Skip to main content
Image coming soon

The AML Sanctions Specialist OFAC Alert-to-SAR Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The AML Sanctions Specialist OFAC Alert-to-SAR Playbook

Cut your sanctions alert backlog and write SAR narratives that survive an OCC look-back, without losing the L3 escalations that matter.

You are the person who has to decide, in the next twenty minutes, whether the fuzzy SDN hit on an outgoing wire is a true OFAC match or a false positive, and you have to leave a disposition record that a QA reviewer, the BSA Officer, and an examiner in eighteen months will all read the same way.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Sanctions specialists at large US banks live inside a tight loop: alerts surface from Actimize, Fircosoft, or a Bridger replacement, the screening list ingests update overnight after OFAC publishes a SDN change, the wire room is waiting on dispositions, and the QA team samples 5 to 10 percent of your work for recall coverage. The hard parts are not the obvious matches. They are the fuzzy name hits that score in the high 70s, the BIC overlaps where the underlying counterparty is opaque, the 50 Percent Rule beneficial-ownership chains where you need to decide whether the entity inherits the parent's designation, the sectoral 13 and 14 trades where the customer claims a general license applies, and the 314(a) matches that need to move into a SAR within thirty days of detection. Each of those needs a disposition note that is precise, traceable, and lawyer-readable. Get the documentation wrong and you create OCC look-back exposure for the bank and rework for yourself. Get it right and the queue moves.

What you walk away with

  • Dispose fuzzy-name SDN alerts in under fifteen minutes with a disposition note that survives QA sampling and look-back review.
  • Write 314(a) match memos and SAR narratives that hold up on first-pass internal review without rewrite cycles.
  • Apply the 50 Percent Rule to opaque beneficial-ownership chains and document the chain logic in a form an OCC examiner can follow.
  • Decide sectoral 13 and 14 dispositions against a customer general-license claim and capture the supporting evidence.
  • Reduce your personal alert backlog by working a documented prioritisation queue tied to risk score, jurisdiction, and customer segment.

The 12 modules

Module 1. The sanctions specialist's day, mapped to your queue
Open the actual list of alerts sitting in your screening tool right now and map each one to one of seven canonical shapes: clean name hit, fuzzy name hit, BIC or LEI overlap, 50 Percent Rule chain, sectoral 13 or 14 nexus, 314(a) match, and PEP overlap. The module gives you a prioritisation grid keyed to risk score, wire urgency, customer segment, and jurisdiction so you stop working the queue in the order it arrives.
Module 2. Reading the OFAC SDN list and consolidated lists like an analyst
Work directly from the OFAC SDN list, the Consolidated Sanctions List, the Sectoral Sanctions Identifications list, and the Foreign Sanctions Evaders list. Learn the field structure, the program tags, the aliases and DOB fields that drive screening false positives, and how list publication cadence affects your morning ingest. Includes a tear-down of the differences between OFAC, UK OFSI, EU CFSP, and UN consolidated lists for cross-list exposure work.
Module 3. Fuzzy name matching, scoring thresholds, and the high-70s problem
Why a name score of 78 is the hardest disposition in your day. Walk through how Actimize, Fircosoft, and Bridger generate match scores from edit distance, phonetic algorithms, and transliteration tables. Build a disposition logic for high-70s scores that draws on DOB, place of birth, nationality, occupation, and transaction context. Templates for documenting why a 78 was cleared and why a 76 was escalated.
Module 4. The 50 Percent Rule and beneficial-ownership chains
OFAC's 50 Percent Rule means an entity owned 50 percent or more by a blocked person is itself blocked, even if not listed. The module works five real chain shapes: direct majority, aggregated minority interests, holding-company intermediaries, trust structures, and joint ventures with mixed designation. Includes a one-page chain-mapping worksheet that an examiner can follow without you in the room.
Module 5. Sectoral sanctions, general licenses, and the customer claim problem
Sectoral 13 and 14 dispositions live or die on whether a general license actually applies to the trade in question. The module walks the Russia, Iran, and Venezuela sectoral programs, the GL structures most likely to be invoked by customers, and how to evidence a GL claim without taking the customer's word for it. Includes a template for the disposition memo that names the GL, the conditions met, and the supporting documentation.
Module 6. Wire and SWIFT screening: the BIC overlap and the opaque counterparty
Outgoing wires generate alerts on the originator, beneficiary, originating bank, beneficiary bank, and intermediary banks. The module handles the cases where the BIC matches but the underlying party is opaque, where MT103 field 50K or 59 omits a country, and where a correspondent relationship pulls you into a sanctioned jurisdiction one hop out. Includes a disposition path for true-hit holds and the language to use with the wire room.
Module 7. L3 escalation memos that the sanctions investigations lead reads once
An L3 escalation goes to a senior sanctions investigations analyst or the BSA Officer's delegate. They read fifteen of these a day. Yours needs to be readable in two minutes. The module gives you the memo structure: the alert, the screening artefacts, the open-source evidence, the dispositive question, and the recommendation. Includes a worked example for a Russia-nexus sectoral case and a Venezuela 50 Percent Rule case.
Module 8. 314(a) requests, the thirty-day SAR clock, and the documentation trail
When a FinCEN 314(a) request returns a match, you have thirty days to file a SAR if you have not already. The module walks the request-handling workflow, the secure-channel response, the internal evidence package, and the SAR narrative structure for 314(a) matches. Includes the SAR fields most often flagged on quality review and how to fill them without rewrite cycles.
Module 9. SAR narratives for sanctions cases that survive OCC look-back
A SAR narrative for a sanctions case is read by FinCEN, by your internal audit team, and potentially by an OCC examiner doing a look-back two years from now. The module gives you a narrative skeleton, the five elements every sanctions-SAR narrative must carry, the common language defects that draw QA rework, and a checklist your supervisor can sign off in under five minutes. Includes three worked SAR narratives across different alert types.
Module 10. Working the screening tool: Actimize, Fircosoft, Bridger, Quantexa
Each platform has its own disposition vocabulary, its own audit trail, and its own pitfalls. The module covers Actimize SAM disposition codes, Fircosoft's match-score export, Bridger's hit categorisation, and Quantexa's network view. The focus is on the artefacts each tool produces that an examiner will pull, and how to make sure your dispositions leave a clean trail in whichever stack your bank runs.
Module 11. Quality assurance, look-back, and the examiner conversation
QA samples 5 to 10 percent of your work, internal audit pulls a sample ahead of the OCC exam, and the OCC examiner pulls a sample during the exam itself. The module covers the sampling methodologies you face, the documentation traits that fail QA, and how to read a QA finding so the next sample comes back clean. Includes the language to use in the examiner interview when asked about a specific disposition.
Module 12. Building your personal alert playbook and the implementation handoff
By module 12 you have a personal disposition playbook tuned to your queue, your screening stack, and your bank's escalation thresholds. The module guides you to assemble it as a one-page reference, a disposition-template library, and a personal QA checklist. Then it hands off to the per-buyer implementation playbook, which the Art of Service team builds against your specific tool stack and program documents within 24 hours of purchase.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Module 3 and module 4 cover the two highest-rework alert shapes in a typical large-bank queue: high-70s fuzzy hits and 50 Percent Rule chains.
Module 7 and module 9 cover the two artefacts most likely to be sampled by QA and by an OCC examiner: the L3 escalation memo and the SAR narrative.
Module 5 and module 6 cover the two disposition paths where wrong calls produce real OFAC enforcement exposure: sectoral GL claims and BIC overlap holds on outgoing wires.
Module 8 covers the one alert type where the calendar is fixed by FinCEN: 314(a) match, 30-day SAR clock.

