own function, not by the most cautious actor in the financial chain.
This is where institutional modesty has practical value. LACNIC does not need to deny the seriousness of financial compliance. It needs to prevent financial compliance from swallowing registry continuity. The correct sentence is not that payment risk is irrelevant. It is that payment risk must be handled at the payment layer unless and until evidence shows that registry law or registry integrity is directly at stake. That sentence protects both sides. It gives compliance staff a rule, and it gives holders a boundary.
False positives and the cost of being nearly named
The false positive is the central moral test of a screening system. It is easy to design a process for the obvious case. If the exact legal entity is named on a binding list and the law prohibits service, the registry's room for choice may be small. The difficult case is the almost-match: a similar name, a transliteration, an old director, a minority investor, a former affiliate, a national identifier entered incorrectly, a company with the same commercial name in another jurisdiction, or a beneficial owner whose public record is incomplete. The screening system says caution. The network says continuity.
False positives are expensive because they arrive before proof. A company does not need to be sanctioned to suffer the economics of sanction suspicion. A delayed transfer can break a financing schedule. A pending RPKI update can make a routing-security plan uncertain. A stalled reverse-DNS delegation can affect mail reputation, customer onboarding or operational migration. A frozen account update can prevent an acquirer from cleaning up records after a merger. A public hint that a holder is under compliance review can make customers ask whether their own service is at risk.
The cure window is therefore the heart of fairness. A registry that identifies a possible match should tell the holder what fact is uncertain, what evidence can resolve it, who will review the evidence, how long the holder has, what services continue, what services are paused, what happens if the holder needs more time, and how the decision can be appealed. Without these elements, the holder is negotiating with fog. Fog is not due process. It is a risk premium.
False positives also reveal why service segmentation matters. Not every registry action creates the same harm. Pausing a non-urgent transfer while authority is verified may be reasonable. Suspending all account access may not be. Blocking reverse-DNS changes needed for an operational migration may cause collateral harm unrelated to the compliance question. Interrupting RPKI services may create relying-party uncertainty that reaches networks not involved in the case. Publishing ambiguous status may damage reputation without improving accuracy. A good screening system should choose the least continuity-damaging measure that addresses the specific risk.
The registry should want to avoid that discount. Its public record becomes more valuable when market participants believe that uncertainty will be handled by evidence, proportion and review. The best compliance reputation is not the reputation of maximum aggression. It is the reputation of accurate discrimination. A system that can distinguish a sanctioned person from a namesake, a controlling owner from a passive investor, a prohibited service from a lawful continuity function, and a payment problem from a ledger problem is more credible than a system that freezes broadly and explains later.
False positives also interact with language. Latin American and Caribbean corporate names, personal names and transliterations can produce repeated matches across countries. Diacritics may be stripped. Names may appear in different order. Common surnames can collide with list entries. Corporate registries may use abbreviations. A screening system that relies too heavily on name similarity without contextual evidence will overburden the region it is supposed to serve. It will turn ordinary naming patterns into compliance alarms.
The cure for that problem is not laxity. It is better evidence. Date of birth, incorporation number, registered address, ownership percentage, directorship history, control rights, transaction context and payment details can narrow risk. The registry's job is to ask for relevant evidence, not unlimited evidence. Unlimited evidence requests become fishing expeditions. They also invite the holder to disclose private customer or commercial information that the registry does not need for its limited function. Over-collection is not prudence when it expands the registry's view into business life.
Being nearly named should not be enough to lose continuity. It should be enough to trigger a disciplined inquiry. The difference is the difference between compliance and control. LACNIC's legitimacy in this area will depend less on whether it can say it screens against lists and more on whether it can show that the innocent match is cleared quickly, quietly and without damaging the network that was never the intended target.
