Every business transaction carries some level of risk. But when the counterparty turns out to be a sanctioned individual, a terrorist-linked entity, or a narcotics trafficker, the consequences go well beyond a bad deal—they become a federal compliance violation. That’s where OFAC verification comes in.
Whether you’re onboarding a new vendor, processing a payment, or expanding into new markets, screening against U.S. sanctions lists is not optional. It’s a legal requirement for any U.S. person or business.
What Is OFAC Verification?
OFAC verification – also called OFAC screening or an OFAC compliance check—is the process of checking an individual, business, or entity against sanctions lists administered by the Office of Foreign Assets Control (OFAC), a division of the U.S. Department of the Treasury.
OFAC administers and enforces U.S. economic and trade sanctions targeting foreign jurisdictions, regimes, terrorists, narcotics traffickers, weapons proliferators, and other threats to national security. The agency maintains several sanctions lists, the most prominent of which is the Specially Designated Nationals and Blocked Persons List—commonly known as the SDN List.
At its core, OFAC verification answers one critical question: Is the person or business I’m about to transact with on a U.S. government sanctions list?
Why Businesses Must Conduct OFAC Screening
OFAC compliance isn’t limited to banks or financial institutions. According to the U.S. Department of the Treasury, all U.S. persons must comply with OFAC sanctions—including U.S. citizens and permanent residents regardless of location, all individuals and entities within the United States, and all U.S.-incorporated entities and their foreign branches.
In practical terms, this means OFAC sanctions compliance applies to:
- Financial institutions processing payments or opening accounts
- Fintech companies and payment processors handling transactions at scale
- Manufacturers and distributors with international supply chains
- Staffing agencies and gig platforms onboarding contractors and workers
- Healthcare and insurance companies engaging with policyholders and counterparties
- Any business that pays vendors, contractors, or customers
The risks of skipping sanctions list screening are significant. Civil penalties can reach up to $330,947 per violation under the International Emergency Economic Powers Act (IEEPA), adjusted annually. Willful violations can carry criminal fines of up to $1 million and imprisonment of up to 20 years.
And enforcement is intensifying. According to compliance analysts, total OFAC penalties and settlements in 2025 exceeded $265 million – a dramatic increase from approximately $49 million in 2024 – driven by expanded regulatory focus across industries including digital assets, fintech, and venture capital.
The bottom line: the cost of underinvesting in OFAC compliance far exceeds the cost of building a proper screening program.
Understanding the SDN (Specially Designated Nationals) List
The SDN List is the cornerstone of U.S. sanctions enforcement. Published and regularly updated by OFAC, it contains the names of individuals, entities, vessels, and aircraft that U.S. persons are generally prohibited from doing business with.
OFAC’s Sanctions List Search tool also covers a Consolidated Non-SDN List, which includes:
- Foreign Sanctions Evaders List
- Sectoral Sanctions Identifications List (SSI List)
- List of Foreign Financial Institutions Subject to Correspondent Account Sanctions
- Non-SDN Menu-Based Sanctions List
- Non-SDN Communist Chinese Military Companies List
A few critical facts about the SDN List:
- It is updated frequently and without a set schedule. Names are added when determined necessary, meaning a vendor who passed a check last month may be sanctioned today.
- The “50 Percent Rule” expands its reach. Any entity owned 50% or more—in aggregate—by one or more SDN-listed persons is itself considered blocked, even if the entity doesn’t appear on the list by name. This means due diligence must extend to ownership structures.
- Ignorance is not a valid defense. A company that unknowingly transacts with a newly sanctioned entity can still face significant civil penalties.
The SDN List is publicly accessible via OFAC’s Sanctions List Search tool. However, manual searches are impractical for businesses that process high volumes of transactions or maintain large vendor and customer databases.
How OFAC Compliance Checks Work
A complete OFAC compliance check involves more than entering a name into a search bar. For most businesses, an effective sanctions screening process includes several layers:
1. Name Matching Against Sanctions Lists
The first step is comparing the name of an individual or entity against OFAC’s SDN List and relevant non-SDN consolidated lists. Because names may be transliterated, misspelled, or appear in multiple variations, effective screening tools use fuzzy logic matching to surface potential hits—not just exact matches.
2. Reviewing the Match and Resolving False Positives
Sanctions screening frequently generates false positives—cases where a name is similar to a listed party but not an actual match. Compliance teams must document their review process and the basis for clearing a potential match. An auditable trail of these decisions is essential for regulatory reviews.
3. Checking Ownership Structures
Due to the 50 Percent Rule, screening should extend beyond direct counterparties to include any entities that are substantially owned or controlled by SDN-listed individuals.
4. Ongoing Monitoring—Not One-Time Checks
Screening at onboarding is necessary—but it’s not enough. Because OFAC updates its sanctions lists continuously, businesses need a process to re-screen existing vendors and customers when lists change or at regular intervals. Insurance regulators, for example, have specifically noted that screening only at policy issuance can expose companies to sanctions risk as lists are updated.
