Office of Foreign Asset Control (OFAC) is an HTTP API and Go library to download, parse and serve United States OFAC sanction data along with the BIS Denied Person's List (DPL) for applications and humans. Also supported is an async webhook notification service to initiate processes on remote systems connected with OFAC. The US Treasury department offers a search page for OFAC records.
All United States companies are required to comply with OFAC regulations and sanction lists and the US Patriot Act requires compliance with the BIS Denied Person's List (DPL). Moov's primary usage for this project is with ACH origination in our paygate project.
To get started using OFAC download the latest release or our Docker image. We also have a demo OFAC instance as part of Moov's demo environment.
# Run as a binary
$ wget https://github.com/moov-io/ofac/releases/download/v0.8.0/ofac-darwin-amd64
$ chmod +x ofac-darwin-amd64
$ ./ofac-darwin-amd64
ts=2019-02-05T00:03:31.9583844Z caller=main.go:42 startup="Starting ofac server version v0.8.0"
...
# Run as a Docker image
$ docker run -p 8084:8084 -p 9094:9094 -it moov/ofac:latest
ts=2019-02-05T00:03:31.9583844Z caller=main.go:42 startup="Starting ofac server version v0.8.0"
...
# Perform a basic search
$ curl -s localhost:8084/search?name=...
{
"SDNs": [{
"entityID": "...",
"sdnName": "...",
"sdnType": "...",
"program": "...",
"title": "...",
"callSign": "...",
"vesselType": "...",
"tonnage": "...",
"grossRegisteredTonnage": "...",
"vesselFlag": "...",
"vesselOwner": "...",
"remarks": "..."
}],
"altNames": null,
"addresses": null,
"deniedPersons": null,
"bisEntities": [{
"name": "Danoush Trading Company",
"alternateNames": [""],
"addresses": ["No. 104, Beside Kheibar Hotel, Morshed Market St., Dubai , Dubai, AE"],
"startDate": "2008-09-22",
"licenseRequirement": "For all items subject to the EAR (See §744.11 of the EAR)",
"licensePolicy": "Presumption of denial",
"FRNotice": "73 FR 54509",
"sourceListURL": "http://bit.ly/1L47xrV",
"sourceInfoURL": "http://bit.ly/1L47xrV",
"match": 0.8
}]
}
We offer hosted api docs as part of Moov's tools and an OpenAPI specification for use with generated clients.
Docs: docs.moov.io | api docs
| Environmental Variable | Description | Default |
|---|---|---|
OFAC_DATA_REFRESH |
Interval for OFAC data redownload and reparse. | 12h |
OFAC_DOWNLOAD_TEMPLATE |
HTTP address for downloading raw OFAC files. | (OFAC website) |
DPL_DOWNLOAD_TEMPLATE |
HTTP address for downloading the DPL | (BIS website) |
SQLITE_DB_PATH |
Local filepath location for the paygate SQLite database. | ofac.db |
WEBHOOK_BATCH_SIZE |
How many watches to read from database per batch of async searches. | 100 |
LOG_FORMAT |
Format for logging lines to be written as. | Options: json, plain - Default: plain |
HTTP_BIND_ADDRESS |
Address for paygate to bind its HTTP server on. This overrides the command-line flag -http.addr. |
Default: :8080 |
HTTP_ADMIN_BIND_ADDRESS |
Address for paygate to bind its admin HTTP server on. This overrides the command-line flag -admin.addr. |
Default: :9090 |
- Download Sanctions Lists on startup
- Admin endpoint to manually refresh OFAC and DPL data
- Index data for searches
- Async searches and notifications (webhooks)
- Manual overrides to mark a
CompanyorCustomerasunsafe(blocked) orexception(never blocked). - Library for OFAC and BIS DPL data to download and parse their custom files
When OFAC sends a webhook to your application the body will contain a JSON representation of the Company or Customer model as the body to a POST request. You can see an example in Go.
An Authorization header will also be sent with the authToken provided when setting up the watch. Clients should verify this token to ensure authenticated communicated.
Webhook notifications are ran after the OFAC data is successfully refreshed, which is determined by the OFAC_DATA_REFRESH environmental variable.
OFAC supports sending a webhook periodically when a specific Company or Customer is to be watched. This is designed to update another system about an OFAC entry's sanction status.
OFAC supports sending a webhook periodically with a free-form name of a Company or Customer. This allows external applications to be notified when an entity matching that name is added to the OFAC list. The match percentage will be included in the JSON payload.
We maintain a runbook for common issues and configuration options. Also, if you've encountered a security issue please contact us at [email protected].
| channel | info |
|---|---|
| Project Documentation | Our project documentation available online. |
| Google Group moov-users | The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to [email protected]. After receiving the join-request message, you can simply reply to that to confirm the subscription. |
| Twitter @moov_io | You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories. |
| GitHub Issue | If you are able to reproduce an problem please open a GitHub Issue under the specific project that caused the error. |
| moov-io slack | Join our slack channel to have an interactive discussion about the development of the project. Request an invite to the slack channel |
Yes please! Please review our Contributing guide and Code of Conduct to get started!
Note: This project uses Go Modules, which requires Go 1.11 or higher, but we ship the vendor directory in our repository.
- Sanctions Search Page
- Subscribe for OFAC updates
- When should I call the OFAC Hotline?
- Treasury Department Specially Designated Nationals
- BIS Denied Persons List with Denied US Export Privileges
- BIS Entity List
Apache License 2.0 See LICENSE for details.