Holding companies, beneficial owners and the registry record
Corporate identity is where sanctions screening meets registry theory most directly. The registry record wants a holder. Compliance wants to know who stands behind the holder. Business reality often supplies more than one answer. The operating company may run the network. A holding company may own the shares. A regional group may centralise treasury. A parent may provide guarantees. A founder may control voting rights through one vehicle and economic rights through another. A public-sector enterprise may have a ministry, authority or state-owned group behind it. A private equity fund may hold through layers designed for investment, tax, governance or lender protection.
None of this is automatically suspicious. It is ordinary corporate life. Yet for a registry, layers can be uncomfortable because the public record is simple while control is complex. Sanctions screening intensifies the discomfort because the relevant question may not be the name on the registry account. It may be the person or entity that owns, controls or benefits from the holder. Beneficial ownership is therefore necessary evidence. It is also a dangerous gateway if the registry uses it to move from identity verification into business supervision.
The correct purpose of beneficial-owner review is narrow. It should determine whether the registry is legally prohibited from dealing with the holder, whether the person signing for the holder has authority, whether a transfer reflects a genuine change of control, and whether the registry record will remain accurate. It should not become a general inquiry into whether the registry approves of the ownership model, investment route, customer base or commercial strategy. A holding company is not a deception merely because it is not the network operator. A nominee, trustee or intermediate vehicle may require explanation, but explanation is not guilt.
Holding-company identity also matters for continuity. Many networks change shape over time. A local operating company may merge into a group. A founder may sell a majority stake. A regional provider may consolidate subsidiaries. A distressed operator may move assets into a restructuring vehicle. If the registry treats every corporate change as a fresh discretionary admission decision, it can make normal business continuity fragile. The better approach is to ask whether continuity of control and responsibility can be documented. If it can, the registry should update records, preserve the operational state and record the change. If it cannot, the registry should identify the missing evidence and hold only the changes that create real risk.
The registry should therefore resist the fiction that the simplest holder record is always the most truthful one. A single operating entity may be easy to see, but it may not reflect who controls the business. A holding company may be one step removed from routers, but it may be the legally relevant owner. Beneficial-owner evidence should help the registry understand this structure, not punish the structure for existing. The question is not whether the corporate tree is aesthetically simple. The question is whether responsibility, authority, control and legal eligibility can be verified.
Sanctions screening becomes illegitimate when it treats complexity as discretionary opportunity. A registry officer may dislike a structure. A community participant may suspect commercial speculation. A competitor may complain that a transfer is designed to move scarce resources into a group with regional or foreign investors. Those views may be politically potent. They are not the same as evidence of sanctions risk. If the registry lets them enter through the compliance door, the sanctions file becomes a tool for market control. That is the drift a scarce-resource system must avoid.
LACNIC can reduce the risk by formalising a corporate-identity standard that is demanding but bounded. The standard should ask for legal existence, authority to act, ownership and control evidence where relevant, sanctions exposure, contactability, payment responsibility and continuity of obligations. It should also state what is outside the inquiry: commercial merit, ordinary holding-company design, lawful foreign investment, customer geography, price, and the registry's preference for one business model over another. A bounded standard would help staff because it tells them when to stop. It would help holders because it tells them what to prepare. It would help the market because it makes corporate change less mysterious.
Scarce IPv4 turns delay into capital control
In an abundant-address world, delay was irritating. In a scarce-address world, delay is economic power. That difference is the central fact behind sanctions screening and continuity. When IPv4 could be obtained through ordinary allocation at low marginal cost, a registry hold might slow an administrative task. Today, the same hold can affect the price, timing and financing of a scarce asset. A week may change a negotiation. A month may break a closing. A quarter may alter a network expansion. Uncertain duration may make a transaction unfinanceable.
This is why transfer freezes are so sensitive. A freeze may be necessary where a transaction appears forged, a party lacks authority, a court order applies or a binding sanctions rule prohibits the registry from recording a change. But a freeze is also a capital-control instrument in effect, even when not in intention. It prevents an asset from moving. It can trap value inside an entity, prevent a sale, block collateral use, frustrate restructuring and shift bargaining power. If the freeze is broad, indefinite or poorly reasoned, it becomes indistinguishable from discretionary economic control.
