Data Sources
| List | Region | Update Frequency | Entries |
|---|---|---|---|
| OFAC SDN | United States | Every 6 hours | 18,700+ |
| UN Security Council | International | Every 12 hours | 1,000+ |
| EU Consolidated List | European Union | Every 12 hours | 5,800+ |
| UK HM Treasury (OFSI) | United Kingdom | Every 12 hours | 5,100+ |
| Canada SEMA | Canada | Every 24 hours | 3,400+ |
| Australia DFAT | Australia | Every 24 hours | 10,900+ |
| Switzerland SECO | Switzerland | Every 24 hours | 5,000+ |
| PEP (Wikidata) | Global | Daily | 851,000+ |
All data sourced directly from official government publications. PEP data via Wikidata (CC0 license).
How Matching Works
4-Stage Matching Pipeline
- 1Exact Match — Normalized name comparison with token reordering. Handles "Putin, Vladimir" = "Vladimir Putin".
- 2Fuzzy Match — Jaro-Winkler, Monge-Elkan, and Soft TF-IDF with IDF corpus weighting. Catches spelling variations and transliterations.
- 3Phonetic Match — Double Metaphone algorithm. Finds names that sound alike across languages (Hezbollah / Hizballah).
- 4AI Verification — LLM-powered entity resolution for ambiguous matches. Reduces false positives by up to 92%.
What It Handles
- • Arabic, Cyrillic, and Greek transliterations
- • Spelling variations and typos
- • Word order differences (first/last name swap)
- • Titles, honorifics, and legal suffixes
- • Partial name matches with confidence scoring
- • Confidence scores 0–100 with risk level classification
Audit & Compliance Features
Every screening logged with immutable request ID
Full audit trail with timestamp, lists checked, and results
CSV export for regulatory reporting
API response includes lists_checked for compliance evidence
Webhook notifications when sanctions lists update
Screening history API with date range and risk level filters
Security
API Key Security
SHA-256 hashed API keys. Keys are never stored in plaintext.
Webhook Integrity
HMAC-signed webhook payloads for tamper-proof delivery verification.
Password Security
bcrypt password hashing with salt rounds for account security.
Rate Limiting
Per-key rate limiting with brute-force protection.
Security Controls
Enterprise-grade security measures in place. Security documentation available on request.
GDPR Compliant
No customer PII stored beyond screening queries. Stateless screening architecture.
Compliance FAQ
Can I use Verifex as my primary sanctions screening tool?
Yes. Verifex checks all major international sanctions lists required by OFAC, EU, UN, and UK regulations. We recommend combining with your own risk-based approach and internal policies.
How quickly are new sanctions reflected?
OFAC updates are reflected within 6 hours. EU and UN updates within 12 hours. We monitor official government feeds and sync automatically.
Do you support ongoing monitoring?
Yes. Add entities to your watchlist and receive webhook notifications when their risk status changes due to sanctions list updates.
What happens if your service goes down?
Our API has 99.9%+ uptime. If a screening request fails, we recommend implementing retry logic with exponential backoff. Your compliance obligations require you to screen — if our service is unavailable, queue the screening and retry.
Do you provide a vendor due diligence questionnaire?
Yes. Contact us at hello@verifex.dev for our security documentation and vendor due diligence materials.
Where does your PEP data come from?
PEP records are extracted from Wikidata via SPARQL — a free, structured knowledge base maintained by the Wikimedia Foundation (CC0 license). Over 850,000 politically exposed person records covering heads of state, ministers, parliamentarians, judges, ambassadors, and military leaders across 190+ countries. Updated daily.