📚 Help Center
Find answers to common questions about SanctionsAnalyzer — from running your first screen to configuring enterprise security.
Getting Started
SanctionsAnalyzer is a cloud-based sanctions screening platform used by compliance officers, BSA teams, and financial institutions. It screens names — individuals or companies — against major global sanctions watchlists including OFAC SDN, BIS, UK, EU, UN, and more.
You can screen a single name instantly, upload a CSV or Excel file with thousands of records, or integrate screening directly into your own system via our REST API.
- OFAC SDN — U.S. Office of Foreign Assets Control Specially Designated Nationals
- OFAC OFCL — OFAC Consolidated (non-SDN) list
- BIS — U.S. Bureau of Industry and Security Entity List
- Canada — Government of Canada Consolidated Autonomous Sanctions List
- UK — UK Financial Sanctions Implementation Unit (FSIU)
- EU — European Union Consolidated Sanctions List
- UN — United Nations Security Council Consolidated List
Our database is updated regularly. You can check the current status and last-update date on the Sanctions Lists page.
The free trial gives you full access to all features — database screening, single name search, PDF reports, API access — for 10 days or 25,000 records, whichever comes first. No credit card is required to start.
At the end of your trial, your account is paused. You can upgrade to a paid plan at any time to continue screening.
- Name Search ($39/mo) — Unlimited single name lookups. Best for teams that screen one name at a time.
- Database Search — Small ($59/mo) — Batch file screening up to 10,000 records per run.
- Database Search — Medium ($99/mo) — Up to 50,000 records per run.
- Database Search — Large ($159/mo) — Up to 500,000 records per run. Priority support included.
- API plans — For developers integrating screening into your own application. Starts at $99/mo for 100K calls/month.
All plans include a 17% discount when billed annually. Compare plans →
Database Screening
You can upload CSV (.csv), Excel (.xlsx), and older Excel (.xls) files. The first row should be a header row with column names (e.g., "First Name", "Last Name", "DOB").
You can also paste a list of names directly using the List Search button — one name per line.
After uploading your file, you'll see Step 2 — Column Mapping. Each column from your file is shown alongside a dropdown where you select what type of data it contains. The system auto-detects common column names.
Available field types include: Name, Date of Birth, Street Address, City, State / Province, Zip / Postal Code, Country, National ID / Passport, and Ignore (to skip a column).
Your column mapping is saved automatically — the next time you upload a file with the same headers, it will be applied without you having to re-map.
Use the Lists to Search dropdown in Step 2 to choose. Options include:
- OFAC Only — SDN + OFCL (default for most U.S. compliance programs)
- All Lists — All 7 lists simultaneously
- U.S. Only — OFAC + BIS
- Non-U.S. — Canada, UK, EU, UN
- Individual lists (BIS, UN, etc.) are also selectable
Scans run as background jobs — you don't need to keep the browser open. The progress bar on Step 3 updates every 2 seconds. Typical speeds:
- 1,000 records — under 1 minute
- 10,000 records — 2–5 minutes
- 50,000+ records — 10–20 minutes depending on list selection
If you navigate away or close the browser, the scan continues on the server. Return to Search and check History to find the completed report.
Yes. Click the Cancel button on Step 3 at any time. The scan stops within a few seconds. Records already processed will appear in the partial report in your history.
Each potential match is given a score from 0 to 100 based on how closely the screened name resembles the sanctions list entry:
- Green — Clear: Low similarity. Likely not a match.
- Yellow — Review: Moderate similarity. Manual review recommended.
- Red — Possible Match: High similarity. Requires compliance review before proceeding.
The score is calculated using SQL Server Full-Text Search with AI-enhanced name preprocessing (diacritic removal, non-Latin transliteration, phonetic name variant expansion). A high score is a flag — not a definitive determination. Your compliance officer makes the final call.
Click the Explain button next to any flagged match to get a plain-English explanation of why the names are considered similar — for example, "The names share the same phonetic pattern; 'Mohammed' and 'Muhammad' are known transliterations of the same Arabic name."
Explanations are generated by Claude AI (Anthropic) and are advisory only. They are never stored or included in reports. The match score and your compliance team's judgement are the authoritative decision.
Single Name Search
Single Name Search is best for one-off checks — screening a new customer, vendor, or counterparty before onboarding. File upload is better when you have a batch of names (typically 10 or more) to screen at once.
Click the Single Name Search button on the main screen. In the modal:
- Enter the name in the Search For field
- Select the entity type (Individual or Organisation)
- Optionally add identifiers — date of birth, address, country — to improve accuracy
- Choose which lists to screen against
- Click Search
Results appear immediately in Step 4. A PDF report is generated automatically.
Yes. Additional identifiers are screened against the corresponding fields in the sanctions database. A name + DOB match is significantly more reliable than a name-only match, and helps reduce false positives for common names.
