IBANforge

Compliance Check

Pre-flight risk triage for a payment, in one call. Runs a full IBAN validation, then adds a compliance block: sanctions screening of the holding bank (OFAC, EU, UN, SECO), FATF country status, SEPA reachability (SCT / SDD / SCT Inst), Verification of Payee participation, and a 0–100 risk score your code or agent can branch on.

Endpoint

POST https://api.ibanforge.com/v1/iban/compliance

Cost: $0.02 per request (or free-tier quota / prepaid credits)

Request

Headers

HeaderValueRequired
Content-Typeapplication/jsonYes
AuthorizationBearer ifk_... (free API key)One of the two
X-PAYMENTx402 payment tokenOne of the two

Body

{
  "iban": "DE89 3704 0044 0532 0130 00"
}
FieldTypeDescription
ibanstringThe IBAN to check. Spaces and hyphens are stripped automatically. Case-insensitive.

Response

Success (200)

{
  "iban": "DE89370400440532013000",
  "valid": true,
  "country": { "code": "DE", "name": "Germany" },
  "check_digits": "89",
  "bban": { "bank_code": "37040044", "account_number": "0532013000" },
  "sepa": { "member": true, "schemes": ["SCT", "SDD", "SCT_INST"], "vop_required": true },
  "formatted": "DE89 3704 0044 0532 0130 00",
  "bic": { "code": "COBADEFF", "bank_name": "COMMERZBANK Aktiengesellschaft", "city": "Frankfurt am Main" },
  "issuer": { "type": "bank", "name": "COMMERZBANK Aktiengesellschaft" },
  "risk_indicators": {
    "issuer_type": "bank",
    "country_risk": "standard",
    "test_bic": false,
    "sepa_reachable": true,
    "vop_coverage": true
  },
  "compliance": {
    "sanctions": {
      "country_sanctioned": false,
      "bank_sanctioned": false,
      "matched_lists": [],
      "fatf_status": "member"
    },
    "reachability": { "sepa_instant": true, "sct": true, "sdd": true },
    "vop": { "participant": true, "status": "active" },
    "risk_score": 0,
    "risk_level": "low",
    "flags": []
  },
  "meta": {
    "scope": "bank_bic_only",
    "disclaimer": "Informational triage only — NOT a regulated AML/CFT product. Sanctions screening is performed at the BANK (BIC8) level: it flags the holding institution, NOT the beneficiary / account-holder name. Most sanctions designations target persons and companies, which this does not screen. Use a regulated provider (Refinitiv, ComplyAdvantage, etc.) for name-level KYC/AML obligations.",
    "sanctions_as_of": "2026-07-05T04:29:13.136Z",
    "fatf_as_of": "2026-02",
    "sources": "OFAC,EU,UN,SECO,FATF,EPC-SCT,EPC-SDD,EPC-SCT_INST"
  },
  "cost_usdc": 0.02,
  "processing_ms": 25.66
}

The compliance block

FieldDescription
sanctions.country_sanctionedThe IBAN country appears on a comprehensive sanctions program (e.g. RU, BY, IR).
sanctions.bank_sanctionedThe holding bank (BIC8) is designated on OFAC, EU, UN or SECO lists.
sanctions.matched_listsWhich lists matched, e.g. ["OFAC", "EU"]. Empty when clean.
sanctions.fatf_statusFATF standing of the country: member, increased_monitoring (grey list), high_risk (black list), or none.
reachabilityWhether the bank is reachable via SEPA SCT, SDD and SCT Inst (EPC registers).
vopVerification of Payee participation and status — required in the euro area since October 2025.
risk_score0–100 aggregate. Higher = riskier.
risk_levellow (0–29), medium (30–59), high (60–100).
flagsMachine-readable reasons behind the score, e.g. ["country_sanctioned", "fatf_high_risk"].

A sanctioned-country IBAN (e.g. Russia) returns risk_level: "high" with a score of 60+ and explicit flags — try it in the playground.

Scope — read this before relying on it

The meta.scope field says bank_bic_only, and it means it: screening is performed at the bank level (BIC8), not the account-holder level. It flags payments routed through designated institutions or sanctioned countries. It does not screen beneficiary names, and it is not a regulated AML/CFT product — for name-level KYC/AML obligations, use a regulated provider. The full disclaimer ships in every response, so downstream agents can't miss it.

Data freshness

SourceRefresh
Sanctions lists (OFAC, EU, UN, SECO)Weekly — see meta.sanctions_as_of in every response
FATF listsPer FATF plenary — see meta.fatf_as_of
SEPA reachability (EPC SCT / SDD / SCT Inst)Monthly

Use cases

  • Pre-flight payment triage — block or escalate high, review medium, pass low.
  • Agent guardrails — an MCP agent checks compliance before initiating any transfer (check_compliance tool).
  • Onboarding screening — flag supplier or customer IBANs held at designated banks before first payout.

Next steps