The registry may object that it does not own the resource and does not control capital. That is formally convenient and economically incomplete. The market value of IPv4 depends on recognised transferability. A resource that cannot be transferred under predictable conditions is worth less than one that can. The registry does not need to own the resource to affect its price. It only needs to control, delay or cloud the recognised record. In scarce markets, recognition is a capital function.
Sanctions screening can therefore create a hidden capital control if it lacks duration limits and review. A holder under review may be unable to sell resources, complete a merger or use addresses in financing. A buyer may withdraw rather than wait. A lender may discount the resource. A lessee may demand stronger warranties. The registry may call the matter unresolved. The market calls it impaired liquidity. The language differs because the registry sees the file and the market sees the asset.
That is the core economic claim. Lawful evidence discipline can coexist with market continuity. Broad registry discretion cannot. A registry does not need a confiscatory motive to produce confiscatory effects. It only needs the power to make recognised transferability uncertain for an undefined period. The result is a hidden premium on every transaction that might touch sanctions screening, bank comfort, complex ownership or cross-border payment routes.
That is why appeal and cure windows must be real, not decorative. A cure window should specify the evidence needed and the consequence of providing it. An appeal should reach someone who can review both the compliance assessment and the proportionality of the restriction. A freeze should have periodic review, a maximum duration absent independent order, and a written explanation of why less restrictive measures are insufficient. If law prevents disclosure of some details, the registry should still provide enough information for the holder to respond. Secret evidence may be unavoidable in limited cases. Secret standards are not.
A sound system should also distinguish asset mobility from operational continuity. Freezing a transfer does not require breaking RDAP accuracy, reverse-DNS continuity or existing RPKI objects. In many cases, the safest course is to preserve the last verified operational state while preventing new changes that would worsen the contested risk. This protects the ledger and customers without allowing a disputed transaction to proceed. It also respects the fact that the registry is a coordinator, not a receiver appointed to manage the holder's business.
The central principle is simple: restrictions should be no broader than the evidence and law require. If a named party cannot receive services, say which party and which services. If a transfer lacks authority, hold the transfer, not the operational resource. If a payment route is blocked, solve payment or account for suspended billing, not resource validity. If ownership evidence is incomplete, ask for the missing evidence and preserve continuity while it is provided. If an independent authority orders a freeze, record the order and its scope. Each sentence narrows discretion. Each sentence reduces the capital discount.
In a world of scarce IPv4, administrative humility is not a philosophical preference. It is market infrastructure. LACNIC's screening process will either lower the risk premium by making delay bounded, evidenced and reviewable, or raise it by making delay unpredictable. The registry does not need to intend capital control to create it. The economics are produced by the position it occupies.
Continuity below the compliance desk
The compliance desk sees names, documents and flags. The network below it sees routes, certificates, records and customers. The two layers must speak to each other, but they should not be collapsed. A sanctions question at the account layer should not casually become an RPKI problem. A beneficial-owner inquiry should not casually become an RDAP blackout. A payment review should not casually become a reverse-DNS failure. Continuity is the discipline that keeps the compliance process from causing more harm than the risk it is meant to control.
RDAP is part of that continuity because it gives public, structured access to registration information. If a holder is under review, the accuracy of RDAP becomes more important, not less. Counterparties need to know the last verified holder, the responsible contacts, the status of relevant records and, where appropriate, that certain changes are under dispute or restriction. Removing or degrading public registration data because of a compliance concern can make the market less safe. It pushes information into private channels and gives advantage to insiders who know the story.
