What does the OFAC SDN Screening Agent do?

Given a counter-party name (and optionally an address, country, identifier, or SDN type), the agent screens against the U.S. Treasury Office of Foreign Assets Control Specially Designated Nationals list and returns ranked matches with confidence scoring. Every screening event is anchored: the query, the verdict, the source list publish date, and the upstream XML SHA-256 are committed into a Knox event chain and rolled into a Bitcoin Merkle anchor via OpenTimestamps. The receipt is verifiable by any third party without contacting Bonis Systems.

Where does the SDN list come from?

Direct from the U.S. Treasury Office of Foreign Assets Control at treasury.gov/ofac/downloads/sdn.xml. The list is the official, authoritative U.S. sanctions list. Bonis Systems does not own this list, does not amend it, does not determine sanctions status, and does not issue clearance verdicts. Bonis Systems pulls the published snapshot, parses it deterministically, anchors a SHA-256 of the full source XML, and reports literal matches. The Treasury snapshot version (publish date) and source-XML hash accompany every screening result.

How is this complementary to Sayari, Exiger, Interos, or Fortress?

Those vendors operate primary supply-chain intelligence platforms with deep beneficial-ownership graphs, tier-2/tier-3 supplier discovery, and licensed foreign-registry intelligence — capabilities Bonis Systems does not maintain natively. The OFAC SDN screening agent is a baseline sanctions check against the official U.S. published list, with anchoring on top. The two layers compose: a primary SCRM platform produces a vendor dossier; the SDN agent screens any entity in that dossier against Treasury OFAC; Knox anchors the screening result so the evidence survives independently of any vendor remaining in business.

What does an anchored screening receipt prove?

It proves that, at the recorded UTC timestamp, a query with the recorded fields was screened against an SDN list with the recorded SHA-256 hash and the recorded Treasury publish date, and produced the recorded verdict. The hash is sequence-numbered into a Knox event chain, hourly-Merkle-aggregated, and submitted to the Bitcoin blockchain via OpenTimestamps. Any third party can recompute the SDN-XML SHA-256 from the Treasury archive of the same publish date, recompute the chain, and verify the Bitcoin anchor — without contacting Bonis Systems. The evidence is architected for FRE 902(13) and 902(14) self-authentication.

What is in scope and what is out of scope?

In scope: literal matches against the published SDN list (primary names, AKAs, addresses, identifiers, programs); anchoring of every screening event; source-list provenance (publish date + SHA-256 + record count); self-describing endpoint metadata. Out of scope: clearance verdicts, sanctions interpretation, alternative sanctions lists (BIS Entity List, Consolidated Sanctions List, EU/UK/UN lists), beneficial-ownership graphs, tier-N supplier discovery, real-time Treasury-API integration, and any opinion on whether a match is a true hit. Out-of-scope items belong to either the U.S. Treasury (interpretation), other regulators (other lists), or primary SCRM intelligence vendors (graph + discovery).

Is the agent defensive only?

Yes. The agent reads the published SDN list, screens a query against it, and produces an anchored receipt. It does not access any third-party screening platform without authorization, does not impersonate any party, does not undertake any disruption or sabotage, and does not issue any verdict beyond the literal match-or-no-match against the published list. Sanctions enforcement and interpretation are reserved to the U.S. Treasury and lawful authority.

How fresh is the screened list?

The list is rebuilt from the Treasury source on each Bonis production deployment. Treasury publishes updates on a roughly daily cadence. Every screening response includes the source-list publish date and SHA-256 hash so consumers can independently verify that the snapshot is current relative to their compliance threshold. Customers requiring sub-daily freshness should run their own screening pipeline against the same Treasury source — Bonis publishes the build script under scripts/build-ofac-index.mjs and the parser under src/lib/ofac-sdn-agent.ts; both are inspectable.

Knox · Sanctions screening

Screen any counter-party against the live Treasury SDN list. Anchor every check.

POST a name. Get back ranked matches against the U.S. Treasury Specially Designated Nationals list, the source-list publish date, the upstream SHA-256, and a Knox anchor ID. The receipt is verifiable on the Bitcoin blockchain via OpenTimestamps without contacting Bonis Systems. The U.S. Treasury Office of Foreign Assets Control owns the list and the determination of sanctions status; Bonis Systems anchors and verifies.

