The OFAC Sanctions List: A Complete Guide

7 mins

What are OFAC sanctions and why should you care about them?

One of the most powerful US agencies battling financial crime is the Office of Financial Assets Control, which enforces US sanctions across the world. It publishes the OFAC Sanctions List to aid the international war against terrorism, drug trafficking, and money laundering.

OFAC’s primary means of exercising authority is to closely monitor foreign commercial activity and prosecute or fine financial institutions and firms that are found to be in breach of US policy.

Organisations that find themselves in breach of any US sanctions are urged to disclose the infraction to OFAC, albeit they are not obligated to do so. This makes self-reporting to OFAC a business decision, one that is exacerbated by the fact that OFAC isn’t afraid to strike severe fines on offenders who don’t self-report. OFAC penalised UniCredit Bank and Standard Chartered Bank a total of $2.2 billion in 2019 for breaching various sanctions, and OFAC has initiated 18 measures totalling more than $18 million in 2020.

OFAC’s former focus on financial institutions has expanded to include more investigations into corporate malfeasance, particularly in the tech sector, which has prompted many multinational corporations to re-evaluate their anti-money laundering (AML) screening protocols in light of OFAC’s broad reach and strong influence.

What is the OFAC sanctions list?

A sanctions list is a publicly accessible list of corporations, organisations, or persons who have been subjected to economic and/or legal penalties. Doing business with sanctioned firms, organisations, or people is banned. Sanctions lists are used to combat international terrorism, money laundering and other financial crimes. Crimes like trafficking and terrorism are minimised by by depriving individuals, organisations and institutions associated with terrorist activity of funds and economic resources. Services, products, rental arrangements, and the transfer of property or technology are all examples of economic resources. Following the September 11 terrorist attacks, anti-terrorism penalties were stepped up. Since then, banks, companies, organisations, and individuals suspected of having ties to terrorism have been subjected to further scrutiny.

OFAC refers to sanctioned individuals, businesses, and organisations as Specially Designated Nationals (SDNs), and they are included on the SDN list. SDNs’ assets have been frozen and conducting business with them is illegal. On the OFAC website, you may see the most recent SDN list.

Who has to comply with OFAC sanctions?

OFAC sanctions must be followed by all people, banks, financial services organisations, and other obliged institutions operating under US authority. This includes incorporating an OFAC sanctions search into internal AML/CFT systems and ensuring that new customers and clients are vetted against the list before a commercial connection begins.

Individuals implicated in sanctions violations face penalties of up to $20 million and jail terms of up to 30 years. Certain sanctions exemptions are granted by OFAC and can be acquired by submitting an application to the Treasury Department.

Every business, regardless of size or sector, is required to take reasonable precautions to avoid terrorism, trafficking and other financial crimes. Every corporation must do due diligence checks on its business partners in order to comply with these requirements. This is true not just for new business connections (onboarding due diligence), but also for existing ones (ongoing due diligence). This has to be documented.

Why do OFAC sanctions lists have to be checked?

To conduct legally acceptable commercial transactions, a sanctions list check is necessary. Failure to conduct these checks might result in legal ramifications. If sanctions lists are disregarded and sanctioned individuals, corporations, or organisations gain financial or economic resources, hefty penalties or even a prison sentence may be imposed.

In the case of a violation, the prime targets of such penalties or sentences are the company’s executives. The personnel in charge of exports inside the firm may be threatened with such a punishment or imprisonment in some situations.


When should sanctions lists be checked?

When getting into a new commercial connection, an organisation is required to verify sanctions lists. However, it is just as important to conduct regular reviews of existing business partnerships to ensure that no financial or economic resources end up in the hands of sanctioned individuals.

How often should sanctions lists be checked?

There is no indication in the duty to verify how often sanctions lists must be examined. Nonetheless, a fundamental concept applies: reasonable efforts must be done to prevent sanctioned enterprises, organisations, or persons from receiving financial or economic resources, in both economic and technological terms. As a result, it’s critical to keep an eye on sanctions lists, sanctions programmes, nationalities lists, consolidated sanctions, and sectoral sanctions on a regular basis, as they’re constantly updated and increased. Sanctions list checks should run automatically as the optimal option. This guarantees that all necessary inspections are carried out in order to reduce your risks.

