OFAC — the Office of Foreign Assets Control — is a U.S. Treasury Department agency that administers and enforces economic and trade sanctions against foreign countries, governments, terrorist organizations, and individuals based on U.S. foreign policy and national security objectives. OFAC maintains the SDN list, operates 30+ sanctions programs, and can impose civil penalties up to $1.3 million per violation on U.S. and non-U.S. parties alike.
Understanding OFAC is essential for any business operating internationally. OFAC’s jurisdiction extends far beyond U.S. borders: foreign companies processing U.S. dollar payments, using U.S.-origin technology, or employing U.S. persons can all find themselves subject to OFAC enforcement. This guide covers what OFAC is, what it does, how it enforces sanctions, and what you need to know to protect your business. For immediate assistance with an OFAC matter, consult our OFAC attorneys.
What Does OFAC Stand For?
OFAC stands for the Office of Foreign Assets Control. It is a financial intelligence and enforcement agency within the U.S. Department of the Treasury, sitting under the Office of Terrorism and Financial Intelligence (TFI). OFAC’s mission is to administer and enforce U.S. economic and trade sanctions programs to advance national security, foreign policy, and economic goals.
| Fact | Detail |
|---|---|
| Full name | Office of Foreign Assets Control |
| Parent agency | U.S. Department of the Treasury |
| Established | 1950 (predecessor: Office of Foreign Funds Control, 1940) |
| Statutory authority | IEEPA, TWEA, UNPA, various executive orders |
| Active sanctions programs | 30+ |
| SDN list entries | 12,000+ individuals and entities |
| Max civil penalty per violation | $1,330,783 or 2x transaction value |
| Criminal penalty (willful) | Up to $1M + 20 years imprisonment |
OFAC’s History and Legal Authority
OFAC traces its roots to the Office of Foreign Funds Control (FFC), established by President Franklin D. Roosevelt in 1940 to block assets of Nazi-controlled European nations. The FFC administered the Trading with the Enemy Act (TWEA) throughout World War II, freezing Axis-country assets held in the United States.
OFAC was formally established in December 1950, during the Korean War, when President Truman declared a national emergency and blocked all Chinese and North Korean assets. This action was taken under the Trading with the Enemy Act (TWEA, 50 U.S.C. App. § 1 et seq.) — the same statute that underpinned the Cuban embargo imposed by President Kennedy in 1963.
The modern framework for OFAC’s authority rests on several key statutes:
- International Emergency Economic Powers Act (IEEPA, 50 U.S.C. § 1701 et seq.): Enacted in 1977, IEEPA grants the President broad authority to regulate international commerce and financial transactions during a declared national emergency. Most post-Cold War OFAC programs are based on IEEPA.
- Trading with the Enemy Act (TWEA, 50 U.S.C. App. § 1 et seq.): The Cuba sanctions program continues to rest on TWEA authority, preserving the legal basis for one of the oldest U.S. embargo regimes.
- United Nations Participation Act (UNPA): Authorizes the President to implement UN Security Council sanctions resolutions through executive order.
- Program-specific statutes: Many OFAC programs have additional statutory authority, including the Iran Sanctions Act (ISA), the Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA), the North Korea Sanctions Policy and Enforcement Act, and the Countering America’s Adversaries Through Sanctions Act (CAATSA) for Russia.
In practice, the President issues executive orders declaring national emergencies and directing OFAC to implement sanctions programs. OFAC then promulgates program-specific regulations (published in the Code of Federal Regulations, Title 31) that define the prohibitions, licenses, and reporting requirements in detail. Understanding OFAC’s legal authority matters because it defines the scope of economic sanctions prohibitions and the available defenses against enforcement actions.
OFAC’s Organizational Structure
OFAC sits within the Treasury Department’s Office of Terrorism and Financial Intelligence (TFI), alongside the Financial Crimes Enforcement Network (FinCEN) and the Office of Intelligence and Analysis (OIA). The Director of OFAC reports to the Under Secretary of the Treasury for Terrorism and Financial Intelligence.
