Key Screening Software
Requirements Checklist
Is Fuzzy Logic Now Clear?

Is Fuzzy Logic Now Clear?

I wrote briefly about “fuzzy logic” in a prior post (please see: What I did not mention is that a couple of America’s biggest companies have recently gotten caught for failures to pick up aliases that their respective software programs should have caught.

The Office of Foreign Assets Control (OFAC) itself has recently upgraded the “fuzzy logic” in its own search tool in January 2021. Please see:

Those two companies that got in trouble recently for inadequate “fuzzy logic” capabilities are Apple and Amazon. This blog will review both cases to illustrate the importance of proper “fuzzy logic” capabilities in a chosen software service provider.

I. Apple’s Failure with Fuzzy Logic

In November 2019, Apple, Inc. agreed to pay $466,912 to settle its OFAC case for apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations. (Please see:

Apple dealt in the property or interests in property of SIS, d.o.o. (“SIS”), a Slovenian software company previously identified on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”) as a significant foreign narcotics trafficker (“SDNTK”). The SDN List provided the following identifying information for SIS: SIS D.O.O., 19 Spruha, Trzin 1236, Slovenia; Registration ID 5919070 (Slovenia); Tax ID No. SI91729181 (Slovenia) [SDNTK].

Apple screened the newly designated SDNTKs against its app developer account holder names using its sanctions screening tool. However, Apple failed to identify that SIS, an App Store developer, was added to the SDN List and was therefore blocked. Apple later attributed this failure to its sanctions screening tool’s failure to match the upper case name “SIS DOO” in Apple’s system with the lower case name “SIS d.o.o.” as written on the SDN List. The term “d.o.o.” is a standard corporate suffix in Slovenia identifying a limited liability company.

OFAC determined the following to be mitigating factors regarding Apple’s correction of its “fuzzy logic” deficiency in its screening software, namely, Apple:

• Reconfigured the primary sanctions screening tool to fully capture spelling and capitalization variations and to account for country-specific business suffixes, and implemented an annual review of the tool’s logic and configuration;
• Expanded sanctions screening to include not only app developers, but also their designated payment beneficiaries and associated banks; and
• Updated the instructions for employees to review potential SDN List matches flagged by the primary sanctions screening tool.

II. Amazon Fuzzy Logic Failure, Inc.agreed to pay $134,523 in July 2020 to settle its potential civil liability for apparent violations of multiple OFAC sanctions programs (please see:
As a result of deficiencies related to Amazon’s sanctions screening processes, Amazon provided goods and services to persons sanctioned by OFAC; to persons located in the sanctioned region or countries of Crimea, Iran, and Syria; and to individuals located in or employed by the foreign missions of countries sanctioned by OFAC.

The settlement amount reflects OFAC’s determination that Amazon’s apparent violations were non-egregious and voluntarily self-disclosed, and further reflects the significant remedial measures implemented by Amazon upon discovery of the apparent violations.

Overall, OFAC found the apparent violations consisted primarily of transactions involving low-value retail goods and services for which the total transaction value of the apparent violations was approximately $269,000. OFAC further determined the apparent violations occurred primarily because Amazon’s automated sanctions screening processes failed to fully analyze all transaction and customer data relevant to compliance with OFAC’s sanctions regulations.

What served as chief mitigating factors was that Amazon undertook significant remedial measures to address its sanctions screening deficiencies. Such measures included:

• Employing internal and third-party sources to conduct a thorough review of Amazon’s sanctions compliance program and its automated screening systems in order to address the screening failures that gave rise to the apparent violations. In particular, Amazon is incorporating additional automated preventative screening controls designed to scale and operate effectively for its overall retail business;
• Developing internally custom screening lists to minimize the risk of processing transactions that raise sanctions compliance concerns; and
• Enhancing its sanctioned jurisdiction Internet Protocol (IP) blocking controls and implementing automated processes to update continually its mapping of IP ranges associated with sanctioned jurisdictions.

III. “Fuzzy Logic” Becomes Clear Logic

After reviewing both the Apple and Amazon cases, it becomes readily clear why proper “fuzzy logic” capabilities in picking up alternate spellings and aliases is so important. While such “fuzzy logic” can result in an overwhelming number of “false positive” matches, the logic can be tweaked to match the risk profile of a given company, depending on types of business partners and geographies covered.

Because a given company’s risk profile can evolve over time, it is most helpful to undertake the commitment Apple made in  implementing an annual review of the screening tool’s logic and configuration (likely best done as part of an annual risk assessment).

Blacklisted?  Delisting Potential for Mistaken Identity or Changed Circumstances

Blacklisted? Delisting Potential for Mistaken Identity or Changed Circumstances

From last week’s post (, if you happen to find yourself or a business partner triggering a blacklist screen alert, there might be different reasons for the trigger that merit inquiry. It could be due to mistaken identity or changed circumstances, and there is potential to request delisting.

