Guides
API Reference

Watchlists, Sanctions, and Compliance Screening

Why Sanctions and Watchlist Screening Matters

When you verify a business, you're not just confirming it exists - you're ensuring you can legally do business with it. That's where sanctions and watchlist screening becomes critical.

Operating in regulated financial services means you cannot:

  • Process payments for sanctioned entities or individuals
  • Extend credit to businesses owned or controlled by prohibited persons
  • Facilitate transactions involving terrorists, money launderers, or sanctioned nations

The consequences of missing a match are severe: hefty fines, loss of banking relationships, reputational damage, and potential criminal liability. In 2023 alone, OFAC issued over $1.5 billion in penalties for sanctions violations.

But here's the challenge: Sanctions lists contain thousands of entries with name variations, aliases, and transliterations. A business named "Global Trading LLC" might be legitimate, or it might be a front for a sanctioned entity using a slightly different name spelling. You need to continuously screen every customer.

The Sanctions and Watchlist Landscape

Different government agencies maintain different lists for different purposes. Understanding which lists matter for your business is essential.

OFAC (Office of Foreign Assets Control)

OFAC, administered by the US Department of the Treasury, maintains lists of individuals and entities with whom US persons and businesses are prohibited from conducting transactions.

Key lists:

  • Specially Designated Nationals (SDN) List - Individuals and entities with whom US persons cannot do business (terrorists, drug traffickers, weapons proliferators, sanctioned countries)
  • Sectoral Sanctions Identifications List (SSI) - Targets specific sectors of certain economies (e.g., Russian energy, finance, defense)
  • Non-SDN Lists:
    • Capta List (CAP) - Identifies certain foreign financial institutions subject to correspondent or payable-through account sanctions
    • Foreign Sanctions Evaders List (FSE) - Foreign individuals and entities determined to have violated, attempted to violate, or caused a violation of U.S. sanctions
    • Non-SDN Menu-Based Sanctions List (NS-MBS) - Persons subject to menu-based sanctions under multiple authorities
    • Non-SDN Iranian Sanctions Act List (NS-ISA) - Persons subject to sanctions under the Iran Sanctions Act
    • Non-SDN Chinese Military-Industrial Complex Companies List (NS-CMIC) - Chinese military-industrial complex companies subject to investment restrictions
    • Non-SDN Palestinian Legislative Council List (PLC) - Members of the Palestinian Legislative Council who are affiliated with Hamas

Critical compliance requirements:

  • US persons and businesses must screen all customers against OFAC lists
  • Finding a match requires immediate action: stop the transaction, block/freeze assets, report to OFAC

The 50% Rule:

If a business is 50% or more owned (directly or indirectly) by one or more SDN entities, that business is also considered sanctioned, even if not explicitly listed. This means screening ownership structure is as critical as screening the business name itself.

Baselayer's intelligent matching checks by default the business name, its variations, and all associated officers and directors of the company.

Department of Commerce - Bureau of Industry and Security (BIS)

The Bureau of Industry and Security maintains several export control lists critical for companies involved in international trade.

Key lists:

  • Entity List (EL) - Parties whose activities are contrary to U.S. national security or foreign policy interests; a license is required for most exports to listed entities
  • Denied Persons List (DPL) - Individuals and entities denied export privileges; all dealings involving items subject to Export Administration Regulations are prohibited
  • Military End User List (MEU) - Entities involved in military end uses in certain countries (e.g., China, Russia, Venezuela); a license is required for specified items
  • Unverified List (UVL) - Parties where BIS has been unable to verify the end use of exports; enhanced due diligence required

Implications:

  • Violations result in export license revocation, civil and criminal penalties
  • Critical for customers engaged in international business or supplying controlled goods and technology

Department of State

The State Department maintains lists focused on arms control and nonproliferation.

Key lists:

  • ITAR Debarred List (DTC) - Parties debarred from participating in defense-related exports and imports under the International Traffic in Arms Regulations
  • Nonproliferation Sanctions (ISN) - Entities sanctioned under various nonproliferation laws for activities related to weapons of mass destruction and missile technology

Implications:

  • The ITAR Debarred List restricts any involvement in defense article transactions
  • Nonproliferation sanctions can prohibit a broad range of trade and financial dealings

Consolidated Screening List

The U.S. government publishes a Consolidated Screening List (CSL) that combines all of the Bureau of Industry and Security, State Department, and OFAC lists above into a single searchable resource. Baselayer screens against all lists included in the Consolidated Screening List, plus additional lists described below.

PEP (Politically Exposed Persons)

Individuals who hold or have held prominent public positions, representing heightened risk for money laundering, bribery, and corruption.

Who qualifies:

  • Current or former government officials and legislators
  • High-ranking judges and military officers
  • Senior executives of state-owned enterprises
  • Immediate family members and close associates of the above

Implications for business verification:

  • Not sanctioned, but trigger enhanced due diligence requirements
  • If a PEP owns or controls a business, additional scrutiny required:
    • Source of funds and wealth verification
    • Ongoing transaction monitoring
    • Enhanced documentation and senior management approval
  • Required under anti-money laundering (AML) regulations

FBI Most Wanted and Criminal Lists

  • Known fugitives and criminals
  • Protects against facilitating criminal activity
  • Risk-based decisioning for matches

HHS OIG List of Excluded Individuals/Entities (LEIE)

Maintained by the U.S. Department of Health and Human Services Office of Inspector General, the LEIE lists individuals and entities excluded from participation in Medicare, Medicaid, and other federal healthcare programs. Exclusions are typically issued for healthcare fraud, patient abuse, or controlled substance violations.

