Sanctionfy
Back to article

Checklist

First 24 Hours Checklist

Operational checklist for the first 24 hours after an OFAC blocking or rejected-transaction event.

Educational content, not legal advice

This article is for informational and educational purposes only. It does not constitute legal advice. Views expressed are the author's and do not represent any client, employer, or institution. Sanctions and BSA/AML rules change frequently; verify current guidance before relying on any analysis.

Capture the file while information is fresh, systems are still in their event-time configuration, and the people who made the decisions are still available. The discipline that separates well-run programs from struggling ones is doing this consistently — not heroically, but every time.

This checklist covers the first 24 hours only. The full investigation, filing, and remediation are downstream of this work and live under separate procedures.

1. Classify the event

  • Confirm whether the event is a blocked property case, a rejected transaction, or a potential apparent violation (these can overlap)
  • Record the date and time the event was discovered
  • Record the date and time the institution made the block or rejection determination (this is the date that starts the § 501.603 / § 501.604 ten-business-day clock)
  • Identify the sanctions program, listed party, account, and transaction reference numbers

2. Preserve the evidence

  • Save the alert, case notes, and escalation history (export the underlying record, not a screenshot)
  • Preserve the screening result, hit explanation, and true-match memo with reviewer signature and date
  • Capture the payment instruction, message format (SWIFT MT or equivalent), and any repair or return text
  • Save the ownership analysis, beneficial ownership documentation, and chain-of-intermediary mapping
  • Preserve the screening configuration in effect on the event date — list version, threshold settings, and rule set
  • Preserve screenshots or exports of any system data that may later change (alert queue state, account status, list-update logs)

3. Lock down the systems

  • Confirm that vendor logs, case-management records, and screening data will not be overwritten during routine system rotation
  • Identify any retention or archival risks tied to upcoming vendor migrations, contract expirations, or system changes
  • Freeze relevant settings or note the exact configuration version in use at the event date
  • Record any access restrictions or permissions changes made after discovery

4. Notify the right people

  • Notify sanctions compliance or the sanctions desk
  • Notify the BSA officer or AML lead
  • Notify legal or outside counsel if escalation is required
  • Notify operations or the business line owner if a process or payment-control issue is involved
  • Record who was notified, when, and by what method (this becomes part of the audit trail)

5. Start the filing analysis

  • Determine whether a § 501.603 blocked property report is required
  • Determine whether a § 501.604 rejected transaction report is required
  • Determine whether an apparent violation exists that may support voluntary self-disclosure — begin the VSD analysis in parallel, not after the mandatory filing
  • Identify any SAR considerations that run separately from the OFAC analysis
  • Assign named ownership for each filing track and deadline

6. Document the decision path

  • Record why the transaction was blocked or rejected
  • Record why the transaction was not blocked or rejected at the time it first appeared (if applicable — critical for pattern-discovery scenarios)
  • Record any legal or operational judgment calls made during disposition
  • Record any unresolved issues that need follow-up within 24 hours

7. Open the remediation track

  • Identify the root cause at a high level (screening configuration, list update, training, procedure, vendor)
  • Flag any screening, list-update, or workflow failure that may have contributed
  • Assign named follow-up for the remediation
  • Record whether other similar transactions may be implicated (the gateway to a lookback)
  • Start a lookback if the issue suggests a broader control gap — even a preliminary one

8. Set deadlines

  • Calendar the ten-business-day deadline for any required § 501.603 or § 501.604 filing (from the determination date, not the discovery date if different — confirm the correct trigger)
  • Calendar any internal legal review deadline (must complete before the regulatory deadline, not after)
  • Calendar follow-up for VSD analysis, remediation, and management reporting
  • Assign a named owner for each deadline

Owner

Responsible individual / event owner:
Date initiated:
First management briefing scheduled:

For background, see the Sanctionfy article on Voluntary Self-Disclosure vs. Mandatory Reports Under §§ 501.603 and 501.604.