Don't Fund a Sanctioned Entity: Integrating OFAC Screening into Your Underwriting

Every loan you fund to a sanctioned individual or entity is a potential enforcement action. The Office of Foreign Assets Control (OFAC) doesn't care whether you knew the borrower was sanctioned—strict liability means the violation occurred the moment funds transferred. For lenders, sanctions screening isn't optional compliance theater; it's existential risk management.

An automated OFAC sanctions screening integration catches prohibited parties before funding, protecting your institution from penalties that can reach hundreds of millions of dollars for egregious violations.

The OFAC Framework for Lenders

OFAC administers U.S. economic sanctions programs that prohibit transactions with designated individuals, entities, and countries.

Who must comply

OFAC regulations apply to: • U.S. citizens and permanent residents, regardless of location • All persons and entities within the United States • Any entity organized under U.S. law, including foreign branches • Transactions that touch the U.S. financial system

For lenders, this means every loan origination requires sanctions screening—of the business entity, its beneficial owners, and any guarantors.

The SDN List

The Specially Designated Nationals (SDN) List is OFAC's primary sanctions database. It includes: • Individuals and companies owned or controlled by sanctioned countries • Terrorists and terrorist organizations • Drug traffickers and narcotics kingpins • Weapons proliferators • Human rights abusers • Cyber criminals

The SDN list is updated frequently—sometimes multiple times per day—as new designations are added and others are removed.¹

Beyond SDN

OFAC maintains additional lists that may apply depending on your business: • Sectoral Sanctions Identifications (SSI): Targets specific sectors of sanctioned economies • Foreign Sanctions Evaders (FSE): Non-U.S. persons who facilitated sanctions evasion • Non-SDN Menu-Based Sanctions (NS-MBS): Various additional designation categories

Comprehensive screening requires checking multiple lists, not just the SDN.

The Stakes: 2024-2025 Enforcement

OFAC enforcement penalties demonstrate why sanctions compliance demands attention.

Recent penalty examples

According to Morrison Foerster's sanctions enforcement analysis:

• GVA Capital (June 2025): $215,988,868 penalty—one of the highest ever—for managing investments on behalf of a sanctioned Russian oligarch after his designation²

• Haas Automation (January 2025): $1,044,781 settlement for supplying equipment to blocked Russian entities without adequate ownership due diligence³

• Family International Realty (January 2025): $1,076,923 settlement for facilitating property transfers for sanctioned Russian oligarchs

Global enforcement trends

Lucinity research reports that global AML-related fines surged 522% to $3.65 billion, with UK enforcement actions for transaction monitoring breaches reaching $3.3 billion in 2024—double the previous year.⁴

The message is clear: enforcement is accelerating, penalties are increasing, and "we didn't know" is not a defense.

Screening Requirements for Business Lending

Business loans require screening at multiple levels.

Entity screening

Screen the borrower entity against: • OFAC SDN and related lists • Country-based sanctions (is the entity based in a sanctioned jurisdiction?) • Sectoral sanctions (does the industry fall under sanctions restrictions?)

Beneficial owner screening

Every identified UBO must be screened against: • OFAC SDN list • Politically Exposed Persons (PEP) databases • Adverse media sources • Other global sanctions lists (EU, UN, UK)

This is where entity verification connects directly to sanctions compliance—you need accurate UBO identification before you can screen effectively.

Guarantor screening

Personal guarantors on business loans require the same screening as beneficial owners: • Individual name against SDN • PEP status check • Adverse media review

Ongoing monitoring

Initial screening isn't sufficient. The Haas Automation case specifically cited failure to re-screen previously approved parties as a compliance gap:

OFAC noted the company "screened its UAE counterparties at the start of the customer relationships but... failed to catch that the two companies were subsequently sanctioned."⁵

Active loans require periodic re-screening to catch borrowers who become sanctioned after origination.

Building Your Screening Workflow

Effective sanctions screening integrates into underwriting without creating bottlenecks.

Pre-application screening

Screen leads before investing underwriting resources: • Business name against entity sanctions • Principal name against individual sanctions • Geographic indicators against country sanctions

Reject or flag high-risk matches before full underwriting begins.

Application screening

Full screening during underwriting: • Complete entity screening with variations and aliases • All beneficial owners identified through KYB process • All guarantors and co-signers • Registered agent and key officers

Pre-funding verification

Final screening before disbursement: • Re-screen all parties to catch recent designations • Verify no status changes since initial screening • Document screening results in loan file

Portfolio monitoring

Ongoing screening of active accounts: • Periodic re-screening (monthly or quarterly depending on risk) • Immediate screening when lists are updated • Alert workflow for new matches

The False Positive Problem

Sanctions screening generates false positives—legitimate parties whose names partially match sanctioned individuals or entities.

