README
¶
moov-io/ofac
Office of Foreign Asset Control (OFAC) is an HTTP API and Go library to download, parse and serve United States OFAC sanction data along with the BIS Denied Person's List (DPL) for applications and humans. Also supported is an async webhook notification service to initiate processes on remote systems connected with OFAC. The US Treasury department offers a search page for OFAC records.
All United States companies are required to comply with OFAC regulations and sanction lists and the US Patriot Act requires compliance with the BIS Denied Person's List (DPL). Moov's primary usage for this project is with ACH origination in our paygate project.
To get started using OFAC download the latest release or our Docker image. We also have a demo OFAC instance as part of Moov's demo environment.
# Run as a binary
$ wget https://github.com/moov-io/ofac/releases/download/v0.8.0/ofac-darwin-amd64
$ chmod +x ofac-darwin-amd64
$ ./ofac-darwin-amd64
ts=2019-02-05T00:03:31.9583844Z caller=main.go:42 startup="Starting ofac server version v0.8.0"
...
# Run as a Docker image
$ docker run -p 8084:8084 -p 9094:9094 -it moov/ofac:latest
ts=2019-02-05T00:03:31.9583844Z caller=main.go:42 startup="Starting ofac server version v0.8.0"
...
# Perform a basic search
$ curl -s localhost:8084/search?name=...
{
"SDNs": [{
"entityID": "...",
"sdnName": "...",
"sdnType": "...",
"program": "...",
"title": "...",
"callSign": "...",
"vesselType": "...",
"tonnage": "...",
"grossRegisteredTonnage": "...",
"vesselFlag": "...",
"vesselOwner": "...",
"remarks": "..."
}],
"altNames": null,
"addresses": null,
"deniedPersons": null,
"bisEntities": [{
"name": "Danoush Trading Company",
"alternateNames": [""],
"addresses": ["No. 104, Beside Kheibar Hotel, Morshed Market St., Dubai , Dubai, AE"],
"startDate": "2008-09-22",
"licenseRequirement": "For all items subject to the EAR (See §744.11 of the EAR)",
"licensePolicy": "Presumption of denial",
"FRNotice": "73 FR 54509",
"sourceListURL": "http://bit.ly/1L47xrV",
"sourceInfoURL": "http://bit.ly/1L47xrV",
"match": 0.8
}]
}
We offer hosted api docs as part of Moov's tools and an OpenAPI specification for use with generated clients.
Docs: docs.moov.io | api docs
Configuration
| Environmental Variable | Description | Default |
|---|---|---|
OFAC_DATA_REFRESH |
Interval for OFAC data redownload and reparse. | 12h |
OFAC_DOWNLOAD_TEMPLATE |
HTTP address for downloading raw OFAC files. | (OFAC website) |
DPL_DOWNLOAD_TEMPLATE |
HTTP address for downloading the DPL | (BIS website) |
SQLITE_DB_PATH |
Local filepath location for the paygate SQLite database. | ofac.db |
WEBHOOK_BATCH_SIZE |
How many watches to read from database per batch of async searches. | 100 |
LOG_FORMAT |
Format for logging lines to be written as. | Options: json, plain - Default: plain |
HTTP_BIND_ADDRESS |
Address for paygate to bind its HTTP server on. This overrides the command-line flag -http.addr. |
Default: :8080 |
HTTP_ADMIN_BIND_ADDRESS |
Address for paygate to bind its admin HTTP server on. This overrides the command-line flag -admin.addr. |
Default: :9090 |
Features
- Download Sanctions Lists on startup
- Admin endpoint to manually refresh OFAC and DPL data
- Index data for searches
- Async searches and notifications (webhooks)
- Manual overrides to mark a
CompanyorCustomerasunsafe(blocked) orexception(never blocked). - Library for OFAC and BIS DPL data to download and parse their custom files
Webhook Notifications
When OFAC sends a webhook to your application the body will contain a JSON representation of the Company or Customer model as the body to a POST request. You can see an example in Go.
An Authorization header will also be sent with the authToken provided when setting up the watch. Clients should verify this token to ensure authenticated communicated.
Webhook notifications are ran after the OFAC data is successfully refreshed, which is determined by the OFAC_DATA_REFRESH environmental variable.
OFAC supports sending a webhook periodically when a specific Company or Customer is to be watched. This is designed to update another system about an OFAC entry's sanction status.
OFAC supports sending a webhook periodically with a free-form name of a Company or Customer. This allows external applications to be notified when an entity matching that name is added to the OFAC list. The match percentage will be included in the JSON payload.
