EasyOFAC Overview - easyofac/docs GitHub Wiki
Getting Started
EasyOFAC was designed to be simple and intuitive, making it easy to manage your OFAC KYC compliance. The web-based dashboard provides the ability to add real-time monitoring to your organization, and a powerful RESTful API to integrate seamlessly into your existing workflow.
There are two types of entities that EasyOFAC can monitor: customers and companies. Customers represent individual real persons, while companies represent incorporations, trusts, and other legal entities (vendors, suppliers, or businesses that you are associated with). The monitoring is ongoing. This means that if a monitored entity is not currently on a compliance watch list but is added at a later date, you stay compliant without having to re-screen every entity each month.
In addition to ongoing compliance, ad hoc searches are available via the RESTful API. Search methods include both partial and fuzzy matching (based on a weighted, layered phonetic search). In addition, several lookup methods are provided to retrieve the underlying watch list data. For more information, see the API documentation.
How It Works
Layered Fuzzy Search
Fuzzy searching lets you identify close matches. While most fuzzy OFAC searches use only SoundEx or Levenstien distance, EasyOFAC employs several phonetic algorithms layered together to analyze your data. This removes much of the guesswork, provides meaningful results, and helps avoid false positives.
Secure Tokenized Data
EasyOFAC goes an extra step by tokenizing all the data you provide. Only the reference IDs you provide for the customer/vendor are stored in their original form. We provide the peace of mind that any data being monitored is secure.
Real-Time Monitoring
EasyOFAC continuously monitors your customer base to help you establish ongoing OFAC compliance. Audit reports are emailed on a monthly basis and your compliance status can be checked at any time via the API.
Guided Compliance Workflow
When EasyOFAC finds a potential match, we provide you with all the watch-list data associated with the match to help you make quick work of further vetting the customer or vendor. When you finish your investigation, a single click marks the record as unsafe or adds an exception to avoid repeat matches for that entity.
Handling a Potential Match
Before determining a possible course of action, you will first need to research the potential match further. Clicking on a customer or company that is marked with the status 'inspect' will reveal one or more potential matches, along with all other information known about each match (e.g. alternate names, addresses, etc.). Note the external identification number you provided for the record, and use this ID to locate any applicable records from your organization's systems and databases, comparing your records to those shown here. Take into account any similarities, or markers that would indicate a positive match, as well as differences that may suggest a false positive. When you are finished researching, you must make a decision of how to flag the match.
The following is a commonly adopted workflow for dealing with potential matches:
- At any point, if you have reason to know or believe that doing business with this entity would violate any of the Regulations, you must call the OFAC hotline and explain this knowledge or belief.
- Next, determine how much of the name is matching against the name of your account holder. Is just one of two or more names matching (i.e., just the last name)?
- Compare the complete entry with all of the information you have on the matching name of your account holder. An entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. If you are missing a lot of this information for the name of your account holder, you may choose to gather more information.
- When reviewing the data, are there a number of similarities or exact matches?
Mark as Unsafe
If you have positively identified, or believe the match is valid, you should mark the record as "unsafe" by clicking on the "Mark as Unsafe" button on the record inspection panel. Alternatively, you can use the API to update the record status to "unsafe". Once properly flagged, you will also want to follow up with the proper authorities to report the activity. If the record matched secondary data points from OFAC data, you should contact the OFAC hotline at 1-800-540-6322.
Mark as Exception
If after investigating you find no indication that the potential match is the entity in your records, you can mark the record as an exception to avoid future false-positives. To do this, click on the "Mark as Exception" button on the record inspection panel. You can do this for individual matches, or "Mark All as Exception" to specify all potential matches for that record as exceptions. Alternatively, you can use the API to update the record status to "exception".
Mark for Retest
If the entity is no longer on the watch list, or you simply would like to reverify the record, you may click the "Mark for Retest" button on the record inspection panel. Alternatively, you can use the API to update the record status to "safe" to initiate the retest. NOTE: If a record's status is in "inspect", "unsafe", or "exception", changing the record's status to "safe" will immediately cause a rescreening. If there are potential matches, it will be marked as "inspect". If no matches are found, the status will remain "safe".