implement OFAC/sanctions screening against the SDN list with fuzzy matching and false-positive handling

Verified steps

1. Obtain the OFAC SDN (Specially Designated Nationals) list in XML format from the US Treasury's public URL; also consider downloading the Consolidated Sanctions List which includes additional programs beyond OFAC.
2. Parse and index the SDN list, normalising names by removing diacritics, standardising whitespace, and storing name variants (alt names, aliases) separately; rebuild the index on each updated list download (OFAC publishes updates irregularly).
3. At screening time, run the input name through phonetic normalisation (e.g., Soundex or Metaphone) or edit-distance matching (Levenshtein) against the index; most compliance vendors use a configurable match score threshold (commonly 85–90%) to flag hits.
4. For any hit above your threshold, present the match for human review with the matched SDN entry details, the input data, and the match score; do not auto-block on fuzzy matches without human review unless your compliance policy explicitly requires it.
5. Implement a false-positive management workflow: allow compliance officers to document cleared false positives and store the cleared name/ID pair to reduce repeat alerts on the same individual.
6. Log all screening events with timestamps, input data, match results, reviewer actions, and disposition; retain these records for the period required by your compliance program (typically 5 years for BSA purposes).