When SentiLink CEO Naftali Harris was building Affirm’s risk and decisioning system, a newly hired executive named Manny Alvarez applied for a loan on his first day—and was immediately rejected. The reason? A false positive OFAC match had flagged him as "Manuel Alvarez Aguirre," a Cuban government official under sanction. Despite the similarity in name, it was clearly not the same person. The issue was quickly resolved, thanks to Manny’s visibility and the authority he carried within the company. But what if it hadn’t been? What happens to everyone else who gets flagged and doesn’t have the ability to walk over to the risk team’s desk?
Unfortunately, these stories aren’t rare. Many companies still rely on outdated or oversimplified approaches to OFAC watchlist matching. And it shows. M. Alvarez, J. Kim, and F. Mohamed are names of real American consumers who were all wrongly flagged as sanctioned individuals. How can we fix that?
False positives are the norm, not the exception
False positives aren’t just common—they’re overwhelming manual review systems across the industry. In recent SentiLink retrostudies, we’ve seen legacy watchlist providers flagging thousands of individuals as potential OFAC matches. Yet when these alerts are sampled and manually reviewed, an estimated 98–99% turn out to be false positives. These aren't rare edge cases; they're everyday applicants whose only "red flag" is a name that happens to resemble someone on a sanctions list.
So why does this keep happening?
The core issue lies in how many systems attempt to match names and dates of birth:
- They apply fuzzy matching too broadly, allowing matches on initials or multiple typos. This leads to situations where "J. Kim" might be flagged as a match for "Jong-il Kim," or "F. Mohamed" for "Faisal Mohamed Al-Zahrani," especially when systems are configured to tolerate multiple letter differences.
- They struggle to handle DOB ranges or imprecise dates in OFAC records. OFAC entries often include broad ranges or multiple date possibilities for date of birth, and systems that can't interpret these nuances may treat a slight difference in birth year as irrelevant—erroneously confirming a match based on name alone.
The result? A flood of false positives that require manual review, damaging user experience and slowing down operations.
How SentiLink's approach is different
Our OFAC matching system is built around a custom annotation framework that balances both recall (to minimize false negatives) and precision (to minimize false positives). Here’s how:
Minimizing false negatives
To avoid missing true sanctioned individuals, our system prioritizes robust recall through:
- Comprehensive name part tokenization. Names are broken down into distinct components (first, last, multiple middle names) and matched in a permutation-agnostic way. This ensures we catch sanctioned individuals regardless of how their name is formatted or reordered.
- Honorific and suffix treatment. We treat elements like "Mr.," "Dr.," or "Jr." that may appear inconsistently across data sources separately from the other parts of the name, improving the chances of matching meaningful parts of the name.
- Date of birth normalization. OFAC data may include exact dates, date ranges, or multiple DOBs. We convert all into inclusive ranges, allowing us to match entries even when DOBs aren't precise.
These techniques ensure that our system casts a wide enough net to catch true positives without over-relying on rigid string matches.
Minimizing false positives
Equally important, we layer in logic to ensure that wide recall doesn't compromise precision:
- Name typo constraints. We allow minor typos on longer name parts to catch genuine miskeys that could still represent a risk. But, we limit the total Damerau-Levenshtein edit distance across all name parts to two. This threshold ensures we catch small but meaningful errors—like transpositions or a single wrong letter—while avoiding matches on names that are merely similar but not the same individual.
- Name part recurrence validation. We verify that repeated name components are accounted for correctly, rather than collapsing all names into a set of unique tokens. For example, imagine a sanctioned individual named "Mohamed Mohamed Ali" and an applicant named "Mohamed Ali." A naive system that treats both names as the set (Mohamed, Ali) could incorrectly flag the applicant as a match. Our system ensures that the number of occurrences of each name part is preserved during both indexing and querying, so we avoid false positives based on duplication patterns like this.
- Fuzziness thresholds. These settings are tuned to allow just enough flexibility to catch near-matches while preventing overinclusive hits based on initials or loosely related names and date of birth.
By indexing annotated attributes and matching against those, we move away from brittle string comparison and toward a system built for accuracy and fairness.
The end result is a matching process that is both vigilant and respectful. Instead of matching blindly, we compare structured attributes and only surface matches that withstand deeper scrutiny. Rather than producing a high volume of alerts, SentiLink focuses on flagging only those applications that show meaningful indicators of a potential match—reducing noise while maintaining strong compliance outcomes.
The real-world impact of bad matching
This isn’t about ignoring the threat of sanctioned individuals. OFAC lists contain real, serious entries—like Manuel Alvarez Aguirre, a Cuban official, or Manuel Alvarez (alias), associated with the Sinaloa cartel. These individuals should absolutely be flagged. But when systems lack the nuance to distinguish between them and someone like Manny Alvarez, an executive at a financial services company, the consequences are severe.
False positives don’t just cause operational headaches—they harm people. Innocent applicants are subjected to:
- Delays in accessing credit or financial services.
- Unexplained rejections that erode trust and create fear.
- Ongoing suspicion based solely on how common (including how common within a particular cultural or ethnic group) their name is.
This burden doesn’t fall evenly. Names like Mohamed, Kim, or Alvarez are disproportionately flagged because they are common in certain cultures and appear on sanctions lists. Systems that lean too heavily on name matching—and not enough on context—may well end up over-flagging individuals from specific ethnic and immigrant communities.
The result is potential for a hidden fair lending risk. Even without intent, these systems can create disparate impact: systematically affecting individuals from some demographic groups more than others. For lenders, that opens the door to regulatory scrutiny, reputational harm, and the erosion of equitable access to credit.
Compliance isn’t just about ticking a box. It’s about getting it right—fairly and precisely.
Conclusion
We don’t need to choose between compliance and compassion. Modern tools allow us to:
- Catch the right threats.
- Clear innocent individuals more quickly.
- Maintain fairness, transparency, and trust in every step.
At SentiLink, we’re proud to be leading the way in OFAC matching that’s accurate, responsible, and respectful. If you're interested in learning more about our approach, request a demo here.