Internally, OFAC is organized around key functions:
- Office of Global Targeting (OGT): Responsible for designating individuals and entities to the SDN list and other OFAC lists. This is the unit that processes reconsideration petitions from parties seeking SDN removal.
- Compliance and Enforcement Division: Handles investigations of potential OFAC violations, issues administrative subpoenas, negotiates civil penalty settlements, and refers cases for criminal prosecution.
- Licensing Division: Reviews and adjudicates specific license applications through the SNAP-R system.
- Program divisions: Specialized teams for each major sanctions program (Iran, Russia, Cuba, etc.) who develop program regulations, general licenses, and policy guidance.
Understanding OFAC’s internal structure matters for legal strategy: an SDN removal petition goes to a different office than a specific license application, and the decision-makers and standards are different. Experienced OFAC attorneys know which division handles which requests and tailor submissions accordingly.
What OFAC Does: Core Functions
1. Maintaining the SDN List
The Specially Designated Nationals and Blocked Persons List (SDN list) is OFAC’s primary tool for targeting specific individuals and entities. Currently containing over 12,000 entries — including people, companies, vessels, aircraft, and cryptocurrency addresses — the SDN list is one of the most consequential regulatory lists in the world.
Being on the SDN list means that: (1) all U.S.-held assets are blocked; (2) all U.S. persons are prohibited from transacting with the designee; and (3) entities owned 50% or more by SDN-listed parties are treated as if they were also listed (the “50% rule”). The SDN list is updated frequently — sometimes daily — and businesses must ensure their screening systems reflect current designations.
2. Administering Sanctions Programs
OFAC administers more than 30 active sanctions programs. These are divided into country-based programs (targeting specific nations) and thematic programs (targeting specific activities regardless of geography):
Major country programs (2026): Iran (ITSR), Cuba (CACR), North Korea (NKSR), Syria (SSR), Russia (Ukraine-Related/Harmful Foreign Activities), Venezuela, Belarus, Myanmar, Nicaragua, Sudan, Somalia, Yemen (Houthis), and others. For detailed country-by-country analysis, see our guide to the OFAC sanctioned countries list.
Major thematic programs: Global Terrorism (SDGT) targeting terrorist organizations worldwide; Narcotics Trafficking Kingpin Program (SDNTK) targeting drug trafficking networks; Cyber-Related Sanctions (EO 13694) targeting malicious cyber actors; Weapons of Mass Destruction Proliferators (EO 13382); Foreign Interference in U.S. Elections; and Transnational Criminal Organizations.
3. Issuing Licenses
Not all transactions with sanctioned countries or parties are absolutely prohibited. OFAC issues two types of licenses:
General licenses are published in the Code of Federal Regulations as part of each program’s regulations. They authorize categories of transactions without requiring individual application — for example, certain humanitarian exports to Iran, personal remittances to Cuba, or journalistic activities in sanctioned countries. Businesses can rely on applicable general licenses without filing anything with OFAC.
Specific licenses are individually issued authorizations for transactions not covered by general licenses. Applications are filed through OFAC’s Sanctions and Licensing Application and Filing Portal (SNAP-R). Our lawyers prepare and file OFAC license applications across all major programs, with a focus on maximizing approval prospects through complete, well-documented submissions.
4. Enforcing Compliance
OFAC investigates potential violations through its Compliance and Enforcement Division. Investigations can be initiated by: tips from financial institutions or other parties; OFAC’s own transaction monitoring; referrals from other agencies (DOJ, FBI, HSI); or voluntary self-disclosures from violating parties. OFAC has broad investigative authority including the power to issue administrative subpoenas compelling production of documents.
OFAC OFAC enforcement actions culminate in one of three outcomes: (1) a no-action finding; (2) a civil penalty settlement (with the company paying a negotiated penalty and often agreeing to a compliance commitment); or (3) referral to DOJ for criminal prosecution. In the most serious cases — involving willful violations or concealment — criminal prosecution under IEEPA can result in up to $1 million per violation and 20 years imprisonment.