Reverse DNS is also continuity infrastructure. It may look like a technical side service, but many operational systems still depend on reverse naming for reputation, logging, troubleshooting, mail handling and customer assurance. A compliance hold that prevents a holder from maintaining reverse DNS can create harm far outside the sanctions file. Customers may see service degradation without knowing that the cause is an upstream registry process. The registry should therefore treat reverse-DNS continuity as presumptively preserved unless the change itself is the risk.
RPKI requires even greater caution. It is a security assertion system, not a moral approval badge. Route origin authorisations help relying parties decide whether an announced route is consistent with the holder's authority. If a compliance review contaminates RPKI continuity, the registry may create routing-security uncertainty that affects networks and customers beyond the target. Revoking, refusing or destabilising security objects should be a last resort tied to clear legal or technical necessity. Where the dispute is about ownership evidence, transfer authority or payment, the last verified security state should generally be preserved while the dispute is isolated.
Dispute isolation is the key phrase. A registry can record that a resource is under review. It can block conflicting updates. It can prevent a transfer from closing until authority is established. It can require additional evidence before making new delegations. But it should isolate the dispute from unrelated operations. The public internet is not made safer when every compliance concern becomes full-stack uncertainty. It is made safer when the registry knows exactly what is contested and exactly what remains stable.
Customer continuity is the reason. The holder is not the only party affected by registry action. Downstream users may include businesses, public institutions, content platforms, small ISPs, security customers, offices, data centres and households. They do not control the holding-company chart. They may not know which bank processes the registry's payment. They may not have any relationship with the beneficial owner. Yet they depend on stable network identity. If the registry uses broad holds, those customers become collateral. That is not compliance. It is externalisation.
Continuity does not mean the holder always wins. A sanctioned entity cannot demand that law disappear because customers exist. A fraudulent transfer cannot be recorded because a buyer wants speed. A holder cannot refuse basic identity evidence and still expect unlimited changes. But even when adverse action is justified, the registry should ask how to avoid unnecessary harm to uninvolved users. Can services be wound down rather than abruptly interrupted? Can the last verified state be preserved while legal remedies are pursued? Can a receiver, court, regulator or independent reviewer approve limited operational changes? Can customers migrate without forced chaos? These are continuity questions, not excuses.
This is where LACNIC's regional legitimacy will be tested. The institution can say that it protects the region, but the region is not protected by making operators fear the address book. It is protected by accurate records, reliable publication, secure routing assertions, lawful compliance and non-destructive dispute handling. If a sanctions file causes LACNIC to preserve those functions while resolving evidence, the registry looks mature. If it causes LACNIC to threaten the whole stack to force answers, the registry looks like a gatekeeper using continuity as leverage.
The continuity architecture should be written before the crisis. Waiting until a sanctions flag appears is too late. Staff will be under pressure, lawyers will urge caution, members will demand speed, banks may be impatient and rumours may circulate. A pre-defined architecture gives everyone a safer path. It states what continues, what pauses, what evidence is needed, who reviews, who can appeal and when an independent order is required. That is how a registry remains boring under stress. Boring is not weak. Boring is what critical infrastructure should be.
Transfers, freezes and the appeal window
Transfers are where the economics of sanctions screening becomes most visible. A transfer is not just a record update. It is a market event. Money has often been committed. Financing may depend on closing. Customers may be waiting for capacity. A seller may need liquidity. A buyer may have made promises to its own customers. Counsel, brokers, technical teams and banks may all be moving on a timetable. When the registry freezes a transfer for screening, the effect travels through that chain.
Some freezes are unavoidable. If the seller is not authorised, if the buyer is legally prohibited, if documents are forged, if a court order blocks the transaction or if sanctions law clearly applies, the registry should not pretend the transfer can proceed. The point is not that transfers should be frictionless. The point is that the freeze must be narrow, reasoned and reviewable. A transfer freeze should not become a silent veto over price, business model, geography or reputation.