5. Automated Vendor OFAC Checks
For businesses managing large volumes of vendors or customers, manual screening is neither efficient nor reliable. Automated tools – like TINCheck by Sovos – integrate SDN list verification directly into onboarding workflows, bulk data processing, and API-connected business systems. This ensures every new record is screened, every list update is reflected, and every check is documented.
TINCheck screens against OFAC and the SDN List as part of a broader identity verification platform that also includes IRS TIN/Name matching, Death Master File checks, and approximately 30 government and regulatory databases—all in a single submission.
Risks of Failing to Perform OFAC Verification
Skipping or inadequately performing OFAC screening exposes businesses to overlapping categories of risk:
| Risk Type | Description |
| Civil Penalties | Up to $330,947 per violation (IEEPA-based, adjusted annually) |
| Criminal Penalties | Up to $1 million in fines and 20 years imprisonment for willful violations |
| Reputational Damage | Public enforcement actions, regulatory scrutiny, loss of business relationships |
| Operational Disruption | Blocked transactions, frozen assets, mandatory remediation programs |
| Secondary Sanctions Risk | Doing business with entities that facilitate sanctioned parties can itself trigger violations |
The industries caught in OFAC’s crosshairs have broadened considerably. Recent enforcement actions have targeted venture capital firms, digital asset exchanges, fintech companies, and global broker-dealers – not just traditional banks. OFAC has made clear that sanctions of compliance obligations extend across the financial ecosystem, including nonbank financial institutions and technology-enabled payment companies.
One common compliance failure is relying on corporate formalities to create distance from sanctioned parties. OFAC has explicitly rejected this approach, reinforcing those structuring transactions to avoid the appearance of a sanction connection—while the economic benefit still flows to a restricted party – constitutes a violation.
Best Practices for Vendor Sanctions Screening
Building a reliable vendor OFAC check process doesn’t require a compliance department of 50 people. It requires the right structure and the right tools.
Establish a Written Sanctions Compliance Program
OFAC strongly encourages organizations to develop, implement, and maintain a risk-based Sanctions Compliance Program (SCP). According to OFAC’s published framework, an effective SCP includes:
- Management commitment — Senior leadership must review and approve the program
- Risk assessment — Identify your organization’s specific exposure based on industry, geography, and counterparty types
- Internal controls — Document procedures for screening, due diligence, and escalation
- Testing and auditing — Schedule regular reviews to test the effectiveness of your controls
- Employee training — Ensure relevant personnel understand OFAC requirements and internal procedures
Screen All Relevant Parties—Not Just New Ones
Screen at onboarding, at renewal, at transaction processing, and whenever OFAC updates its lists. The parties to screen include:
- Vendors and suppliers
- Customers and end users
- Business partners and intermediaries
- Beneficial owners of counterparty entities
Use Automated Screening Tools
Manual SDN list searches work for very low-volume businesses. For everyone else, automated tools dramatically reduce both compliance risk and operational burden. Key capabilities to look for include:
- Real-time matching against current OFAC and SDN lists
- Audit trails documenting every check and every decision
- API integration for embedding screening into existing workflows
- Bulk processing for large existing datasets
TINCheck delivers all of these capabilities alongside IRS TIN/Name verification—which means businesses can validate both tax identity and sanctions status in a single platform. Rather than running compliance checks in silos, TINCheck supports a unified approach: verify before you onboard, before you file, and before you pay.
Document Everything
In an OFAC enforcement inquiry, documentation is everything. Maintaining clear records of when checks were run, what the results were, and how potential matches were reviewed and resolved demonstrates a good-faith compliance effort. OFAC considers the existence of an effective compliance program when determining penalties—and favorable treatment in enforcement is possible when proper controls were in place.
Frequently Asked Questions
What is OFAC verification?
OFAC verification is the process of screening an individual, entity, or business against sanctions lists maintained by the Office of Foreign Assets Control—most prominently the SDN (Specially Designated Nationals and Blocked Persons) List. It confirms whether a counterparty is restricted or prohibited under U.S. economic sanctions law.
What is the SDN list?
The SDN List is a database published by OFAC containing the names of individuals, entities, vessels, and aircraft that U.S. persons are generally prohibited from doing business with. It is updated frequently and without a fixed schedule. The list is accessible via the OFAC Sanctions List Search tool and via OFAC’s Sanctions List Service.
Why do businesses need OFAC screening?
All U.S. persons and businesses are legally required to comply with OFAC sanctions. Transacting with a sanctioned individual or entity—even unknowingly—can result in significant civil and criminal penalties. OFAC screening ensures you don’t inadvertently do business with a prohibited party.
How often should OFAC checks be performed?
OFAC checks should be performed at onboarding and re-performed whenever OFAC updates its sanctions lists, at renewal periods, at key transaction milestones, and on a regular ongoing basis. Because the SDN list is updated without a set schedule, one-time checks at the start of a relationship are not sufficient.