OFAC Screening Process: A Step-by-Step Guide for Compliance Teams That Can’t Afford Gaps

OFAC does not send warnings. It sends penalties. In 2023 alone, OFAC settled enforcement actions worth hundreds of millions of dollars and the common thread across nearly every case was the same: the institution had a screening process, but it wasn’t rigorous enough, fast enough, or comprehensive enough to catch what should have been caught.

Most of these violations were preventable. Not with more people, but with a tighter process. If you’re responsible for OFAC compliance at a bank, trade finance house, exporter, or logistics firm, here’s what a defensible OFAC screening process looks like step by step.

Step 1: Know What You’re Screening Against

OFAC maintains several lists, and the SDN (Specially Designated Nationals and Blocked Persons) list is only the most well-known. Your OFAC screening requirements also cover the Sectoral Sanctions Identifications List, the Foreign Sanctions Evaders List, the Non-SDN Menu-Based Sanctions List, and the Consolidated Sanctions List. Each carries different restrictions, some require full blocking, others prohibit specific transaction types.

If your screening only covers the SDN list, you have a gap. A defensible process starts with full coverage of every OFAC-administered list and awareness of which restrictions apply to each.

Step 2: Screen Every Party, Every Time

This sounds obvious, but it’s where most programmes break down operationally. OFAC expects you to screen all parties to a transaction, not just the direct counterparty, but intermediaries, beneficiaries, shipping companies, vessel operators, and in trade finance, every entity named on a letter of credit or bill of lading.

Screening should happen at multiple points: customer onboarding, transaction initiation, payment processing, and on a recurring basis against your full counterparty database. A party that cleared six months ago may have been designated last Tuesday. If you only screen at onboarding, you’re carrying risk you don’t know about.

Step 3: Match Smart, Not Just Fast

Here’s where the quality of your OFAC screening tools makes or breaks the process. OFAC’s own guidance acknowledges that exact name matching is insufficient. Sanctioned entities use aliases, transliterations, shell companies, and deliberate misspellings. Your screening engine needs fuzzy matching that catches variations, phonetic similarities, reversed name orders, partial matches without drowning analysts in false positives.

The best platforms use AI-driven relevance scoring that weighs multiple data points, name similarity, geography, entity type, associated addresses to produce a confidence score for each match. That is what separates a checkbox from a genuine detection capability.

Step 4: Investigate Hits Properly

A screening hit is not a violation, it's the start of an investigation. When your system flags a potential match, your compliance team needs to determine whether it’s a true positive or a false positive. That means comparing the flagged entity against the listed’s known identifiers: dates of birth, addresses, nationality, associated entities, and vessel numbers where applicable.

This process must be documented. Every hit, every decision, every rationale. OFAC examiners will want to see not just that you screened, but how you adjudicated each alert. “We reviewed it and it was fine” does not constitute a defensible record.

Step 5: Escalate and Block When Necessary

If a screening match is confirmed as a true hit, the response must be immediate. For SDN matches, that means blocking the transaction and freezing related assets. For sectoral sanctions, the required action depends on the specific programme. In either case, you file with OFAC within the required timeframe and ensure no further dealings proceed until resolved.

Your OFAC screening process needs pre-defined escalation workflows so that a confirmed hit triggers the right actions automatically, not through a chain of emails and phone calls that cost you hours you don’t have.

Step 6: Make It Real Time

Here’s the reality that legacy batch-screening setups can’t handle: sanctions lists change constantly, and transactions move fast. A wire that clears at 9 AM against yesterday’s list is already a liability if the counterparty was designated at 8 AM. Real time OFAC screening is no longer a premium feature; it's the baseline expectation for any institution handling cross-border payments or trade finance.

Modern OFAC screening tools integrate list updates within hours of publication, screen at every transaction touchpoint, and feed results into case management and reporting workflows. If your setup involves downloading CSVs from the OFAC website, you already know the problem.

The Bigger Point

A strong OFAC screening process is not about any single step, it's about the chain holding together end to end. List coverage, screening frequency, match quality, investigation rigour, escalation speed, and documentation all need to work as one system. Break any link and the whole programme is exposed.

The institutions that get OFAC right are not the ones with the biggest compliance teams. They’re the ones with the tightest process backed by technology that screens in real time, matches intelligently, and documents everything. That’s the standard. Everything else is a gamble.