The appeal window is the institution's answer to that risk. It should start quickly, before the transaction is commercially dead. An appeal heard after the buyer has walked away is not a remedy. A cure right that requires months of undefined correspondence is not a cure right. The registry should treat transfer-screening time as economically live. It should identify missing evidence early, allow secure submission, provide status updates, and escalate stalled cases before delay itself becomes the decision.
A credible appeal route should separate staff review from independent judgment. Staff may be right most of the time, but high-stakes adverse actions should not depend solely on the same office that raised the flag. An internal senior reviewer may be enough for low-risk cases. A transfer involving substantial value, contested ownership, sanctions ambiguity or broad service implications may require an independent panel, arbitrator, court-recognised process or other review body with authority to preserve the last verified state and order proportionate interim measures. The point is not procedural luxury. It is liability alignment. The greater the harm a freeze can cause, the more independent the review should be.
The review should also address scope. Is the registry holding only the transfer, or also other services? Is the hold based on law, bank refusal, missing ownership evidence, suspicious documents or public allegations? Can the problematic party be removed from the transaction? Can the buyer substitute a payment route? Can a beneficial-owner declaration cure the issue? Can the resource remain with the seller while the buyer and seller renegotiate? Can a court order clarify authority? Each answer helps prevent an indefinite cloud from forming over the resource.
The scarcity of IPv4 makes all of this more urgent. A scarce asset does not wait passively while procedure unfolds. Its price changes. Its opportunity cost changes. The business context around it changes. A policy that says the registry may take as long as needed is economically equivalent to giving the registry free control over time. Time is not free. It belongs in the proportionality analysis.
The cure is not an artificially short deadline that forces reckless approvals. It is staged process. Immediate triage should decide whether a hard legal bar appears. A short evidence window should clear obvious false positives. A defined escalation period should handle complex ownership or list issues. A longer freeze should require independent confirmation or exceptional justification. Throughout, existing operational services should remain stable unless the risk specifically requires restriction. That structure respects both compliance and continuity.
For LACNIC, transfer-screening governance will shape market confidence. If transfer freezes are rare, documented, fast and appealable, the market will treat them as ordinary legal hygiene. If they are opaque, indefinite and broad, the market will treat LACNIC-region resources as carrying a larger registry-risk premium. The difference will not be decided by slogans about community or stewardship. It will be decided by whether a lawful buyer and seller can predict how evidence, time and review interact.
Cross-border operators and regional legitimacy
Regional legitimacy is not the same as regional control. LACNIC serves a geographic community with shared institutions, languages, history and policy processes. That regional role is real. It gives the registry context. It helps operators solve common problems. It creates a venue for coordination that would be difficult to reproduce through isolated national systems. But regional legitimacy becomes fragile when it is used to justify broad discretion over cross-border operators whose legal, financial and customer relationships do not fit neatly inside the region's symbolic map.
The internet economy of Latin America and the Caribbean is not sealed. Operators buy transit internationally, use foreign cloud platforms, receive outside investment, host customers across borders, route through global exchange points and depend on banks whose risk rules are shaped by larger financial centres. A company may be regionally important even if part of its capital, customer base or infrastructure sits elsewhere. A registry that equates legitimacy with local purity will misunderstand the economy it records.
Sanctions screening can intensify that misunderstanding. A foreign owner, foreign payment route or foreign customer may look like risk. Sometimes it is. But risk is not the same as illegitimacy. The question should be evidence-based: who controls the holder, what law applies, what service is being requested, what prohibition exists, and what continuity interests are at stake? A cross-border structure should not be treated as suspicious merely because it complicates the regional story. Complexity is often the price of growth.
There is a temptation to respond with more politics: more statements about regional interest, more participation language, more assertions that the community can decide. But sanctions screening is a poor place for political theatre. It should be one of the least rhetorical functions in the institution. The file should ask for facts, apply law, preserve continuity and close the case. The more the process absorbs community suspicion, reputational politics or arguments about who deserves regional resources, the less legitimate it becomes.