What you get with this course

  • 12 written modules covering the full alert-to-SAR disposition path.
  • Downloadable disposition-note templates for fuzzy-name hits, sectoral cases, 50 Percent Rule chains, BIC overlaps, and 314(a) matches.
  • L3 escalation memo and SAR narrative templates with worked examples across alert types.
  • The hand-built implementation playbook, tuned to your screening stack and your bank's escalation thresholds.
  • Access to the Art of Service learning environment for ongoing reference.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Work the modules at your own pace, the templates are usable from day one.

Apply the disposition templates to live alerts as you work through the course.

Before and after

Before

You work the alert queue in the order it arrives, fuzzy-name hits in the high-70s eat a disproportionate share of your day, your L3 memos come back from the sanctions investigations lead with questions, and QA flags a recurring documentation gap on your dispositions.

After

You work a prioritised queue keyed to risk and urgency, your fuzzy-name dispositions land in under fifteen minutes with documentation that QA stops flagging, your L3 memos read once and clear, and your SAR narratives pass first-pass internal review.

What happens if you do not address this

An OFAC enforcement action against a US bank typically starts with a look-back showing a pattern of weak alert dispositions. The individual analyst who wrote those dispositions is named in the look-back. The risk is not just to the bank, it is personal documentation that follows you in your next compliance role.

Who it is for

AML Sanctions Specialists, Sanctions Analysts, OFAC Compliance Analysts, and L2 to L3 sanctions investigators inside US bank financial intelligence units, sanctions operations teams, or BSA/AML units. People who own day-to-day alert disposition on screening platforms like Actimize SAM, Fircosoft, Bridger, or Quantexa, who escalate to a sanctions investigations lead, and whose work is sampled by an independent QA function and reviewed by internal audit ahead of OCC and FRB exams.

Who this is NOT for. This is not for transaction monitoring analysts who do not touch sanctions screening, not for KYC onboarding analysts whose work ends at customer due diligence, and not for BSA Officers who own program-level policy rather than per-alert disposition. It is also not a sanctions law overview for attorneys, the OFAC legal nuance modules assume you already know the difference between blocking and rejecting.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Plan 8 to 12 hours of reading across the 12 modules. The templates and worksheets are usable from the first module on, so applied time inside your live queue starts immediately.

Why $199 is the right number

ACAMS and ABA courses cover sanctions at a program and policy level, useful for managers and BSA Officers. Vendor training from Actimize or Fircosoft covers the tool's mechanics. Neither covers the daily disposition-writing craft that fills the L2 to L3 sanctions specialist's day. This course sits in that gap.

FAQ

Is this US-specific or does it cover UK and EU sanctions too?
The core is OFAC, because that is where most US bank specialists spend their day. Module 2 covers the UK OFSI consolidated list and EU CFSP list at the level of cross-list exposure work. If your role is primarily UK or EU sanctions, the implementation playbook is tuned to OFSI or CFSP instead.
Does the course assume a specific screening tool?
Module 10 covers Actimize SAM, Fircosoft, Bridger, and Quantexa explicitly. The disposition-writing craft in the other modules is tool-agnostic. The implementation playbook is built against whichever stack your bank runs.
I am a sanctions investigations lead, not an L2 analyst. Is this useful?
The L3 memo and SAR narrative modules are useful as a reference for what good looks like when you are reviewing your team's work. The rest of the course is pitched at the L2 analyst's daily work.
What does the implementation playbook actually contain?
A one-page disposition reference for your queue, a template library tuned to your screening tool's disposition vocabulary, an L3 memo template tuned to your bank's escalation thresholds, and a SAR narrative skeleton tuned to your internal audit and QA documentation standards.
Is there a money-back option if it does not fit my role?
Yes, 30-day money-back if the course does not match your daily work.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.