OFAC Overview & Authority
The Office of Foreign Assets Control (OFAC) is a division of the U.S. Department of the Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. For trading platforms and financial institutions, OFAC compliance is not optional—it's a federal legal requirement with severe civil and criminal penalties for violations.
OFAC operates under presidential national emergency powers and specific legislation to impose controls on transactions and freeze assets under U.S. jurisdiction. Sanctions can be country-based (comprehensive sanctions against entire countries) or list-based (targeting specific individuals, entities, vessels, and aircraft).
Strict Liability Standard
OFAC violations are subject to strict liability. This means you can be penalized even if the violation was unintentional or you had no knowledge that a transaction involved a sanctioned party. Lack of awareness is not a defense. This makes robust screening and due diligence essential.
OFAC's Legal Authority
OFAC derives its authority from several key statutes:
- Trading with the Enemy Act of 1917 - Authority during wartime and national emergencies
- International Emergency Economic Powers Act (IEEPA) - Primary authority for most modern sanctions programs
- USA PATRIOT Act - Enhanced counter-terrorism financial controls
- Foreign Narcotics Kingpin Designation Act - Sanctions against international drug traffickers
- Countering America's Adversaries Through Sanctions Act (CAATSA) - Russia, Iran, North Korea sanctions
- National Defense Authorization Act (NDAA) - Various sanctions authorities including Chinese military-industrial complex
Who Must Comply?
OFAC regulations apply to all U.S. persons—including citizens, permanent residents, entities organized under U.S. law, and any person within the United States—as well as foreign entities owned or controlled by U.S. persons. If your trading platform serves U.S. customers or operates in U.S. jurisdiction, you must comply with OFAC sanctions.
Sanctions Programs & Lists Overview
OFAC maintains multiple sanctions programs and publishes several lists that financial institutions must screen against. Understanding the differences between these lists and programs is critical for effective compliance.
Types of Sanctions Programs
| Program Type | Description | Examples |
|---|---|---|
| Comprehensive Sanctions | Broad prohibitions on virtually all transactions with a target country | Cuba, Iran, North Korea, Syria, certain regions of Russia/Ukraine |
| List-Based Sanctions | Target specific individuals, entities, and vessels regardless of location | SDN List, Sectoral Sanctions Identifications (SSI) List |
| Sectoral Sanctions | Prohibit specific types of transactions with designated entities in certain sectors | Russia energy, financial, and defense sectors |
| Secondary Sanctions | Target non-U.S. persons for activities with sanctioned jurisdictions | Iran-related secondary sanctions, Russia-related measures |
OFAC Lists Comparison
Primary OFAC Sanctions Lists
| List Name | Entries | Prohibition | Update Frequency |
|---|---|---|---|
| SDN List Specially Designated Nationals and Blocked Persons |
~11,000+ | All transactions prohibited; assets must be blocked | Weekly or more |
| SSI List Sectoral Sanctions Identifications |
~300+ | Limited prohibitions based on directive (e.g., debt financing over 90 days) | As needed |
| FSE List Foreign Sanctions Evaders |
~90 | All transactions prohibited | As needed |
| Non-SDN Menu-Based Menu-based sanctions entities |
Varies | Certain sanctions apply (varies by program) | As needed |
| CMIC List Chinese Military-Industrial Complex |
~60 | Prohibition on securities transactions by U.S. persons | Periodic updates |
SDN List Screening Requirements
The Specially Designated Nationals and Blocked Persons List (SDN List) is OFAC's primary sanctions list. It identifies individuals, entities, vessels, and aircraft whose property and interests in property are blocked under U.S. sanctions programs. U.S. persons are generally prohibited from dealing with SDNs.
SDN List Contents
The SDN List includes comprehensive identifying information:
- Names: Primary names and known aliases (also known as, a.k.a.)
