OFAC compliance for financial institutions refers to the legal obligation to screen customers, transactions, and business relationships against US sanctions lists and to block or reject any activity involving sanctioned countries, entities, or individuals. Non-compliance carries strict liability, meaning intent is irrelevant: If a prohibited transaction occurs, the penalty applies regardless of whether it was deliberate.
OFAC offers a list of over 20,000 names of parties who have been "blocked" by these sanctions. Financial institutions use specified AML compliance software like screening solutions all around the globe to identify any prohibited party names on transactions or in their client base. Compliance for list-based sanctions with OFAC laws is complex precisely because they are based on such a broad mandate. Each financial institution must decide how much risk it is ready to take on and create AML compliance program rules and processes to match.
What is OFAC?
OFAC is an agency within the US Department of the Treasury that is responsible for administering and enforcing economic and trade sanctions against targeted foreign countries, organizations, and individuals. Its primary goal is to prevent money laundering, terrorist financing, and other illicit activities that threaten the national security and foreign policy objectives of the United States. OFAC achieves this by implementing and enforcing economic sanctions programs that restrict or prohibit certain transactions, activities, and trade with designated entities or countries. OFAC maintains a list of Specially Designated Nationals and Blocked Persons (SDN List), which is a directory of individuals and organizations that are subject to sanctions and asset freezes. Financial institutions, businesses, and individuals are required to screen their transactions against the OFAC SDN List to ensure they are not engaging in any prohibited activity.
OFAC compliance and AML compliance are related but distinct obligations. AML is risk-based: Institutions apply due diligence proportional to the risk level of a customer or transaction. OFAC is strict liability: There is no risk-based threshold. If a transaction involves a sanctioned party, it must be blocked. A financial institution with a strong AML program can still face OFAC violations if its sanctions screening is inadequate, and vice versa. Running both programs in parallel, with clear escalation paths between them, is a regulatory expectation, not an option.
OFAC Penalties: What Financial Institutions Face?
Understanding the importance of OFAC sanctions compliance is crucial for businesses and individuals who operate in these fields. Non-compliance with OFAC sanctions can lead to severe consequences, including fines, penalties, and even criminal charges.
The consequences of OFAC non-compliance are severe and operate under a strict liability standard meaning intent is not a requirement for a violation. Civil penalties can reach up to $356,579 per violation or twice the value of the transaction, whichever is greater. Wilful violations carry criminal penalties of up to $1 million per violation and up to 20 years imprisonment. Critically, OFAC treats the absence of a sanctions compliance program as an aggravating factor in every penalty calculation meaning institutions without a documented program face higher fines even for minor violations. Good faith and voluntary self-disclosure are recognised as mitigating factors, but they do not eliminate liability.
A recent example illustrates how far OFAC's reach extends: In July 2025, Harman International Industries settled with OFAC for $1,454,145 after overseas employees of its US subsidiary enabled the diversion of products from a UAE distributor to Iran over a two-year period. Employees used code words such as "northern region" and "North Dubai" to disguise references to Iran in internal communications, conduct OFAC classified as egregious. The case is a reminder that sanctions violations can originate anywhere in a global supply chain, and that inadequate compliance controls at any level of the organisation carry direct liability for the parent entity.
Core OFAC Obligations for Financial Institutions
Understanding what OFAC compliance actually requires in practice goes beyond screening against a list. These are the four obligations that compliance officers at financial institutions need to have fully operationalised.
Blocking vs. rejecting transactions: Not all prohibited transactions are handled the same way. Transactions involving SDN-listed parties or sanctioned countries must be blocked: The funds are frozen, held in a segregated interest-bearing account, and reported to OFAC within 10 business days. Transactions that are prohibited for other reasons such as involving a non-SDN party engaged in sanctionable activity, must be rejected and returned to the sender, but do not need to be frozen. This distinction is one of the most common points of failure in OFAC compliance programs, and getting it wrong in either direction carries penalty risk.
The 50% rule: An entity does not need to appear on the SDN list to be considered sanctioned. Any entity owned 50% or more by a sanctioned party is itself treated as sanctioned under OFAC rules, regardless of whether it has been explicitly designated. This creates significant due diligence obligations around beneficial ownership. For a detailed breakdown of how the 50% rule applies in practice, see our guide to OFAC's 50% rule and indirect ownership.