Public Treasury sourceSHA-256 source hashKnox event chainBitcoin / OpenTimestamps anchorFRE 902(13)/(14) architectural fitNo customer account required

TL;DR

The Treasury OFAC SDN list is the source of record. Bonis anchors every screening event against it.

Source. treasury.gov/ofac/downloads/sdn.xml — the official, authoritative U.S. sanctions list. Bonis Systems does not own, amend, or interpret it.
Anchor. Every screening event is SHA-256 committed, sequence-numbered into a Knox event chain, hourly-Merkle-aggregated, and submitted to Bitcoin via OpenTimestamps.
Verifiable independently. Recompute the SDN-XML SHA-256 from the Treasury archive of the same publish date. Recompute the chain. Verify the Bitcoin block header. Bonis does not need to be online for any of this.
Complementary, not competing. Sayari, Exiger, Interos, and Fortress operate the primary supply-chain intelligence platforms. The OFAC SDN screening agent sits beside them as a baseline sanctions check with anchoring on top.
Defensive only. The agent reads the published list and produces an anchored receipt. It does not issue clearance verdicts. Sanctions enforcement is reserved to lawful authority.

Endpoint

POST https://bonissystems.com/api/knox/agents/ofac-sdn-screening

Send a JSON body with a name field (required, max 256 chars). Optional filters: address, country, identifier (passport or national-ID for exact-match lookup), and sdnType (one of Entity, Individual, Vessel, Aircraft).

The response contains the screening verdict (match, possible_match, or no_match), the ranked match list with confidence scoring (0–100), the source-list publish date, the upstream SHA-256, and a Knox anchor record (id, hash, sequence, timestamp, verify URL). A GET on the same path returns self-describing endpoint metadata including the current source- list version.

Authentication: an auto-seeded public-demo Knox API key is provisioned on first call. No customer account is required.

Match scoring

Confidence scoring is literal, not semantic.

Every match record carries a matchedField (which field on the SDN entry matched: primary name, strong AKA, weak AKA, identifier) and a confidence integer 0–100. The score is derived deterministically from the kind of match. No model inference. No semantic guess. The thresholds are:

100 — primary-name exact match (after normalization)
99 — identifier exact match (passport, national-ID, etc.)
95 — strong-AKA exact match
88 — primary-name all-tokens match
82 — strong-AKA all-tokens match
70 — primary-name substring match (space-insensitive)
60 — primary-name fuzzy match (≤ 2-edit Damerau-Levenshtein)
50 / 38 — weak-AKA exact / substring
verdict thresholds — match at ≥ 85; possible_match at ≥ 35; no_match below.

Source provenance

Every screening result names the snapshot it was screened against.

The response includes a source object with the Treasury source URL, the publish date as printed in the upstream XML, the SHA-256 of the upstream XML byte stream, the SHA-256 of the parsed index used at runtime, and the count of records screened. A consumer who wants stronger provenance can pull the same publish-date list from Treasury and recompute the source-XML hash.

The build script at scripts/build-ofac-index.mjs is reproducible — running it against an unchanged source produces a byte-identical index. The normalization rules are documented in src/lib/ofac-sdn-agent.ts and unit-tested.

Posture

Complementary to primary SCRM data providers.

Sayari, Exiger, Interos, and Fortress Information Security operate primary supply-chain intelligence platforms with deep beneficial-ownership graphs, tier-2 and tier-3 supplier discovery, and licensed foreign-registry intelligence. Bonis Systems does not maintain a proprietary deep-graph foreign-ownership intelligence database and does not compete on that surface.

The OFAC SDN screening agent is a baseline check against the official U.S. Treasury sanctions list, with cryptographic anchoring on top. It is intended to compose with primary SCRM platforms — a primary platform produces a vendor dossier; the SDN agent screens entities in that dossier; Knox anchors the screening evidence for tamper- evident, independently verifiable preservation.

Defensive only

The agent reads the published list and produces an anchored receipt. It does not issue clearance verdicts, does not access third-party screening systems without authorization, and does not undertake any disruption of any external system. Sanctions enforcement is reserved to the U.S. Treasury and lawful authority. Bonis Systems is the evidence layer beneath them, not in place of them.