U.S. Department of the Treasury Specially Designated National and Blocked Persons List

The Office of Foreign Assets Control (OFAC) is an agency of the United States Department of the Treasury for Terrorism and Financial Intelligence which administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign states, organizations, and individuals. To enforce economic sanctions, OFAC seeks to prevent "prohibited transactions," to include trade or financial transactions with individuals or organizations that are deemed to be a threat to U.S. national security.

The Specially Designated Nationals and Block Persons List is an OFAC publication which lists individuals and organizations with whom United States citizens and permanent residents are prohibited from doing business, such as organizations or persons that are known funding sources for terrorist groups.

On this page

Release history

Last updated: November 2017

Solution summary     

Organizations managing their third party vendors with Archer Third Party Governance can compare the information from the OFAC SDN List with their vendor profiles and contacts to determine if their suppliers are considered an “SDN”. This integration centralizes this SDN list information, compares the list to vendors and contacts, and on finding a match, alerts stakeholders to take remediation actions. The Archer integration with the U.S. Treasury SDN List helps procurement managers manage and prioritize the SDN vendor and contact match process, reducing the risk of conducting business with blocked or sanctioned organizations.

Partner Integration Overview

Archer Solution

  • Archer Third Party Governance

Archer Use Cases

  • Archer Third Party Catalog

  • Archer Third Party Engagement

  • Archer Issues Management

Archer Applications

  • Third Party Profile

  • Contacts

  • 4th Parties

  • Remediation Plans

Uses Custom Application

No

Requires On-Demand License

Yes, 1 (one) Archer On-Demand Application is required for this integration.

The following diagram provides an overview of the use cases, applications, and the on-demand application relationships.


Installation and configuration     

Before you begin 

This section provides instructions for configuring the U.S. Treasury SDN List with the Archer Platform and Third Party Governance use cases. This document is not intended to suggest optimum installations or configurations.

It is assumed that the reader has both working knowledge of all products involved and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.

Archer Third Party Governance use cases must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding.

Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact Archer Help for assistance.

The following information details the steps necessary to import and install the SDN List application.

Step 1: Back up your database

There is no Undo function for a package installation. Packaging is a powerful feature that can make significant changes to an instance. Archer strongly recommends backing up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. New objects created by the package installation must be manually deleted.

Step 2: Import the package

  1. Go to the Install Packages page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Install Packages.

  1. In the Available Packages section, click Import.

  2. Click Add New, then locate and select the package file that you want to import (SDN_Package.zip application package).

  3. Click OK.

The package file is displayed in the Available Packages section and is ready for installation.

Step 3: Map objects in the package

  1. In the Available Packages section, select the package you want to map.

  2. In the Actions column, click for that package.

The analyzer runs and examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instances and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

Note: This process can take several minutes or more, especially if the package is large, and may time out after 60 minutes. This time-out setting temporarily overrides any IIS time-out settings set to less than 60 minutes.

When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance. The objects are divided into tabs, depending on whether they are found within Applications, Solutions, Access Roles, Groups, Sub- forms, or Questionnaires.

  1. On each tab of the Advanced Mapping Page, review the icons that are displayed next to each object name to determine which objects require you to map them manually.

Icon

Name

Description

Awaiting mapping review

 

 

 

 

 

 

Awaiting

Mapping

Review

Indicates that the system could not automatically match the object or children of the object to a corresponding object in the target instance.

Objects marked with this symbol must be mapped manually through the mapping process.

Important: New objects should not be mapped. This icon should remain visible. The mapping process can proceed without mapping all the objects.

Note: You can execute the mapping process without mapping all the objects. The Awaiting mapping reviewicon is for informational purposes only.

Checkmark

 

 

Mapping

Completed

Indicates that the object and all child objects are mapped to an object in the target instance. Nothing more needs to be done with these objects in Advanced Package Mapping.

Missing objects

 

 

Do Not

Map

Indicates that the object does not exist in the target instance or the object was not mapped through the Do Not Map option. These objects will not be mapped through Advanced Package Mapping, and must be remedied manually.

 

Undo

Indicates that a mapped object can be unmapped. This icon is displayed in the Actions column of a mapped object or object flagged as Do Not Map.

