Clym Logo
US flag

US

OFAC Sanctions Guidelines

Regulation Summary

  • Establishment: OFAC was formally established in December 1950, following the Chinese intervention in the Korean War, to administer economic sanctions programs.
  • Ongoing Updates: Sanctions programs are continually updated to address emerging global threats and foreign policy objectives.

  • Financial Institutions: Banks and other financial entities must ensure they do not process transactions involving sanctioned individuals or entities.
  • Exporters and Importers: Companies involved in international trade must verify that their business partners are not on OFAC's sanctions lists.
  • Insurance Companies: Insurers need to ensure they are not underwriting policies for sanctioned parties.
  • Technology Firms: Companies offering digital services or products internationally must prevent access by sanctioned countries or individuals.

  • General Licenses: OFAC may issue general licenses authorizing certain transactions that would otherwise be prohibited, such as specific humanitarian activities.
  • Specific Licenses: Businesses can apply for specific licenses to conduct transactions that are otherwise restricted, evaluated on a case-by-case basis.

  • Risk Assessment: Conduct regular assessments to identify potential OFAC-related risks in operations, customers, and transactions.
  • Compliance Programs: Develop and maintain robust sanctions compliance programs tailored to the company's risk profile.
  • Screening Processes: Implement effective screening procedures to ensure no dealings with sanctioned parties.
  • Training: Provide ongoing training for employees on OFAC regulations and internal compliance procedures.
  • Reporting: Promptly report any suspected violations to OFAC.

  • Access Restrictions: Implement measures to prevent access to services or products from sanctioned countries or individuals.
  • User Screening: Use tools to screen users against OFAC's sanctions lists before allowing access to certain services.
  • Disclosure: Clearly communicate in terms of service or user agreements that transactions with sanctioned parties are prohibited.
  • Monitoring: Continuously monitor user activities to detect and prevent prohibited transactions.

  • 50% Rule: Entities owned 50% or more, directly or indirectly, by one or more blocked persons are also considered blocked, even if not explicitly listed by OFAC.
  • Secondary Sanctions: Non-U.S. entities may face sanctions for conducting business with sanctioned parties, even if no U.S. nexus exists

  • Not a Privacy Regulation: OFAC guidelines do not grant specific data subject rights.
  • Data Protection: Businesses should protect personal data collected during compliance processes, aligning with applicable data protection laws.

  • Civil Penalties: OFAC can impose fines for violations, with amounts varying based on the specific sanctions program. Under the International Emergency Economic Powers Act (IEEPA), civil penalties can reach up to $356,579 per violation.
  • Criminal Penalties: Willful violations can lead to criminal charges, including fines of up to $1 million per violation and/or up to 20 years of imprisonment.
  • Compliance Expectations: OFAC expects organizations to maintain effective sanctions compliance programs and may consider the adequacy of these programs when determining enforcement actions.