The Sanctions Screening System Flagged a Partial Name Match to the SDN List. The Match Isn’t Exact and the System Hasn’t Hard-Blocked It. There’s a Deadline. “The Tool Would Have Stopped It If It Was Really a Problem.” Would It Have?

Quick Answer

When a sanctions screening system flags a partial match to the SDN list — close but not exact — and hasn’t hard-blocked the transaction, can the employee proceed?

No. An unresolved screening flag requires escalation regardless of whether the system has hard-blocked the transaction. Automated screening tools are configured with thresholds designed to surface potential matches — not to make compliance determinations. The hard-block threshold is set conservatively to avoid over-blocking, meaning a significant number of genuine SDN matches will surface as soft flags requiring human review. Proceeding past an unresolved flag is a compliance decision the employee is not authorized to make — and is the category of error responsible for most sanctions violations that reach enforcement.

The Situation

A finance operations employee at a multinational company is processing a payment batch. The company’s sanctions screening software flags one transaction as a potential match — a customer name that is similar but not identical to an entity on the OFAC SDN list. The match score is 74% — above the company’s alert threshold of 70% but below the hard-block threshold of 85%. The system has surfaced the flag for human review, but has not stopped the transaction from being processed.

The employee has a batch processing deadline. The compliance team’s SDN review queue is backed up. The customer has been in the company’s system for 18 months without any previous flags. The employee’s reasoning: “If this were really a sanctioned entity, the system would have blocked it. It’s probably a false positive — a different transliteration of the same name. I’ll clear it and note that the compliance team should review it next cycle.”

The employee clears the flag and processes the payment. Three weeks later, OFAC’s compliance team contacts the company about a potential violation.

Choice AClear the flag and process as done. The system didn’t hard-block it. The match is under 85%. The customer has been in the system for 18 months. It’s probably a transliteration variant. Noting it for the next review cycle is appropriate diligence.

Choice BHold the transaction and escalate the flag to the compliance team immediately — do not process the payment until compliance has reviewed the match and either cleared it or confirmed it requires OFAC review. Document the hold and the escalation. Accept the processing delay.

Choice CProcess the payment but file an internal incident report — creating a record that the flag was observed and documented while keeping the batch on schedule. The compliance team can review and take action if needed after the fact.

The Right Call

Choice B — Hold the transaction and escalate immediately. No exceptions.

Choice A is the violation — the employee has made a compliance determination that they are not authorized to make. Whether a 74% match represents a genuine SDN hit or a false positive requires compliance expertise, access to additional identifying information, and potentially an OFAC license application. The employee has none of those. Choice C is a documented Choice A — it creates a record that the employee saw the flag and processed the payment anyway, which is evidence of willful disregard rather than good-faith error. Choice B holds the transaction — the only action available to the employee that doesn’t create a violation — and hands the determination to the people qualified to make it.

Hard-block thresholds are set to prevent over-blocking — not to identify the safe zone for human override.

The employee’s reasoning — “if it was really a problem, the system would have blocked it” — fundamentally misunderstands what the hard-block threshold does. Systems are calibrated to avoid blocking large volumes of obvious false positives while surfacing potential matches for human review. The soft-alert range — 70–85% in this scenario — is exactly the range where human judgment is required because the system cannot make the determination with confidence. The system has done its job by surfacing the flag. The employee’s job is to escalate it — not to resolve it independently.

OFAC received 57,000 leads in 2022, indicating how often humans are uncertain about potential matches and how rarely they escalate before proceeding.

The volume of OFAC compliance hotline contacts reflects the real-world frequency of exactly this situation: an employee has an unresolved screening flag and is uncertain whether to escalate. Most of those leads come from employees who contacted OFAC after proceeding, not before. The training behavior — hold and escalate before the transaction — is the one that prevents the enforcement action. Calling OFAC after processing is materially worse than calling before.

18 months of clean history is not a screening substitute — it is the history that makes the current flag more important, not less.

SDN listings change continuously. A customer who was clean at onboarding 18 months ago may have been added to the SDN list subsequently, which is exactly why ongoing transaction screening exists rather than one-time onboarding screening. The fact that the customer has been in the system for 18 months without flags means the current flag is a material change in the screening picture, not a reason to discount it.

What should an employee do when a sanctions screening system surfaces a potential SDN match?

Hold the transaction and escalate to the compliance team — do not process until the flag is resolved. The employee should document the flag, the match details, and the hold action. The compliance team will assess whether the flag represents a genuine match using additional identifying information (date of birth, address, registration numbers) and will determine whether the transaction can be cleared, requires OFAC license application, or must be declined. Under no circumstances should a finance or operations employee clear an unresolved SDN flag independently.

What is the difference between a hard block and a soft alert in sanctions screening systems?

A hard block automatically prevents the transaction from being processed when the match score exceeds the configured threshold — typically set at a high confidence level to avoid over-blocking. A soft alert surfaces potential matches below the hard-block threshold for human review — these require a compliance determination before the transaction proceeds. The soft-alert range is where the highest volume of genuine SDN matches actually appear, because SDN lists include name variants, transliterations, and aliases that generate high-but-not-exact match scores.

Does OFAC provide voluntary self-disclosure benefits for sanctions violations — and does that affect how companies should respond when a potential violation is discovered?

Yes. OFAC’s framework treats voluntary self-disclosure as a significant mitigating factor — a qualifying voluntary self-disclosure can result in penalties reduced by up to 50% compared to a non-disclosed violation. When a potential violation is discovered — including when a post-processing investigation reveals that a cleared SDN flag was a genuine match — the compliance team should immediately assess whether voluntary self-disclosure is appropriate. The decision to self-disclose should involve Legal and compliance leadership, but the analysis should begin immediately rather than being deferred.

How to Use This Scenario in Training

Recommended for finance, accounts payable, payments processing, and any team responsible for transaction screening. This scenario requires a bit more conceptual setup — explain the soft-alert versus hard-block distinction before presenting it, so the training moment lands correctly. Most effective in Week 3 of a reinforcement sequence. Cross-reference with the AML scenario cluster — the same SDN list, same screening logic, different regulatory regime.

This scenario demonstrates the over-reliance on systems rationalization from the Decision Readiness Engine™. Decision-ready finance employees recognize that a screening flag is a trigger for human judgment — not evidence that the system has already assessed the risk. “The tool would have caught it” is the rationalization that turns a preventable violation into an enforcement action.

More Export Controls & Related Scenarios