Guide

What is the OFAC SDN list?

The Specially Designated Nationals and Blocked Persons List (SDN) is the core U.S. sanctions list. If you build fintech, payments, crypto or marketplace software, this is the list you almost certainly have to screen against.

The basics

The SDN list is maintained by the Office of Foreign Assets Control (OFAC), part of the U.S. Department of the Treasury. It names individuals, companies, vessels and aircraft that U.S. persons are generally prohibited from dealing with. Their assets are “blocked,” and doing business with them can trigger serious civil and criminal penalties.

Crucially, OFAC sanctions apply on a strict-liability basis — you can be liable even if you did not know you were dealing with a sanctioned party. That is why screening before onboarding a customer or processing a payment is standard practice.

Who has to screen against it?

  • Banks, payment processors and money-service businesses
  • Crypto exchanges and wallet providers
  • Fintech and neobank platforms
  • Marketplaces and gig platforms that pay out to users
  • Any U.S. person or company, and often non-U.S. firms touching USD or U.S. systems

How the list is structured

OFAC publishes the SDN list in several machine-readable formats (XML, CSV and a fixed-width legacy format). Each entry has a primary name plus a rich set of aliases (“a.k.a.”), which may be marked strong or weak, along with dates of birth, nationalities, addresses, ID documents and the sanctions programs (e.g. RUSSIA-EO14024, SDGT, IRAQ2) that apply.

The alias data is what makes screening hard: the same person can appear transliterated many ways (Usama / Osama, Muhammad / Mohammed), so an exact string match misses real hits. Effective screening needs fuzzy matching that is tolerant of spelling and word order but disciplined enough not to flag everyone named “Maria.”

Where to get it

The SDN list is public and free to download from OFAC’s sanctions list service. It is refreshed frequently — sometimes several times a week — so a copy you downloaded last month is already stale. Any production screening system needs an automated daily (or more frequent) refresh.

Checking a name programmatically

You can parse the raw XML yourself, but you then own the hard parts: transliteration-aware normalization, alias handling, a matching algorithm that avoids false positives, daily refresh, and an audit trail that explains each hit. Our Sanctions Screening API does this for you across OFAC SDN and the EU consolidated list, and returns reproducible evidence for every match — see the developer guide.

Try it now — free OFAC checker

Screen a name against the live SDN list. No signup.

Try: Osama bin Laden Vladimir Putin

Screening signals and evidence for your own review; not legal advice or a compliance determination. Confirm potential matches through your compliance process.