Compliance

OFAC Sanctions List Check

Credits: 1 per call.

Searches the consolidated OFAC sanctions lists for the provided name. Coverage includes:

SDN consolidated — Specially Designated Nationals (general SDN, plus sub-programs SDGT Specially Designated Global Terrorists and SDNTK Specially Designated Narcotics Traffickers / Kingpin Act).
Non-SDN consolidated — Foreign Sanctions Evaders (FSE), Sectoral Sanctions Identifications (SSI), Correspondent Account / Payable-Through Account restrictions (CAPTA), Menu-Based Sanctions (NS-MBS), Iran Sanctions Act non-SDN (NS-ISA), Palestinian Legislative Council (NS-PLC).
UN consolidated sanctions — surfaced as OFAC_UN for clients who want a single endpoint covering both US and UN screening.

Each match carries the originating list (listType), the sanction programs that apply, entity type (individual, entity, vessel, aircraft), full aliases and any compliance remarks published with the record.

Risk Level Matrix (riskLevel):

NONE (envelope type: SUCCESS): no matches at or above minSimilarityScore. Safe for automated approval from an OFAC perspective.
CRITICAL (envelope type: SUCCESS): one or more matches found in any OFAC or UN sanctions list. Treat as a hard block, reject the relationship, and file the SAR (Suspicious Activity Report) required by your jurisdiction.

There are intentionally only two levels. AML best practice treats any sanctions list hit — SDN, sectoral, informational, anywhere — as a binding stop. Surfacing intermediate gradations (HIGH / MEDIUM / LOW) misleads the client into believing some hits are merely advisory and is the most common cause of regulatory findings against KYC systems. The listType and complianceDetails.programs of every match are still surfaced so your compliance team can apply finer policy on top of the binary verdict.

Multi-match handling: common names can produce dozens of fuzzy hits. The response returns every record at or above minSimilarityScore, sorted by similarityScore descending. There is no fixed truncation, so a genuine hit will never be hidden by a cap. If the volume of matches is higher than your review process can absorb, raise minSimilarityScore to tighten the match. data.totalMatchesFound mirrors matches[].length and is provided for convenience.

Which variant matched: every entry in matches[] carries a matchedOn object indicating whether the query matched the canonical entityName or one of the record’s aliases:

matchedOn.type is either entityName (the query matched the canonical name) or alias (the query matched an alias on the record).
matchedOn.value is the alias text that produced the hit when type is alias, and null when type is entityName.

Why this matters: OFAC sometimes lists a person under a family member’s record (e.g. OSEGUERA CERVANTES, Nemesio — better known as El Mencho — is published as an alias of the canonical OSEGUERA CERVANTES, Ruben). Without matchedOn a reviewer scanning the response would see Ruben with score 100 and discount the hit. With matchedOn the alias is surfaced explicitly so the reviewer can confirm the right person was matched.

Multi-identifier matching: name is required, but you can pass passportNumber and/or nationalIdNumber alongside it to tighten the match. Each extra identifier you provide is used to:

Boost the score when it agrees with the record (record’s passport or national ID matches the one you sent → +5 added to similarityScore, capped at 100).
Downgrade or filter the match when it contradicts the record (different passport or national ID → −20 points). If the final score falls below minSimilarityScore, the record is excluded from matches[] entirely.
Stay neutral when the record does not publish that identifier (most OFAC records don’t have a passport number, for example). Missing data never penalises a match — only contradicting data does.

A matchedOn entry per match always carries an identifiersMatched array — for example name and passportNumber — listing exactly which fields agreed, so the reviewer can audit the confidence behind a hit.

