From OFAC's FAQ on how to determine if you have a match against the SDN list, we have:
Step 3. How much of the SDN’s name is matching against the name of your account holder? Is just one of two or more names matching (i.e., just the last name)?
If yes, you do not have a valid match.*
If no, please continue to 4 below.
Really? Is that really the standard? How about:
- The data matches the first and middle names but not the last: does every Mary Ann and Jose Maria require additional review?
- The data matches a first name and the maternal last name of a Hispanic (or Portuguese-speaking) individual, but not the paternal last name – do those require additional research and review?
- The data matches the 2 last names of a Hispanic (or Portuguese-speaking) individual, but none of the first or middle names – do those require review?
And what should be reviewed for matches to the multiple name components of Muslim names? Are they all created equal other than the given name?
It's very easy for OFAC to say “we can't give any more guidance – otherwise, the terrorists will win.” And it's also not very fair, especially since each of these cases involves significant additional operational overhead – or much smarter systems – to handle the increase in matches.
OFAC needs to issue more precise guidance… period.
To be clear, Mr. Watchlist believes that none of the cases in the list above requires additional review, and that a workable model for Muslim names would require matches to the given name, or initial, and the nisbah, which is the tribal, clan or geographic name. A case could potentially be made to substitute the laqab, which is an attribution name, like al-Rashid, for the nisbah, but it's my understanding that the nisbah is the closest to a family or last name in Muslim name structures.