  1. For each object that requires remediation, do one of the following:

  • To map each item individually, on the Target column, select the object in the target instance to which you want to map the source object. If an object is new or if you do not want to map an object, select Do Not Map from the drop-down list.

Important: Ensure that you map all objects to their lowest level. When objects have child or related objects, a drill-down link is provided on the parent object. Child objects must be mapped before parent objects are mapped. For more details, see "Mapping Parent/Child Objects" in the RSA Archer Online Documentation.

  • To automatically map all objects in a tab that have different system IDs but the same object name as an object in the target instance, do the following:

  1. In the toolbar, click Auto Map.

  2. Select an option for mapping objects by name.

    Option

    Description

    Ignore

    case

    Select this option to match objects with similar names regardless of the case of the

    characters in the object names.

    Ignore

    spaces

    Select this option to match objects with similar names regardless of whether spaces

    exist in the object names.

  3. Click OK.

    The Confirmation dialog box opens with the total number of mappings performed. These mappings have not been committed to the database yet and can be modified in the Advanced Package Mapping page

  4. Click OK.

  • To set all objects in the tab to Do Not Map, in the toolbar, click Do Not Map.

Note: To undo the mapping settings for any individual object, click in the Actions column.

When all objects are mapped, the Checkmark  icon is displayed in the tab title. The Missing objects  icon is displayed next to the object to indicate that the object will not be mapped.

  1. Verify that all other objects are mapped correctly.

  2. (Optional) To save your mapping settings so that you can resume working later, see "Exporting and Importing Mapping Settings" in the Archer Help.

  3. Once you have reviewed and mapped all objects, click .

  4. Select I understand the implications of performing this operation and click OK.

The Advanced Package Mapping process updates the system IDs of the objects in the target instance as defined on the Advanced Package Mapping page. When the mapping is complete, the Import and Install Packages page is displayed.

Important: Advanced Package Mapping modifies the system IDs in the target instance. Any Data Feeds and Web Service APIs that use these objects will need to be updated with the new system IDs.

Step 4: Install the package

All objects from the source instance are installed in the target instance unless the object cannot be found or is flagged to not be installed in the target instance. A list of conditions that may cause objects not to be installed is provided in the Log Messages section. A log entry is displayed in the Package Installation Log section.

  1. Go to the Install Packages page.

    1. From the menu bar, click .

    2. Under Application Builder, click Install Packages.

  1. In the Available Packages section, locate the package file that you want to install, and click Install.

  2. In the Configuration section, select the components of the package that you want to install.

  • To select all components, select the top-level checkbox.

  • To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install.

Note: Items in the package that do not match an existing item in the target instance are selected by default.

  1. In the Configuration section, under Install Method, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list.

Note: If you have any existing components that you do not want to modify, select Create New Only. You may have to modify those components after installing the package to use the changes made by the package.

  1. In the Configuration section, under Install Option, select an option for each selected component. To use the same Install Option for all selected components, select an option from the top-level drop-down list.

Note: If you have any custom fields or formatting in a component that you do not want to lose, select Do Not Override Layout. You may have to modify the layout after installing the package to use the changes made by the package.

  1. To deactivate target fields and data-driven events that are not in the package, in the Post- Install Actions section, select the Deactivate target fields and data-driven events that are not  in the package checkbox. To rename the deactivated target fields and data-driven events with a user-defined prefix, select the Apply a prefix to all deactivated objects checkbox, and enter a prefix. This can help you identify any fields or data-driven events that you may want to review for cleanup post-install.

  2. Click Install.

  3. Click OK.

Step 5: Review the package installation log

  1. Go to the Package Installation Log tab of the Install Packages page.

    1. From the menu bar, click .

    2. Under Application Builder, click Install Packages.

    3. Click the Package Installation Log tab.

  1. Click the package that you want to view.

  1. In the Package Installation Log page, in the Object Details section, click View All Warnings.

Step 6: Configure Data Feeds

The following data feeds are used as a part of the integration process:

  • SDN XML data integration with Archer

    • SDN_Inbound_Feed is an http transporter feed which fetches the data from OFAC website and creates/updates the records in SDN List Application.

  • SDN data comparison by integrating with Archer Third Party Profile application

    • Link_SDN_to_Third_Party is an Archer Web Services Transporter data feed. It compares the data (SDN.Company/LastName and Third Party Catalog.Third Party Profile Name) for exact match from source "SDN List" application and the target "first level" of Third Party Profile application.

