SanctScanSanctScan
FunctiesPrijzenAPI DocsBlog

© 2026 SanctScan. Alle rechten voorbehouden

Privacybeleid · Algemene voorwaarden

    OFAC Monitoring: How Often to Screen and How Continuous Alerts Work

    OFAC monitoring (also called continuous sanctions monitoring) automatically re-screens your customers, vendors, and counterparties against updated sanctions lists — not just at onboarding. When a previously clean entity is added to the OFAC SDN list or another sanctions list, the system detects the change and triggers an alert before any regulated transaction occurs.

    How Often Should You Screen for OFAC Compliance?

    For most businesses, OFAC screening should happen at onboarding and continuously thereafter — re-triggered by sanctions list updates rather than a fixed calendar schedule. OFAC updates the SDN list multiple times per week; a monthly batch run leaves a compliance gap of up to 30 days.

    The practical standard by risk level:

    • High-risk businesses (financial services, crypto, high-value trade): real-time or daily re-screening
    • Medium-risk (B2B SaaS, professional services, general trade): re-screen within 24 hours of any list update
    • Lower-risk: weekly re-screening is a reasonable minimum, but daily is better practice

    OFAC does not prescribe a specific frequency. Its 2019 Framework for Compliance Commitments calls for "ongoing customer due diligence" and "automated screening" — effectively endorsing continuous monitoring over periodic batch runs.

    Why One-Time Screening Is Not Enough

    OFAC, the EU, the UN, and other sanctions authorities update their lists without advance notice. A counterparty that was clean when you onboarded them in January may be designated in March, making any ongoing business relationship a potential violation.

    Screening at onboarding only creates a point-in-time snapshot. It provides no protection after the relationship begins. This is why regulators increasingly expect continuous or periodic re-screening as a core component of a sanctions compliance program.

    OFAC's own guidance states that a risk-based sanctions compliance program should include "ongoing screening processes" — not just initial checks.

    How Continuous Sanctions Monitoring Works

    1. Entity enrollment — When you screen an entity and choose to monitor them, they are added to your monitoring queue with their name, identifiers, and current risk score.

    2. List update detection — The monitoring service checks for sanctions list updates from OFAC, EU, UN, UK, and other authorities. OFAC publishes changes within hours of a new designation.

    3. Automated re-screening — When a list update is detected, all monitored entities are re-screened against the updated data. This happens automatically, without manual intervention.

    4. Risk score comparison — The new risk score is compared to the previous score. If the score crosses a threshold (e.g., from low to high), an alert is generated.

    5. Alert delivery — Alerts are delivered via your configured channels: email notification, webhook payload, or in-app dashboard. Your team is notified in near real-time.

    6. Review and action — Your compliance team reviews the alert, investigates the match, and takes appropriate action — blocking the relationship, filing an OFAC report, or documenting the false positive.

    What Triggers a Monitoring Alert?

    An alert fires when a monitored entity's risk score changes materially — specifically when a previously low-risk entity now produces a high-confidence match against a sanctions list entry.

    Common triggers:

    • New SDN designation — The entity or someone with a closely matching name is added to the OFAC SDN list
    • New EU/UN designation — The entity appears on a newly updated EU Consolidated or UN Security Council list
    • Name change or alias — A sanctioned entity adds a new alias that matches your monitored entity's name
    • Ownership change — A related party becomes sanctioned, potentially triggering OFAC's 50% rule (where 50%+ ownership by a sanctioned person blocks the entity automatically)

    Configuring Alerts and Notifications

    Email Alerts

    The simplest configuration: when a risk score change is detected, an email is sent to your compliance team's address. The email includes the entity name, previous risk score, new risk score, and the matching sanctions list entry.