Reports & History
PDF reports are saved directly to a folder on your local machine using the browser's File System Access API. On your first scan, you'll be prompted to choose a folder — select any folder on your computer.
Two PDFs are generated for each scan:
- Full report — all records screened, with match details for flagged names
- Matches-only report — flagged records only (suffix _matches)
You can change or clear your save folder at any time from the Account page → PDF Save Folder.
Chrome and Edge only. The File System Access API is not supported in Firefox or Safari. If you use Firefox or Safari, you will see an alert and will need to use Chrome or Edge for PDF saving.
Click the History button (clock icon) in the search header. The history modal shows all past searches with:
- Search key and file name
- Lists screened
- Number of records and matches
- Date and time
Use the date range filter to narrow results. You can also print history or save it as a PDF from the modal footer.
Yes. Open the History modal, find the scan, and click Save PDF. This regenerates the same report and saves it to your configured folder.
Account Management
Go to Account → Change Password. Enter your current password, then your new password (minimum 8 characters). Click Update Password.
On the Search login screen, click Forgot password?. Enter your email address and we'll send a temporary password to that address. Sign in with the temporary password, then change it immediately from your Account page.
You can also click Send Reset Email from the Account → Change Password section when logged in.
Go to Account → Subscription. Your current plan, billing period (monthly or annual), and expiry date are shown there.
Go to Account → API Key. Click Generate API Key (or Regenerate if you already have one). Your key starts with sa_ and is used as the X-Api-Key header in API requests.
Warning: Regenerating your key immediately invalidates the old one. Any integrations using the old key will stop working until updated.
Go to Account → Account Users → Add User. Enter the person's first name, last name, and email address, then select their role. Click Add User.
The system generates a temporary password and sends a welcome email to the new user. They should sign in and change their password from the Account page.
- Admin — Full access: can run searches, view all reports, manage users and billing.
- Report Admin — Can run searches and view all reports, but cannot add/remove users or manage billing.
- Search Only — Can run searches only. Cannot see other users' reports or account settings.
The number of sub-users you can add depends on the extra seats purchased at checkout. Your current seat usage (e.g., "2 of 5 seats used") is shown in the Account Users card.
To add more seats, contact support or upgrade your plan.
Go to Account → Account Users and click Remove next to the user. The account is deactivated immediately — the user can no longer sign in. Their search history is preserved for audit purposes.
Security
NewProtect your account with a time-based one-time password (TOTP) in addition to your password.
Go to Account → Two-Factor Authentication → Enable Two-Factor Auth.
- Install an authenticator app on your phone — Google Authenticator, Microsoft Authenticator, or Authy all work.
- Scan the QR code displayed on screen (or manually enter the secret key).
- Enter the 6-digit code shown in your app to confirm setup.
- Save your 8 backup codes in a safe place (password manager, printed document).
Once enabled, every login requires your password and the current 6-digit code from your authenticator app.
Backup codes are 8 single-use emergency codes generated when you enable MFA. If you lose access to your phone or authenticator app, you can enter one of these codes instead of the 6-digit TOTP code to sign in.
Save them now — they are only shown once. Store them in a password manager, a secure note, or print them and keep them somewhere safe. Each code can only be used once.
On the MFA prompt screen, enter one of your backup codes instead of the 6-digit code. Each backup code is single-use.
If you have used all your backup codes and cannot access your authenticator, contact support with your account email address to verify your identity and recover access.
Go to Account → Two-Factor Authentication → Disable Two-Factor Auth. You'll need to enter your current account password and a valid 6-digit code from your authenticator app to confirm. MFA is removed immediately.
Enterprise accounts can authenticate via your company's identity provider — no separate password required.
Single Sign-On (SSO) lets your team members sign into SanctionsAnalyzer using your company's existing identity provider (IdP) — the same system they use to log into Outlook, Salesforce, or other company apps.
SSO is available on all paid plans and is configured by the primary account holder. Sub-users with the same email domain are automatically recognised.
Any OIDC-compatible (OpenID Connect) identity provider works, including:
- Microsoft Azure AD / Entra ID
- Okta
- Google Workspace
- Auth0
- PingIdentity, OneLogin, and others
Step 1 — Register SanctionsAnalyzer in your IdP:
- Create a new application/registration in your IdP (e.g., Azure Portal → App Registrations → New registration)
- Set the Redirect URI to:
https://sanctionsanalyzer.com/api/sso/callback - Note your Authority URL, Client ID, and Client Secret
Step 2 — Enter details in SanctionsAnalyzer:
- Go to Account → Single Sign-On
- Enter your Authority URL (e.g.,
https://login.microsoftonline.com/{tenantId}/v2.0) - Enter Client ID, Client Secret, and your company's email domain
- Check SSO Enabled and click Save
On the Search login screen, scroll to the or sign in with SSO section. Enter your work email address (e.g., jane@yourcompany.com) and click SSO →. You'll be redirected to your company's login page, and then back to SanctionsAnalyzer after authenticating.
