Lux Docs
Compliance

Sanctions Screening

OFAC SDN, EU, UK HMT sanctions lists, PEP detection, and adverse media screening

The AML screening service (pkg/aml.ScreeningService) checks individuals and entities against global sanctions lists and politically exposed persons databases.

Sanctions Lists

ListConstantSourceCoverage
OFAC SDNofac_sdnUS TreasurySpecially Designated Nationals and Blocked Persons
EU Consolidatedeu_sanctionsEuropean UnionEU sanctions targets
UK HMTuk_hmtHM TreasuryUK financial sanctions targets
PEPpepMulti-sourcePolitically exposed persons, family, and associates
Adverse Mediaadverse_mediaMulti-sourceNegative news screening

All five lists are checked on every screening request. Results include which lists produced matches.

Match Types

The screening service uses three matching strategies:

Match TypeConstantMethod
ExactexactCase-insensitive string equality after normalization
FuzzyfuzzyLevenshtein distance with configurable similarity threshold
PartialpartialSubstring and token-level matching on name components

Fuzzy Matching

Fuzzy matching uses Levenshtein edit distance to find near-matches. The Levenshtein distance counts the minimum number of single-character insertions, deletions, or substitutions needed to transform one string into another. A similarity score is calculated as:

similarity = 1 - (distance / max(len(a), len(b)))

Names with similarity above the configured threshold (typically 0.85) are flagged as fuzzy matches. This catches common variations: transliteration differences, typos, and alternate spellings.

Risk Scoring

Each screening result receives a risk level that determines the required action:

Risk LevelConstantAction Required
LowlowAuto-approve, periodic rescreening
MediummediumManual review within 24 hours
HighhighEscalate to compliance officer
CriticalcriticalBlock immediately, file SAR

Risk is determined by match quality, list source, and number of matches. An exact match on the OFAC SDN list produces critical. A fuzzy match on adverse media produces medium.

PEP Detection

Politically exposed persons (current and former government officials, their family members, and close associates) trigger enhanced due diligence:

  • Source of wealth verification
  • Source of funds documentation
  • Senior management approval for onboarding
  • Enhanced ongoing monitoring (quarterly review)

Enhanced Due Diligence

EDD is required for:

  • PEP matches (any match type)
  • High-risk jurisdictions
  • Complex ownership structures
  • Unusual transaction patterns
Screening Hit --> Risk Assessment --> EDD Required?
                                         |
                      +------------------+
                      v                  v
                  Standard CDD       Enhanced CDD
                  (periodic)         (source of funds,
                                      senior approval)

List Management

Sanctions lists are loaded at startup and can be refreshed without restart. The screening service uses sync.RWMutex for thread-safe concurrent access during list updates and screening operations.

API

Screen an individual:

curl -X POST http://localhost:8091/v1/aml/screen \
  -H "X-Api-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"John Doe","country":"US","date_of_birth":"1980-01-15"}'

See the API Reference for full request/response details.

KYC Verification

Multi-provider identity verification with Jumio, Onfido, and Plaid

Transaction Monitoring

Real-time rules engine for structuring detection, velocity checks, and SAR generation

On this page

Sanctions ListsMatch TypesFuzzy MatchingRisk ScoringPEP DetectionEnhanced Due DiligenceList ManagementAPI