DEV Community

George Kioko
George Kioko

Posted on

How to Screen a Vendor List Against OFAC Sanctions in 20 Minutes

How to Screen a Vendor List Against OFAC Sanctions in 20 Minutes

If your company pays vendors, onboards customers, or moves money across a border, you are on the hook for OFAC sanctions screening. The US Treasury publishes the SDN list, and checking your counterparties against it is not optional. The problem is that most teams still do it the slow way: one name at a time in the public search box, copying results into a spreadsheet, hoping nobody fat-fingered a transliteration.

There is a faster way that takes about 20 minutes to set up and then runs on a whole list in one shot. Here is exactly how I do it.

The job, stated plainly

You have a list of names. Companies, people, vessels, whatever your counterparties are. You need to know which of them match an entry on the OFAC SDN list, how strong each match is, and enough surrounding data to either clear the name or send it to a human for review. You want an audit trail for the ones you cleared, because "we screened everyone" is a sentence you may have to prove later.

Doing that by hand does not scale past a few names. The single name search also misses the thing that actually catches sanctioned parties: spelling variants. "Ivan Petrov" and "Ivan Petroff" are the same person to a fuzzy matcher and two different rows to a copy and paste workflow.

Step 1: point an actor at your list

I use the OFAC Sanctions Screener on Apify. You give it a list of entity names, either inline or as a file, and it screens every one against the current SDN list. The whole input is this small:

{
  "entities": ["Acme Trading LLC", "Ivan Petrov", "MV Northern Star"],
  "minConfidence": 80
}
Enter fullscreen mode Exit fullscreen mode

The minConfidence setting controls how aggressive the fuzzy matching is. Start at 80, then tune it once you see how your real data behaves. Lower it and you catch more variants but review more false positives. Raise it and you review less but risk missing a sloppy transliteration.

Step 2: run it and read the output

Each name comes back as a structured record. The fields that matter for a screening decision:

  • match_confidence, a 0 to 100 score for how close the name is to an SDN entry
  • risk_level, bucketed into clear, review, or high
  • matched_name, the exact SDN entry that triggered the hit
  • aliases and addresses for the matched entity
  • the sanctions program the entry falls under

The fuzzy match is the whole point. It runs your input against primary names and known aliases, so a name that is spelled a little differently than the official listing still surfaces. That is the failure mode that gets compliance teams in trouble, and it is the one a manual search quietly skips.

Step 3: filter to what a human reviews

Sort the output by match_confidence. Everything above your threshold is the short list a compliance analyst actually looks at. Everything below is cleared, and you keep the full output as the record that you screened the whole book. A list of three hundred vendors becomes a review queue of maybe five, with the data for each one already attached.

That is the part that turns a day of work into a coffee break. You are not screening fewer names. You are screening all of them and only spending human attention on the handful that need a judgment call.

Step 4: make it run inside your AI agent

This is the part that surprises people. The actor is exposed over the Apify MCP server, which means an AI agent can call it mid conversation. If you work in Claude, you point your MCP config at the Apify server:

https://mcp.apify.com?tools=george.the.developer/ofac-sanctions-screener
Enter fullscreen mode Exit fullscreen mode

Now you can hand your agent a list and say "screen these twelve vendors against OFAC and flag anything over 85 percent," and it runs the actor, reads the matches, and gives you back the shortlist. The screening becomes one step inside a larger onboarding or due diligence workflow the agent is already running, instead of a separate tool you context switch into.

Why this beats the enterprise tools for most teams

The big sanctions screening platforms do this well and charge enterprise money for it, often five to six figures a year. If you are a bank with a dedicated compliance department, that is the right tool. If you are a fintech onboarding customers, an importer checking a new supplier, or a consultant running due diligence for clients, you are paying for a department you do not have. Screening per entity, at a cent a name, covers the same first pass screening without the contract.

The honest line: a tool gives you a fast, auditable first pass. The final compliance call stays with your team, because you know your own risk policy and your regulator does not accept "the API said it was fine." What you get is the slow part automated and the judgment part handed to you on a plate.

The 20 minute version

Set up the input once, run it on your real list, tune minConfidence to your data, and wire it into whatever onboarding flow or agent you already run. After that, screening a new batch is one call. The next time someone asks whether you checked a counterparty against OFAC, the answer is yes, with the record to show it.

You can run the OFAC Sanctions Screener here: https://apify.com/george.the.developer/ofac-sanctions-screener

Source and verification reports: github.com/the-ai-entrepreneur-ai-hub/apify-actor-portfolio.

Top comments (0)