← All Briefings
2026-05-19 SANCTIONS 14 min read

Free Sanctions Lists Compared: OFAC, EU, OFSI, OpenSanctions and the Honest Limits of Free Screening

Every regulated firm pays for at least one commercial sanctions database. Every regulated firm could, with discipline, replace a meaningful share of that paid coverage with public-sector list portals and one or two open datasets. The interesting question is not whether free sources exist — they do, in larger volume and better quality than at any prior point. The interesting question is which free sources are genuinely usable as a primary control, which are useful as cross-checks, and where the cliff edge sits between "this is sufficient" and "this is going to cost you in a regulatory examination." This briefing walks the principal free sources, evaluates each one honestly, and locates the cliff edge.

TL;DR

Eight free public sources matter for sanctions screening in 2026: OFAC's Sanctions List Search portal; the EU Financial Sanctions Files (FSF) consolidated list; the UK OFSI consolidated list with its XML feed; the Swiss SECO list; the Australian DFAT consolidated list; the Ukrainian NACP/NABC Sanctions Tracker as an EDD signal; the UN Security Council consolidated list as a treaty baseline; and OpenSanctions as the only free aggregator that consolidates them all with structured entity matching. For ad-hoc checks and low-volume programmes, the public-source stack is genuinely sufficient. For regulated firms with onboarding volume, the gap to commercial products like World-Check (LSEG) or Sayari is not raw data coverage — it is workflow, audit logging, entity disambiguation, PEP and adverse-media curation, and the ability to defend a screening event to a regulator. Free sources can be the data layer; the workflow layer is what you build or buy.

The eight sources, evaluated

Each free source is built for a primary user that may or may not be a compliance team. Treating each one as a sanctions database, without acknowledging what it was built for, is the first mistake.

1. OFAC Sanctions List Search (US Treasury)

  • The authoritative US source for the Specially Designated Nationals (SDN) list, the Sectoral Sanctions Identifications (SSI) list, the Foreign Sanctions Evaders (FSE) list, and several smaller programmes. Free, browser-accessible, supports fuzzy matching and minimum score thresholds.[1]
  • Where it shines: ad-hoc verification against a single party. Updated within hours of any designation. The published bulk data (SDN.XML, SDN.CSV, sanctions-list datasets on the Treasury data hub) supports offline integration.[2]
  • Where it misses: US lists only. No audit log on UI searches. No API at the free tier (programmatic users typically ingest the bulk files on a scheduled job). Fuzzy matching is reasonable but does not handle complex transliteration well — a Russian or Arabic name with two reasonable Latin renderings will not return both unless the SDN entry itself carries both as aliases.
  • Verdict: indispensable. Not sufficient alone.

2. EU Financial Sanctions Files (FSF)

  • The EU's Financial Sanctions Files, published by the European Commission's Directorate-General for Financial Stability, consolidate restrictive measures imposed under the EU's Common Foreign and Security Policy. Available in structured XML and PDF.[3]
  • Two formats matter: the consolidated XML feed (the technical reference) and the EU Sanctions Map (a human-readable UI overlay).[4] The XML feed is what a screening engine ingests; the Sanctions Map is what an analyst uses to navigate the underlying Council Regulations and Decisions in the EU Official Journal.
  • Where it shines: coverage of all EU-listed parties including the rolling Russia, Belarus, Iran, Syria, and DPRK designations. The XML feed is well-structured and stable; the underlying primary sources (Council Regulations published in the Official Journal of the European Union) are authoritative.[5]
  • Where it misses: the FSF list does not include the parallel listings maintained by individual EU member states under their own national regimes (though this is rarely material in practice). Transliteration handling is uneven.
  • Verdict: essential for any firm with EU touch points. The XML feed is the production-grade ingestion path.

3. UK OFSI Consolidated List

  • The UK Office of Financial Sanctions Implementation (within HM Treasury) maintains the UK consolidated list of asset-freeze targets. Available as a single consolidated list in human-readable, machine-readable (XML, CSV, JSON) formats, and as a regime-specific Russia list.[6]
  • Where it shines: the UK list has diverged materially from OFAC since 2022. UK Russia designations in particular extend to entities and vessels that are not OFAC-listed, and the UK has been the first mover on several shadow-fleet vessel designations (Eagle S being a representative case). The XML feed is well-formatted and updated promptly after each designation tranche.
  • Where it misses: the UK list ingests but does not consolidate the wider OFSI guidance landscape (general licences, exceptions, FAQs); a firm relying on the list alone may miss the licensing regime that softens an apparent prohibition.
  • Verdict: essential for any firm with UK touch points, and an important secondary check even for firms without — UK divergence from OFAC is now a recurring source of jurisdictional mismatch.

4. UN Security Council Consolidated List

  • The treaty baseline. UN member states are required to give effect to designations made by the UN Security Council under Article 41 sanctions resolutions. The consolidated list is published in structured XML, HTML and PDF.[7]
  • Where it shines: universality. Any UN member state's domestic sanctions regime should incorporate the UN list as a floor.
  • Where it misses: coverage is narrower than any of the autonomous regimes — the Security Council's UNSC veto dynamics have limited the list's growth since 2014, and no Russia-related designations have entered the UN list. For practical Russia work, UN is a baseline not an active feed.
  • Verdict: always include. Rarely the binding constraint in 2026 sanctions work.