- Addresses: Known addresses and locations
- Identification Numbers: Passport numbers, national ID numbers, tax IDs, registration numbers
- Dates of Birth: Full or partial dates of birth
- Nationality: Country of citizenship or incorporation
- Additional Information: Former names, weak aliases, vessel details, aircraft details
- Programs: Which sanctions programs apply to each entry
SDN List Sources and Updates
Trading platforms must access the most current SDN List data:
- OFAC website (treasury.gov/ofac)
- SDN List downloadable files (TXT, CSV, XML, PDF)
- Consolidated Sanctions List (all OFAC lists combined)
- Sanctions List Search tool (online lookup)
- Updates posted irregularly (often weekly)
- Breaking sanctions may be announced suddenly
- Email notification service available
- RSS feed for automated monitoring
- Pipe-delimited TXT file (legacy)
- CSV format (structured data)
- XML format (machine-readable)
- PDF format (human-readable)
- Automated daily downloads
- Third-party screening vendor integration
- API-based screening services
- Real-time web service queries
List Update Timing
OFAC can add new entries to the SDN List at any time, often with little or no advance notice. Major geopolitical events can trigger sudden sanctions designations affecting hundreds of entities. Your screening system must update lists at least daily, and you should monitor OFAC announcements for breaking sanctions that require immediate action.
The 50 Percent Rule
One of the most critical—and frequently misunderstood—aspects of OFAC compliance is the "50 Percent Rule." This rule significantly expands the scope of blocked persons beyond those explicitly listed on the SDN List.
50 Percent Rule Explained
OFAC's 50 Percent Rule states that entities owned 50% or more, directly or indirectly, by one or more SDNs are themselves considered blocked persons, even if they are not explicitly included on the SDN List. This applies regardless of whether the ownership is held by a single SDN or multiple SDNs in the aggregate.
Automatic Blocking Without Listing
Under the 50 Percent Rule, an entity can be blocked even though it does not appear on any OFAC list. U.S. persons must conduct their own analysis of ownership structures to identify blocked entities. This creates significant due diligence obligations, particularly for complex corporate structures.
50 Percent Rule Application
| Scenario | Ownership Structure | Blocked Status |
|---|---|---|
| Direct Majority Ownership | SDN owns 50% or more of Entity A | Entity A is blocked |
| Multiple SDN Ownership | SDN 1 owns 30%, SDN 2 owns 25% of Entity B | Entity B is blocked (55% aggregate SDN ownership) |
| Indirect Ownership | SDN owns 100% of Entity C; Entity C owns 60% of Entity D | Both Entity C and Entity D are blocked |
| Layered Ownership | SDN owns 80% of Entity E; Entity E owns 80% of Entity F | Both Entity E (80% SDN-owned) and Entity F (64% indirect SDN ownership) are blocked |
| Below Threshold | SDN owns 49% of Entity G | Entity G is NOT automatically blocked (but enhanced due diligence recommended) |
Compliance Implications
The 50 Percent Rule requires trading platforms to:
- Identify Beneficial Owners: Collect and verify beneficial ownership information for entity customers (25% threshold under CDD rules is insufficient for OFAC purposes)
- Analyze Ownership Structures: Trace ownership chains to identify SDN ownership at any level
- Monitor Ownership Changes: Re-assess when ownership changes or new SDNs are designated
- Document Analysis: Maintain records of your 50 Percent Rule analysis and determinations
- Block Property Immediately: Freeze assets of entities determined to be 50%-or-more SDN-owned
Practical Challenges
The 50 Percent Rule creates substantial compliance challenges. Ownership structures can be complex, opaque, and change frequently. Many jurisdictions do not require public disclosure of beneficial ownership. For high-risk customers or jurisdictions, enhanced due diligence including independent verification of ownership may be necessary. Consider contractual representations and periodic re-certification of ownership structures.
Screening Frequency Requirements
Effective OFAC compliance requires screening at multiple points in the customer lifecycle and transaction flow. A risk-based approach determines the appropriate frequency and depth of screening.