Who this matters for:

If you are onboarding healthcare businesses — medical practices, clinics, pharmacies, medical billing companies, or individual practitioners (physicians, nurses, etc.) — OIG screening is essential. Federal law requires that healthcare organizations do not employ or contract with excluded individuals or entities. Violations can result in significant civil monetary penalties.

Implications for business verification:

  • A match against the OIG list means the individual or entity is barred from federal healthcare program participation
  • Healthcare organizations must screen employees, contractors, and vendors against the LEIE
  • Exclusions can be mandatory (based on convictions) or permissive (based on other conduct)

IRS Exempt Organizations (IEO)

The IRS maintains a list of organizations granted tax-exempt status under section 501(c)(3) and related provisions. While not a sanctions list in the traditional sense, this registry is useful for verifying the legitimacy and tax-exempt status of nonprofits, charities, and foundations during business verification.

Consolidated Canadian Autonomous Sanctions List (CNS)

The Canadian government maintains its own sanctions list of individuals and entities subject to Canadian economic sanctions. This list is required for organizations with Canadian operations or customers, and covers sanctions imposed under the Special Economic Measures Act (SEMA), the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law), and other Canadian legislation.

Summary of All Screened Lists

ListAbbreviationAdministering Agency
Specially Designated NationalsSDNOFAC (Treasury)
Sectoral Sanctions Identifications ListSSIOFAC (Treasury)
Capta ListCAPOFAC (Treasury)
Foreign Sanctions EvadersFSEOFAC (Treasury)
Non-SDN Menu-Based SanctionsNS-MBSOFAC (Treasury)
Non-SDN Iranian Sanctions ActNS-ISAOFAC (Treasury)
Non-SDN Chinese Military-Industrial Complex CompaniesNS-CMICOFAC (Treasury)
Non-SDN Palestinian Legislative CouncilPLCOFAC (Treasury)
Entity ListELBureau of Industry and Security
Denied Persons ListDPLBureau of Industry and Security
Military End User ListMEUBureau of Industry and Security
Unverified ListUVLBureau of Industry and Security
ITAR DebarredDTCState Department
Nonproliferation SanctionsISNState Department
Politically Exposed PersonsPEPMultiple sources
FBI Most Wanted / Criminal ListsFBIFBI
HHS OIG List of Excluded Individuals/EntitiesLEIEHHS Office of Inspector General
IRS Exempt OrganizationsIEOInternal Revenue Service
Consolidated Canadian Autonomous Sanctions ListCNSGovernment of Canada

Each list carries different legal implications: OFAC matches require immediate blocking, PEP matches require enhanced due diligence, export control matches may prohibit specific transactions.

Fuzzy Matching and False Positives

Names aren't standardized across sanctions lists. A single person might appear as "John William Smith," "Jon W. Smith," "John W Smyth," or "J. William Smith."

How fuzzy matching works:

Screening systems use algorithms to match names even when not exact:

  • Phonetic matching (similar sounds: "Smith" vs "Smyth")
  • Edit distance (number of letter changes needed)
  • Token matching (individual name components)

Similarity threshold:

Systems assign a match score (0-100%) indicating how similar two names are. Organizations set a minimum threshold (typically 80-85%) above which a match is flagged for review.

  • Example: "Global Trading LLC" vs "Global Traders LLC" might score 92% similar → flagged
  • Example: "Smith Consulting" vs "Jones Consulting" might score 45% similar → not flagged

Higher thresholds (90%+) reduce false positives but risk missing true matches. Lower thresholds (70-80%) catch more variations but create more false positives requiring manual review.

The false positive challenge:

Fuzzy matching generates false positives requiring manual review:

  • Common business names ("Global Trading," "International Consulting")
  • Common personal names in certain regions
  • Generic business suffixes ("LLC," "Corp," "Ltd")

Managing false positives:

  • Collect sufficient identifying information (address, date of birth, TIN, country)
  • Match on multiple data points, not just name
  • Document review decisions for regulatory compliance
  • Establish clear escalation procedures for borderline cases

Ongoing Monitoring Requirements

Regulatory obligation:

Financial institutions and regulated entities are required by law to continuously monitor customers against sanctions lists, not just screen them at onboarding:

  • Bank Secrecy Act (BSA) and USA PATRIOT Act require ongoing sanctions screening
  • OFAC compliance programs must include procedures for periodic rescreening
  • Lists change frequently: new entities added, existing entries updated or removed

OFAC can update multiple times per week - making ongoing monitoring as important as initial screening.

Failure to maintain ongoing monitoring can result in enforcement actions even if initial screening was compliant.

_Baselayer Portfolio Monitoring: _ Baselayer provides automated ongoing monitoring with sanctions data updated daily directly from official government sources (OFAC, FBI, etc.). Customers are automatically rescreened when lists change, with alerts triggered for new matches.

Updated 13 days ago