IP-Based Sanctions Compliance Screening

International sanctions programs prohibit businesses from providing services, processing transactions, or transferring technology to individuals and entities in sanctioned countries and regions. For online platforms, enforcing these restrictions requires knowing where users are physically located — not just where they claim to be. IP geolocation provides a real-time geographic verification layer that helps businesses comply with sanctions programs from OFAC, the EU, and the UN without relying solely on user-declared information.

Scan a list of IPs in seconds

Paste up to 100 IPs and get a full geolocation report with 40+ fields per IP — country, city, ISP, ASN, VPN/Tor/datacenter flags, and threat score. Exports to CSV, JSON, Excel, PDF, XML.

Starting at $1.99 per report No signup required 7-day money-back guarantee

Try Bulk Lookup See sample PDF

The Problem

Sanctions compliance for online businesses is fundamentally a geography problem. The U.S. Office of Foreign Assets Control (OFAC) maintains a list of sanctioned countries, regions, and entities that U.S. persons and companies cannot do business with. The EU has its own sanctions regime, as do the UK, Canada, Australia, and other jurisdictions. Violations carry severe penalties — OFAC fines can reach millions of dollars per violation, and criminal penalties include imprisonment.

The challenge is that users in sanctioned regions actively circumvent geographic restrictions. They use VPNs to appear as though they are connecting from permitted countries, register with addresses in non-sanctioned locations, and use intermediaries to access services. Self-reported location data is unreliable for compliance purposes. Regulators expect businesses to implement technical controls that go beyond asking users where they are, and IP geolocation is one of the primary tools for meeting that expectation.

Business professional reviewing compliance documentation — Credit: via Unsplash

How IP Intelligence Helps

IP geolocation provides network-level geographic verification that operates independently of user-declared data. When a user accesses your platform, the system queries their IP address and determines the country, region, and network they are connecting from. This verification happens before the user interacts with any sanctioned service or completes any transaction.

Country-level screening — automatically check every connection against your list of sanctioned countries. Block or flag users connecting from comprehensively sanctioned jurisdictions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine under OFAC programs).
VPN and proxy detection — identify users attempting to circumvent geographic restrictions through VPNs, proxies, or Tor. The is_vpn, is_proxy, and is_tor flags reveal anonymization attempts that may indicate sanctions evasion.
Transaction-level verification — verify the IP location at the moment of each transaction, not just at registration or login. A user who registered from a permitted country may later access the platform from a sanctioned jurisdiction.
Audit trail generation — log the IP-derived country for every significant user action. This creates the documentary evidence regulators require during examinations, demonstrating that your platform actively screens for sanctioned jurisdiction access.
Risk-based escalation — not every geographic signal requires blocking. A user on a VPN connecting from a non-sanctioned country may simply need additional verification. IP intelligence enables tiered responses based on the combination of geography, anonymization, and transaction risk.

Key API Fields for Sanctions Compliance

API Field	Compliance Use	Plan
`country_code`	Primary sanctions screening (ISO 3166-1)	Free
`country`	Full country name for audit logs	Free
`region`	Sub-national sanctions (e.g., Crimea region)	Free
`is_vpn`	Detect sanctions evasion via VPN	Pro
`is_proxy`	Detect proxy-based circumvention	Pro
`is_tor`	Detect Tor-based anonymization	Pro
`is_sanctioned`	Pre-computed sanctions flag	Business
`threat_score`	Composite risk for escalation decisions	Business

Implementation Example

// Sanctions screening middleware
async function sanctionsCheck(req, res, next) {
  const geo = await ipLookup(req.ip);
  
  // Hard block: comprehensively sanctioned countries
  const sanctioned = ['CU', 'IR', 'KP', 'SY'];
  if (sanctioned.includes(geo.country_code)) {
    await logSanctionsEvent(req, geo, 'blocked');
    return res.status(451).json({ error: 'Service unavailable in your region' });
  }

  // Elevated review: VPN/proxy from high-risk regions
  if (geo.is_vpn || geo.is_proxy || geo.is_tor) {
    req.sanctionsRisk = 'elevated';
    await logSanctionsEvent(req, geo, 'flagged_anonymized');
  }

  // Sub-national sanctions (e.g., Crimea)
  if (geo.country_code === 'UA' && isRestrictedRegion(geo.region)) {
    await logSanctionsEvent(req, geo, 'blocked_region');
    return res.status(451).json({ error: 'Service unavailable in your region' });
  }

  req.geoData = geo;
  next();
}

Building a Compliance Program

IP-based sanctions screening should be part of a layered compliance program, not a standalone control. According to OFAC’s compliance guidance, an effective sanctions compliance program includes five essential components: management commitment, risk assessment, internal controls, testing and auditing, and training. IP geolocation serves as a key internal control within this framework.

