Happy Friday. Anyone know of any good guidance out there on the methodology to be used when determining whether an OFAC alert is a false or true positive? I know it's risk based and depends on your institutions policies. Wondering if there's a good document which might mention what regulators have or have not accepted in the past as valid reasons for clearing an alert. For instance, if we have a SS# on our customer and the "bad actor" they're hitting against doesn't have a SS# on the alert would regulators challenge clearing that alert as a false positive because of the SS#. Just looking for something which might have acceptable clear reasons. Anyone? Bueller, Bueller?

This is addressed on OFAC's website:

https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx

Just document your findings.