OFAC Screening Workflow Diagram
OFAC screening is the process of comparing your customer and beneficiary information against US government sanctions lists. This appendix describes the workflow in prose and provides an ASCII diagram of the screening process.
OFAC Screening Overview
OFAC maintains multiple lists of individuals, entities, and vessels that are sanctioned (prohibited from doing business with US persons). The primary list is the Specially Designated Nationals (SDN) List, which contains approximately 10,000 entries. OFAC also maintains:
- Consolidated Non-SDN List (Sectoral Sanctions Identified List)
- Non-SDN Consolidated List
- Crypto Sanctions List
- Entity List (for certain sanctions programs)
You must screen against at least the SDN List. Screening against additional lists is prudent.
Screening Frequency
You must screen customers before accepting them (or before accepting their first transaction). You must also screen ongoing to detect if a customer who was not previously sanctioned becomes sanctioned. Most operators screen: - At customer onboarding (required) - At each transaction (recommended) - In batch nightly against all customers and recent transactions (recommended)
Screening Process Flow (Prose Description)
Step 1: Collect customer information. Before screening, you must have the customer's information. For individuals: full legal name, date of birth, nationality, address. For entities: legal name, country of organization, address. For nationals of countries with sanctioned entities, additional information may be needed.
Step 2: Determine screening applicability. Not every transaction requires screening. However, every transaction involving a US person, funds transiting through the US, or transactions involving a sanctioned jurisdiction requires screening. For a money transmitter, assume all transactions require screening.
Step 3: Collect beneficiary information. When you learn the transaction will have a beneficiary, collect beneficiary information. This is especially important for cross-border transactions. Beneficiary information should include name, address, and identification if available.
Step 4: Run customer name through OFAC screening system. Use an automated screening system (provided by a vendor) or FinCEN's free OFAC screening tool. Input the customer's name. The system will compare against OFAC lists and return: - Exact match (customer name is on list) - Potential match (similar name on list, might be customer, might be false positive) - No match (customer name is not on list)
Step 5: Evaluate results. If no match, record the screening result and proceed. If exact match, immediately block the transaction and investigate. If potential match, investigate further (see below).
Step 6: Investigate potential matches. A potential match requires investigation to determine if the system match represents the actual customer. Investigation includes: - Compare customer's date of birth to OFAC list entry's date of birth - Compare customer's address to OFAC list entry's address - Determine if OFAC list entry is a known false positive (same name, different person) - Contact the customer if necessary to clarify identity (but do not mention OFAC) - Use other sources (business database, news, online search) to confirm identity
Step 7: Make a match determination. Based on investigation, conclude whether the customer is actually the sanctioned person. If yes, block. If no (false positive), proceed with transaction but document the false positive in your records.
Step 8: Screen beneficiary. Repeat the screening process for the beneficiary. This is critical in cross-border transactions.
Step 9: Screen transaction routing. For cross-border transactions, screen any intermediary institutions or beneficiary countries against OFAC restrictions. Some countries have comprehensive sanctions (Iran, Syria, North Korea) and you cannot transact with them. Some countries have sectoral sanctions and transacting is more complex. Your procedure should account for this.
Step 10: Block transactions if necessary. If screening results in a confirmed match, immediately block the transaction. Do not complete the transmission of funds. You have an affirmative obligation to freeze assets.
Step 11: Report the match. Within a reasonable time (usually 10 business days), report the match to OFAC in writing. Use OFAC's online reporting system or mail a report to OFAC providing: - Customer name and identifying information - Your institution's name and account number - Date transaction was blocked - Amount and nature of blocked transaction - Date of initial report to OFAC
Step 12: Document screening. Maintain records of all OFAC screenings including: - Customer information screened - Screening date and time - System used - Results (match, potential match, no match) - Investigation if potential match - Final determination - Documentation of block if applicable
OFAC Screening Workflow (ASCII Diagram)
TRANSACTION INITIATED
|
v
COLLECT CUSTOMER INFO
|
v
IS SCREENING REQUIRED?
/ \
YES NO
| |
v v
SCREEN CUSTOMER PROCEED
|
v
RESULTS?
/ | \
EXACT POT. NONE
MATCH MATCH MATCH
| | |
v v v
BLOCK INVEST. PROCEED
| | |
| v |
| CONFIRM? |
| / \ |
| YES NO |
| | | |
| v v |
| BLOCK PROCEED
| | |
+--+----+----+
|
v
SCREEN BENEFICIARY
|
v
RESULTS?
/ | \
EXACT POT. NONE
MATCH MATCH MATCH
| | |
v v v
BLOCK INVEST. PROCEED
| | |
| v |
| CONFIRM? |
| / \ |
| YES NO |
| | | |
| v v |
| BLOCK PROCEED
| | |
+--+----+----+
|
v
SCREEN TRANSACTION ROUTING
(JURISDICTION, INTERMEDIARY)
|
v
RESULTS?
/ \
PROCEED BLOCK
| |
v v
COMPLETE TRANS. BLOCK
SEND FUNDS |
| v
| REPORT TO OFAC
| BLOCK ASSETS
| MONITOR
|
v
DOCUMENT SCREENING
MAINTAIN RECORDS
|
v
TRANSACTION COMPLETE
Critical Points About OFAC Screening
False Positives Are Common: Many customers will have potential matches. "Muhammad Ali" is a common name shared with the actual Muhammad Ali who may be on a sanctions list. Do not block every potential match. Investigate and confirm.
Update Your Lists: OFAC updates its lists regularly. Your screening system should update automatically. If you screen manually, update your lists at least weekly.
Screen Everything: Screen all transactions, all customers, all beneficiaries, all intermediaries. Do not assume a customer is low-risk. A customer might become sanctioned after you onboard them.
Blocking is Affirmative Obligation: If you confirm a match, you must block. You cannot proceed with the transaction. You cannot tell the customer it was blocked (that would tip them off, which is prohibited). You simply do not complete the transaction.
Sanctions Violations Are Serious: Violating OFAC sanctions can result in: - Civil penalties up to $250,000 per violation - Criminal penalties up to $1,000,000 in fines and 20 years imprisonment - Reputational damage and potential loss of business
Document Everything: Keep records of all screenings, all potential matches, all investigations, and all blocks. If OFAC ever investigates your compliance, your documentation of screening procedures will be your defense.
OFAC Screening Tools and Systems
You can screen manually using FinCEN's free tool at fincen.gov, but this is not practical for ongoing operations. Most operators use specialized OFAC screening software that: - Maintains current OFAC lists automatically - Screens customer names in real time - Generates alerts for potential matches - Tracks screening history - Maintains audit logs - Integrates with your transaction processing system
Examples include: Actimize, Fortegra, Lexis Nexis, IBM Safer Systems, and others. Cost ranges from $3,000-$50,000+ monthly depending on transaction volume.
Practitioner's Bottom Line: OFAC screening is mandatory, not optional. A single confirmed sanctions violation can shut down your business. Implement automated screening with good technology. Investigate potential matches thoroughly before blocking. Document everything. Update your procedures as OFAC updates its lists.