I. Mistaken Identity Delisting

In my last Fortune 200 company job, I travelled to Mexico City with one of our internal auditors (who was fully bilingual in both Spanish and English). The problem was that his named triggered a “specially designated national” (SDN) match which also translated into a “Do Not Fly” prohibition. Fortunately, this was not the first time my former work colleague had encountered this issue, and he produced an electronic file with key documentation indicating his full name, place and date of birth as well as his current residence address. All of these were distinguishing facts that helped clear his name. We boarded our flight without further ado.

There is an Office of Foreign Asset Control (OFAC) procedure under 31 CFR § 501.806 to petition to unblock funds that have been frozen due to mistaken identity. Under subsection (d), a request to release funds should include the following information, where known, concerning the transaction:

(1) The name of the financial institution in which the funds are blocked;

(2) The amount blocked;

(3) The date of the blocking;

(4) The identity of the original remitter of the funds and any intermediary financial institutions;

(5) The intended beneficiary of the blocked transfer;

(6) A description of the underlying transaction including copies of related documents (e.g., invoices, bills of lading, promissory notes, etc.);

(7) The nature of the applicant’s interest in the funds; and

(8) A statement of the reasons why the applicant believes the funds were blocked due to mistaken identity.

This can happen more often than not if the financial institution uses screening software with fuzzy logic that picks up potential aliases. Indeed, many banks have received harsh OFAC penalties and tend to err on the side of caution. A well documented request can ensure release of overzealous fund blocking in relatively short order.

II. Changed Circumstances Delisting

It is also possible that one is being blocked as a result of a true SDN match. There is also a procedure to request reconsideration based on changed circumstances. 31 CFR § 501.807 governs Requests for delisting from the SDN and Blocked Persons List.

This regulation provides a procedure for submitting arguments or evidence that might establish that insufficient basis exists for the SDN designation. The blocked person also may propose remedial steps, such as corporate reorganization, resignation of persons from positions in a blocked entity, or similar steps, which the person believes would negate the basis for designation.

As another example, the regulation explains a person owning a majority interest in a blocked vessel may propose the sale of the vessel, with the proceeds to be placed into a blocked interest-bearing account after deducting the costs incurred while the vessel was blocked and the costs of the sale. Taking such action could provide grounds for delisting as an SDN.

III. It is Advisable to Request a Meeting with OFAC on Delisting

§ 501.807(c) permits a blocked person to request a meeting with the OFAC decision makers; however, the regulation states such meetings are not required and that OFAC may, at its discretion, decline to conduct such a meeting.

With experienced counsel, it is highly advisable to request such a meeting. The value of establishing credibility in-person cannot be understated with so much at stake in such proceedings. When making the initial request, it will be necessary to inquire about the in-person meeting opportunity at the same time. To have the best hope of having a meeting request granted, one should present a proposed agenda along with a list of supporting documents, visual aids and third party certifications and verifications.

SDN Designations Increase over 150% since 2015!

SDN Designations Increase over 150% since 2015!

With the changing of the POTUS guard, it is an appropriate time to check on the State of OFAC sanctions SDN designations since just before the last time the changing of the guard occurred. The following charts are from June 2015 and January 2021 respectively, and they show OFAC SDN designations increased 150%! (Please see:

SourceDescriptionUpdated On# Records
June 2015
OFAC(SDN) Specially Designated Nationals List06/04/1525,306
(OFCL) Consolidated List05/21/15416
BISBIS Denied Persons/Unverified List05/14/15874
FBIMost Wanted Terrorist List09/12/1442
EuropeHM Treasury Sanction List05/20/157,838
European Union Sanction List02/21/1513,607
UNUnited Nations 1267 List09/12/142,336
SourceDescriptionUpdated On# Records
January 2021
OFAC(SDN) Specially Designated Nationals List01/19/2138,071
(OFCL) Consolidated List03/18/191,976
BISBIS Denied Persons/Unverified List/Entity List05/25/204,654
EuropeHM Treasury Sanction List01/21/2110,736
European Union Sanction List03/19/1910,950
UNUnited Nations 1267 List03/16/206,31

This 2021 blog (as opposed to prior current event blogs at: will focus on practical challenges businesses face in complying with the ever dynamic sanctions laws given this uptick in designations. The increase does not appear to be an aberration of the Trump administration. Already with newly installed President Joe Biden talking tough via phone with Vladimir Putin and exclaiming the POTUS will have no reason to hold summits with Kim Jung Un unless North Korea denuclearizes first, the state of continued OFAC designations promises to be alive and well for the foreseeable future.

Crafting a proper set of policies and procedures to comply with sanctions laws will be mission critical, not to mention the proper selection of screening software, the proper resolution of potential matches, the ability to impose transaction stops in a timely manner as well as dealing with the new OFAC reporting requirements.