OFAC compliance refers to an organization’s adherence to the sanctions regulations administered by the U.S. Office of Foreign Assets Control. Non-compliance can result in civil penalties up to $1.3 million per violation and criminal penalties including up to 20 years imprisonment.
What Are OFAC Regulations?
OFAC regulations are a set of U.S. laws and executive orders that prohibit or restrict economic transactions with specific countries, entities, and individuals. Administered by the U.S. Office of Foreign Assets Control, these rules apply to all U.S. persons and, in many cases, to foreign parties transacting in U.S. dollars or through U.S. financial institutions.
OFAC administers more than 30 active sanctions programs targeting comprehensively sanctioned countries such as Iran, Cuba, North Korea, and Syria, as well as hundreds of targeted individuals and entities on the Specially Designated Nationals (SDN) list.
OFAC Compliance Requirements
A robust OFAC compliance program must address the five core components outlined in OFAC’s Framework for Compliance Commitments (2019). Organizations that demonstrate a structured compliance approach are treated more favorably in enforcement actions.
Key Program Elements
| Element | Description | Priority |
|---|---|---|
| Management Commitment | Board-level oversight and dedicated compliance officer | High |
| Risk Assessment | Identify exposure by customer type, geography, transaction type | High |
| Internal Controls | SDN screening, approval workflows, transaction monitoring | Critical |
| Testing & Auditing | Periodic effectiveness reviews, third-party audits | Medium |
| Training | Annual staff training on sanctions obligations | High |
| Recordkeeping | 5-year retention of all transaction records | Required |
Who Must Comply with OFAC?
OFAC requirements apply broadly. U.S. persons — including citizens, permanent residents, and companies incorporated in the United States — must comply regardless of where they operate. Foreign subsidiaries of U.S. companies are also typically covered. Non-U.S. entities that process U.S. dollar payments through U.S. correspondent banks are subject to OFAC jurisdiction for those transactions.
- U.S. citizens and permanent residents (worldwide)
- U.S.-incorporated companies and their foreign branches
- Any person physically located in the United States
- Non-U.S. entities using U.S. financial infrastructure
- Parties subject to secondary sanctions risk
Penalties for OFAC Violations
OFAC penalties are among the most severe in U.S. financial regulation. Civil penalties are assessed per transaction and can reach the greater of $1,330,783 or twice the value of the transaction. Criminal penalties under the International Emergency Economic Powers Act (IEEPA) can reach $1 million per violation plus up to 20 years imprisonment.
OFAC considers aggravating and mitigating factors — including whether a compliance program existed — when determining penalty amounts. Companies with no compliance program and willful violations face the highest penalties.
Voluntary Self-Disclosure
If your organization discovers an OFAC violation, voluntary self-disclosure (VSD) to OFAC can reduce civil penalties by up to 50%. The VSD process involves submitting a written report detailing the circumstances of the violation, remediation steps, and corrective measures implemented. Our OFAC sanctions lawyers regularly advise clients through the VSD process to minimize exposure.
Timing matters: VSD must be filed before OFAC initiates a formal investigation. Early disclosure — even before the full scope of violations is known — is generally viewed favorably.
Get Expert OFAC Compliance Advice
The Collegium of International Lawyers provides OFAC compliance program development, transaction screening guidance, and enforcement defense across 40+ countries. Contact our OFAC lawyers for a free initial consultation.