Finance Index
What is OFAC sanctions screening and are regular companies required to do it?
Reference guide to OFAC sanctions screening vendors, including vendor records, onboarding requirements, compliance checks, fraud controls, and payment readiness.
OFAC screening checks your vendors (and other counterparties) against U.S. sanctions lists - primarily the Specially Designated Nationals (SDN) list - to ensure you're not paying a prohibited party. And yes, it applies to everyone: OFAC sanctions are strict-liability obligations binding on all U.S. persons and companies, not just banks. Any business making payments can face penalties for dealing with a sanctioned party, even unknowingly.
At a Glance
| Aspect | Short Answer | Why It Matters |
|---|---|---|
| OFAC sanctions screening | OFAC screening checks your vendors (and other counterparties) against U.S. | Keeps vendor records and payment decisions reliable. |
| Vendor impact | OFAC publishes a free Sanctions List Search tool - enter the vendor's legal name (and check variations and key individuals) and review any matches by fuzzy-match score. | Keeps vendor records and payment decisions reliable. |
| What lists matter beyond | OFAC's Consolidated Screening List (which spans multiple agencies), EU/UK sanctions lists if you have exposure there, and debarment lists like SAM.gov's exclusions for government-funded work. | Helps finance decide what to do next. |
| Tell a false positive | Compare identifying details beyond the name - address, date of birth, country, entity identifiers. | Helps finance decide what to do next. |
| We have a true OFAC | Don't pay, don't tip off the party, and treat the funds/transaction as blocked or rejected per OFAC rules. | Helps finance decide what to do next. |
How do I screen a vendor against the sdn list?
OFAC publishes a free Sanctions List Search tool - enter the vendor's legal name (and check variations and key individuals) and review any matches by fuzzy-match score. A strong match requires investigation; a weak one is often a false positive on a common name. Document what you searched and what you found.
What lists matter beyond the sdn list?
OFAC's Consolidated Screening List (which spans multiple agencies), EU/UK sanctions lists if you have exposure there, and debarment lists like SAM.gov's exclusions for government-funded work. The relevant set depends on your footprint - international operations and federal contracting widen it considerably.
How do I tell a false positive from a true OFAC match?
Compare identifying details beyond the name - address, date of birth, country, entity identifiers. A name-only match on a common name is usually a false positive; a match on name *plus* corroborating details is a true hit. Document the analysis either way; "we checked and ruled it out, here's why" is the record you need.
We have a true OFAC match - what are the immediate obligations?
Don't pay, don't tip off the party, and treat the funds/transaction as blocked or rejected per OFAC rules. Escalate to legal/compliance immediately - there are reporting obligations to OFAC, and the specifics depend on the program. This is a stop-and-call-counsel moment, not a judgment call to make alone.
Screen at onboarding only or continuously re-screen?
Proportionate to exposure: everyone screens at onboarding; companies with international vendors or higher risk should re-screen periodically, since lists change and a clean vendor today can be designated tomorrow. Continuous screening is the stronger control where exposure warrants it.
How do I automate sanctions screening in onboarding instead of remembering to check a website?
Build the screen into the vendor-approval workflow - a screening step (manual or via a screening service/API) that must clear before activation - rather than relying on someone visiting the OFAC site. Automating it makes it consistent and auditable; the manual website check is the control that gets skipped under pressure.
What's our exposure if we paid a sanctioned party unknowingly?
OFAC liability is largely strict - lack of intent reduces but doesn't eliminate exposure. Penalties can be substantial; voluntary self-disclosure and a demonstrated compliance program are mitigating factors OFAC weighs. The takeaway: a documented screening program isn't just good practice, it's part of your defense if something slips through.
Stampli perspective
Stampli's position is that vendor work should be governed by the same controls that protect AP: clear ownership, documented changes, and visibility into the invoices and payments tied to each vendor. Clean vendor records reduce downstream exceptions and give finance a stronger audit trail.