    Webhook Delivery

    For teams integrating monitoring into their own systems, webhook delivery sends a structured JSON payload to your endpoint on every alert. This enables:

    • Automatic account suspension workflows
    • Ticket creation in your compliance case management system
    • Real-time Slack/Teams notifications via your own integration
    • Data ingestion into your compliance analytics platform

    A typical webhook payload:

    {
  "event": "risk_score_changed",
  "entity": {
    "id": "me_abc123",
    "name": "Acme Trading Ltd",
    "previous_risk_score": 15,
    "new_risk_score": 87
  },
  "match": {
    "list": "OFAC SDN",
    "matched_name": "Acme Trading LLC",
    "confidence": 0.91
  },
  "alerted_at": "2026-03-04T09:12:00Z"
}

    Alert Thresholds

    Configure your monitoring thresholds based on your risk appetite:

    • High sensitivity — Alert on any score increase (catches more, produces more false positives)
    • Standard — Alert when score crosses from low to medium or medium to high
    • High specificity — Alert only on confirmed high-risk matches (fewer alerts, higher confidence)

    How Frequently Are Entities Re-Screened?

    The re-screening frequency should match the pace at which sanctions lists update. OFAC updates the SDN list multiple times per week and occasionally multiple times per day when major designations occur (e.g., in response to geopolitical events).

    SanctScan monitors for list changes continuously and triggers re-screening within hours of a list update. For most compliance programs, this provides sufficient coverage without generating alert fatigue.

    Monitoring Limits by Plan

    Different businesses have different monitoring needs:

    PlanMonitored EntitiesAlert Channels
    Free10Email
    Starter500Email + Webhook
    Growth2,500Email + Webhook
    EnterpriseUnlimitedEmail + Webhook + Custom

    What to Do When You Receive a Monitoring Alert

    1. Do not take immediate action — An alert is not a confirmed match. It requires review.
    2. Open the alert — Review the entity details, the matching list entry, and the confidence score.
    3. Compare identifiers — Does the DOB match? Country of operation? Known addresses? Nationality?
    4. Make a determination — Is this a true match or a false positive?
    5. If true match: Block transactions, report to OFAC if required, document your actions. Seek legal counsel if the relationship is complex.
    6. If false positive: Document your analysis — why you concluded it was not a match. This documentation is your primary defense in a regulatory review.
    7. Resolve the alert — Mark the alert as reviewed in your compliance system with the outcome and rationale.

    Continuous Monitoring vs. Periodic Batch Screening

    Some organizations run batch re-screening on a fixed schedule (weekly or monthly). While this is better than onboarding-only screening, it creates a compliance gap: an entity designated on a Monday may not be detected until your next Friday batch run.

    Continuous monitoring eliminates this gap by linking re-screening to list updates rather than to a calendar schedule.

    FAQ

    How quickly does monitoring detect a new sanctions designation?

    SanctScan checks for list updates continuously. When OFAC or another authority publishes an updated list, re-screening of all monitored entities begins within hours. Most new designations are detected the same day they are published.

    Can I monitor entities from third-party data sources?

    Yes. You can add entities to monitoring via the dashboard or API regardless of whether you initially screened them through SanctScan. If you have an existing customer list, you can bulk-import entities to begin monitoring immediately.

    What is the OFAC 50% rule and does monitoring account for it?

    The OFAC 50% rule states that any entity owned 50% or more by one or more SDN-listed persons is automatically considered blocked, even if the entity itself does not appear on the SDN list. When screening a company, SanctScan screens the entity's disclosed beneficial owners and flags ownership-based exposure.

    Does monitoring cover all global sanctions lists?

    SanctScan covers the major lists: OFAC SDN and non-SDN programs, EU Consolidated, UN Security Council, UK OFSI, SECO (Switzerland), and several others. Coverage is expanded as new list sources are added. Check the current coverage list in your account settings.

    Is continuous monitoring required by OFAC?

    OFAC does not mandate a specific re-screening frequency. However, OFAC's Framework for Compliance Commitments explicitly includes "ongoing customer due diligence" and "automated and manual transaction/business partner screening" as components of an effective compliance program. Regulators increasingly view one-time screening as insufficient.

    What is the difference between monitoring alerts and transaction screening?

    Monitoring alerts are triggered by changes in sanctions list data for entities you already know. Transaction screening is a separate check run at the point of a specific transaction (e.g., a payment, a contract execution). Both are components of a complete compliance program, but they serve different purposes.

    Add entities to continuous monitoring — alerts delivered within hours of any designation change.