5. Swiss SECO list

  • Switzerland's State Secretariat for Economic Affairs (SECO) maintains a consolidated list of financial sanctions targets. Following Switzerland's decision in 2022 to align with EU sanctions on Russia, SECO ingests EU designations into its own list with publication.[8]
  • Where it shines: relevant for any firm with Swiss touch points or counterparties operating through Swiss intermediaries. SECO publishes structured XML.
  • Where it misses: for non-Swiss firms, largely duplicative of the EU list. Worth checking for Swiss-domiciled subsidiaries and for the rare instance of a Swiss-specific designation outside the EU alignment.
  • Verdict: situationally important. Not a primary control for non-Swiss firms.

6. Australian DFAT Consolidated List

  • The Australian Department of Foreign Affairs and Trade publishes a consolidated list of persons subject to autonomous sanctions and UN sanctions implemented in Australia. Available as Excel, XML and PDF.[9]
  • Where it shines: Australian-specific designations, particularly relevant for APAC-facing firms and for counterparties with Australian touch points. DFAT has expanded its Russia listings materially since 2022.
  • Where it misses: Excel-as-primary-format makes scripted ingestion slightly more brittle than the OFSI XML; not a major issue but worth noting.
  • Verdict: jurisdictionally important. Always include for APAC counterparties.

7. NACP Sanctions Tracker (Ukraine)

  • The Ukrainian National Agency on Corruption Prevention (NACP, sometimes anglicised as NABC) maintains a public War & Sanctions database that lists individuals and entities identified by Ukraine as war sponsors, beneficiaries of the Russian invasion, or otherwise relevant to international sanctions enforcement.[10]
  • Where it shines: the most comprehensive open-source dataset of Ukrainian-government attributions, frequently used as a leading indicator of subsequent OFAC, EU or OFSI designations. Particularly valuable for the "international sponsors of war" category, which has, in several cases, anticipated subsequent EU designation.
  • Where it misses: not a binding sanctions list outside Ukraine. Methodology is the Ukrainian government's; an entity's inclusion is an attribution, not a determination of fact under any other jurisdiction's law. Use as EDD input, not as a screening source of record.
  • Verdict: a high-signal EDD overlay. Not a substitute for the binding lists.

8. OpenSanctions

  • OpenSanctions is an open-source data project that aggregates more than 250 source datasets — including OFAC, EU FSF, UK OFSI, UN, SECO, DFAT, NACP and a long tail of other regulatory and PEP datasets — into a single normalised structure with consistent entity schemas.[11]
  • The project publishes bulk data in JSON, CSV, FtM and OpenSanctions native formats under a permissive licence for non-commercial use, with a commercial tier for production deployment.[12]
  • Where it shines: the only free aggregator that consolidates the global sanctions corpus into a structured entity model. Vessel records carry IMO numbers; corporate records carry tax IDs where available; relationship edges (officer, owner, beneficial-owner) are modelled explicitly. Performant API access at the free tier supports modest-volume programmatic use; bulk download supports unlimited offline use.
  • Where it misses: not a commercial product. No SLA, no curated risk narratives, no dedicated researcher attention to individual entities. PEP coverage is broad but is mechanically sourced rather than analyst-curated. Adverse-media is not a primary feature.
  • Verdict: indispensable. The closest the free ecosystem comes to a single-source screening dataset.

What free screening cannot give you

The honest part of an honest review is the part that names the gap. Free screening cannot give you four things that commercial products provide as standard.

Curated PEP and adverse-media intelligence. OpenSanctions and the public lists cover formally designated parties. They do not cover the broader politically-exposed-persons universe in the curated, sourced, narrative-formatted way that World-Check, Dow Jones Risk & Compliance, LexisNexis, or Sayari provide. A PEP risk file requires either a commercial subscription or a substantial in-house research function. We discuss the substitutability question in our World-Check alternatives breakdown.

Entity disambiguation at scale. "Sergei Ivanov" appears multiple times on the global sanctions lists and many more times in PEP datasets. Distinguishing the specific Ivanov who is your counterparty's beneficial owner from the others requires disambiguation work — date-of-birth verification, identifier matching, alias normalisation, transliteration handling. Free portals provide raw matches; commercial products provide ranked, scored, disambiguated matches with reduced false-positive rates. The labour to close this gap is significant.

Audit trail and defensibility. A regulator examining a firm's sanctions programme will ask: which lists did you screen against, on what date, with what name variants, with what minimum match score, and where is the documented evidence? OFAC's portal does not log searches; the UK OFSI portal does not log searches. Commercial products do. Building the audit layer in-house is doable; it is not free.

Vessel and aircraft consolidation. No single free source provides a clean, IMO-keyed, deduplicated consolidated list of vessels sanctioned across OFAC, EU and OFSI. OpenSanctions comes closest but does not guarantee IMO-deduplication. For the specific use case of shadow-fleet screening, we maintain a CC-BY-4.0 dataset at our 287-tanker briefing as a reference reconstruction.