When to Screen
- Screen before account opening
- Check individual names and entity names
- Verify beneficial owners (50% rule)
- Screen addresses and nationalities
- Block account if match confirmed
- Real-time screening of payments
- Screen all transaction parties
- Check originators and beneficiaries
- Review payment instructions/references
- Interdiction before processing
- Daily or weekly batch re-screening
- Re-screen when SDN List updates
- Quarterly or annual customer review
- Monitor for ownership changes
- Continuous geographic screening
- Customer name or address changes
- New beneficial owner disclosed
- New sanctions program announced
- Geopolitical developments
- Unusual transaction patterns
Screening Frequency Best Practices
| Screening Type | Minimum Frequency | Higher-Risk Frequency | Rationale |
|---|---|---|---|
| Customer Onboarding | Before account approval | Real-time during application | Prevent SDN accounts from opening |
| Transaction Processing | Real-time for all transactions | Enhanced screening for high-value/cross-border | Prevent prohibited transactions |
| Customer Database Screening | Weekly against updated lists | Daily or upon each list update | Identify newly-designated SDNs in existing customer base |
| Beneficial Ownership Review | Annually for entity accounts | Quarterly or upon material events | Detect ownership changes triggering 50% rule |
| Geographic Risk Screening | Continuous IP/location monitoring | Enhanced for VPN/proxy detection | Block access from sanctioned jurisdictions |
Automated Re-Screening
Leading trading platforms implement automated batch re-screening that runs whenever OFAC updates its sanctions lists. When new SDNs are designated, the system immediately screens all existing customers and accounts against the new entries, generating alerts for review. This approach ensures rapid detection of newly-sanctioned parties and minimizes exposure.
Screening Workflow & Name Matching
Effective OFAC screening requires sophisticated name-matching technology and well-defined investigation workflows. Simple exact-match searches are insufficient given name variations, transliterations, and data quality issues.
Name Matching Techniques
| Technique | Description | Use Case | Pros/Cons |
|---|---|---|---|
| Exact Match | Character-for-character identical match | Initial filter; high-confidence hits | Fast, no false positives; misses variations |
| Fuzzy Matching | Allows for variations using Levenshtein distance or similar algorithms | Primary screening method | Catches misspellings; generates false positives |
| Phonetic Matching | Matches names that sound similar (Soundex, Metaphone) | Transliterations from other alphabets | Handles pronunciation variations; language-dependent |
| Nickname/Alias Matching | Database of known aliases and name variants | Individuals using multiple names | Comprehensive; requires database maintenance |
| Weak Alias Matching | Broader matching for low-quality OFAC aliases | When OFAC lists uncertain names | Catches edge cases; very high false positives |
Common Screening Challenges
- Transliteration Issues: Arabic, Cyrillic, Chinese names spelled multiple ways in Latin alphabet (e.g., "Mohammed" vs. "Muhammad" vs. "Mohamed")
- Name Order Variations: Family name first vs. given name first varies by culture
- Partial Names: Single names, initials only, or incomplete data
- Corporate Name Variations: Abbreviations (Corp, Ltd, Inc, LLC), punctuation differences, legal form variations
- Address Matching: Street abbreviations (St vs Street), city name changes, transliteration issues
- Date of Birth Variations: Different date formats (MM/DD/YYYY vs DD/MM/YYYY), incomplete dates (year only, circa)
- Special Characters: Diacritical marks, hyphens, apostrophes, spacing inconsistencies
Screening Workflow
OFAC Screening & Investigation Workflow
System screens customer/transaction data against OFAC lists using fuzzy logic; generates alerts for potential matches
Alerts sorted by match score/confidence; high-confidence matches escalated immediately; lower-confidence matches queued for review
Analyst compares customer data to SDN entry; reviews name, address, DOB, ID numbers, nationality; determines if match is possible
For unclear cases, gather additional information; review supporting documentation; check additional identifiers; research entity relationships
Determine: True Match (block/reject) or False Positive (clear/process); document decision rationale; escalate uncertain cases
True Match: Block assets, file OFAC report; False Positive: Clear alert, process transaction; maintain audit trail of decision
False Positive Resolution Procedures
Aggressive fuzzy matching generates high false positive rates—often 95%+ of initial matches are false positives. Efficient false positive resolution is critical to operational effectiveness while maintaining compliance integrity.
