Compliance

Screening is easy. Proving the decision later is the hard part.

Verifex preserves the evidence behind every sanctions decision so compliance, risk, and operations teams can review, explain, and export decision history when it matters.

The audit problem

Auditors ask five questions.

Most screening tools answer the first one. Verifex is designed to answer all five.

01

What was screened?

02

When was it screened?

03

Which list version was active?

04

Why was it cleared or reviewed?

05

Who approved the decision?

Verifex preserves all five.

Every screening produces an evidence capsule with the full context needed for compliance review.

Already have a provider?

Verifex works beside your existing workflow.

Many regulated teams already screen names. The gap appears later — when someone asks what was checked, which list version was active, why a match was cleared, and who approved the decision.

Secondary screening & evidence layer

Add a transparent second opinion with preserved match rationale and audit IDs.

Audit capsule generator

Generate structured proof behind every clear, review, or block decision.

Internal benchmark layer

Run test cases, compare scoring visibility, and perform regression checks.

Regional KYB desk

Turkey/Azerbaijan company verification with registry evidence and structured delivery.

Evidence model

What the evidence capsule contains.

query

The exact name and context submitted for screening

entity_type

Person, company, vessel, or aircraft

screened_at

ISO timestamp with millisecond precision

list_versions

Version identifiers of every source checked

algorithm_version

Matching engine version at screening time

match_score

Structured confidence score (0–100)

recommendation

AUTO_CLEAR, REVIEW, ESCALATE, or BLOCK

reviewer_action

Who reviewed, when, and what they decided

audit_id

Deterministic cross-reference for compliance reconstruction

Legacy vs Verifex

From match result to reviewable evidence.

Legacy screening

Name → Match result → Spreadsheet note → Lost context

Verifex

Name → Match result → Evidence capsule → Reviewer action → Audit export

Internal controls

Controls designed for compliance review.

Audit trail

Every screening event is logged with timestamps, list versions, match evidence, and confidence scores. Plan-based retention from 30 to 365 days.

Screening logs

Query the full history by date range, risk level, reviewer, and source. Export in CSV or JSON for compliance documentation and audit review.

Reviewer actions

Compliance officers can review, escalate, or clear alerts with documented rationale. Every action is tied to a user and timestamp.

Exportable evidence

Evidence capsules can be exported in structured JSON format, preserving the exact state of the screening at the moment it occurred.

Retention

Starter plans include 30-day retention. Growth 60 days. Pro 90 days. Enterprise 365 days. Configurable on request. Free plan does not include audit trail access.

Monitoring

Add entities to a watchlist and receive near real-time webhook alerts when their risk status changes due to sanctions list updates.

Ownership-control risk

Risk can hide behind ownership.

A company may not appear on a sanctions list and still create sanctions exposure through ownership or control. Verifex provides ownership-chain context where source data supports it — including GLEIF-based parent linkage and aggregate sanctioned-ownership calculations.

  • GLEIF-based context where available
  • Aggregate sanctioned-ownership calculations
  • Ownership-chain visibility where source data supports it
  • Manual-enhanced reports where official data is limited
  • Analytical support, not legal determination of blocking status

Important

OFAC 50% Rule calculations are provided as analytical support to help compliance teams identify ownership-control risk direction. They are not a legal determination of blocking status. Final decisions should always be reviewed by qualified legal and compliance personnel.

Security & availability

Designed for production workflows.

Monitored infrastructure, clear operational logs, and security controls built for regulated environments.

API Key Security

SHA-256 hashed API keys. Keys are never stored in plaintext.

Webhook Integrity

HMAC-signed webhook payloads for tamper-evident delivery verification.

Password Security

bcrypt password hashing with salt rounds for account security.

Rate Limiting

Per-key rate limiting with brute-force protection.

Security Controls

Encryption at rest and in transit, daily off-site backups, and SOC 2-style controls in progress. Formal certification is not complete. Documentation available on request.

Data Handling

No customer PII stored beyond screening queries. Stateless screening architecture.

Compliance FAQ

Common questions.

Can I use Verifex as my primary sanctions screening tool?

Verifex can serve as the screening API inside your compliance workflow. It should be configured and reviewed as part of your own risk-based program, internal policies, and legal obligations.

How quickly are new sanctions reflected?

OFAC updates are reflected within 6 hours. EU and UN updates within 12 hours. We monitor official government feeds and sync automatically.

Do you support ongoing monitoring?

Yes. Add entities to your watchlist and receive webhook notifications when their risk status changes due to sanctions list updates. The compliance dashboard alert queue surfaces all open hits for review.

Does Verifex distinguish between PEP hits and sanctions hits?

Yes. PEP-only hits return risk level MATCH — indicating the person is politically exposed but not sanctioned. Actual sanctions hits return HIGH or CRITICAL. This prevents compliance teams from treating a PEP hit the same as a direct sanctions violation.

What is entity resolution and why does it matter for compliance?

Entity resolution merges duplicate records across configured sources into a single canonical profile. Without it, similar names across different sources can generate multiple alerts. With entity resolution, they resolve to one profile — reducing alert volume and making it easier to see every alias and source in one place.

Do you support OFAC 50% Rule calculations for corporate entities?

The UBO chain tool traverses corporate ownership chains where source data supports it and calculates aggregate sanctioned ownership under the OFAC FAQ No. 401 (50% Rule). It flags ownership-control risk direction where sanctioned parties own 50% or more in aggregate. This is analytical support, not a legal determination of blocking status.

What happens if your service goes down?

Verifex is designed for production workflows with monitored infrastructure and clear operational logs. If a screening request fails, we recommend implementing retry logic with exponential backoff. Your compliance obligations require you to screen — if our service is unavailable, queue the screening and retry.

Do you provide a vendor due diligence questionnaire?

Yes. Contact us at hello@verifex.dev for our security documentation and vendor due diligence materials.

Where does your PEP data come from?

PEP records are sourced from configured data feeds, including Wikidata (CC0 license) where applicable. Wikidata is a community-maintained knowledge base with known gaps: coverage of family members and known close associates varies by jurisdiction, historical records may be incomplete, and record quality depends on volunteer curation. Customers should validate PEP source suitability for their regulatory program and jurisdiction. Verifex does not claim regulator-grade PEP coverage.

Evidence Capsule →PEP data methodology →Matching methodology →Vendor security Q&A →

Get started

Generate reviewable screening evidence

Start with 50 free screens/month. No credit card. No sales calls. Audit trail access begins on Starter.