Specially Designated Nationals List (SDN): Definition and Use in Compliance

What is Specially Designated Nationals List (SDN)?

The Specially Designated Nationals List is a database maintained by the Office of Foreign Assets Control (OFAC), the sanctions enforcement arm of the U.S. Treasury Department. It names individuals, companies, vessels, and entities that are blocked under U.S. law. U.S. persons, including banks, are prohibited from transacting with any listed party. Any assets those parties hold in U.S. jurisdiction are frozen immediately.

OFAC updates the list daily and publishes it as a free downloadable file in XML, CSV, and PDF formats at the OFAC Sanctions Programs page. The list currently contains more than 12,000 entries spanning over 30 sanctions programs, covering targets from state sponsors of terrorism to drug traffickers, cybercriminals, and oligarchs connected to sanctioned regimes.

The legal authority rests primarily in the International Emergency Economic Powers Act (IEEPA) of 1977, which gives the U.S. president the power to block transactions in response to a declared national emergency. When an executive order designates someone as an SDN, the legal effect is immediate, even before a financial institution has updated its screening system.

One concept compliance teams must get right is the OFAC 50 Percent Rule. If one or more SDN-listed parties own 50 percent or more of an entity (individually or combined), that entity is treated as blocked, even if its name never appears on the published list. This rule catches evasion structures, including shell companies set up specifically to obscure ownership.

The cost of getting this wrong is not hypothetical. BNP Paribas paid $8.97 billion in 2014 after processing transactions for Iranian, Sudanese, and Cuban SDN-linked parties through its New York branch. That case remains the benchmark for what inadequate sanctions screening controls actually cost at an institution with real volume.

How is Specially Designated Nationals List (SDN) used in practice?

Compliance teams use the SDN list at two moments: when a customer relationship begins and when a payment moves.

During onboarding, SDN screening is part of Know Your Customer (KYC) and Customer Due Diligence (CDD) workflows. Every individual and entity goes through name matching against the SDN list, including aliases, dates of birth, and passport numbers. For corporate clients, ownership structures are traced to identify any SDN-linked Ultimate Beneficial Owner (UBO), because the 50 Percent Rule means the check can't stop at the entity name alone.

For payment processing, the check runs in real time. Each wire, ACH instruction, or trade finance document is screened before release, against the beneficiary name, beneficiary account, originator, and any intermediary institutions in the payment chain. A match generates a block and an immediate hold. Under OFAC rules, institutions freeze blocked assets rather than return them, and a blocking report must be filed with OFAC within 10 business days.

The practical challenge is name matching. SDN-listed parties use aliases, transliterations, name inversions, and deliberate misspellings. A single name can be romanized several different ways from Arabic, Cyrillic, or Persian script. This is where fuzzy matching and entity resolution tools earn their keep.

When a potential match is flagged, analysts review the full SDN entry against the customer's documentation. A confirmed match triggers a block and OFAC filing. A false positive gets cleared with a documented rationale that survives an examiner's review.

Politically Exposed Persons (PEPs) from sanctioned jurisdictions receive ongoing SDN monitoring after onboarding. One-time checks aren't sufficient when new designations land without warning.

Specially Designated Nationals List (SDN) in regulatory context

The SDN list operates within a U.S. sanctions legal framework spanning more than 30 country and thematic programs, drawing authority from statutes including IEEPA, the Trading with the Enemy Act, CISADA, and CAATSA, alongside presidential executive orders. The SDN list is the consolidated output: one list covering targets from every active program.

U.S. banks face SDN obligations as primary sanctions. Non-U.S. banks face a different but equally serious exposure through secondary sanctions, which threaten to restrict access to the U.S. financial system for any institution that conducts significant transactions with SDN-listed parties. Because most global banks need dollar correspondent access to function, this threat extends OFAC's practical reach well beyond U.S. borders.

Regulators expect banks to maintain a formal sanctions compliance program covering governance, internal controls, testing, training, and documented policies. OFAC's Framework for OFAC Compliance Commitments, published in 2019, describes five components of an effective program and is the reference document compliance teams use when designing or auditing their SDN controls.

