OFAC monitoring (also called continuous sanctions monitoring) automatically re-screens your customers, vendors, and counterparties against updated sanctions lists — not just at onboarding. When a previously clean entity is added to the OFAC SDN list or another sanctions list, the system detects the change and triggers an alert before any regulated transaction occurs.
For most businesses, OFAC screening should happen at onboarding and continuously thereafter — re-triggered by sanctions list updates rather than a fixed calendar schedule. OFAC updates the SDN list multiple times per week; a monthly batch run leaves a compliance gap of up to 30 days.
The practical standard by risk level:
OFAC does not prescribe a specific frequency. Its 2019 Framework for Compliance Commitments calls for "ongoing customer due diligence" and "automated screening" — effectively endorsing continuous monitoring over periodic batch runs.
OFAC, the EU, the UN, and other sanctions authorities update their lists without advance notice. A counterparty that was clean when you onboarded them in January may be designated in March, making any ongoing business relationship a potential violation.
Screening at onboarding only creates a point-in-time snapshot. It provides no protection after the relationship begins. This is why regulators increasingly expect continuous or periodic re-screening as a core component of a sanctions compliance program.
OFAC's own guidance states that a risk-based sanctions compliance program should include "ongoing screening processes" — not just initial checks.
Entity enrollment — When you screen an entity and choose to monitor them, they are added to your monitoring queue with their name, identifiers, and current risk score.
List update detection — The monitoring service checks for sanctions list updates from OFAC, EU, UN, UK, and other authorities. OFAC publishes changes within hours of a new designation.
Automated re-screening — When a list update is detected, all monitored entities are re-screened against the updated data. This happens automatically, without manual intervention.
Risk score comparison — The new risk score is compared to the previous score. If the score crosses a threshold (e.g., from low to high), an alert is generated.
Alert delivery — Alerts are delivered via your configured channels: email notification, webhook payload, or in-app dashboard. Your team is notified in near real-time.
Review and action — Your compliance team reviews the alert, investigates the match, and takes appropriate action — blocking the relationship, filing an OFAC report, or documenting the false positive.
An alert fires when a monitored entity's risk score changes materially — specifically when a previously low-risk entity now produces a high-confidence match against a sanctions list entry.
Common triggers:
The simplest configuration: when a risk score change is detected, an email is sent to your compliance team's address. The email includes the entity name, previous risk score, new risk score, and the matching sanctions list entry.
For teams integrating monitoring into their own systems, webhook delivery sends a structured JSON payload to your endpoint on every alert. This enables:
A typical webhook payload:
{
"event": "risk_score_changed",
"entity": {
"id": "me_abc123",
"name": "Acme Trading Ltd",
"previous_risk_score": 15,
"new_risk_score": 87
},
"match": {
"list": "OFAC SDN",
"matched_name": "Acme Trading LLC",
"confidence": 0.91
},
"alerted_at": "2026-03-04T09:12:00Z"
}
Configure your monitoring thresholds based on your risk appetite:
The re-screening frequency should match the pace at which sanctions lists update. OFAC updates the SDN list multiple times per week and occasionally multiple times per day when major designations occur (e.g., in response to geopolitical events).
SanctScan monitors for list changes continuously and triggers re-screening within hours of a list update. For most compliance programs, this provides sufficient coverage without generating alert fatigue.
Different businesses have different monitoring needs:
| Plan | Monitored Entities | Alert Channels |
|---|---|---|
| Free | 10 | |
| Starter | 500 | Email + Webhook |
| Growth | 2,500 | Email + Webhook |
| Enterprise | Unlimited | Email + Webhook + Custom |
Some organizations run batch re-screening on a fixed schedule (weekly or monthly). While this is better than onboarding-only screening, it creates a compliance gap: an entity designated on a Monday may not be detected until your next Friday batch run.
Continuous monitoring eliminates this gap by linking re-screening to list updates rather than to a calendar schedule.
SanctScan checks for list updates continuously. When OFAC or another authority publishes an updated list, re-screening of all monitored entities begins within hours. Most new designations are detected the same day they are published.
Yes. You can add entities to monitoring via the dashboard or API regardless of whether you initially screened them through SanctScan. If you have an existing customer list, you can bulk-import entities to begin monitoring immediately.
The OFAC 50% rule states that any entity owned 50% or more by one or more SDN-listed persons is automatically considered blocked, even if the entity itself does not appear on the SDN list. When screening a company, SanctScan screens the entity's disclosed beneficial owners and flags ownership-based exposure.
SanctScan covers the major lists: OFAC SDN and non-SDN programs, EU Consolidated, UN Security Council, UK OFSI, SECO (Switzerland), and several others. Coverage is expanded as new list sources are added. Check the current coverage list in your account settings.
OFAC does not mandate a specific re-screening frequency. However, OFAC's Framework for Compliance Commitments explicitly includes "ongoing customer due diligence" and "automated and manual transaction/business partner screening" as components of an effective compliance program. Regulators increasingly view one-time screening as insufficient.
Monitoring alerts are triggered by changes in sanctions list data for entities you already know. Transaction screening is a separate check run at the point of a specific transaction (e.g., a payment, a contract execution). Both are components of a complete compliance program, but they serve different purposes.
Add entities to continuous monitoring — alerts delivered within hours of any designation change.