    • Link_SDN_to_Subsidiary is an Archer Web Services Transporter data feed. It compares the data (SDN.Company/LastName and Third Party Catalog.Third Party Profile Name) for exact match from source "SDN List" application and the target "second level" of Third Party Profile application.

    • Link_SDN_to_Sub-Subsidiary is an Archer Web Services Transporter data feed. It compares the data (SDN.Company/LastName and Third Party Catalog.Third Party Profile Name) for exact match from source "SDN List" application and the target "third level" of Third Party Profile application.

  • SDN data comparison by integrating with Archer 4th parties application

    • Link_SDN_to_4th_Parties is an Archer Web Services Transporter data feed. It compares the data (SDN.Company/LastName and Third Party Catalog.Third Party Profile Name) for exact match from source "SDN List" application and the target "4th Parties" application.

  • SDN data comparison by integrating with Archer Contacts application

    • Link_SDN_to_Contacts is an Archer Web Services Transporter data feed. It compares the data (SDN.Company/Last Name and SDN.FirstName and Contacts.FullName) for exact match from source "SDN List" application and the target "Contacts" application.

After the package installation has been completed, you will need to import and configure these six data feeds. The data feeds should be completed in the following order:

  1. Import the SDN_Inbound_Feed.dfx5 file. Run the feed and check the SDN List application to confirm that records are populated.

  2. Import and run the Link_SDN_to_Third_Party.dfx5 data feed file. Check whether the OFAC flag field is set to "Yes" for the matched record in SDN List application.

  3. Import and run the Link_SDN_to_Subsidiary.dfx5 data feed file. Check whether the OFAC flag field set to "Yes" for the matched record in SDN List application.

  4. Import and run the Link_SDN_to_Sub-Subsidiary.dfx5 data feed file. Check whether the OFAC flag field is set to "Yes" for the matched record in SDN List application.

  1. Import and run the Link_SDN_to_4th_parties.dfx5 data feed file. Check whether the OFAC flag field isset to "Yes" for the matched record in SDN List application.

  2. Import and run the Link_SDN_to_Contacts.dfx5 data feed file. Check whether the OFAC flag field is set to "Yes" for the matched record in SDN List application.

  3. Verify a notification is triggered to the third party stakeholders group after the completion of the data feed.

For each data feed configuration, perform the following steps:

  1. Log into the Archer platform and click the Administration workspace tab.

  2. Click Data Feeds in the Navigation Menu under Integration.

  3. Click the Import link and browse to the [File_Name].dfx5. Verify settings on the General Information tab. Be sure to change the status to Active before using the feed.

  1. Update the settings on the Transport tab for the following fields:

  • Server Address

  • User Name

  • Instance

  • Password

  1. Verify the settings on the Source Definition tab. This will be pre-configured to identify the necessary fields to generate a score snapshot.

  2. Verify the settings and mappings on the Data Map tab.

  3. The Key Definition fields should be pre-populated based on the information from the DFX import file. Ensure that the Key Definition fields are set.

  4. The final configuration step is to schedule the data feed. Click the Schedule tab and configure the frequency and start time of the Data Feed.

    The schedule can be set to any time, however, we recommend that the feed(s) run daily to assure you immediately address specially designated nationals that may impact your organization. Because the  SDN list XML file is large, this feed will take quite a bit of time to process. It is recommended that these feeds run during non-peak hours.

  1. Click Save to apply your configuration to the data feed. Click the Run Detail link for additional information on the status of the feed or to troubleshoot any feed errors.

  2. Perform all steps in this section again for the import of the other two data feeds.

Access Roles

This integration will leverage out of the box access roles for the Third Party Governance use cases including:

  • Third Party: Administrator

  • Third Party: Executive Management

  • Third Party: Legal and Procurement

  • Third Party: Risk Analysts

Integration overview     

Process overview

The following diagram provides an overview of the integration pulling information from the OFAC SDN website via an XML feed to the Archer SDN List application. It then details the cross references and business process logic.

The business process follows the following flow:

  1. OFAC posts the most recent version of the SDN list on their website in several formats, including XML. This includes the names of blacklisted people and companies, along with potential aliases.

