OFAC Sanctions Compliance Checklist

A comprehensive checklist for building and maintaining an OFAC-compliant sanctions screening program.

How to use: work through each section in order. Don't skip steps — the order matters.

Onboarding screening

Ongoing monitoring

Investigation workflow

Program governance

Why this checklist exists

This checklist was built for teams handling OFAC screening API. Each item addresses a common failure mode we've seen in real workflows. Skipping a step doesn't save time — it creates rework, disputes, or missed signals downstream.

Automate it: SanctionsAI handles most of these checklist items automatically through its OFAC screening API workflow.

1. Designate a compliance owner

OFAC expects to find a named person responsible for sanctions compliance. For solo operators, that is you. For companies, designate a specific individual and document their role in writing. This is the first question OFAC asks in any enforcement inquiry.

2. Map your transaction types

List every scenario where value moves: direct wallet payments, x402 micropayments, smart contract interactions that transfer tokens, tipping or donation functions, and subscription payments. Each path needs a pre-payment screening gate. An agent that screens wallet payments but not smart contract interactions has a gap.

3. Implement pre-payment screening

Add an inline sanctions check before every payment your agent authorizes. Screen the counterparty wallet, name, and jurisdiction. If flagged, halt the transaction and alert a human. SanctionsAI provides this as a single API call under 100ms with a free tier of 5 checks/day.

4. Maintain an audit trail

Record every screen: timestamp, wallet/name/country checked, result, OFAC list version, and which agent initiated the check. A documented, timestamped audit trail is the single most powerful mitigating factor in any OFAC enforcement action. SanctionsAI paid plans include automatic audit logging in the compliance dashboard.

5. Set up escalation

Configure your agent to alert a human when a sanctions match occurs. A blocked transaction that sits silently in a log is useless. The human reviewer needs to assess the match within a reasonable time window and decide whether to escalate to legal counsel.

6. Document your compliance program

Write down what you built: which screening API you use, which payment paths are covered, who the compliance owner is, and how alerts are handled. OFAC's Enforcement Guidelines treat documented compliance programs as a significant mitigating factor. A one-page summary is sufficient for most deployments.

7. Review and rescreen

The OFAC SDN list changes daily. A wallet clean today may be sanctioned tomorrow. Never cache screening results — rescreen before every payment. Set a recurring monthly review to verify your screening pipeline still works end to end and that list updates are being consumed.

Try SanctionsAI

Free OFAC sanctions screening API.

Get started →