How Often Should You Re-Screen Customers Against Sanctions Lists?
A customer you cleared in March can land on the OFAC SDN list in April without anything changing on your end. No new order, no new paperwork, just a designation that drops while your file still reads "cleared." OFAC designated 1,764 persons in 2025, and the prior year set the record at 3,135 (CNAS, Sanctions by the Numbers, 2025). Re-screening the parties you already onboarded isn't the question. How often, and against which trigger, is.
Key Takeaways
- OFAC designated 1,764 persons in 2025, down 44% from the 2024 record of 3,135, with the mix shifting from Russia toward Iran (CNAS, 2025)
- OFAC removed 422 persons from the SDN list in 2023. Re-screening has to catch delistings, not just additions (CNAS, 2023 Year in Review)
- A quarterly calendar re-screen leaves up to an 89-day window where a newly designated customer still reads "cleared"
- A single OFAC SDN entry can carry 15 to 20 alias and transliteration variants, which is what drives false-positive volume on re-screening (OFAC SDN list structure)
- Under OFAC's 50 Percent Rule, an unlisted customer becomes blocked the day sanctioned owners cross 50% aggregate ownership, with no change to the customer record itself (OFAC FAQ 401)
OFAC sets no mandated re-screening interval
There is no rule that says re-screen every 30 days. What OFAC enforces is strict liability. Transact with a blocked party and the date of your last screen is not a defense (31 CFR 501.701). The standard that falls out of enforcement actions is simpler and harder: your screening cadence has to be defensible against your transaction cadence, not against a tidy calendar.
That reframes everything. A shop shipping twice a month and one shipping 200 times a month carry different exposure even if both re-screen quarterly. The first has six transaction events between screens. The second has four hundred. Frequency isn't the variable that matters. The ratio of unscreened transactions to screening events is.
We talk to compliance officers who set a quarterly re-screen because it files cleanly in an audit binder. That's the move that loses. A quarterly cycle on an active book means that for up to 89 days, every shipment to a customer designated early in the quarter clears against a stale record. The binder looks organized. The exposure is structural. This is why real-time sanctions screening exists at all: the designation schedule and your fiscal calendar have nothing to do with each other.
Why calendar-based re-screening fails
Calendar re-screening assumes risk arrives on a schedule. It doesn't. Designations cluster around geopolitical events — a sanctions package, an enforcement push, a fresh round of US-EU coordination. None of those wait for your quarter to close.
Run the gap math. You re-screen on the first of January, April, July, October. OFAC designates one of your existing customers on April 3rd. That customer stays "cleared" in your system until July 1st. Eighty-nine days. Every order you process in that window is a potential violation, and "we screen quarterly" is the line an enforcement officer reads in your voluntary self-disclosure right before calculating the penalty.
The second failure is volume. Batch the whole portfolio four times a year and every alias hit, every fuzzy match, every ownership question lands in one queue at once. The team drowns. Investigators rush. Real hits get waved through as false positives because six hundred of them are stacked up and someone wants to go home. We've watched a genuine SDN match get cleared in a Friday catch-up batch because it was buried under transliteration noise. That kind of miss turns into a disclosure six months later. Event-driven automated sanctions screening spreads that load across the period instead of dumping it four times a year.
What works is splitting the population. Continuous sanctions list monitoring against list deltas for the active book, a periodic full re-screen for dormant accounts, and an event trigger (new order, new bank instruction, ownership change) that forces a fresh check regardless of where you sit in the cycle.
How to set intervals without drowning in alerts
Tier customers by transaction recency and risk, then assign a monitoring mode to each tier instead of one interval to everyone. This is what most compliance monitoring software does badly out of the box. It screens everyone the same way and buries the signal under volume nobody can read.
A structure that holds up for a mid-market exporter:
| Tier | Population | Mode | Re-screen trigger |
|---|---|---|---|
| Active | Transacted in last 90 days | Continuous delta monitoring | Any list change matching the party |
| Periodic | Transacted 90 to 365 days ago | Monthly batch | Calendar plus any new order |
| Dormant | No activity 12+ months | Quarterly batch | Reactivation forces full re-screen |
| High-risk | Sanctioned-adjacent geography, complex ownership | Continuous plus manual review | Any delta, plus 30-day forced recheck |
The tiering isn't about screening less. It puts investigation hours where designations actually happen. An active customer in a high-risk jurisdiction earns continuous attention. A dormant US distributor who hasn't ordered in two years doesn't need that intensity until they reactivate, and reactivation is itself the trigger.