Cross-border operators also need to accept their side of the bargain. They should keep authority documents current, maintain accurate contacts, understand beneficial-owner evidence, avoid opaque payment chains where cleaner routes exist, plan transfers early, and treat registry compliance as part of business continuity. A holder cannot demand predictable treatment while leaving the registry unable to verify basic facts. The point is not to make the holder sovereign over the ledger. It is to align duties with the registry's limited function.
The regional question is therefore practical. Does LACNIC make lawful cross-border operation easier to understand, or does it make it feel like a permanent exception? Does it treat sanctions screening as a narrow legal discipline, or as a way to test whether a holder fits an unwritten model of regional respectability? Does it protect customers from collateral harm, or treat customer continuity as leverage over the holder? Does it preserve transferability as a normal feature of scarce assets, or turn transfer into a privilege granted after broad comfort is achieved?
These questions decide legitimacy more than meeting attendance or public language. A registry earns trust when operators can predict how it will behave under stress. Not when everything is easy, but when evidence is messy, names collide, banks hesitate, ownership structures are complex and counterparties are impatient. In those moments, the institution either proves that its procedures are tied to the ledger or reveals that the ledger is a route to power.
A thinner legitimacy for LACNIC
The best outcome for LACNIC is not a weak compliance system. It is a thinner and more exact one. Thin does not mean careless. It means limited to the functions that justify the registry's existence: uniqueness, accurate records, lawful service provision, public registration, security continuity, dispute isolation and predictable transfer recognition. Thick compliance tries to absorb every risk into the registry. Thin compliance identifies the risk, applies the rule, preserves continuity where possible and sends other questions to the institutions that properly own them.
A thin system would begin every sanctions case with a separation of layers. The payment layer asks whether money can be received. The identity layer asks whether the member and authorised representatives are known. The ownership layer asks whether prohibited control exists. The transfer layer asks whether a proposed change can be recorded. The publication layer asks what RDAP, WHOIS, reverse DNS and RPKI services must continue. The dispute layer asks who can review contested facts. The customer-continuity layer asks how to avoid collateral harm. Keeping these layers distinct prevents one uncertainty from poisoning the entire relationship.
The same system would treat evidence as the centre of the process. A match should be documented. A false positive should be cleared. A beneficial-owner concern should be narrowed. A payment refusal should be separated from resource recognition unless law requires otherwise. A transfer hold should state its basis. A cure window should specify the cure. An appeal should be available before delay becomes confiscatory in effect. An irreversible action should require independent authority or a clearly defined emergency. These are not radical constraints. They are the minimum architecture of trust.
A thinner legitimacy would make LACNIC more resilient. If a sanctioned party appears, the registry can act under clear law. If a false positive appears, the holder can clear it without fear that the entire resource stack will be threatened. If a bank hesitates, the registry can manage payment without rewriting the ledger. If a transfer raises concern, the transfer can pause while existing operations continue. If beneficial ownership is unclear, the registry can ask for specific evidence. If customers are at risk, continuity planning can limit harm. Each case becomes a bounded problem, not a referendum on the holder's right to exist.
Bounded cases also reduce the incentive to politicise the registry. When the compliance function can immobilise transfers, unsettle publication services or cast indefinite doubt over valuable resources, every faction has a reason to influence it. When the function is narrow, evidenced and appealable, controlling it is less valuable. That is how a registry lowers pressure on itself. It does not win legitimacy by accumulating discretionary tools. It wins legitimacy by making those tools less useful for anyone seeking leverage.
The same restraint gives lawful screening more authority, not less. Operators will disclose more readily when they know what the question is and where it ends. Banks and public authorities will receive cleaner answers when the registry can explain its role precisely. Customers will be less exposed when disputes are isolated. Buyers and sellers will price resources more accurately when transfer risk is bounded. The registry will spend less political capital because fewer cases will become existential.