False Positive Investigation Framework
Analysts should systematically compare identifying information:
False Positive Analysis Checklist
- Compare full name against SDN name and all aliases
- Check if customer address matches or is near SDN address
- Compare date of birth (if available) with SDN date of birth
- Verify nationality against SDN nationality or citizenship
- Check ID numbers (passport, national ID, tax ID) against SDN identifiers
- Review customer occupation/business vs. SDN description
- For entities, compare corporate registration details
- Assess whether additional context makes match plausible
- Consider whether customer could be using alias or false identity
- Document specific reasons for clearing as false positive
- Escalate uncertain cases to senior compliance officer
- Maintain audit trail of investigation and decision
Match Quality Factors
| Factor | Strong Match Indicator | Weak Match Indicator |
|---|---|---|
| Name Match | Exact match or very close variation | Common name, different middle name or spelling |
| Address | Same city and country, or close proximity | Different country or distant location |
| Date of Birth | Exact match or within 1-2 years | Significantly different age or no DOB for SDN |
| Nationality | Same citizenship or strong connection | Completely different nationality with no connection |
| Identifiers | Matching passport, ID, or registration number | Different ID numbers |
| Context | Business type, occupation, or associates align | Implausible that customer could be SDN |
Common Name Problem
Common names generate disproportionate false positives. For example, "Mohammed Ali" or "John Smith" may match thousands of individuals who are not the sanctioned person.
Common Name Screening Strategy
For very common names, implement additional verification steps: collect and verify date of birth, full address, nationality, and identification documents. Consider secondary identifiers such as email addresses, phone numbers, or IP geolocation. Document your rationale for clearing common name matches and consider enhanced monitoring for these accounts.
Documentation Requirements
For every screening alert (whether true or false positive), maintain:
- Date and time of screening alert
- Customer/transaction details that triggered alert
- SDN entry or entries that generated the match
- Match score or confidence level from screening system
- Investigation steps taken and information reviewed
- Identity of analyst who investigated the alert
- Rationale for determination (true match vs. false positive)
- Approval or escalation if required by procedures
- Date and time of final decision
- Any actions taken (blocking, rejection, clearing)
Blocking Procedures When Hits Occur
When screening identifies a confirmed or likely SDN match, you must take immediate action to block the property and interests in property of the SDN. Blocking means prohibiting any transaction or dealing and freezing assets under your control.
Rejection vs. Blocking
It's critical to distinguish between rejection and blocking:
| Action | When Required | Procedure | Reporting |
|---|---|---|---|
| Rejection | Transaction involves sanctioned country but no SDN property interest | Refuse/reject the transaction; do not process | No blocking report to OFAC (maintain internal records) |
| Blocking | Property or property interest of an SDN | Freeze assets, prohibit all dealings, segregate funds | File blocking report with OFAC within 10 business days |
What Must Be Blocked
Under OFAC regulations, you must block all property and interests in property of SDNs. This includes:
- Account Balances: Cash balances in checking, savings, brokerage, or trading accounts
- Securities Positions: Stocks, bonds, options, futures, and other securities owned by SDNs
- Cryptocurrency Holdings: Digital asset balances in custodial wallets or platform accounts
- Pending Transactions: Deposits, withdrawals, or transfers in process
- Collateral or Margin: Assets pledged or held as collateral
- Payment Streams: Future payments, dividends, or distributions owed to SDNs
- Beneficial Interests: Any ownership or control interest in property
Blocking Procedures Timeline
No Delay Permitted
Blocking must occur immediately upon identifying an SDN match—do not wait for further investigation or the 10-day reporting deadline. Even a few hours of delay in blocking can constitute a violation. Implement automated account freezing capabilities that can execute instantly upon compliance approval.
