Compliance Check
Pre-flight risk triage for a payment, in one call. Runs a full IBAN validation, then adds a compliance block: sanctions screening of the holding bank (OFAC, EU, UN, SECO), FATF country status, SEPA reachability (SCT / SDD / SCT Inst), Verification of Payee participation, and a 0–100 risk score your code or agent can branch on.
Endpoint
POST https://api.ibanforge.com/v1/iban/compliance
Cost: $0.02 per request (or free-tier quota / prepaid credits)
Request
Headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Authorization | Bearer ifk_... (free API key) | One of the two |
X-PAYMENT | x402 payment token | One of the two |
Body
{
"iban": "DE89 3704 0044 0532 0130 00"
}| Field | Type | Description |
|---|---|---|
iban | string | The IBAN to check. Spaces and hyphens are stripped automatically. Case-insensitive. |
Response
Success (200)
{
"iban": "DE89370400440532013000",
"valid": true,
"country": { "code": "DE", "name": "Germany" },
"check_digits": "89",
"bban": { "bank_code": "37040044", "account_number": "0532013000" },
"sepa": { "member": true, "schemes": ["SCT", "SDD", "SCT_INST"], "vop_required": true },
"formatted": "DE89 3704 0044 0532 0130 00",
"bic": { "code": "COBADEFF", "bank_name": "COMMERZBANK Aktiengesellschaft", "city": "Frankfurt am Main" },
"issuer": { "type": "bank", "name": "COMMERZBANK Aktiengesellschaft" },
"risk_indicators": {
"issuer_type": "bank",
"country_risk": "standard",
"test_bic": false,
"sepa_reachable": true,
"vop_coverage": true
},
"compliance": {
"sanctions": {
"country_sanctioned": false,
"bank_sanctioned": false,
"matched_lists": [],
"fatf_status": "member"
},
"reachability": { "sepa_instant": true, "sct": true, "sdd": true },
"vop": { "participant": true, "status": "active" },
"risk_score": 0,
"risk_level": "low",
"flags": []
},
"meta": {
"scope": "bank_bic_only",
"disclaimer": "Informational triage only — NOT a regulated AML/CFT product. Sanctions screening is performed at the BANK (BIC8) level: it flags the holding institution, NOT the beneficiary / account-holder name. Most sanctions designations target persons and companies, which this does not screen. Use a regulated provider (Refinitiv, ComplyAdvantage, etc.) for name-level KYC/AML obligations.",
"sanctions_as_of": "2026-07-05T04:29:13.136Z",
"fatf_as_of": "2026-02",
"sources": "OFAC,EU,UN,SECO,FATF,EPC-SCT,EPC-SDD,EPC-SCT_INST"
},
"cost_usdc": 0.02,
"processing_ms": 25.66
}The compliance block
| Field | Description |
|---|---|
sanctions.country_sanctioned | The IBAN country appears on a comprehensive sanctions program (e.g. RU, BY, IR). |
sanctions.bank_sanctioned | The holding bank (BIC8) is designated on OFAC, EU, UN or SECO lists. |
sanctions.matched_lists | Which lists matched, e.g. ["OFAC", "EU"]. Empty when clean. |
sanctions.fatf_status | FATF standing of the country: member, increased_monitoring (grey list), high_risk (black list), or none. |
reachability | Whether the bank is reachable via SEPA SCT, SDD and SCT Inst (EPC registers). |
vop | Verification of Payee participation and status — required in the euro area since October 2025. |
risk_score | 0–100 aggregate. Higher = riskier. |
risk_level | low (0–29), medium (30–59), high (60–100). |
flags | Machine-readable reasons behind the score, e.g. ["country_sanctioned", "fatf_high_risk"]. |
A sanctioned-country IBAN (e.g. Russia) returns risk_level: "high" with a score of 60+ and explicit flags — try it in the playground.
Scope — read this before relying on it
The meta.scope field says bank_bic_only, and it means it: screening is performed at the bank level (BIC8), not the account-holder level. It flags payments routed through designated institutions or sanctioned countries. It does not screen beneficiary names, and it is not a regulated AML/CFT product — for name-level KYC/AML obligations, use a regulated provider. The full disclaimer ships in every response, so downstream agents can't miss it.
Data freshness
| Source | Refresh |
|---|---|
| Sanctions lists (OFAC, EU, UN, SECO) | Weekly — see meta.sanctions_as_of in every response |
| FATF lists | Per FATF plenary — see meta.fatf_as_of |
| SEPA reachability (EPC SCT / SDD / SCT Inst) | Monthly |
Use cases
- Pre-flight payment triage — block or escalate
high, reviewmedium, passlow. - Agent guardrails — an MCP agent checks compliance before initiating any transfer (
check_compliancetool). - Onboarding screening — flag supplier or customer IBANs held at designated banks before first payout.
Next steps
- Validate a single IBAN — validation without the compliance block, at $0.005
- Swiss Clearing lookup — BC-Nummer, SIC and instant-payment data
- API keys — 200 free requests/month
- Error reference — all error codes