Banks caught in enforcement without adequate controls face base penalties. Those with robust programs that self-disclose tend to receive substantial reductions. OFAC's enforcement guidelines detail the aggravating and mitigating factors explicitly. The OCC and Federal Reserve incorporate SDN compliance into examination scopes, so exam preparation and OFAC readiness now overlap significantly.

Counter-Financing of Terrorism (CFT) obligations frequently intersect with SDN requirements. When a designated terrorist group appears on the list, transactions that might not appear as terrorism financing in isolation become blocked transactions if the counterparty is listed. The Financial Action Task Force's Recommendation 6 also requires member jurisdictions to implement targeted financial sanctions against terrorism and proliferation, creating parallel obligations in non-U.S. jurisdictions that frequently reference the SDN list as a baseline.

Common challenges and how to address them

Name matching is the hardest operational problem. The SDN list contains entries in Arabic, Cyrillic, Chinese, and other scripts, all romanized in multiple formats. "Mohammed Al-Rashid" on the SDN list might appear on a customer's passport as "Mohamed Alrasheed." Setting matching thresholds too high produces unmanageable alert volumes. Setting them too low misses real hits.

We've seen banks struggle with this for years. The answer is risk-based threshold tuning: stricter settings for high-value or high-risk payment corridors involving Iran, Russia, or North Korea, and more lenient settings for low-risk domestic retail transactions. This approach requires documented reasoning and periodic review, because threshold decisions affect both compliance exposure and customer friction.

The 50 Percent Rule adds a second layer of difficulty. Corporate customers rarely disclose ownership voluntarily. Know Your Business (KYB) workflows must pull beneficial ownership data from registries, third-party providers, and direct customer declarations. Structures built around nominee shareholders or multi-jurisdictional holding companies often require Enhanced Due Diligence (EDD) before the bank can confirm no SDN-linked party sits above the 50 percent threshold.

List update latency is a third problem. OFAC updates the SDN list daily, sometimes multiple times following major geopolitical events. A bank refreshing its screening database weekly creates a compliance gap in that window. The technical fix is automating daily pulls with immediate alerts when the list changes. The operational fix is ensuring those updates propagate to real-time payment queues, not just nightly batch jobs.

Finally, SDN-adjacent risk matters. Companies under OFAC investigation, or those whose parent company was just designated, need attention before the formal listing. Compliance programs that combine SDN screening with adverse media screening catch these situations early and reduce the risk of processing a transaction that becomes an enforcement problem 48 hours later.

Related terms and concepts

The SDN list sits at the center of a broader sanctions and financial crime control framework. Understanding adjacent terms clarifies how the full picture fits together.

Sanctions screening is the process; the SDN list is the primary data source for U.S.-focused programs. But screening systems also consume the UN Security Council Consolidated List, the EU Consolidated Sanctions List, and the UK HM Treasury Financial Sanctions List. The SDN carries the most acute enforcement risk for U.S.-dollar transactions, but global institutions screen all active lists simultaneously.

Restricted party screening (RPS) and denied party screening (DPS) extend the concept to export controls and trade finance. The Commerce Department's Entity List and the State Department's Debarment List cover goods and technology exports. Financial institutions supporting trade finance check all of these alongside the SDN.

Secondary sanctions and sectoral sanctions are distinct but connected. Sectoral sanctions restrict specific activities rather than blocking all transactions outright: the CAATSA Russia programs, for example, restrict designated Russian financial institutions' access to capital markets without making every transaction illegal.

Sanctions evasion is the typology SDN screening is designed to detect. Common methods include routing payments through front companies, using shell companies in non-sanctioned jurisdictions, and misrepresenting the originator in payment messages. Asset freezing is the immediate legal consequence when an institution confirms an SDN-linked party in a transaction or customer relationship.

For teams managing high-risk customer categories, Politically Exposed Persons (PEPs) from sanctioned jurisdictions require simultaneous SDN screening and Enhanced Due Diligence (EDD). The two risk categories overlap often enough that separating the workflows creates gaps an examiner will find.