SanctionsAnalyzer automatically creates an account for them (this is called Just-In-Time or JIT provisioning). The new account inherits the same plan and access level as the primary account. New SSO users are assigned the Search Only role by default — the admin can change this from the Account Users card.
Automatic timeouts protect against unattended workstations and shared computers.
Sessions have two limits:
- Idle timeout: 30 minutes — if you make no requests for 30 minutes, your session expires and you'll need to sign in again.
- Absolute cap: 12 hours — regardless of activity, sessions expire after 12 hours. This prevents indefinitely-active sessions on shared or unattended workstations.
No. Batch scans run as background server jobs — they continue even if your browser is closed or your session expires. The scan completes on the server, and the report appears in your History when you sign back in.
The progress bar does stop updating if your session expires, but clicking back in and signing in will show the completed scan in History.
No. Sessions are stored in the database (not in server memory), so they survive IIS restarts, application updates, and server reboots. You remain signed in through planned maintenance windows.
A complete security audit trail of who accessed your account and when.
- Successful logins (
login-success) - Failed login attempts — wrong password, account not found, expired account
- MFA events — code accepted, backup code used, wrong code entered
- SSO sign-ins and new user provisioning
- Logouts (
logout) - Unauthenticated or expired session requests (
401-no-session,401-session-expired) - Invalid API key attempts (
api-key-invalid) - API rate limit events (
api-limit-exceeded,rate-limit)
Each entry includes: timestamp (UTC), event type, email or member ID, IP address, and outcome.
Only the primary account holder (the original account owner) can view the access log. Sub-users, Report Admins, and Search Only users do not have access to it.
Find it at Account → Access Log (scroll to the bottom of the Account page).
The log is append-only and is never automatically purged. It shows the most recent 100 entries per page with pagination controls to view older entries. Access logging started from the date this feature was activated on your account.
API Integration
Go to Account → API Key → Generate API Key. Your key starts with sa_. Keep it secret — treat it like a password.
Send a POST request to https://sanctionsanalyzer.com/api/v1/search with your key in the X-Api-Key header:
POST /api/v1/search
X-Api-Key: sa_your_key_here
Content-Type: application/json
{
"name": "John Smith",
"type": "individual"
}
The response includes hit (true/false), topScore, matchCount, and detailed match data. See the full API documentation →
- API Starter — 100,000 calls/month ($99/mo)
- API Growth — 1,000,000 calls/month ($499/mo)
- API Professional — 10,000,000 calls/month ($1,495/mo)
- API Enterprise — Custom volume, contact sales
The monthly counter resets on the 1st of each month. Calls over the limit return HTTP 429. View full pricing →
See the API Documentation page for the complete reference including all endpoints, request/response schemas, error codes, and an interactive test console.
Troubleshooting & FAQ
The PDF save folder feature uses the File System Access API, which is only supported in Google Chrome and Microsoft Edge. Firefox and Safari do not support this feature.
Switch to Chrome or Edge and the "Choose Folder" button will appear on the Account page and prompt you to select a folder.
Sessions expire after 30 minutes of inactivity or after 12 hours regardless of activity. If you are actively screening and still getting logged out after 12 hours, this is the absolute cap — sign back in and your scan history will still be there. This is a deliberate security measure.
If you have remaining backup codes, enter one on the MFA screen instead of the 6-digit code. Each backup code is single-use.
If you have used all backup codes and lost your authenticator, contact support at help@ofac.us or call 1-800-279-2302. Provide your account email address and company name so we can verify your identity and restore access.
Large files (10,000+ records) can take several minutes. The progress bar updates every 2 seconds — if it is moving, even slowly, the scan is running.
If the progress bar is frozen at 0% for more than 2 minutes, try refreshing the page and checking History — the scan may have completed. If you see an error, contact support.
The Access Log card is only visible to the primary account holder — the original account that was created at signup. Sub-users and team members cannot see it even if they have Admin role.
If you are the primary account holder and still don't see it, try signing out and back in. If the issue persists, contact support.
You have exceeded your plan's monthly API call limit. The counter resets on the 1st of each month. To get more calls immediately, upgrade to a higher API plan from the pricing page.
For the login rate limit (5 attempts/minute per IP), wait 60 seconds before trying again.
Check your spam or junk folder for an email from help@ofac.us. If you don't find it after a few minutes, try the reset again.
If you still don't receive it, your email provider may be filtering our domain. Contact support and we'll assist you directly.
- 📞 Phone: 1-800-279-2302
- 📧 Email: help@ofac.us
- 💬 Live chat: available on the Support page during business hours
- 📋 Support form: support.html