Every compliance team we’ve spoken to over the past two years shares some version of the same story: they’re paying per search, the credits expire at the end of the month, and somewhere along the way the team started rationing screenings to stay under budget. Nobody said it out loud. Nobody wrote a policy about it. It just happened.
That’s the hidden cost nobody talks about. Not the invoice. The behavioral change that expiring credits quietly engineer inside your compliance program.
The credit model was never designed for compliance
Subscription-credit models made sense for consumer apps, where usage is bounded and predictable. In a compliance context, they’re structurally misaligned with the work. Sanctions screening isn’t a product feature you use occasionally. It’s an ongoing obligation with regulatory teeth. The moment cost-per-search starts shaping how often you screen, you’ve introduced a conflict of interest between your budget and your regulatory duty.
The OFAC FAQ is explicit: screening should occur at onboarding, at transaction time, and on a recurring basis for ongoing relationships. None of those obligations are optional. None of them fit neatly into a monthly credit bundle.
What "rationing" looks like in practice
Compliance rationing rarely looks like fraud. It looks like reasonable prioritization under resource pressure. Teams screen new clients but skip periodic re-screens. They screen high-value transactions but wave through smaller ones. They defer batch rescreens when the list updates because last month’s credits ran out on the 22nd.
Any one of these decisions might survive a regulator’s spot check. But the pattern — a compliance program whose cadence is silently set by a vendor’s billing model — is exactly the kind of gap that turns a routine examination into an enforcement action.
Five warning signs your program is being shaped by credit economics
- You've delayed a batch rescreen because you were "saving credits" for end-of-month client intake.
- Re-screening intervals were set based on what your credit tier allows, not on a documented risk assessment.
- Your team checks the credit balance before running a screening — any screening.
- You've had to explain to auditors why you didn't rescreen a client after an OFAC list update.
- Your compliance calendar is synchronized, intentionally or not, with your vendor billing cycle.
Local-first changes the calculus entirely
When you own the tool, the cost model changes. There’s no per-search fee. No credit bundle. No end-of-month rationing. The result is a compliance program that can be designed around regulatory requirements — not around vendor economics.
This sounds obvious, but the downstream effects are significant. Re-screening intervals can be set based on documented risk factors: entity type, jurisdiction, transaction volume, relationship age. Your team stops asking “how many screens do we have left?” and starts asking “have we rescreened everyone on the updated OFAC SDN list?” The right question.
VeriSanction was built specifically because we found ourselves in this position. We were engineers in regulated environments watching teams design their compliance programs around billing constraints. We built a local-first desktop application so that the tool gets out of the way and lets compliance be compliance.
What a defensible program actually requires
Beyond the credit problem, there’s a second gap the market has been slow to close: the difference between a search bar and a defensible compliance trail. A regulator doesn’t just want to know that you ran a search. They want to know who ran it, when, against which list, what the result was, and what decision was made — and why.
Every search in VeriSanction writes to an audit log. Every adjudication decision is timestamped and recorded. The trail isn’t an afterthought. It’s the product.
If you’re evaluating compliance tools and the vendor can’t show you the audit trail before they show you the search UI, walk away. The search is the easy part. The recordkeeping is what gets tested.