There is no final escape from hard cases. Sanctions law can be severe. Ownership can be deliberately obscured. Banks can be conservative. Bad actors can exploit procedural rights. Courts can disagree. Governments can change lists. Market participants can use compliance allegations strategically. A registry that serves scarce resources cannot avoid these pressures. It can only decide whether to meet them through broad discretion or disciplined architecture.
The disciplined choice is harder at first and cheaper over time. It requires written standards, trained staff, review paths, careful records, restrained public language and a willingness to say no to both sides: no to holders who want compliance to be mere paperwork, and no to institutional actors who want compliance to become a general gatekeeping power. The reward is a registry whose actions can be predicted and reviewed. Predictability is the currency of continuity.
LACNIC's sanctions-screening problem is therefore not a side issue. It is a concentrated version of the modern registry problem. The old address-book function now sits above scarce assets, business identity and customer dependence. The institution must comply with law while avoiding the temptation to turn law into leverage. It must know its members without presuming ownership over their business models. It must protect the ledger without making the ledger a hidden instrument of capital control. It must be strict enough to be trusted by banks and governments, but narrow enough to be trusted by operators.
That balance will not be achieved by claiming broad regional authority. It will be achieved by doing less with greater precision. Sanctions screening should identify prohibited dealings, clear innocent matches, preserve lawful continuity and document reasons. It should not become a shadow licensing system for IPv4 mobility. The moment registry access becomes discretionary beyond evidence and law, scarce addresses carry a governance discount and customers inherit a risk they never chose. The region does not need that discount. It needs a registry that can look at a compliance file and remember that behind the file is not only an account, but a network that must keep running.
Sources and further reading
These references provide the article's public doctrine and background context. They are used for institutional-economic framing, not for adopting any registry or official-sector narrative.
- Lu Heng, all notes index: https://heng.lu/all-notes/
- The Policy Mirror: https://heng.lu/the-policy-mirror/
- The Bill of Rights of Uniqueness Coordination: https://heng.lu/the-bill-of-rights-of-uniqueness-coordination/
- The Multi-Stakeholder Mirage: https://heng.lu/the-multi-stakeholder-mirage-how-the-multi-stakeholder-model-turned-attendance-into-mandate/
- The Registry Continuity Fallacy: https://heng.lu/the-registry-continuity-fallacy-protect-the-ledger-not-the-gatekeeper/
- Running-Code Primacy: https://heng.lu/running-code-primary-the-patch-needed-to-preserve-the-internet-original-design/
- The Poverty Penalty: https://heng.lu/the-poverty-penalty-how-the-rir-model-taxes-the-poor-while-calling-it-equality/
- Sovereignty inversion: https://heng.lu/from-double-extraction-to-sovereignty-inversion-how-nations-lose-sovereign-control-to-rirs-for-us100/
- Registry power and liability: https://heng.lu/on-when-registry-power-detaches-from-liability-why-the-present-rir-coordination-model-cannot-survive-in-its-current-form/
- Number resources are not political property: https://heng.lu/on-internet-number-resources-are-not-political-property/
- Thick RIR governance as double extraction: https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/
- Registries must never become enforcers: https://heng.lu/why-registries-must-never-become-enforcers/
- RIR enforcement creep and IPv4 liquidity: https://heng.lu/on-why-rir-enforcement-creep-is-the-silent-killer-of-ipv4-liquidity-and-why-it-must-be-stopped/
- Cost structure of regional Internet registries: https://heng.lu/on-the-cost-structure-of-regional-internet-registries/
- Decentralising global IP address registration: https://heng.lu/on-decentralising-global-ip-address-registration-with-distributed-ledger-technology/
- Unlocking the hidden value of IPv4: https://heng.lu/unlocking-the-hidden-value-of-ipv4/
- Portability of number resources: https://heng.lu/on-portability-of-number-resources-and-the-icp-2-revision/
- Number Resource Society: https://nrs.help/
- BTW Media: https://btw.media/
- LARUS: https://larus.net/

