OFAC Sanctions Screening for Fintechs: A $30/Month Alternative to Enterprise Tools
If you are a fintech CTO or compliance officer, you already know the math. Enterprise sanctions screening platforms from Dow Jones, LexisNexis, and Accuity start at $10,000 per year. Some charge $50,000 to $100,000 annually, bundling OFAC screening with PEP lists, adverse media monitoring, and other services your four-person compliance team may not need yet. Meanwhile, OFAC enforcement does not care about your company's stage or headcount. Penalties start at $356,579 per violation, and the Treasury Department has shown it will pursue fintechs just as aggressively as banks.
This article breaks down what you actually need for OFAC compliance, what it costs with an enterprise vendor versus a purpose-built API, and how to integrate sanctions screening into your onboarding flow in under an hour.
What enterprise tools charge and what you get
The typical enterprise compliance bundle includes sanctions list screening, PEP screening, adverse media monitoring, ongoing monitoring, and a case management dashboard. For a Series A fintech processing a few thousand transactions per month, you are paying for a platform designed for JPMorgan's volume.
Here is a rough pricing comparison:
| Solution | Annual Cost | Includes |
|---|---|---|
| Dow Jones Risk & Compliance | $25,000 - $100,000 | Full compliance suite |
| LexisNexis WorldCompliance | $15,000 - $60,000 | Sanctions, PEP, adverse media |
| Accuity (now LexisNexis) | $10,000 - $50,000 | Screening + monitoring |
| OFAC Screening API (this) | $60 - $360/year | SDN screening with fuzzy matching |
The OFAC Screening API focuses on one thing: screening names against the US Treasury SDN list with production-grade fuzzy matching. No bundled services, no sales calls, no annual contracts.
What you actually need for OFAC compliance
FinCEN and OFAC require that you screen customers, counterparties, and beneficial owners against the SDN list before processing transactions. The specific requirements are:
- Screen at onboarding -- every new customer gets checked before account activation
- Screen at transaction time -- particularly for international transfers
- Re-screen when the list updates -- Treasury publishes updates multiple times per month
- Maintain an audit trail -- document what you screened, when, and the result
- Use fuzzy matching -- exact match is insufficient and regulators know it
The API handles all five. The SDN data is embedded and updated from Treasury.gov. Every response includes listVersion and screenedAt timestamps for your audit log.
Integrating into your onboarding flow
Here is how to screen a customer during KYC onboarding:
curl -X POST https://ofac-screening-production.up.railway.app/screen \
-H 'Content-Type: application/json' \
-d '{
"name": "Ali Hassan",
"country": "Syria",
"threshold": 0.80
}'
The response comes back in under 100ms with scored matches:
{
"query": { "name": "Ali Hassan", "country": "Syria" },
"threshold": 0.80,
"matchCount": 2,
"matches": [
{
"entity": {
"name": "Ali HASSAN",
"sdnType": "Individual",
"programs": ["SDGT"],
"aliases": ["Abu Abdullah"]
},
"score": 0.94,
"matchType": "exact",
"matchedOn": "primary"
}
],
"listVersion": "03/13/2026",
"screenedAt": "2026-03-15T14:22:08.331Z"
}
In your Node.js onboarding service:
const screenCustomer = async (name, country) => {
const res = await fetch('https://ofac-screening-production.up.railway.app/screen', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ name, country, threshold: 0.85 }),
});
const data = await res.json();
return {
cleared: data.matchCount === 0,
matches: data.matches,
auditRecord: {
query: data.query,
matchCount: data.matchCount,
listVersion: data.listVersion,
screenedAt: data.screenedAt,
},
};
};
// During onboarding
const result = await screenCustomer('John Smith', 'US');
if (!result.cleared) {
// Route to manual review queue
await flagForCompliance(result);
} else {
// Store audit record and proceed
await saveAuditLog(result.auditRecord);
await activateAccount(customerId);
}
Batch screening for existing portfolios
If you need to screen your existing customer base when the SDN list updates, the API supports batch requests:
curl -X POST https://ofac-screening-production.up.railway.app/screen/batch \
-H 'Content-Type: application/json' \
-d '{
"names": ["John Smith", "Ali Hassan", "Acme Trading LLC"],
"threshold": 0.85
}'
This processes up to 100 names per request, returning results for each.
Why fuzzy matching matters for compliance
A naive string comparison for "Vladimir Putin" will miss "V. Putin", "PUTIN, Vladimir V.", and "Vladimir Vladimirovich PUTIN" -- all of which appear in the SDN list as aliases. The API uses four matching strategies in combination:
- Jaro-Winkler similarity for typos and character transpositions
- Token-set matching for reordered names ("BANK OF IRAN" vs "IRAN BANK")
- Double Metaphone for phonetically similar names across transliterations
- Substring containment for partial queries
Each strategy contributes a weighted score. Results include a matchType field (exact, strong, partial, weak) so your compliance team can set review thresholds appropriately.
The MCP server option
If your compliance officers prefer to screen names conversationally without writing code, the OFAC MCP server works with Claude Desktop and Cursor. Install it with:
npx @easysolutions906/mcp-ofac
Add to claude_desktop_config.json:
{
"mcpServers": {
"ofac": {
"command": "npx",
"args": ["-y", "@easysolutions906/mcp-ofac"]
}
}
}
Then ask Claude: "Screen the name Ali Hassan against the OFAC sanctions list." This is useful for ad-hoc reviews without opening a separate tool.
Pricing
- Free tier: 10 screens per day, no signup required
- Starter: $4.99/month -- 100 screens/day
- Pro: $29.99/month -- 1,000 screens/day
- Enterprise: $299.99/month -- unlimited screens
Compare that to the five-figure annual contracts from enterprise vendors. For an early-stage fintech processing a few hundred onboardings per month, the Pro plan covers your needs at $360 per year.
Getting started
- Test the free tier right now -- no API key needed for 10 screens/day
- Hit the
/data-infoendpoint to verify you are screening against the latest SDN list - Store every response as an audit record -- the
listVersionandscreenedAtfields are your compliance documentation - Upgrade when your volume requires it
Sanctions compliance is a legal requirement, not a feature request. But it does not have to cost six figures.
Top comments (0)