Why false positives occur

• Common names: "Mohammed Ali" or "John Smith" may match multiple SDN entries • Partial matches: Screening algorithms flag similar names for review • Transliteration variations: Names from non-Latin alphabets have multiple spellings • Business name similarities: Generic names like "Global Trading LLC" match broadly

Managing false positives

WorkFusion research notes that "99.99% of alerts are false positives" in rules-based sanctions screening, creating enormous review workloads.⁶

Effective management requires: • Secondary identifiers: Compare dates of birth, addresses, and other identifying information • Risk-based thresholds: Apply stricter thresholds to higher-risk transactions • Documented resolution: Record the basis for clearing false positives • Escalation protocols: Route uncertain matches to compliance specialists

Automation value

Modern screening tools use AI and machine learning to: • Reduce false positive rates through better matching algorithms • Automate resolution of clear non-matches • Prioritize true positives for immediate attention • Learn from historical disposition decisions

Documentation and Audit Trails

OFAC emphasizes documentation as evidence of a robust compliance program.

What to document

For every screening: • Date and time of screening • Lists screened against • Results (match, potential match, no match) • Disposition for potential matches (cleared as false positive, escalated, blocked) • Rationale for disposition decisions • Reviewer who made the determination

Retention requirements

Maintain screening records for at least five years from the date of the transaction—longer if your institution's policies require it.

Audit readiness

Regulators and examiners expect to see: • Written sanctions compliance policies • Evidence of regular screening • Documentation of match resolution • Training records for compliance staff • Testing and audit results

For guidance on creating audit-ready compliance documentation, see our article on audit-ready compliance screenshots.

Integration Architecture

Sanctions screening should integrate seamlessly with your loan origination system.

API integration points

At application intake:

POST /sanctions/screen{  "entity_name": "ABC Manufacturing LLC",  "entity_type": "business",  "country": "US",  "state": "TX"}

For individuals:

POST /sanctions/screen{  "individual_name": "John Smith",  "date_of_birth": "1975-03-15",  "country": "US",  "id_number": "XXX-XX-1234"}

Response handling

Clear result:

{  "status": "CLEAR",  "lists_checked": ["SDN", "SSI", "FSE"],  "timestamp": "2025-01-15T10:30:00Z"}

Potential match:

{  "status": "POTENTIAL_MATCH",  "matches": [    {      "list": "SDN",      "entry_id": "12345",      "match_score": 0.85,      "name": "SMITH, John",      "program": "UKRAINE-EO13661"    }  ],  "action_required": "MANUAL_REVIEW"}

Workflow automation

• Clear results: Proceed automatically with audit log entry • Potential matches: Route to compliance queue for review • Confirmed matches: Block transaction and alert compliance officer • System errors: Queue for retry with manual override option

Five Components of OFAC Compliance

OFAC guidance identifies five essential elements of an effective sanctions compliance program:

1. Management commitment

Senior leadership must support sanctions compliance with adequate resources, authority, and accountability.

2. Risk assessment

Understand where sanctions risks exist in your business—customer base, geographic exposure, product types, transaction channels.

3. Internal controls

Documented procedures for screening, escalation, blocking, and reporting. Controls should be proportionate to identified risks.

4. Testing and auditing

Regular independent testing to verify controls are working as designed. Address identified deficiencies promptly.

5. Training

Role-appropriate training for all employees with sanctions compliance responsibilities. Regular refreshers as regulations evolve.

The Compliance Investment

Sanctions compliance requires investment in technology, processes, and people. The alternative—enforcement action—is far more expensive.

Technology costs: • Screening software licensing • API integration development • System maintenance and updates

Process costs: • Policy development and maintenance • Match resolution workflows • Audit and documentation

People costs: • Compliance officer oversight • Alert review staff • Training programs

Penalty avoidance value: • Average settlement: Six to seven figures • Egregious violations: Eight to nine figures • Reputational damage: Incalculable

The math favors investment in prevention. A robust sanctions screening program costs a fraction of a single enforcement action.

Sources

• Sanctions.io | 6 Best Practices for Screening the OFAC SDN List

• Morrison Foerster | U.S. Sanctions Enforcement: 2024 Lessons Learned and 2025 Expectations

• Lucinity | Sanctions Screening in 2025: How Financial Institutions Can Keep Up

• Sanctions.io | Understanding OFAC Sanctions: A Comprehensive Guide

• WorkFusion | Ensuring OFAC Sanctions Compliance for Real-Time Payments

‍