What Is OFAC?
The Office of Foreign Assets Control is the financial intelligence and enforcement agency of the United States Treasury Department, which is responsible for the administration and enforcement of economic sanctions programs against countries and individuals like terrorists and narcotics traffickers. In this blog content, we will touch upon its history, operations, programs, and more.
History of OFAC
The U.S. Department of the Treasury actually has a long history of applying economic sanctions against foreign states, which dates back to the War of 1812. During the war, Secretary Albert Gallatin administered sanctions against the UK under the Embargo Act, in retaliation for the impressment of American sailors. He was one of the first U.S. officials to implement a nationwide economic sanctions regime. Despite having predecessor agencies such as the Foreign Funds Control and the Division of Foreign Assets Control, OFAC was founded in 1950. Its role has become gradually more crucial over the years, but its importance really took off after 9/11. Today, it is one of the most powerful financial enforcement authorities in the world.
How Does OFAC Work?
OFAC enforces U.S. sanctions through two primary mechanisms: Asset freezes and transaction bans. When an individual, entity, or country is designated, any assets they hold within U.S. jurisdiction are immediately frozen, meaning they cannot access or move their funds. On the transaction side, U.S. persons and firms are prohibited from trading with, making payments to, or providing financial services to any designated party, regardless of the transaction's purpose or value.
Beyond enforcement, OFAC also administers sanctions programs and maintains the lists that define who is designated. Its most well-known output is the SDN List, which we cover in detail below.
OFAC also has licensing authority, meaning it can permit certain activities that would otherwise be prohibited. A general license pre-approves entire categories of transactions, such as humanitarian aid, so that qualifying parties can operate without seeking individual approval each time. A specific license, by contrast, is issued on a case-by-case basis for situations that fall outside any general exemption. Organizations that believe their activity may require a specific license must apply to OFAC directly and receive approval before proceeding.
Who Must Comply with OFAC Regulations?
According to OFAC’s website, all U.S. persons must comply with OFAC sanctions. These include all individuals and entities residing or incorporated in the United States. However, some non-U.S. persons are also subject to certain sanctions prohibitions such as those who cause the U.S. persons to violate sanctions and those who engage in conduct that evades U.S. sanctions.
What Are the Types of OFAC Sanctions?
OFAC sanctions fall into three categories: Country-based sanctions, sectoral sanctions, and list-based sanctions.
Comprehensive country-based sanctions target entire countries, regimes, or specific regions. OFAC prohibits nearly all imports, exports, financial transactions, services, and dealings with these countries, including their governments, citizens, and businesses. North Korea, Syria, and Cuba are among the most comprehensively sanctioned. In some cases, restrictions are more selective and target specific organizations or individuals within a country rather than applying across the board.
Sectoral sanctions restrict specific industries rather than entire economies. These are designed to limit critical sources of revenue without imposing a blanket ban on all transactions with a country. The Russian energy and finance sectors are a frequently cited example of this approach.
List-based sanctions target individuals, groups, and companies engaged in illicit activities such as terrorism, narcotics trafficking, cybercrime, and human rights violations. These are sometimes called "smart sanctions" because they are precise rather than broad. OFAC regularly designates individuals and entities under each of these programs as new threats are identified.
It is worth noting that OFAC sanctions do not apply exclusively to U.S. persons. In certain circumstances, non-U.S. companies and individuals can also be exposed to sanctions risk. For a full breakdown of how this works, see our article on secondary sanctions and how OFAC reaches non-U.S. persons.
What is OFAC Sanctions List?
OFAC maintains several sanctions lists, but the most significant is the Specially Designated Nationals and Blocked Persons List, commonly known as the SDN List. This is OFAC's strictest designation. Anyone placed on it, whether an individual, company, or government, faces two immediate consequences: all assets held within U.S. jurisdiction are frozen, and U.S. persons and firms are prohibited from conducting any trade, transactions, or financial dealings with them. The SDN List covers parties linked to terrorism, weapons of mass destruction proliferation, narcotics trafficking, human rights abuses, and a range of other serious offenses.
Beyond the SDN List, OFAC maintains several additional lists for more targeted purposes:
- Sectoral Sanctions Identifications (SSI) List: Targets specific industries rather than entire countries or individuals, such as Russian finance and energy sectors
- Foreign Sanctions Evaders (FSE) List: Covers individuals and entities that have violated or attempted to evade U.S. sanctions
- Non-SDN Palestinian Legislative Council (NS-PLC) List
- Correspondent Account or Payable-Through Account Sanctions List (CAPTA List)
- Non-SDN Menu-Based Sanctions List (NS-MBS List)
- Non-SDN Chinese Military-Industrial Complex Companies List
One critical point compliance teams often overlook: A party does not need to appear directly on any of these lists to trigger a sanctions risk. Under OFAC's 50% rule, any entity that is 50% or more owned by a designated person is itself treated as sanctioned, even if it does not appear on a list by name.
