OFAC Data Points - easyofac/docs GitHub Wiki

When it comes to KYC/AML screening, most screened data points fall into one of two categories: primary identifiers and secondary identifiers. While both types are essential to screening procedures, each has a different function. Primary identifiers are utilized during initial screening against watch lists, while secondary identifiers are useful to confirm or clear potential matches.

Reference List Content

The reference list (OFAC, DMV records, Politically Exposed Persons) largely determines the identifier type. A ubiquitous data point, one existing for every entity in the reference list, is a primary identifier. Any other data point, such as one that only exists within a portion of the data set (even a vast majority), are considered secondary identifiers.

Ephemeral Data Points

Another factor in determining the identifier type is how ephemeral or transitory the information is. Data points like date of birth, place of birth, and tax ID number rarely, if ever, change. Others, such as a physical address, email address, phone number, or cryptocurrency address, change frequently. A person or corporation may change their name or DBA, and when they do, reference lists are quickly updated. Ephemeral data points are typically secondary identifiers, while stable data points (and those kept frequently updated in a reference list) are good candidates for primary data.

Search Coverage

When searching the list using a primary identifier, the search could analyze 100% of the records to find potential matches. However, when examining the list using a secondary identifier, records not carrying the data point would be excluded from the search. Using a secondary identifier in a first-pass search creates a risk of missing matches.

Practical Examples

Consider some examples, using the OFAC lists. The OFAC SDN and OFAC Non-SDN Consolidated lists have names for 100% of the entities on the list. OFAC also frequently updates the list with known aliases, name changes, new corporations, and DBAs. No other identifier on the OFAC list exists across every record. This makes name - first/last name and corporation name - the most reliable primary identifier for the list.

In another example, a Social Security Number (SSN) would be considered a candidate for a primary identifier. However, the OFAC list includes the SSN for only a small percentage of the total records. If we were to search OFAC's list using the SSN, only a tiny fraction of the data is analyzed, and we could easily miss a potential match.

Now consider a potential match identified during a name search of the OFAC list. The last name matched precisely, and the first name was a close or fuzzy match. On inspection, you find the record carries a passport number, and your organization collects passport number as a secondary identifier. Using the passport number on file, you can confirm or clear this potential match.

Conclusion

It is crucial to distinguish between primary and secondary identifiers. Primary identifiers are used for first-pass searching, while secondary identifiers function to confirm or clear potential matches. Incorrect use of data points in searching increases compliance risk significantly by excluding large portions of the reference list.