Back to Blog
Compliance

Building an OFAC Screening Pipeline That Actually Works

Most OFAC screening implementations are either too strict (flooding compliance teams with false positives) or too loose (missing real matches). Here's how to build one that balances both.

Engineering Team February 10, 2026 12 min read
OFAC Sanctions Screening Tutorial

The False Positive Problem

OFAC compliance sounds simple: check every counterparty against the SDN list before transacting. In practice, it's a minefield of fuzzy matching, alias resolution, and threshold tuning.

The SDN list contains ~12,000 entries. Many have common names, transliterated spellings, and multiple aliases. A naive string-match implementation on a customer database of 100K records will generate thousands of false positives per day — burying your compliance team in manual reviews.

The Architecture

A production OFAC screening pipeline needs four stages:

  • Pre-screening normalization — Standardize names (remove diacritics, normalize whitespace, expand abbreviations)
  • Multi-algorithm matching — Combine exact, phonetic (Soundex/Metaphone), and fuzzy (Levenshtein/Jaro-Winkler) matching
  • Scoring and thresholding — Weight matches by algorithm confidence and field type (name vs. address vs. ID number)
  • Disposition workflow — Route matches above threshold to human review with full context

Using the ComplianceGrid Screening API

Our /v1/compliance/restricted-party-screening endpoint handles stages 1–3 for you:

bash
curl -X POST https://api.compliancegrid.ai/v1/compliance/restricted-party-screening \
  -H "Authorization: Bearer $CG_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "parties": [{
      "name": "Huawei Technologies",
      "country": "CN"
    }]
  }'

The response includes a matchScore (0–100), the specific list matched, and the complete SDN entry with all aliases, addresses, and ID numbers. You handle stage 4 — the human review workflow.

Tuning Your Threshold

The right threshold depends on your risk tolerance:

ThresholdFalse Positive RateFalse Negative RiskBest For
95+Very lowHigherLow-risk transactions
85–94ModerateLowStandard compliance
70–84HighVery lowHigh-risk/sanctions-heavy
Below 70Extremely highMinimalNot recommended

Most customers start at 85 and adjust based on their compliance team's review capacity. We recommend running a backtest against your historical transaction data before going live.

Batch Screening

For onboarding flows or periodic re-screening, use the batch endpoint to screen up to 1,000 entities in a single API call. This counts as 1 API call for billing purposes and returns results in under 5 seconds for most batch sizes.

← Previous

Why Compliance APIs Need Versioning — And How We Do It

Next →

The Government Data Freshness Challenge: How We Keep 200+ Sources in Sync