Blocking Notification to Customer
You may need to notify the customer that their assets have been blocked, but must be careful not to "tip off" or assist sanctions evasion:
- Provide general notice that assets are blocked pursuant to U.S. sanctions regulations
- Do not provide detailed reasons or OFAC list entries
- Refer customer to OFAC for information about their status
- Do not provide advice on how to unblock funds or evade sanctions
- If blocking is erroneous, work with OFAC to obtain authorization to unblock
Reporting Requirements to OFAC
When you block property of an SDN, you must report the blocking to OFAC within specific timeframes. There are several types of OFAC reports trading platforms may need to file.
Initial Blocking Report (Within 10 Business Days)
Required information for initial blocking reports:
- Reporter Information: Your company name, address, contact person, phone, email
- Blocked Person Information: Name, address, date of birth, nationality, identification numbers of the SDN
- Date of Blocking: Exact date when property was blocked
- Property Description: Detailed description of blocked property (account numbers, balances, securities positions)
- Property Value: Estimated or actual value in U.S. dollars
- Basis for Blocking: Which sanctions program and SDN list entry triggered blocking
- Supporting Documentation: Copies of account statements, transaction records, identification documents
- Additional Context: How the SDN came to have property with your institution
Annual Report of Blocked Property (Due September 30)
All financial institutions holding blocked property must file an annual report by September 30 each year reporting blocked assets held as of June 30. This report updates OFAC on all blocked property in your custody.
Rejected Transaction Records
While no formal report to OFAC is required for rejected transactions (those involving sanctioned countries but no SDN property interest), you must maintain detailed internal records:
- Date of rejection
- Name and identifying information of sanctioned party
- Sanctioned country or program involved
- Nature and value of the rejected transaction
- Reason for rejection
- Investigation and decision-making documentation
Filing Methods
OFAC blocking reports should be submitted:
- Email: ofac.recip@treasury.gov (for blocking reports)
- Online Portal: OFAC Reporting Portal for annual reports and certain programs
- Mail: Office of Foreign Assets Control, U.S. Department of the Treasury, 1500 Pennsylvania Avenue NW, Washington, DC 20220
Unblocking Requires OFAC Authorization
Once property is blocked, you may not unblock or release it without specific authorization from OFAC, even if you later determine the blocking was in error. If you believe blocking was erroneous, you must seek an OFAC license to unblock. Never unblock property on your own determination without OFAC approval.
License Application Process
In certain circumstances, you or your customer may need to request a license from OFAC to engage in a transaction that would otherwise be prohibited. OFAC issues two types of licenses: general licenses (pre-authorized categories) and specific licenses (individual applications).
General Licenses vs. Specific Licenses
| License Type | Description | Application Required? | Examples |
|---|---|---|---|
| General License | Pre-authorized categories of transactions published in sanctions regulations | No application; can rely if transaction fits published criteria | Humanitarian aid, informational materials, personal remittances (if authorized) |
| Specific License | Individual authorization for a specific transaction or set of transactions | Yes; must submit detailed application and await written approval | Unblocking mistakenly blocked funds, legal fee payments, wind-down activities |
When to Seek a Specific License
Common scenarios requiring specific license applications:
- Unblocking Erroneous Blocks: When you determine blocking was in error but need OFAC confirmation to release funds
- Closing Blocked Accounts: Authorization to liquidate and transfer blocked assets to OFAC or designated account
- Payment for Legal Services: Authorization for blocked person to pay attorneys for legal representation
- Humanitarian Transactions: Emergency medical expenses or subsistence needs (case-by-case)
- Debt Payments: Authorization to receive debt payments from sanctioned parties
- Administrative Expenses: Authorization to deduct fees from blocked accounts
Specific License Application Process
OFAC Specific License Application Workflow
Review published general licenses in relevant sanctions program regulations; if none authorizes your transaction, proceed with specific license application
Collect: detailed transaction description, parties involved, amounts, justification, supporting documents, proposed compliance measures
Use OFAC's online licensing portal or submit by mail/email; include all required information and attachments; request expedited review if urgent
OFAC reviews application; may request additional information; typical review time 90-180 days but can be longer; no transaction permitted during review
OFAC issues: written approval (may include conditions), denial, or return without action; if approved, comply with all license terms and conditions
No Presumption of Approval
Submitting a license application does not authorize you to proceed with the transaction while awaiting OFAC's decision. The transaction remains prohibited until and unless OFAC grants a specific license in writing. Plan for potentially lengthy review periods and have no expectation of approval.