One thing that consistently fails: setting fuzzy-match tolerance so loose that every spelling of "Mohammed" pings the queue. Denied party screening throws false positives in proportion to how alias-heavy the underlying list is, and a single OFAC entry can carry 15 to 20 name variants. Tune tolerance per list, not globally, or the active tier you most need to read becomes the tier nobody reads.
What forces a re-screen outside the schedule
Three events should trigger an immediate re-check no matter when you last screened: a list change that touches your portfolio, a shift in customer ownership, and a new transaction after dormancy. Ownership is the one teams miss most, and it's the one that hurts.
The 50 Percent Rule is the trap. A customer who is clean today becomes blocked the moment sanctioned parties' aggregate ownership crosses 50%, and OFAC doesn't list the customer. It lists the owner (OFAC FAQ 398, FAQ 401). Your customer record never changes. Nothing in your CRM flags it. The only way to catch it is to re-screen the ownership chain, not just the named entity, every time the source lists move.
Delistings cut the other way. OFAC removed 422 persons from the SDN list in 2023 (CNAS, 2023 Year in Review). Freeze a relationship on designation and never re-check for removal, and you're sitting on a frozen account and lost business long after the legal basis is gone. Re-screening runs in both directions or it isn't doing its job.
This is where delta-based monitoring earns its place over periodic batches. A system that watches list changes and re-runs affected parties, ownership structures included, within hours of a designation collapses the 89-day window to a same-day catch. Lenzo monitors source list changes and re-checks affected parties and their ownership chains as designations publish, which is the difference between finding out from your own system and finding out from your bank.
FAQ
Is there a legal requirement for how often to re-screen customers?
No. OFAC sets no mandated interval. It enforces strict liability under 31 CFR 501.701, which means the timing of your last screen is irrelevant if a transaction touches a blocked party. The working standard is whether your cadence is defensible against your transaction volume.
How long after an OFAC designation should I re-screen affected parties?
As close to publication as your system allows. OFAC posts SDN changes to the Federal Register and its Recent Actions feed the same day, and direct SDN downloads refresh within hours, so a delta-driven re-check can run same-day rather than waiting for the next batch cycle.
Can a customer become sanctioned without being individually listed?
Yes. Under OFAC's 50 Percent Rule, an entity is blocked when blocked persons own 50% or more in aggregate, directly or indirectly, even if that entity never appears on the SDN list itself (OFAC FAQ 401). Catching it requires screening ownership chains, not just named parties.
Does continuous monitoring replace periodic re-screening?
For active counterparties, largely yes. Dormant accounts still warrant periodic batch checks, and any reactivation should force a full re-screen regardless of the mode applied while the account sat idle.
Why re-screen for delistings if the risk is designation?
A frozen relationship that no longer has a legal basis costs you business and ties up funds. OFAC removed 422 persons from the SDN list in 2023, and a customer cleared off the list should be re-checked so you're not holding a freeze longer than the law requires.
The 2025 designation drop is a trap for anyone reading it as breathing room. Volume fell 44% from 2024, but the mix shifted hard toward Iran and the screening problem didn't shrink. It moved. A program tuned to Russia-heavy designation patterns through 2024 is now scanning for a different target set, and teams that re-screen on calendars rather than deltas won't notice the shift until a transaction clears against the wrong threat profile. Watch one thing in your own workflow over the next 30 days: pull the date of your last full re-screen, count the transactions that have cleared since, and divide. That ratio, unscreened transactions per screening event, is the number that actually predicts your exposure, and most teams have never calculated it.
Sources
- CNAS — Sanctions by the Numbers: 2025 Year in Review — 1,764 SDN designations in 2025 and the shift toward Iran
- CNAS — Sanctions by the Numbers: 2023 Year in Review — 422 persons delisted from the SDN list in 2023
- OFAC FAQ 401 — entities blocked when sanctioned owners hold 50% or more in aggregate
- OFAC FAQ 398 — aggregating ownership across multiple blocked persons under the 50 Percent Rule
- 31 CFR 501.701 — civil penalties framework behind strict-liability enforcement