Practical coverage of the identifier boost: OFAC publishes passport numbers and national IDs on a minority of records — most often on non-Mexican subjects (Iranian, Russian, Venezuelan, Cuban records carry passports more frequently). For purely Mexican counterparties the boost rarely applies in practice: OFAC does not publish CURP, RFC appears only on a handful of records, and most Mexican subjects are sanctioned with name + aliases only. Use these identifiers for cross-border screening where the upside is real; for MX-only KYC the name field is what does the work and the optional identifiers stay neutral.

cURL

curl -X POST https://api.origoid.com/global/compliance/v1/ofac-searches \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{
    "name": "Abu Sufian al-Salamabi Muhammed Ahmed Abd al-Razziq",
    "passportNumber": "BC166787"
  }'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "No OFAC matches found",
  "data": {
    "matchFound": false,
    "riskLevel": "NONE",
    "totalMatchesFound": 0,
    "matches": []
  },
  "transactionId": "9041aa05-782b-461e-9033-5e07b2ad55fc",
  "processedAt": "2026-03-19T10:00:00-06:00",
  "billable": true
}

Autorizaciones

x-api-key

string

header

requerido

Cuerpo

application/json

name

string

requerido

Full name of the individual or Legal Name of the entity. Required.

Ejemplo:

"JOAQUIN GUZMAN LOERA"

passportNumber

string

Passport number, normalised (trimmed, uppercase). Optional. Exact match against a record's passport ID is a strong signal — adds 5 to the score and is reported in matchedOn.identifiersMatched. A mismatch drops the score by 20.

Ejemplo:

"G01234567"

nationalIdNumber

string

National identifier as published by OFAC — typically National ID, Cedula, RFC, SSN, or Tax ID depending on jurisdiction. Optional. Normalised (trimmed, uppercase). Exact match adds 5 to the score; mismatch drops 20. OFAC does not publish CURP, and RFC appears only on a handful of records, so for Mexican subjects this field is usually neutral. Highest practical value is for cross-border screening of foreign counterparties.

Ejemplo:

"BC166787"

minSimilarityScore

integer

predeterminado:90

Minimum similarity score required to return a fuzzy match. Defaults to 90 — a conservative threshold tuned to suppress common-name false positives. Lower it for broader recall when manual review is in place; raise it for stricter automated approval. There is no enforced floor — you can request very low thresholds, but the lower you go the noisier the response will be. The final score after multi-identifier boosts and penalties is the value compared against this threshold.

Rango requerido: x <= 100

Respuesta

OFAC search results (Strict Envelope Pattern).

status

enum<string>

requerido

High-level outcome. OK means the request was successfully processed (regardless of business result). ERROR means the request was rejected or could not be processed.

Opciones disponibles:

OK,

ERROR

type

string

requerido

Stable result type code. Includes generic codes (SUCCESS, INVALID_REQUEST, UNAUTHORIZED, SERVICE_UNAVAILABLE, INTERNAL_ERROR, RATE_LIMIT_EXCEEDED) plus endpoint-specific result codes — see this endpoint's response examples.

message

string

requerido

Human-readable summary of the result. Always in English (per Language Conventions in the API overview).

transactionId

string<uuid>

requerido

Unique identifier of this request, generated by the API Gateway. Propagated end-to-end for traceability.

processedAt

string<date-time>

requerido

ISO 8601 datetime with Mexico City offset (-06:00). Always set by the API Gateway when the response leaves the system.

billable

boolean

requerido

Whether this request will be charged against the client's plan. Typically true for successful business results and false for validation errors or system errors that prevented processing.

data

object

Response payload. null on error responses. Shape depends on the endpoint — see each operation's response schema.

errors

object[]

Per-field error details. Present only on INVALID_REQUEST responses.