OFAC AML Compliance Regulations

The US has clearly stated their obligations with financial institutions regarding AML regulations in compliance with FATF. All of the US persons, including banks, bank holding companies, and nonbank subsidiaries, should comply with OFAC’s regulations. The laws and OFAC regulations apply to US banks, their domestic branches, agencies, and international banking facilities, and to their foreign branches, and overseas offices and subsidiaries. Banks should take a risk-based approach when designing and implementing an OFAC AML compliance programme, they are thus required to:

  • Identify and block accounts and other properties of targeted individuals, countries, and entities.
  • Prevent/reject unlicensed trade and financial transactions with targeted individuals, countries, and entities.

Blocked Transactions

According to the US law, assets and accounts of an OFAC specific country, entity, or individual should be blocked. The assets and properties may include anything of direct, indirect, present, future, or contingent value (including all financial transactions). Banks need to block transactions that are by or on behalf of, to or go through a blocked individual or entity or even in connection with a transaction in which they have an interest.

Prohibited Transactions

If a transaction is prohibited without any blockable interest in the transaction, which means that if the transaction is not accepted, there is no OFAC requirement to block the assets. In such a case the transaction is simply rejected (i.e., it is not processed). The regulations under OFAC specific prohibitions which are against certain individuals, countries, and entities that are separate and distinct from the provision within the AML regulations. AML regulations require banks to compare new accounts against existing or suspected terrorists or terrorist organisations within a reasonable timeframe once the account is opened.

OFAC Licenses

After a licensing process, OFAC carries authority to permit certain transactions that would otherwise be prohibited under OFAC’s regulations. It can issue a license to engage in an otherwise prohibited transaction when it is determined that the transaction does not undermine or is otherwise justified by the US national security or foreign policy objectives of the particular sanctions program.

Keep track of your due diligence

Irrespective as to whether you uncover something during your due diligence review, it’s vital to keep track of your due diligence checks to show that you’ve met your obligations. It’s also crucial to keep note of the checks you’ve performed and the results you’ve obtained for your records.

AML OFAC Reporting

Banks must assign a money laundering reporting officer (MLRO) who, if they see sufficient suspicion, can generate reports on money laundering and disclose it to the relevant authorities properly. The reporting officer plans the legislation for the development of AML policies, systems, and procedures to ensure effective implementation and that the customers know and can execute Customer Due Diligence (“CDD”). All account blockings and prohibited transactions that are rejected should be reported to OFAC within 10 business days of the transactions. Each rejected transaction’s record should be well maintained by the bank. Blocked property, including blocked transactions, should be recorded for five years even after the property is unblocked.

OFAC Compliance Programmes

To mitigate the risk of non-compliance with OFAC requirements and generally as a sound banking practice, banks should establish and maintain an effective, written OFAC AML compliance programme. The compliance program should commensurate with the OFAC risk profile based on products, services, customers, and geographic locations. OFAC AML compliance programmes should include:

  1. Identifying higher-risk areas,
  2. Providing for appropriate internal controls for screening and reporting,
  3. Establishing independent testing for compliance,
  4. Designating a bank employee or employees as responsible for OFAC compliance
  5. Creating training programs for appropriate personnel in all relevant areas of the bank.


OFAC Risk Assessment

A sound OFAC compliance programme is one which includes a bank’s assessment for specific product lines, customer base, and nature of transactions and identification of the higher-risk areas for potential OFAC sanctions risk. The initial identification of higher-risk customers for purposes of OFAC may be performed as part of the bank’s CDD procedures. Banks ought to consider all types of transactions when conducting risk assessment and establishing appropriate policies, procedures, and processes. Accounts which are new should ideally be compared with OFAC lists prior to being opened. In evaluating the level of risk, a bank should exercise judgment and take into account all the risk indicators. Here are some examples of products, services, customers, and geographic locations that can carry a higher level of OFAC risk:

  • Foreign funds transfers
  • Alien accounts of non-residents
  • Foreign customer or correspondent bank accounts
  • Transactional electronic banking
  • Payable through accounts
  • Concentration accounts
  • International private banking
  • Overseas branches or subsidiaries


Why is it important to have a sanctions screening tool?

There are no legislative requirements for how you must verify sanction lists. However, as a corporation, you have the difficulty of finding a way to thoroughly and cost-effectively review the numerous sanctions lists without disturbing your daily operations. Manual checks would be hard and time-consuming due to the large number of sanctions lists to be verified and can also easily lead to human error. Finding an automated system to complete these mandatory tests makes sense and is the simplest way to reach the compliance standards that regulators like OFAC require.

Speak to a member of the team to get more information about our screening tool today.

Smart Screening Banner