How to Check OFAC Sanctions?
The most straightforward way to check the OFAC sanctions lists is through OFAC's official Sanctions List Search (SLS) tool, available directly on the U.S. Treasury website. You can also download the SDN List and the Consolidated Non-SDN lists directly from the same source for offline use. On Sanction Scanner, you can freely check any name and company against the lists including SDN.
Manual searching works for one-off checks, but it has clear limitations. It does not scale, it requires someone to run each search individually, and it offers no protection against updates that occur between checks. For organizations that screen regularly, or that onboard customers at any volume, manual checking creates compliance gaps.
A more reliable approach is API-based screening, which integrates directly into your onboarding or payment workflows and runs checks automatically in real time. This ensures every transaction and every new customer is screened at the moment it matters, without depending on manual intervention.
Dedicated compliance platforms such as Sanction Scanner take this further by combining OFAC's SDN and non-SDN lists with broader global watchlists, PEP data, and adverse media sources in a single interface. This matters because OFAC compliance rarely exists in isolation; most regulated organizations need to screen against multiple lists simultaneously. Features like fuzzy matching and alias detection also reduce the risk of sanctioned parties slipping through under alternate names or transliterations.
Whichever method you use, documenting your screening results and maintaining an audit trail is not optional. OFAC expects organizations to be able to demonstrate that screening took place and that matches were handled appropriately.
What is the OFAC Sanctioned Country List?
There is no single definitive list of countries you cannot do business with, because the degree of restriction varies significantly by program. Some countries are subject to comprehensive sanctions that prohibit nearly all transactions, while others face partial or sectoral restrictions targeting specific industries, individuals, or government entities rather than the country as a whole.
As of 2026, the following countries and regions are subject to OFAC sanctions programs:
- Afghanistan
- Balkans
- Belarus
- Burma
- Central African Republic
- Cuba
- Democratic Republic of the Congo
- Ethiopia
- Hong Kong
- Iran
- Iraq
- Lebanon
- Libya
- Mali
- Nicaragua
- North Korea
- Somalia
- Sudan
- Syria
- Ukraine/Russia-related sanctions
- Venezuela
- Yemen
- Zimbabwe
Cuba, Iran, North Korea, and Syria are subject to the most comprehensive programs, where nearly all commercial and financial activity is prohibited. Russia faces extensive targeted sanctions covering key sectors including finance, energy, and defense, though a blanket country-wide prohibition does not apply in the same way
What Is the Regulatory Framework Governing OFAC?
OFAC operates based on a few key foundations. The first is the International Emergency Economic Powers Act (IEEPA), which is the basis for most modern sanctions. It also allows the president to regulate commerce and freeze assets. After the IEEPA, which is an older law, Trading with the Enemy Act (TWEA), also plays an important role by giving broad powers to restrict trade during wartime. There are also Executive Orders, which are issued by the president to declare national emergencies and authorize targeted sanctions.
How to Detect and Prevent Sanctions Violations
OFAC’s “A Framework for OFAC Compliance Commitments” strongly recommends employing a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP).
Furthermore, OFAC guidance also states that entities should continuously screen customers, counterparties, vendors, and transactions against the OFAC’s SDN and non-SDN lists through up-to-date data. According to the BSA/AML Manual, an effective program should be able to identify suspect accounts and transactions, and report blocked and rejected transactions to OFAC.
There are also preventive measures that you can take within your organization. For example, you can develop written policies and procedures, segregate duties, detail approval processes, and set escalation triggers. Using AML solutions can especially help with these steps.
Also, do not neglect training your staff so that they can better recognize red flags and understand sanctions requirements, which is among the five essential components of the OFAC’s framework.
Lastly, OFAC expects you to conduct independent tests and audits of the sanctions compliance program to see whether your policies are effective or not. In the case of a possible violation, consider Voluntary Self-Disclosure (VSD) to OFAC. A qualifying VSD may lead to mitigation, such as up to a 50% reduction in the proposed civil penalty.
OFAC vs. Other Global Sanctions Regulators
While OFAC is one of the most influential sanctions authorities in the world, it doesn’t have direct control internationally. Its reach often only extends through secondary sanctions. Therefore, we believe it is worthwhile to mention other key regulators.
Let’s start with the European Union (EU), which adopts sanctions through the Council of the EU and expects each member state to enforce its regulations.