Getting Help
We maintain a runbook for common issues and configuration options. Also, if you've encountered a security issue please contact us at security@moov.io.
| channel | info |
|---|---|
| Project Documentation | Our project documentation available online. |
| Google Group moov-users | The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to moov-users+subscribe@googlegroups.com. After receiving the join-request message, you can simply reply to that to confirm the subscription. |
| Twitter @moov_io | You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories. |
| GitHub Issue | If you are able to reproduce an problem please open a GitHub Issue under the specific project that caused the error. |
| moov-io slack | Join our slack channel to have an interactive discussion about the development of the project. Request an invite to the slack channel |
Contributing
Yes please! Please review our Contributing guide and Code of Conduct to get started!
Note: This project uses Go Modules, which requires Go 1.11 or higher, but we ship the vendor directory in our repository.
Links
- Sanctions Search Page
- Subscribe for OFAC updates
- When should I call the OFAC Hotline?
- Treasury Department Specially Designated Nationals
- BIS Denied Persons List with Denied US Export Privileges
- BIS Entity List
License
Apache License 2.0 See LICENSE for details.
Documentation
¶
Index ¶
Constants ¶
const Version = "v0.8.1-dev"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Address ¶
type Address struct {
// EntityID (ent_num) is the unique record identifier/unique listing identifier
EntityID string `json:"entityID"`
// AddressID (add_num) is the unique record identifier for the address
AddressID string `json:"addressID"`
// Address is the street address of the specially designated national
Address string `json:"address"`
// CityStateProvincePostalCode is the city, state/province, zip/postal code for the address of the
// specially designated national
CityStateProvincePostalCode string `json:"cityStateProvincePostalCode"`
// Country is the country for the address of the specially designated national
Country string `json:"country"`
//AddressRemarks (Add_remarks) is remarks on the address
AddressRemarks string `json:"addressRemarks"`
}
Address is OFAC SDN Addresses
type AlternateIdentity ¶
type AlternateIdentity struct {
// EntityID (ent_num) is the unique record identifier/unique listing identifier
EntityID string `json:"entityID"`
// AlternateID (alt_num) is the unique record identifier for the alternate identity
AlternateID string `json:"alternateID"`
// AlternateIdentityType (alt_type) is the type of alternate identity (aka, fka, nka)
AlternateType string `json:"alternateType"`
// AlternateIdentityName (alt_name) is the alternate identity name of the specially designated national
AlternateName string `json:"alternateName"`
// AlternateIdentityRemarks (alt_remarks) is remarks on alternate identity of the specially designated national
AlternateRemarks string `json:"alternateRemarks"`
}
AlternateIdentity is OFAC SDN Alternate Identity object
type DPL ¶
type DPL struct {
// Name is the name of the Denied Person
Name string `json:"name"`
// StreetAddress is the Denied Person's street address
StreetAddress string `json:"streetAddress"`
// City is the Denied Person's city
City string `json:"city"`
// State is the Denied Person's state
State string `json:"state"`
// Country is the Denied Person's country
Country string `json:"country"`
// PostalCode is the Denied Person's postal code
PostalCode string `json:"postalCode"`
// EffectiveDate is the date the denial came into effect
EffectiveDate string `json:"effectiveDate"`
// ExpirationDate is the date the denial expires. If blank, the denial has no expiration
ExpirationDate string `json:"expirationDate"`
// StandardOrder denotes whether or not the Person was added to the list by a "standard" order
StandardOrder string `json:"standardOrder"`
// LastUpdate is the date of the most recent change to the denial
LastUpdate string `json:"lastUpdate"`
// Action is the most recent action taken regarding the denial
Action string `json:"action"`
// FRCitation is the reference to the order's citation in the Federal Register
FRCitation string `json:"frCitation"`
}
DPL is the BIS Denied Persons List
type Downloader ¶
Downloader will download and cache OFAC files in a temp directory.
If HTTP is nil then http.DefaultClient will be used (which has NO timeouts).
See: https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/sdn_data.aspx
func (*Downloader) GetFiles ¶
func (dl *Downloader) GetFiles() (string, error)
GetFiles will download all OFAC related files and store them in a temporary directory returned and an error otherwise.
