
US
OFAC Sanctions Guidelines
Regulation Summary
- Establishment: OFAC was formally established in December 1950, following the Chinese intervention in the Korean War, to administer economic sanctions programs.
- Ongoing Updates: Sanctions programs are continually updated to address emerging global threats and foreign policy objectives.
- Financial Institutions: Banks and other financial entities must ensure they do not process transactions involving sanctioned individuals or entities.
- Exporters and Importers: Companies involved in international trade must verify that their business partners are not on OFAC's sanctions lists.
- Insurance Companies: Insurers need to ensure they are not underwriting policies for sanctioned parties.
- Technology Firms: Companies offering digital services or products internationally must prevent access by sanctioned countries or individuals.
- General Licenses: OFAC may issue general licenses authorizing certain transactions that would otherwise be prohibited, such as specific humanitarian activities.
- Specific Licenses: Businesses can apply for specific licenses to conduct transactions that are otherwise restricted, evaluated on a case-by-case basis.
- Risk Assessment: Conduct regular assessments to identify potential OFAC-related risks in operations, customers, and transactions.
- Compliance Programs: Develop and maintain robust sanctions compliance programs tailored to the company's risk profile.
- Screening Processes: Implement effective screening procedures to ensure no dealings with sanctioned parties.
- Training: Provide ongoing training for employees on OFAC regulations and internal compliance procedures.
- Reporting: Promptly report any suspected violations to OFAC.
- Access Restrictions: Implement measures to prevent access to services or products from sanctioned countries or individuals.
- User Screening: Use tools to screen users against OFAC's sanctions lists before allowing access to certain services.
- Disclosure: Clearly communicate in terms of service or user agreements that transactions with sanctioned parties are prohibited.
- Monitoring: Continuously monitor user activities to detect and prevent prohibited transactions.
- 50% Rule: Entities owned 50% or more, directly or indirectly, by one or more blocked persons are also considered blocked, even if not explicitly listed by OFAC.
- Secondary Sanctions: Non-U.S. entities may face sanctions for conducting business with sanctioned parties, even if no U.S. nexus exists
- Not a Privacy Regulation: OFAC guidelines do not grant specific data subject rights.
- Data Protection: Businesses should protect personal data collected during compliance processes, aligning with applicable data protection laws.
- Civil Penalties: OFAC can impose fines for violations, with amounts varying based on the specific sanctions program. Under the International Emergency Economic Powers Act (IEEPA), civil penalties can reach up to $356,579 per violation.
- Criminal Penalties: Willful violations can lead to criminal charges, including fines of up to $1 million per violation and/or up to 20 years of imprisonment.
- Compliance Expectations: OFAC expects organizations to maintain effective sanctions compliance programs and may consider the adequacy of these programs when determining enforcement actions.