Exam-Ready Evidence File Checklist

The Evidence File is the documentation a sanctions compliance officer should have ready when an examiner walks in — current, organized, and retrievable without scrambling. It is not the same as the compliance program document, and it is not the same as the case file for any single event. It is the cross-cutting record that proves the program described on paper is the program actually being run.

Use this as a self-audit. If you cannot produce a section within an hour of the request, that section is the next thing to fix.

1. Program foundations

• Current OFAC Sanctions Compliance Program document — dated, version-controlled, and approved at the appropriate level (board, senior management, or compliance committee per your governance)
• Most recent sanctions risk assessment with dated methodology, scoring criteria, and the inputs that drove each rating
• Roles and responsibilities chart with named individuals — sanctions officer, alternate, escalation chain, and the line of accountability to senior management
• Written screening procedures — what gets screened, when, against which lists, with what threshold, and who reviews hits
• Written investigation, decision, and reporting procedures for blocked property, rejected transactions, and apparent violations
• Vendor documentation for the screening tool — version in use, list-refresh frequency, contractual SLAs, and the most recent vendor due diligence

2. Screening operations

• Twelve months of screening alert volumes by population (customer onboarding, periodic rescreen, payment screening, etc.)
• Hit disposition log — alert ID, listed-party match, reviewer, date, decision, and the reasoning that supported "false positive" or "true match"
• Sample of true matches escalated to investigation — show the trail from alert to decision to filing (or to documented "not a match" with senior reviewer sign-off)
• Most recent list-refresh logs demonstrating same-day update of OFAC SDN and sectoral sanctions lists
• Documentation of any screening tool downtime in the look-back period and the compensating controls used
• Threshold and rule-set change history — what changed, when, who approved, and the testing that supported the change

3. Reports filed (the §§ 501.603 and 501.604 connection)

This is the section that distinguishes an Evidence File from a generic compliance binder. An examiner will want to see not just that you filed, but that you filed on time, with the right level of detail, and that the file you kept matches what you submitted.

• Initial blocking reports filed within ten business days of the blocking determination — copy of submission, OFAC confirmation, and the underlying case file
• Annual blocking reports filed by September 30 — the consolidated submission plus the source data used to compile it
• Rejected transaction reports filed within ten business days — copy of submission and the underlying payment record
• Voluntary self-disclosures if any — initial notification, any tolling agreements, and the final substantive submission with all attachments
• Cross-reference between each report filed and the internal investigation memo that supported it
• Ten-year retention index (15 CFR § 501.601 retention period) — be able to retrieve any report or supporting record from the past decade within a reasonable time

4. Training and testing

• Most recent annual training roster — names, dates, completion confirmation, and the population covered (front office, operations, compliance, board)
• Training materials with version dates — the deck or e-learning module that was actually delivered, not a generic vendor product
• Documentation of role-specific training for high-risk roles (payments operations, customer onboarding, trade finance, correspondent banking)
• Most recent independent testing or audit report covering the sanctions program — scope, methodology, findings, and management response
• Remediation evidence for prior audit and exam findings — what was committed, what was completed, and what is still open with a credible target date
• Testing plan for the current period showing scope and timing

5. Issue management and prior examinations

• Open issue log with age, owner, target close date, and the compensating controls in place while open
• Closed issue documentation for the look-back period — root cause, remediation, validation, and approver
• Prior OFAC examination findings (if applicable) and the institution's responses, with evidence of completed remediation
• Prior OFAC enforcement actions (if applicable), the settlement or finding documents, and the post-action compliance commitments
• Self-identified issues reported through internal escalation or risk committee — the institution catching its own problems is itself evidence the program is working

6. Governance and oversight

• Board or committee minutes covering sanctions risk and program performance — at least annual, more often if risk profile is elevated
• Management reporting package on sanctions program — alert volumes, true-match rates, filings made, issues opened and closed
• Management response to material events (a large block, a regulator inquiry, a near-miss) — documented decision, who was informed, what was changed
• Most recent sanctions program self-assessment against OFAC's Framework for Compliance Commitments

How to use this

Print this checklist. Walk it section by section with your team. For each item, ask: where is it, who maintains it, and how long does it take to retrieve? The answers are your gap list.

A program with a clean Evidence File is not necessarily a strong program — but a program that cannot produce one is rarely a strong program. Examiners know this. Build the file, and the rest of the conversation goes more smoothly.