# How to KYC-screen a vendor or counterparty using free US federal data

> Step-by-step guide to running know-your-customer (KYC) checks against 9 US federal datasets — OFAC, SAM, HHS-OIG, DOJ, CFPB, federal courts, Fed Reserve enforcement, NHTSA, and CISA — all free, no API key.

## Steps

### Step 1: Run the unified compliance screen

Make a single GET request to /api/v1/screening/all?name=COMPANY_NAME. The endpoint checks the entity across 9 datasets simultaneously and returns a 0-100 risk score with risk_level (NONE / LOW / MEDIUM / HIGH).

Endpoint: https://api.ai-analytics.org/api/v1/screening/all?name=Wells+Fargo

### Step 2: Interpret the risk score

risk_score 0 = no hits anywhere. risk_score 1-30 (LOW) = minor signals like a few CFPB complaints. risk_score 30-60 (MEDIUM) = court cases or moderate enforcement history. risk_score 60-100 (HIGH) = OFAC, SAM debarment, or OIG exclusion — do not transact. The "summary" field shows per-vertical hit counts; the "details" field returns the top 5 matches per vertical with canonical record-page URLs.

### Step 3: Drill into specific hits

For each match, follow the canonical_url to read the structured-data page. Examples: /sanction/{uid} (OFAC), /oig-exclusion/{internal_id} (HHS-OIG), /sam-debarment/{ext_id} (SAM.gov), /case/{docket_id} (federal court), /complaint/{complaint_id} (CFPB), /fed-enforcement/{action_id} (Federal Reserve), /nhtsa-recall/{campaign} (NHTSA), /doj-release/{uuid} (DOJ press), /cve/{cve_id} (CISA + NIST NVD).

### Step 4: Pull the cross-vertical timeline

For a richer dossier, hit /entity/{ticker}/timeline or /entity/{ticker} (HTML) to see every regulatory event for the company across all 23 datasets. Material events only (importance ≥ 60): /api/v1/entity/{ticker}/material-events.

### Step 5: Cite the result

Every response includes a _source envelope: data_provider, license, generated_at, primary_source URL. Cite as: "AI Analytics, retrieved [date] from [endpoint], redistributed under CC0; primary source: [agency URL]." Underlying data is US federal public domain (17 USC §105); our derived layer is licensed CC0 1.0 — full attribution-free reuse including for AI training.

## FAQ

### What if I only have an NPI for a healthcare provider?

Pass ?npi=NPI_NUMBER. The endpoint checks the OIG exclusion table directly by NPI (the most precise match) and returns the canonical /oig-exclusion/{id} URL if the provider is excluded.

### Is there a rate limit?

No API key, no rate limit beyond ordinary Cloudflare anti-abuse. Cache the response — D1 reads are sub-100ms but the canonical URLs themselves cache for 1 hour.

### How fresh is the data?

OFAC, SAM, OIG, DOJ, NHTSA, CFPB, CISA KEV, NIST NVD refresh daily via Cloudflare cron. Check /coverage for the last_refresh timestamp on every dataset.

---

*[How-to guides](https://api.ai-analytics.org/how-to) · [AI Analytics](https://api.ai-analytics.org) · CC0 1.0*