Reporting requirements: Blocked property must be reported to OFAC within 10 business days of the blocking, and an annual report of all blocked property must be submitted by September 30 each year. Rejected transactions must also be reported to OFAC within 10 business days.
Recordkeeping: Financial institutions must retain all records related to blocked or rejected transactions for a minimum of five years. This includes the original transaction documentation, the reason for blocking or rejection, and all subsequent correspondence with OFAC.
How to Check the SDN List for OFAC Sanctions
To ensure compliance with U.S. economic and trade sanctions, it's crucial to regularly check the Specially Designated Nationals and Blocked Persons List (SDN List) from the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC). Here's how:
- Visit OFAC's Official Website: Go to OFAC's official website to access the SDN List and other sanctions programs.
- Search for Individuals or Entities: Within the OFAC SDN List, use the search function to look up specific individuals, entities, or countries. The list is searchable and frequently updated.
- Use AML Compliance Software: For efficiency, businesses and financial institutions often employ AML compliance software to automate SDN List screenings, ensuring accuracy and speed.
- Regular Screening: Maintain compliance by conducting routine screenings. The SDN List can change with new entries and updates. Staying current is vital.
- Review Positive Matches: If you find a positive match during screening, investigate further and determine whether any transactions with the matched entity are allowed under OFAC regulations.
- Report as Required: Comply with reporting requirements if you identify a match or suspicious activity. OFAC may request specific documentation related to the match.
- Stay Informed: Subscribe to OFAC updates and alerts to remain current with OFAC SDN List changes and regulatory updates.
By following these steps and regularly checking the SDN List, you can ensure that your financial transactions and business dealings align with U.S. economic and trade sanctions, reducing the risk of penalties and legal complications.
OFAC Economic Sanctions Programs
OFAC maintains several economic sanctions programs designed to promote U.S. foreign policy and national security interests. These programs target individuals, organizations, and governments that engage in activities that threaten U.S. interests, including terrorism, human rights abuses, narcotics trafficking, and weapons proliferation. AML compliance software aims to detect suspicious activities and stop these crimes.
Some of the major OFAC economic sanctions programs include:
- Iran Sanctions Program: This program targets individuals and entities involved in Iran's nuclear program, as well as those involved in supporting terrorism and human rights abuses in Iran.
- North Korea Sanctions Program: This program targets individuals and entities that support North Korea's nuclear and missile programs, as well as those involved in arms trafficking, money laundering, and human rights abuses in North Korea.
- Venezuela Sanctions Program: This program targets individuals and entities involved in corruption, human rights abuses, and narcotics trafficking in Venezuela.
- Russia Sanctions Program: This program targets individuals and entities involved in Russia's annexation of Crimea, as well as those involved in supporting separatist movements in eastern Ukraine and cyber-attacks against the U.S. government.
- Global Terrorism Sanctions Program: This program targets individuals and entities associated with designated terrorist organizations, as well as those who provide material support to such organizations.
Compliance with OFAC laws is critical for businesses and individuals engaged in international transactions. OFAC sanctions programs target individuals, entities, and countries that threaten U.S. foreign policy and national security interests, and violations of these sanctions can result in severe civil and criminal penalties. It's important to note that the US has also secondary sanctions in an effort to prevent any attempt to bypass the OFAC sanctions.
How Sanction Scanner Supports OFAC Compliance
Sanction Scanner's Fusion platform is built to support each layer of your OFAC compliance obligations.
AML Screening: At onboarding, every customer and counterparty is screened in real time against the OFAC SDN list, EU, UN, OFSI, and 3,000+ additional global watchlists. Advanced name-matching algorithms handle transliteration variations, aliases, and spelling differences that rule-based systems miss.
Transaction Screening: Every transaction is screened, flagging prohibited activity involving sanctioned parties or high-risk jurisdictions. The system supports the blocking vs. rejection distinction that OFAC requires.
Ongoing Monitoring: OFAC compliance does not end at onboarding. Fusion continuously monitors your existing customer base against updated sanctions lists, sending instant alerts when a customer is newly designated, identified as a PEP, or appears in adverse media.
Interested to have a demo? Book a demo here
