Guide

Sanctions screening for developers

You’ve been handed a ticket: “screen customers against sanctions lists before onboarding.” Here’s what that actually involves, and how to ship it without building a compliance team.

1. What you screen, and when

At minimum you screen the name of every customer (and often beneficial owners) against sanctions lists — at onboarding, and again whenever the lists change, because someone clean today can be designated tomorrow. That second part, re-screening your existing book, is why a batch endpoint matters.

2. Why exact matching fails

Sanctioned names arrive transliterated and reordered: “Osama” vs “Usama,” “Mohammed” vs “Muhammad,” last-name-first, extra middle names, dropped accents. Exact string comparison misses the majority of real hits. You need fuzzy matching — but naïve fuzzy matching creates the opposite problem.

3. The false-positive trap

Turn fuzzy matching up and suddenly “Maria Garcia Lopez” matches a vessel called “MARIA,” and every acronym lights up. Each false positive is manual review time. The fix is coverage-aware scoring: a candidate should only score high if it accounts for most of the query’s tokens and vice-versa — not just because it appears as a substring. That single idea removes most of the noise.

# A good hit: both names share their significant tokens
"Sadam Husein"  →  "Saddam HUSSEIN"   score 92  ✅
# A trap a naive API flags, but coverage scoring rejects
"Maria Garcia Lopez"  →  "MARIA"      no match  ✅

4. Keep an audit trail

When a regulator or auditor asks “why did you clear / escalate this?”, “the API said 0.87” is not an answer. Store the evidence: which list entry matched, the normalized forms, the token coverage and the score components. Reproducible evidence is the difference between a defensible process and a black box.

5. Refresh the lists automatically

OFAC and the EU update frequently. A screening system reading a stale local copy is worse than useless — it gives false confidence. Automate a daily refresh from the official sources, or use an API that does it for you.

6. Ship it with an API

You can build all of the above, or call one endpoint. The Sanctions Screening API covers OFAC SDN and the EU consolidated list, refreshes daily, handles fuzzy matching with coverage-aware scoring, and returns full audit evidence. Single-name and batch endpoints, plain JSON, one header. See the docs.

Try the free checker

Same engine as the API, rate-limited for free use.

Try: Sadam Husein Maria Garcia Lopez

Screening signals and evidence for your own review; not legal advice or a compliance determination. Confirm potential matches through your compliance process.