Show child attributes

PEP (Politically Exposed Person) Check**Credits:** 1 per call. Searches the consolidated PEP (Politically Exposed Persons) database for a subject — covering active PEPs, former PEPs (`EX_PEP`), and their immediate family and close associates (`PEP_AFFINITY`, `EX_PEP_AFFINITY`). **Input flexibility — three valid invocation forms:** The endpoint accepts a search in any of three forms — pick the one that matches the data you have on hand. You may include `nationalIdNumber` alongside any of them to tighten the match. 1. **Single name (`name`)** — pass the full name as one string. Quick and convenient when you only have the full name as a single value. 2. **Separated name (`givenNames` + `firstSurname` + optional `secondSurname`)** — Mexican-style split. **Strongly recommended for best match quality**, because the matching engine can apply per-component logic that produces fewer false positives on compound first names and compound surnames. When using this form, both `givenNames` and `firstSurname` are required. 3. **Identifier only (`nationalIdNumber`)** — pass a CURP or RFC by itself when that is all you have. The search runs against records that publish the identifier. If more than one form is sent (for example `name` plus separated fields), the separated fields take precedence over `name`. The `nationalIdNumber` is normalised (trim, uppercase) and reported back per match in `matchedOn.identifiersMatched` and in the standalone `identifierMatch` field. **Risk Level Matrix (`riskLevel`):** Each match in `matches[]` has a base severity per its `listType`: | `listType` | base severity | |---|---| | `PEP_ACTIVE` | HIGH | | `EX_PEP` | MEDIUM | | `PEP_INACTIVE` | MEDIUM | | `PEP_AFFINITY` | MEDIUM | | `EX_PEP_AFFINITY` | LOW | The endpoint `riskLevel` is the **maximum** severity across `matches[]`: - `NONE` — no matches at or above `minSimilarityScore`. Safe for automated approval from a PEP perspective. - `LOW` — only `EX_PEP_AFFINITY` hits found (family or close associate of a former PEP). - `MEDIUM` — at least one `EX_PEP`, `PEP_INACTIVE`, or `PEP_AFFINITY` hit. - `HIGH` — at least one `PEP_ACTIVE` hit. Aligned with the categories that FATF Recommendation 12 and Mexican LFPIORPI flag for Enhanced Due Diligence (EDD). `riskLevel` is a screening signal intended to feed your compliance workflow. Combine it with `identifierMatch`, `similarityScore`, and the per-match `complianceDetails` we surface so your team can apply its own internal policy. **Which variant matched:** every entry in `matches[]` carries a `matchedOn` object identifying the canonical record that was hit and an `identifiersMatched` array — for example `name` and `nationalIdNumber` — listing which fields agreed. The standalone `identifierMatch` field exposes the precision of the identifier comparison (`EXACT`, `PARTIAL`, `MISMATCH`, or `NOT_PROVIDED` when no identifier was sent). Use these together to audit the confidence behind a hit. **How `similarityScore` is computed:** the score reflects **combined name + identifier confidence**, not name alone. A match's `similarityScore` is the higher of (a) the name match quality and (b) the strength of the identifier comparison — an `EXACT` `nationalIdNumber` match contributes a full-confidence score, a `PARTIAL` match contributes a strong-but-not-certain score, and `MISMATCH` / `NOT_PROVIDED` contribute nothing (the name drives the score in those cases). This means a search by `nationalIdNumber` alone still returns a high-confidence hit even though no name was supplied to compare — a CURP or RFC coincidence is a deterministic identity signal. Inspect `identifierMatch` and `matchedOn.identifiersMatched` to see *why* a given match scored the way it did. **Multi-match handling:** the response returns every match at or above `minSimilarityScore`, sorted by `similarityScore` descending. `data.totalMatchesFound` mirrors `matches[].length` and is provided for convenience. Use this endpoint as part of AML programs where screening counterparties against PEPs is part of your KYC workflow — common in regulated financial services, cross-border payments, and onboarding pipelines.

cURL

curl -X POST https://api.origoid.com/global/compliance/v1/ofac-searches \
  -H "x-api-key: YOUR_API_KEY" \
  -H "content-type: application/json" \
  -d '{
    "name": "Abu Sufian al-Salamabi Muhammed Ahmed Abd al-Razziq",
    "passportNumber": "BC166787"
  }'

{
  "status": "OK",
  "type": "SUCCESS",
  "message": "No OFAC matches found",
  "data": {
    "matchFound": false,
    "riskLevel": "NONE",
    "totalMatchesFound": 0,
    "matches": []
  },
  "transactionId": "9041aa05-782b-461e-9033-5e07b2ad55fc",
  "processedAt": "2026-03-19T10:00:00-06:00",
  "billable": true
}