Denied Party ScreeningOFACBISExport ComplianceSDN ListWatchlists

Denied Party Screening Software: A Buyer's Guide for Defense Contractors

What lists must you screen against, what does 'reasonable due diligence' actually require, and what should you look for in denied party screening software? A practical guide for compliance teams.

ISITAR Screen
··7 min read
TC

Reviewed by

Trenton Crouch

Founder, ITAR Screen

Trenton is the founder of ITAR Screen and Gideon Dynamics. He built ITAR Screen to give defense contractors and dual-use exporters fast, auditable USML classification and denied-party screening without the complexity of enterprise compliance platforms.

Last reviewed:

Denied party screening is not an optional step in export compliance — it is a legal obligation that applies to every transaction regardless of whether your product requires an export license. You can have a perfect USML classification and still commit a serious federal violation by selling to a sanctioned entity, an OFAC-designated individual, or a party on the BIS Entity List.

For many defense contractors, the question is not whether to screen but how to do it reliably at scale. Manual spreadsheet screening works for a handful of transactions per month. It does not work when your business is processing dozens of quotes, orders, and subcontractor agreements every week — each of which may involve counterparties across multiple jurisdictions.

This guide explains which lists you must screen against, what "reasonable due diligence" means in practice, and what to look for when evaluating denied party screening software.

Which Lists Must You Screen Against?

There is no single U.S. government denied party list. Multiple agencies maintain separate lists, each with different legal effects and update frequencies. A complete screening program covers all of them.

OFAC — Specially Designated Nationals and Blocked Persons (SDN) List Administered by the Office of Foreign Assets Control at the U.S. Department of the Treasury. Transactions with SDN-listed individuals and entities are generally prohibited, and their property and interests in property must be blocked. OFAC sanctions apply regardless of whether your product is controlled under ITAR or EAR — an EAR99 widget cannot be sold to an SDN-designated party. The SDN list is updated continuously; relying on a cached or infrequently updated copy creates risk.

BIS — Entity List Administered by the Bureau of Industry and Security. Entity List designations impose a license requirement for exports, re-exports, or transfers of items subject to the EAR to listed parties, with a general policy of denial in many cases. Entity List additions frequently reflect national security concerns and can be added without public notice in advance.

BIS — Denied Persons List U.S. persons on the Denied Persons List have had their export privileges revoked by BIS. Transferring any item subject to the EAR to a denied person — or facilitating an export by a denied person — violates the denial order regardless of the item's classification.

BIS — Unverified List (UVL) Parties that BIS has been unable to verify through end-use checks. A UVL listing is not a prohibition, but transacting with UVL parties creates heightened compliance obligations and requires specific representations in your export documentation.

DDTC — Debarred Parties Parties debarred under 22 CFR Part 127 are prohibited from participating in any ITAR-regulated activity. Debarment is a serious sanction and applies broadly to any transaction involving defense articles, defense services, or technical data.

OFAC — Other Sanctions Programs Beyond the SDN list, OFAC administers dozens of country- and program-specific sanctions (Iran, Russia, Cuba, North Korea, and others). These programs may prohibit or restrict transactions with entire categories of persons or entities, not just individually designated parties.

The Consolidated Screening List (CSL) maintained by trade.gov aggregates most major U.S. government restricted party lists into a single API-accessible resource. It is a useful screening tool but does not capture every relevant list — cross-reference against OFAC directly for SDN and consolidated sanctions.

What "Reasonable Due Diligence" Means in Practice

Neither OFAC nor BIS requires perfect screening results. What they require is a risk-based compliance program with documented due diligence. OFAC's 2019 compliance framework identifies party screening as one of five core components of an effective sanctions compliance program and emphasizes that the rigor of screening should be calibrated to transaction risk.

Practically, this means:

  • Screen before you transact, not after. Screening a counterparty after an order has shipped does not protect you if the party was designated at the time of the transaction.
  • Screen all relevant parties. The end customer is not the only party that matters. Intermediate distributors, freight forwarders, named consignees, and known end users all require screening.
  • Document every screening. A screening run against an outdated list with no audit trail is worth less than no screening at all in an enforcement context. Records should show which lists were screened, the date and time, the query used, and the result.
  • Have a process for hits. A screening result that flags a potential match requires a decision workflow: is this a true match? Who reviews it? What is the escalation path?

What to Look for in Denied Party Screening Software

List coverage and update frequency. The most important question is whether the software screens against all relevant lists — and how quickly it reflects list changes. An SDN addition that your system hasn't ingested yet is a live compliance gap. Look for systems that ingest OFAC updates within hours, not days.

Fuzzy matching and alias coverage. Designated parties frequently appear under alternative transliterations, aliases, and related entities. Exact-match-only screening will miss them. Effective screening requires configurable fuzzy matching that catches phonetic variants and name transpositions without generating so many false positives that your screening queue becomes unworkable.

Audit trail and export. Your screening records need to be available for regulators. Software that generates a time-stamped, immutable record for each screening — showing the query, the list version checked, and the result — supports both your ITAR recordkeeping obligations and any OFAC due diligence defense.

API access and integration. Compliance teams that screen manually via web portal are creating a bottleneck. Production-ready screening software should offer an API that integrates into your order management, ERP, or CRM workflow so that screening happens automatically at transaction initiation — not as a separate manual step.

Coverage beyond SDN. SDN screening alone is not a complete program. Evaluate whether the platform covers the BIS Entity List, Denied Persons List, Unverified List, DDTC Debarred list, and other relevant programs. Point solutions that cover only one list require you to stitch together multiple vendors or manual checks.

Why Manual Screening Breaks Down

Manual screening — running names against a CSV export of the SDN list, or checking names through a government web portal one at a time — has a specific failure mode: it creates the appearance of a compliance program without the substance of one.

Common manual screening failures that appear in OFAC and BIS enforcement actions:

  • Inconsistent execution. Different employees apply different thresholds for what counts as a "match," and no records show what criteria were used.
  • Stale list versions. Periodic bulk downloads miss designations that occurred between download cycles.
  • Partial counterparty coverage. Screening the buyer but not the freight forwarder, agent, or intermediate consignee.
  • No escalation process. Potential matches are noted but not formally resolved — so a transaction proceeds with an unresolved flag.
  • Missing records. Verbal screening results with no written record that screening occurred at all.

Enforcement context matters: OFAC's civil penalty framework explicitly considers whether a compliance program is "adequate" and whether screening failures reflect systemic program gaps versus isolated errors. A documented, consistent screening program with full audit trails receives significantly more favorable treatment than manual processes with no records.

Denied Party Screening in ITAR Screen

ITAR Screen's watchlist screening checks counterparties against OFAC SDN, the BIS Entity List, Denied Persons List, and the Consolidated Screening List using fuzzy matching to catch name variants and aliases. Every screening result is time-stamped and immutable — exportable for your compliance file.

Watchlist screening is available on Growth and Pro plans alongside USML classification, so your team can classify a product and screen its buyer in a single workflow without switching platforms.

This article is for informational purposes only and does not constitute legal advice. Consult qualified export control counsel before making compliance decisions.

Primary sources

Older →

ITAR Exemptions: A Practical Overview for Defense Contractors

Classify your products against the USML in seconds

No account required for your first two classifications.

Try ITAR Screen free