Callers are expected to cleanup the temp directory.
type EL ¶
type EL struct {
// Name is the primary name of the entity
Name string `json:"name"`
// AlternateNames is a list of aliases associated with the entity
AlternateNames []string `json:"alternateNames"`
// Addresses is a list of known addresses associated with the entity
Addresses []string `json:"addresses"`
// StartDate is the effective date
StartDate string `json:"startDate"`
// LicenceRequirement specifies the license requirements that it imposes on each listed person
LicenceRequirement string `json:"licenseRequirement"`
// LicensePolicy is the policy with which BIS reviews the requirements set forth in Licence Requirements
LicensePolicy string `json:"licensePolicy"`
// FRNotice identifies the notice in the Federal Register
FRNotice string `json:"FRNotice"`
// SourceListURL is a link to the official SSI list
SourceListURL string `json:"sourceListURL"`
// SourceInfoURL is a link to information about the list
SourceInfoURL string `json:"sourceInfoURL"`
}
EL is the Entity List (EL) - Bureau of Industry and Security
type Reader ¶
type Reader struct {
// FileName is the name of the file
FileName string `json:"fileName"`
// Addresses returns an array of OFAC Specially Designated National Addresses
Addresses []*Address `json:"address"`
// AlternateIdentities returns an array of OFAC Specially Designated National Alternate Identity
AlternateIdentities []*AlternateIdentity `json:"alternateIdentity"`
// SDNs returns an array of OFAC Specially Designated Nationals
SDNs []*SDN `json:"sdn"`
// SDNComments returns an array of OFAC Specially Designated National Comments
SDNComments []*SDNComments `json:"sdnComments"`
// DPL returns an array of BIS Denied Persons
DeniedPersons []*DPL
// SectoralSanctions returns an array of Treasury Dept. Sectoral Sanctions Identifications
SectoralSanctions []*SSI
// BISEntities returns an array of Bureau of Industry and Security Entities
BISEntities []*EL
// contains filtered or unexported fields
}
Reader reads OFAC records from a CSV file and populates the associated arrays.
For more details on the raw OFAC files see https://docs.moov.io/en/latest/ofac/file-structure/
type SDN ¶
type SDN struct {
// EntityID (ent_num) is the unique record identifier/unique listing identifier
EntityID string `json:"entityID"`
// SDNName (SDN_name) is the name of the specially designated national
SDNName string `json:"sdnName"`
// SDNType (SDN_Type) is the type of SDN
SDNType string `json:"sdnType"`
// Program is the sanctions program name
Program string `json:"program"`
// Title is the title of an individual
Title string `json:"title"`
// CallSign (Call_Sign) is vessel call sign
CallSign string `json:"callSign"`
// VesselType (Vess_type) is the vessel type
VesselType string `json:"vesselType"`
// Tonnage is the vessel tonnage
Tonnage string `json:"tonnage"`
// GrossRegisteredTonnage (GRT) is gross registered tonnage
GrossRegisteredTonnage string `json:"grossRegisteredTonnage"`
// VesselFlag (Vess_flag) is vessel flag
VesselFlag string `json:"vesselFlag"`
// VesselOwner (Vess_owner) is vessel owner
VesselOwner string `json:"vesselOwner"`
// Remarks is remarks on specially designated national
Remarks string `json:"remarks"`
}
SDN is a specially Designated National
type SDNComments ¶
type SDNComments struct {
// EntityID (ent_num) is the unique record identifier/unique listing identifier
EntityID string `json:"entityID"`
// RemarksExtended is remarks extended on a Specially Designated National
RemarksExtended string `json:"remarksExtended"`
}
SDNComments is OFAC SDN Additional Comments
type SSI ¶
type SSI struct {
// EntityID (ent_num) is the unique record identifier/unique listing identifier
EntityID string `json:"entityID"`
// Type is the entity type (e.g. individual, vessel, aircraft, etc)
Type string `json:"type"`
// Programs is the list of sanctions program for which the entity is flagged
Programs []string `json:"programs"`
// Name is the entity's name (e.g. given name for individual, company name, etc.)
Name string `json:"name"`
// Addresses is a list of known addresses associated with the entity
Addresses []string `json:"addresses"`
// Remarks is used to provide additional details for the entity
Remarks []string `json:"remarks"`
// AlternateNames is a list of aliases associated with the entity
AlternateNames []string `json:"alternateNames"`
// IDsOnRecord is a list of the forms of identification on file for the entity
IDsOnRecord []string `json:"ids"`
// SourceListURL is a link to the official SSI list
SourceListURL string `json:"sourceListURL"`
// SourceInfoURL is a link to information about the list
SourceInfoURL string `json:"sourceInfoURL"`
}
SSI is the Sectoral Sanctions Identifications List - Treasury Department
Source Files
Directories