Third-Party Screening Tools Comparison
Most trading platforms implement OFAC screening through third-party software vendors rather than building proprietary solutions. Selecting the right screening tool is critical to compliance effectiveness and operational efficiency.
Leading OFAC Screening Solutions
Selection Criteria for Screening Tools
When evaluating OFAC screening vendors, consider:
- Data Sources: Coverage of OFAC and other global sanctions lists (UN, EU, UK, etc.)
- Update Frequency: How quickly new sanctions are incorporated (real-time vs. daily)
- Matching Technology: Quality of fuzzy logic, phonetic matching, and false positive management
- API Integration: Ease of integration into your onboarding and transaction workflows
- Case Management: Tools for alert investigation, documentation, and workflow
- Audit Trail: Comprehensive logging of all screening activity and decisions
- Crypto Support: Ability to screen cryptocurrency wallets and transactions (if applicable)
- Performance/Scalability: Response time and ability to handle your transaction volume
- Pricing Model: Per-check, subscription, or enterprise licensing
- Support & SLA: Technical support, uptime guarantees, compliance expertise
Dual-Vendor Strategy
Some high-risk or high-volume platforms implement dual screening vendors for critical transactions or onboarding. Running parallel screens through two independent systems provides additional assurance and can catch matches that one system might miss. While more expensive, this approach significantly reduces risk for platforms with substantial sanctions exposure.
OFAC Compliance Implementation Checklist
Use this comprehensive checklist to implement or enhance your OFAC sanctions screening program.
Complete OFAC Compliance Checklist
- Designate a Sanctions Compliance Officer with authority and resources
- Conduct written OFAC risk assessment specific to your trading platform
- Develop comprehensive written OFAC compliance policies and procedures
- Implement automated OFAC screening software with API integration
- Screen all customers at onboarding against SDN and other OFAC lists
- Screen all transactions in real-time or near-real-time before processing
- Configure fuzzy logic and name-matching algorithms with appropriate thresholds
- Establish written procedures for investigating and resolving screening alerts
- Implement 50% ownership rule analysis for entity customers
- Collect and verify beneficial ownership information (minimum 25%, recommend 50%)
- Implement IP geolocation and geographic blocking for sanctioned countries
- Collect and verify customer address and nationality information
- Subscribe to OFAC list updates and re-screen customers when lists change
- Develop written procedures for blocking assets and reporting to OFAC
- Create alert escalation procedures for potential SDN matches
- Establish 10-day blocking report timeline and procedures
- Train all relevant personnel on OFAC requirements annually
- Maintain comprehensive audit trail of all screening and decisions
- Document false positive determinations with clear rationale
- Conduct independent testing or audit of OFAC controls annually
- Monitor OFAC guidance, general licenses, and sanctions program updates
- Include OFAC compliance representations in customer agreements
- Develop procedures for license applications when needed
- Establish recordkeeping systems for rejected and blocked transactions (5 years)
- Prepare incident response plan for potential violations and voluntary self-disclosure
- For crypto platforms: implement wallet screening and blockchain analytics
- Establish management reporting on OFAC screening metrics and issues
- Review and update OFAC program at least annually or when material changes occur
Next Steps
Begin by conducting an OFAC risk assessment tailored to your trading platform's specific products, customers, and geographic footprint. Based on your risk profile, select appropriate screening technology, develop detailed written procedures, and train your team. OFAC compliance is an ongoing commitment requiring continuous monitoring, testing, and enhancement as sanctions programs evolve.