Similarly, the UN is worth mentioning due to its global role. Under Chapter VII of the UN Charter, the UN’s sanctions committees impose sanctions that bind all UN member states. However, implementation depends on each country’s national legislation to a certain extent.
In the UK, on the other hand, the OFSI (Office of Financial Sanctions Implementation) is the main regulator and operates under HM Treasury. The OFSI maintains the UK Sanctions List and issues guidance, licenses, and penalties. Since Brexit, it has been pursuing an independent sanctions policy.
Let’s finish this section with Canada, where the GAC (Global Affairs Canada) operates as the main sanctions regulator. It maintains the Consolidated Canadian Autonomous Sanctions List, which includes persons and entities subject to Canadian sanctions. It also provides guidance on licensing and humanitarian exceptions, just like OFAC.
| Feature / Authority | OFSI (UK) | OFAC (USA) | EU Council | UN Security Council | FINTRAC (Canada) |
| Jurisdiction | United Kingdom | United States (and global USD transactions) | European Union member states | All UN member states (via national implementation) | Canada |
| Legal Basis | Sanctions and Anti-Money Laundering Act 2018 (SAMLA) | International Emergency Economic Powers Act (IEEPA), etc | Common Foreign and Security Policy (CFSP) decisions | UN Charter (Chapter VII) | Proceeds of Crime (Money Laundering) and Terrorist Financing Act |
| Autonomy | Fully autonomous post-Brexit | Fully autonomous | Requires consensus of all member states | Not autonomous (requires national transposition) | Autonomous national regulator |
| List Name | Consolidated List of Financial Sanctions Targets | Specially Designated Nationals (SDN) & Sectoral Sanctions | EU Consolidated Sanctions List | UN Consolidated Sanctions List | N/A (uses UN, domestic, and other lists for guidance) |
| Penalty Power | Civil & criminal penalties; up to £1M or 50% of breach value | Up to $1M per violation + criminal charges | Implemented by each member state; penalties vary | No enforcement; relies on member states | Administrative penalties and reporting obligations |
| Licensing Regime | Yes – licenses granted by OFSI | Yes – licenses granted by OFAC | Yes – but handled at national level | No licensing authority | Yes – limited scope |
Sanction Scanner’s Role in OFAC Compliance
Most importantly, we enable automated screening against the Specially Designated Nationals (SDN) Lists and the consolidated non-SDN lists so that you remain compliant with OFAC by avoiding any action with sanctioned individuals, entities, or countries. Besides OFAC, our database includes numerous watchlists, PEP (Politically Exposed Persons) data, and adverse media sources. Also, we update these lists every 15 minutes, encompass more than 220 countries, and check more than 3000 data points.
This way, you can detect potential matches against these lists, monitor updates, reduce false positives through advanced filtering and AI-driven matching, and maintain complete audit trails. These are only part of what we offer. If you would like to find out more, do not hesitate to request demo.
FAQ's Blog Post
The Office of Foreign Assets Control (OFAC) is a U.S. Treasury Department agency responsible for enforcing economic and trade sanctions based on U.S. foreign policy and national security goals.
OFAC stands for the Office of Foreign Assets Control, a branch of the U.S. Treasury Department that oversees and implements sanctions programs to combat terrorism, money laundering, narcotics trafficking, and other threats.
In banking, OFAC refers to regulations requiring financial institutions to screen customers and transactions against sanction lists. Banks must ensure they do not process payments involving individuals or entities blacklisted by OFAC.
The Specially Designated Nationals (SDN) list is a directory of individuals, companies, and organizations sanctioned by OFAC. U.S. persons and entities are prohibited from engaging in any transactions with names on the SDN list.
To apply for an OFAC license, individuals or organizations must submit a detailed application via OFAC’s online portal. Licenses are required for transactions that would otherwise be prohibited under sanctions regulations.
Violating OFAC rules can lead to severe penalties, including hefty fines, asset freezes, and criminal charges. U.S. businesses must implement compliance programs to avoid accidental dealings with sanctioned parties.
Yes, Russia is subject to multiple OFAC sanctions related to its actions in Ukraine, cyber activities, and election interference. These include restrictions on individuals, banks, defense firms, and key economic sectors.
All U.S. citizens, permanent residents, companies, and financial institutions must comply with OFAC rules, regardless of where they operate. Non-U.S. entities may also face secondary sanctions if they violate OFAC restrictions.
OFAC updates its sanctions lists—including the SDN list—regularly, sometimes weekly. Businesses must use real-time screening tools to stay compliant with the latest updates and avoid violations.
