US
OFAC Sanctions Guidelines
Overview
The Office of Foreign Assets Control (OFAC), a division of the U.S. Department of the Treasury, administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. These sanctions target foreign countries, regimes, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction, among others. Businesses operating internationally must understand and comply with OFAC regulations to avoid legal and financial penalties.
Regulation Summary
- Establishment: OFAC was formally established in December 1950, following the Chinese intervention in the Korean War, to administer economic sanctions programs.
- Ongoing Updates: Sanctions programs are continually updated to address emerging global threats and foreign policy objectives.
- Financial Institutions: Banks and other financial entities must ensure they do not process transactions involving sanctioned individuals or entities.
- Exporters and Importers: Companies involved in international trade must verify that their business partners are not on OFAC's sanctions lists.
- Insurance Companies: Insurers need to ensure they are not underwriting policies for sanctioned parties.
- Technology Firms: Companies offering digital services or products internationally must prevent access by sanctioned countries or individuals.
- General Licenses: OFAC may issue general licenses authorizing certain transactions that would otherwise be prohibited, such as specific humanitarian activities.
- Specific Licenses: Businesses can apply for specific licenses to conduct transactions that are otherwise restricted, evaluated on a case-by-case basis.
- Risk Assessment: Conduct regular assessments to identify potential OFAC-related risks in operations, customers, and transactions.
- Compliance Programs: Develop and maintain robust sanctions compliance programs tailored to the company's risk profile.
- Screening Processes: Implement effective screening procedures to ensure no dealings with sanctioned parties.
- Training: Provide ongoing training for employees on OFAC regulations and internal compliance procedures.
- Reporting: Promptly report any suspected violations to OFAC.
- Access Restrictions: Implement measures to prevent access to services or products from sanctioned countries or individuals.
- User Screening: Use tools to screen users against OFAC's sanctions lists before allowing access to certain services.
- Disclosure: Clearly communicate in terms of service or user agreements that transactions with sanctioned parties are prohibited.
- Monitoring: Continuously monitor user activities to detect and prevent prohibited transactions.
- 50% Rule: Entities owned 50% or more, directly or indirectly, by one or more blocked persons are also considered blocked, even if not explicitly listed by OFAC.
- Secondary Sanctions: Non-U.S. entities may face sanctions for conducting business with sanctioned parties, even if no U.S. nexus exists
- Not a Privacy Regulation: OFAC guidelines do not grant specific data subject rights.
- Data Protection: Businesses should protect personal data collected during compliance processes, aligning with applicable data protection laws.
- Civil Penalties: OFAC can impose fines for violations, with amounts varying based on the specific sanctions program. Under the International Emergency Economic Powers Act (IEEPA), civil penalties can reach up to $356,579 per violation.
- Criminal Penalties: Willful violations can lead to criminal charges, including fines of up to $1 million per violation and/or up to 20 years of imprisonment.
- Compliance Expectations: OFAC expects organizations to maintain effective sanctions compliance programs and may consider the adequacy of these programs when determining enforcement actions.