%20(4).png)
OFAC Screening Automation
Automated sanctions screening that runs on every new contact & company and routes only meaningful matches to the legal team — compliance in the background, not on anyone's to-do list.
OFAC Screening API — Sanctions Compliance Automation
Type: Compliance API & CRM Integration
Stack: Python 3.11, FastAPI, GCP Cloud Run, GCP Cloud Functions, Google Firestore, HubSpot
Role: Sole Developer
Problem
The U.S. Office of Foreign Assets Control (OFAC) publishes the Specially Designated Nationals (SDN) list and Consolidated Sanctions list — around 19,000 sanctioned individuals, entities, vessels, and aircraft. Businesses with compliance obligations are required to screen customers against these lists. The lists are updated multiple times per month.
The real problem isn't that the data is hard to find — OFAC provides a public web search tool. The problem is what happens in practice: either go-to-market teams are expected to remember to use it and do so accurately (inconsistent, error-prone, and difficult to enforce at scale), or the task falls to a legal team that is already stretched thin doing work that requires no legal skill to execute. Neither is a sustainable model as the business grows.
Name matching adds another layer of complexity. Sanctioned individuals often appear on the list under transliterated versions of their name — a name originally in Arabic, Cyrillic, or Chinese script may be listed in multiple Latin-script approximations. Purely exact matching misses these cases entirely.
Off-the-shelf OFAC screening services exist, but they come with per-query pricing that scales with volume. For an organization already operating a CRM and GCP infrastructure, there is no good reason to pay for a third-party API when the underlying data is publicly available from the U.S. Treasury.
Solution
A self-hosted sanctions screening API that pulls directly from the official OFAC Sanctions List Service, runs on GCP, and integrates with HubSpot workflows — so every new contact is screened automatically without any manual effort.
How it works:
- A Cloud Function syncs the latest OFAC publications daily at 06:00 UTC, writing ~19,000 entities to Firestore
- A FastAPI service (Cloud Run) loads all entities into memory on startup and builds an inverted search index — sub-100ms response times
- A HubSpot workflow custom code action calls the API on contact enrollment and writes results back to eight CRM properties
The fuzzy matching engine runs three scorers in parallel — whole-string similarity, token-order-agnostic matching, and partial-match matching — and applies a length penalty to prevent short strings from incidentally matching long names. Non-Latin scripts are transliterated to Latin before matching, expanding coverage to names that appear on the lists in Arabic, Cyrillic, or Chinese script.
Match thresholds are configurable: the default 0.90 threshold produces Match (≥0.95), Review (0.90–0.95), or No Match results — giving compliance teams a clear signal rather than a raw score.
Workflow automations built on top of the screening results are where the operational value compounds:
ReviewandMatchresults automatically create a task in the legal team's HubSpot task queue and trigger a notification — so the legal team only sees the small number of cases that actually require their attention, rather than touching every contact- If a deal is opened against a contact or company that returns a
Match, a cascade of alerts fires to the sales rep, their manager, and the legal team to investigate before the deal progresses - All eight screening properties are available as native HubSpot properties, making screened contacts and companies available for segment lists, reporting, and filtering — and optionally for suppression, though the design choice here was to keep flagged entities in the system for full visibility rather than hiding them
GCP cost at low volume: near zero. Cloud Functions, Cloud Run, Firestore, Cloud Scheduler, and Secret Manager all fit within GCP free tier at typical screening volumes.
Outcome
Every new contact enrolled in a HubSpot workflow is screened against the current OFAC sanctions lists automatically, with results written directly to the contact record — no manual lookup, no third-party screening service, no per-query fees.
- Legal team only reviews a handful of cases per month — the ones that actually warrant their attention — rather than manually checking every new contact
Matchresults on open deals trigger immediate alerts to sales, management, and legal before the deal can progress- OFAC check results, match scores, entity types, sanctions programs, and list sources are all native HubSpot properties — available for segment lists, workflow branches, and reporting without any custom development
- The search index updates daily from the official U.S. Treasury source with no intervention required
- The entire service deploys to a GCP project in a single command and runs within free tier at low volume
Part of a professional portfolio. Full source available at github.com/Suixcity/ofac-screening
Want to chat
it over?
These are complex projects with many variables operating in a dynamic world. Things change, if you have any questions, need a hand, or anything else I can help with please reach out!