Screen at multiple touchpoints — check IP location at registration, login, transaction initiation, and account changes. A user who registered from London may later access the platform from Tehran.
Combine IP data with other signals — cross-reference IP location with billing address, phone number country code, browser language settings, and timezone. Consistency across these signals increases confidence; inconsistency warrants investigation.
Handle VPN users with care — VPN usage alone does not prove sanctions evasion. Many legitimate users use VPNs for privacy. However, a VPN combined with other risk factors (new account, high-value transaction, conflicting location signals) should trigger enhanced due diligence.
Maintain comprehensive audit logs — log the IP address, derived country, VPN/proxy status, and screening decision for every significant user action. These logs are critical during regulatory examinations and must be retained according to your jurisdiction’s requirements.
Update sanctions lists regularly — sanctions programs change frequently. OFAC updates its SDN list regularly, and new country-level sanctions can be imposed on short notice. Ensure your screening logic references current sanctions lists and that your IP geolocation data reflects current network allocations.

Why My IP Help

Country accuracy above 99% — critical for sanctions screening where a false negative (missing a sanctioned country) has severe regulatory consequences
Sub-national region data — supports region-level sanctions like Crimea, where the country (Ukraine) is not sanctioned but specific regions are
VPN, proxy, and Tor detection — identifies the most common circumvention methods used to evade geographic restrictions
Audit-ready response format — standardized JSON with ISO country codes creates clean audit logs that satisfy regulatory requirements

Aerial view of shipping containers representing global trade compliance — Credit: via Unsplash

Frequently Asked Questions

What are sanctions and how do they affect online businesses?

International sanctions prohibit providing services, processing payments, or transferring technology to individuals and entities in sanctioned countries. Online businesses must screen users to ensure they are not providing services to sanctioned jurisdictions. Violations can result in fines of millions of dollars and criminal penalties including imprisonment.

How does IP geolocation help with sanctions compliance?

IP geolocation determines the user’s country at the network level, independent of self-reported data. This provides a technical control that screens every connection against sanctioned country lists in real time, creating both an enforcement mechanism and an audit trail for regulators.

Can users bypass IP-based sanctions screening with a VPN?

Users can attempt to mask their location with VPNs, but the API’s VPN and proxy detection flags identify these attempts. While VPN usage requires additional investigation rather than automatic blocking, combining VPN detection with other risk signals effectively catches most circumvention attempts.

Which countries are currently sanctioned by OFAC?

As of the current OFAC programs, comprehensively sanctioned countries include Cuba, Iran, North Korea, and Syria. Additionally, specific regions like Crimea, Donetsk, and Luhansk in Ukraine are subject to sanctions. OFAC’s sanctions list changes frequently, so always reference the current list at treasury.gov/ofac.

Is IP geolocation sufficient for sanctions compliance on its own?

No. IP geolocation should be one layer in a comprehensive compliance program that includes identity verification, transaction monitoring, sanctions list screening (SDN list), and enhanced due diligence. OFAC expects a risk-based approach with multiple controls, and IP screening serves as a key technical control within that framework.

How do I handle sub-national sanctions like Crimea?

The API returns region-level data in addition to country codes. For sub-national sanctions, check both the country code and the region field. When the country itself is not sanctioned but specific regions are, the region field enables targeted screening without blocking the entire country.

What should I do when a VPN user triggers a sanctions flag?

Do not automatically block all VPN users. Instead, implement a risk-based approach: flag the connection for enhanced review, request additional identity verification, cross-reference with other location signals (billing address, phone number), and document the review decision. The goal is reasonable due diligence, not zero-risk elimination.

How should I log sanctions screening results for compliance?

Log the IP address, derived country code, region, VPN/proxy/Tor status, the screening decision (allowed, flagged, or blocked), and a timestamp for every significant user action. Retain these logs according to your jurisdiction’s requirements — typically 5 years for financial services. The API’s standardized JSON format integrates cleanly with compliance logging systems.

What HTTP status code should I return for sanctions blocks?

Use HTTP 451 (Unavailable For Legal Reasons), which is specifically designed for situations where a resource is unavailable due to legal restrictions. Provide a generic message that does not reveal the specific sanctions program or detection method to avoid helping users circumvent your controls.

How often do sanctions programs change?

Frequently. OFAC updates its Specially Designated Nationals (SDN) list multiple times per month, and new country-level sanctions can be imposed on short notice in response to geopolitical events. Your screening logic must reference current lists, and your compliance team should monitor OFAC, EU, and UK sanctions updates regularly.

Ready to get started?

Free plan includes 1,000 lookups/month. No credit card required.

Get Free API Key View Documentation