GET /iban/screen

Returns a risk verdict on an IBAN in a single call: is the issuing bank/BIC on a sanctions list (OFAC / EU / UN), is the account’s jurisdiction risky (FATF black/grey lists, embargoes, EU-AML), and what is the aggregated risk band. Built for the KYB / onboarding persona that has to clear a counterparty’s IBAN before paying it.

The verdict is derived from official public lists (sanctions registries and jurisdiction risk lists) refreshed into a local snapshot. The lookup is purely local → response in milliseconds. The bank, BIC and country come from the same engine as GET /iban/resolve, so the shared fields match across both endpoints.

x402 golden rule: the agent pays for the answer to its question. “This IBAN is invalid” or “this jurisdiction is high-risk” is a successful answer → 200. The 4xx range is reserved for requests the service cannot answer.

Scope and limits

This endpoint screens bank/BIC against sanctions lists and jurisdiction risk only. It does not screen the account holder’s name (sanctions/PEP name matching, Verification of Payee) — that is a distinct product. A clear verdict means no signal was found on the covered lists; it is not a legal compliance opinion and does not replace your own AML obligations.

Parameters

ParameterTypeRequiredDescription
ibanstringyesIBAN to screen; spaces and dashes tolerated, any case

200 response — UnifiedResponse

{
  "data": { ... },
  "provenance": {
    "source": "ofac-eu-un-sanctions",
    "fetched_at": "2026-06-20T09:30:00Z",
    "freshness": { "kind": "snapshot", "as_of": "2026-06-19T00:00:00Z" }
  }
}
  • provenance.source: stable composite identifier of the screening lists.
  • freshness.as_of: date of the lists snapshot — the determining factor of the verdict (a hit reflects the lists as of this date).

Fields of dataScreenResult

FieldTypeDescription
ibanstringElectronic form if valid, otherwise the input as received
validboolStructural validity (country format + mod-97 checksum)
countrystring | nullISO 3166-1 alpha-2 country code, if extracted
bank_codestring | nullBank code, if the country defines its position
bankobject | null{ "name": string, "bic": string | null }
screeningobject | nullRisk verdict; null when the IBAN is invalid (nothing to screen)
coveragestring"full" | "structure_only"
issuestring | nullDiagnostic code when valid: false

Fields of screening

FieldTypeDescription
riskstringAggregated band: prohibited | high | elevated | clear | unknown
bank_sanctionedboolWhether the issuing bank/BIC matched a sanctions list
jurisdictionobject{ "level": string, "lists": string[] } for the account’s country
hitsarrayMatched signals (possibly empty); see below

Each element of hits is { "type": "bank_sanction" | "jurisdiction", "source": "OFAC" | "EU" | "UN" | ..., "detail": "<programme/list>" }.

jurisdiction.level is one of clear, monitored (FATF grey), high_risk (FATF black / EU-AML), sanctioned (embargo), or unknown (country outside the covered lists). jurisdiction.lists names the sources that placed it there.

Risk band semantics

riskMeaning
prohibitedSanctioned bank/BIC or a sanctioned (embargoed) jurisdiction
highHigh-risk jurisdiction (FATF black list / EU-AML), bank not sanctioned
elevatedMonitored jurisdiction (FATF grey list)
clearNo signal found on the covered lists
unknownValid IBAN but bank/BIC or country outside coverage — no claim is made

Case 1 — clean IBAN (risk: "clear")

{
  "iban": "DE77100000000000000000",
  "valid": true,
  "country": "DE",
  "bank_code": "10000000",
  "bank": { "name": "Bundesbank", "bic": "MARKDEF1100" },
  "screening": {
    "risk": "clear",
    "bank_sanctioned": false,
    "jurisdiction": { "level": "clear", "lists": [] },
    "hits": []
  },
  "coverage": "full",
  "issue": null
}

Case 2 — sanctioned bank (risk: "prohibited")

{
  "iban": "RU0204452560040702810412345678901",
  "valid": true,
  "country": "RU",
  "bank_code": "044525600",
  "bank": { "name": "Example Bank", "bic": "EXMPRUMMXXX" },
  "screening": {
    "risk": "prohibited",
    "bank_sanctioned": true,
    "jurisdiction": { "level": "sanctioned", "lists": ["EU", "OFAC"] },
    "hits": [
      { "type": "bank_sanction", "source": "OFAC", "detail": "SDN" },
      { "type": "jurisdiction", "source": "EU", "detail": "restrictive-measures" }
    ]
  },
  "coverage": "full",
  "issue": null
}

Case 3 — monitored jurisdiction, clean bank (risk: "elevated")

{
  "iban": "...",
  "valid": true,
  "country": "XX",
  "bank_code": "...",
  "bank": { "name": "Example Bank", "bic": "EXMPXXMMXXX" },
  "screening": {
    "risk": "elevated",
    "bank_sanctioned": false,
    "jurisdiction": { "level": "monitored", "lists": ["FATF-grey"] },
    "hits": [
      { "type": "jurisdiction", "source": "FATF", "detail": "increased-monitoring" }
    ]
  },
  "coverage": "full",
  "issue": null
}

Case 4 — valid IBAN outside coverage (risk: "unknown")

The IBAN is structurally valid but the bank/BIC or country is outside the covered lists — the service does not claim clear without data.

{
  "iban": "...",
  "valid": true,
  "country": "XX",
  "bank_code": "...",
  "bank": null,
  "screening": {
    "risk": "unknown",
    "bank_sanctioned": false,
    "jurisdiction": { "level": "unknown", "lists": [] },
    "hits": []
  },
  "coverage": "structure_only",
  "issue": null
}

Case 5 — invalid IBAN (successful answer → 200)

Nothing can be screened, so screening is null.

{
  "iban": "DE89370400440532013001",
  "valid": false,
  "country": null,
  "bank_code": null,
  "bank": null,
  "screening": null,
  "coverage": "structure_only",
  "issue": "BAD_CHECKSUM"
}

Possible issue codes: BAD_CHARACTERS, BAD_LENGTH, BAD_FORMAT, BAD_CHECKSUM, UNKNOWN_COUNTRY, INVALID_BBAN.

Errors

StatuscodeCase
400MISSING_PARAMETERiban parameter missing or empty
500INTERNALInternal error (detail logged, not exposed)
{ "error": "missing or empty required parameter: iban", "code": "MISSING_PARAMETER" }

See also