  1. The SDN Inbound data feed pulls the list from the OFAC website via XML into Archer’s SDN List application. Company names, individual names, vessel, and aircraft names are entered into an Archer record. The following data will be pulled from the SDN site into Archer:

  • SDN UID

  • Company/Last Name

  • First Name

  • Type

  • Program

  • Category

  • Address

  • City

  • Country

  • US Treasury Published Date

  1. If SDN Type = Entity, the OFAC data feed will check for the exact match between SDN.Company/LastName and the Third Party Profile.Third Party Name and SDN.Company/LastName matched with the Third Party Engagement.4th party name.

  2. If SDN Type = Individual, the OFAC data feed will check for the exact Match between SDN.Company/LastName and FirstName and Contacts.Full Name.

  3. The below Data Feeds will find an exact match against Third Party Profile/Contacts/4th Parties:

  • “Link_SDN_to_Third_Party” feed checks for matches between the SDN.Company/LastName (if type = Entity) and the vendor names in the first level of Third Party Profile application. Link SDN to Third Profile, if Company/Last Name Match with Third Party Profile.Third Party Name.

  • “Link_SDN_to_Subsidary” feed checks for matches between the SDN.Company/LastName (if type = Entity) in the SDN List application and the Third Party Profile.Subsidiary Third Party names in Second level of Third Party Profile which is the Subsidiary level.

  • “Link_SDN_to_Subsubsidary” feed checks for matches between the SDN.Company/LastName (type = Entity) in the SDN List application and the Third Party Profile.Third Party Name Sub-Subsidiary names in third level of Third Party Profile which is the Sub-Subsidiary level.

  • “Link_SDN_to_4th_Parties” feed checks for matches between the SDN.Company/LastName (type = Entity) in the SDN List application and the Third Party Engagement.4th party names.

  • “Link_SDN_to_Contacts” feed checks for matches between the individual names (type = individual) in SDN.Company/LastName and FirstName with the Contacts.Full Name.

  1. If an exact match is found, it populates the SDN List record in the Possible OFAC Links Related Records field on the Third Party Profile/4th parties/Contacts application.

  2. The OFAC Review section of the SDN List contains a calculation to determine if the cross reference field is empty. If the possible links field is not empty, the OFAC Flag field value changes to “YES.”

    This flag can then be used to report all possible matches or kick off a workflow for OFAC team review.

  3. The OFAC First Match date populates to current date when an SDN Link is updated.

  4. Submit the SDN List for OFAC Review.

  5. OFAC Review Status options include:

  • Awaiting Review – A match is found between the SDN List and a Third Party Profile/4th Parties/Contacts.

    A notification is sent to the Third Party users who had the following groups assigned: Third Party: Administrator, Third Party: Executive Management, Third Party: Legal and Procurement, Third Party: Risk Analysts.

  • In Progress – A reviewer has been assigned and is working to verify the match.

    • The reviewer can be assigned by any of the Third Party Stakeholders including Third Party: Administrator, Third Party: Executive Management, Third Party: Legal and Procurement, Third Party: Risk Analysts.

    • A notification is sent to the Reviewer for OFAC Review.

  • Pass – The reviewer will change the OFAC Review Status to Pass if the vendor or contact is not a valid match to the third party profile or contacts or 4th parties. The link to Third Party/4th Parties/Contacts will be removed from the SDN List manually.

  • Fail – The reviewer will change the OFAC Review Status to Fail if the vendor or contact is on the SDN list is a correct match and the organization should not do business with this vendor or contact.

  • The Remediation Plan Required Flag will be set to YES.

  • The Reviewer is required to create a Remediation Plan and assign it to the Remediation Plan owner.

Note: The matching process is looking for an exact match of company and contact data. The matching logic does take into account capitalization of words and spacing. Logic does not exist at this time to account for partial matches of company or contact names.

Certification environment

Date tested: November 2017

Product Name Version Information Operating System

Archer Platform

6.3

Virtual Appliance

Archer Third Party Catalog

6.2

Virtual Appliance

Archer Third Party

6.2

Virtual Appliance

Archer Issues Management

6.2

Virtual Appliance

U.S. Treasury SDN List XML

Published Date: November 1, 2017.

XML feed last tested on November 6, 2017.

https://www.treasury.gov/resource- center/sanctions/SDN- List/Pages/default.aspx