A practical workflow using only free sources

For a firm with ad-hoc screening needs (not high-volume onboarding), the following is a defensible workflow built entirely on public sources:

  1. Run the name through OpenSanctions first. The aggregator surface gives you the broad picture in a single search. Note all hits, including weak matches.
  2. Confirm against the primary source for each hit. If OpenSanctions surfaces an OFAC SDN match, open the OFAC portal and verify the live SDN record. Same for EU FSF, OFSI, SECO, DFAT. Primary sources control; the aggregator is the index.
  3. Cross-check against the NACP Sanctions Tracker for any Russia-related counterparty, even where no binding designation has been made — the tracker frequently precedes formal designation.
  4. Document each step in a written file: source URL, date of access, name variants tested (including transliterations), match score where available, screenshot. The documentation is the audit trail.
  5. Run our free sanctions check tool as an additional aggregated cross-reference. Where the entity is a Russian counterparty, our Russian company checker resolves INN/OGRN against the underlying sanctions corpus.
  6. For vessel screening, use the 287-tanker dataset as a deduplicated cross-list reconstruction by IMO number.

This workflow will catch any designation against a formally listed party. It will not catch ownership-percentage thresholds (the 50 percent rule under OFAC, the 50 percent rule as applied under EU and UK regimes), and it will not catch beneficial-ownership chains where the listed party sits one tier above the entity being onboarded. For those, the workflow needs a corporate-registry layer — OpenCorporates, OCCRP Aleph, or the relevant national registry — on top.

When to escalate to paid

Escalation to a commercial product is justified by one or more of: onboarding volume that makes manual workflow uneconomical (typical threshold is around 50-100 new counterparties per month); regulatory expectation of a documented screening programme with audit-grade logging; PEP and adverse-media coverage requirements; entity-disambiguation requirements at scale; jurisdiction-specific watchlist requirements (FATF grey-list countries, US OFAC 50 percent rule application against complex chains, secondary sanctions exposure under the EU 14th-17th packages); and operational requirements that demand SLA-backed updates and a defined point of contact.

The relevant commercial products are World-Check (LSEG), Dow Jones Risk & Compliance, LexisNexis WorldCompliance, Sayari Graph, Moody's Orbis/Grid, Refinitiv (now LSEG), and OpenSanctions Pro (the commercial tier of the open project). Each is priced differently and serves different volumes; we do not list current prices because vendor pricing is opaque, non-public, negotiated, and changes frequently. For a counterparty programme review and an honest matrix of which commercial product fits which volume profile, our sanctions compliance service can produce a written assessment.

The cliff edge, stated plainly

The cliff edge between free-sufficient and paid-required is not data coverage. It is documentation, audit, disambiguation, and PEP/adverse-media coverage. A firm with low volume, disciplined documentation, in-house language capability for Cyrillic and Arabic transliteration, and no PEP requirement can run a perfectly compliant screening programme on free sources. A firm with mid-to-high volume, regulator expectations of audit-grade logging, and PEP coverage requirements has crossed the cliff edge whether it acknowledges this or not. The choice at the cliff edge is to build the workflow layer in-house on top of free data, or to commission a commercial product. There is no third path that uses the free sources alone at the scale at which a regulator will examine you.

Sources and further reading

  1. OFAC Sanctions List Search. Office of Foreign Assets Control, US Treasury.
  2. Specially Designated Nationals and Blocked Persons (SDN) bulk data. OFAC.
  3. EU Financial Sanctions Files (FSF). European Commission.
  4. EU Sanctions Map. European Council and European External Action Service.
  5. EUR-Lex. Official Journal of the European Union — primary source for Council Regulations and Decisions.
  6. UK OFSI Financial Sanctions: Consolidated List of Targets. HM Treasury.
  7. United Nations Security Council Consolidated List.
  8. Swiss SECO Sanctions and Embargoes.
  9. Australian DFAT Consolidated List.
  10. War & Sanctions Database. National Agency on Corruption Prevention of Ukraine (NACP).
  11. OpenSanctions consolidated sanctions dataset.
  12. OpenSanctions licensing terms — free for non-commercial; commercial tier for production deployment.
  13. OCCRP Aleph. Investigative dataset and corporate records platform.
  14. OpenCorporates. Largest open corporate-registry database.
  15. OFAC 50 Percent Rule guidance. The controlling guidance for ownership-threshold sanctions inheritance under US law.

Need an audit-grade screening programme built on free public sources?

We build documented workflows that combine public-list ingestion, OpenSanctions structured data, and Russian-language transliteration handling — with the audit trail a regulator will accept. Where commercial coverage is required, we map the gap honestly and recommend specific vendors.

Talk to an Analyst

[ see also ]

This intelligence briefing was produced by [0x]INT, a specialized Russia OSINT and CIS Intel agency. We provide deep-source corporate due diligence, sanctions screening, and dark web monitoring for complex cross-border investigations.