Who Must Comply with OFAC?
OFAC jurisdiction is extraordinarily broad. The following parties must comply with OFAC regulations:
- U.S. persons: All U.S. citizens and permanent residents, regardless of where they are located. A U.S. citizen working abroad must comply with OFAC.
- U.S.-organized entities: All companies incorporated in the United States, including their foreign branches and subsidiaries (in most cases).
- Persons in the United States: Any person — regardless of nationality — physically present in the United States at the time of the transaction.
- U.S. dollar transactions: Non-U.S. parties that process payments in U.S. dollars through U.S. correspondent banks are subject to OFAC jurisdiction for those transactions. Since virtually all international USD clearing occurs through U.S. banks, this creates near-universal exposure for foreign businesses using the dollar.
- Secondary sanctions targets: Non-U.S. parties that engage in significant transactions with sanctioned countries or entities (primarily Iran, Russia, North Korea) risk designation under secondary sanctions programs, effectively blocking their access to the U.S. financial system.
For non-U.S. businesses, understanding secondary sanctions exposure is critical. Our international sanctions lawyers advise non-U.S. companies on their specific OFAC exposure and how to structure operations to minimize sanctions risk without foregoing legitimate business opportunities.
Recent OFAC Enforcement Actions: 2024-2026
OFAC enforcement remains vigorous and has resulted in some of the largest financial penalties in regulatory history. Notable recent actions include:
- GVA Capital (2025): OFAC assessed the statutory maximum penalty of approximately $215.99 million for egregious sanctions violations — no voluntary self-disclosure was made, and OFAC found the conduct highly egregious. This case illustrates OFAC’s willingness to impose maximum penalties when companies fail to disclose and have no effective compliance programs.
- Syrian sanctions settlement (February 2026): A $3.777 million settlement for Syrian sanctions violations demonstrated continued enforcement under the Trump administration. Even as Syria policy is under review, OFAC enforcement of past violations continued.
- Cryptocurrency enforcement: OFAC has significantly expanded enforcement in the digital assets space, designating crypto mixers (Tornado Cash, Sinbad) and pursuing enforcement actions against exchanges that processed transactions for SDN-listed parties.
- Russia sanctions evasion: OFAC has focused on “gatekeepers” — lawyers, accountants, and shell company service providers — who facilitate sanctions evasion by Russian oligarchs through real estate purchases and other asset concealment.
These enforcement trends underscore the importance of proactive OFAC compliance lawyers counsel and robust internal compliance programs. When violations are discovered, our voluntary self-disclosure practice can reduce civil penalties by up to 50% and avoid egregious classification.
How OFAC Differs from Other Regulators
OFAC is often confused with other U.S. regulatory bodies that oversee financial crime compliance. Key distinctions:
- OFAC vs. FinCEN: FinCEN (Financial Crimes Enforcement Network) administers Bank Secrecy Act (BSA) requirements including AML programs, Suspicious Activity Reports (SARs), and Currency Transaction Reports (CTRs). OFAC administers sanctions programs prohibiting specific transactions. Both impose separate compliance obligations — a transaction may be AML-compliant but OFAC-prohibited, or vice versa. See our guide on AML and OFAC compliance for how these regimes interact.
- OFAC vs. BIS: The Bureau of Industry and Security (BIS, Commerce Department) administers export controls under the Export Administration Regulations (EAR). OFAC administers financial sanctions. Both may prohibit the same transaction — for example, exporting controlled technology to Iran requires both BIS export license and OFAC license review. Our team covers export controls alongside OFAC compliance.
- OFAC vs. DDTC: The Directorate of Defense Trade Controls (DDTC, State Department) administers International Traffic in Arms Regulations (ITAR) governing defense articles. OFAC is broader — covering financial transactions with sanctioned parties regardless of what goods or services are involved.
OFAC and Cryptocurrency Sanctions
OFAC has significantly expanded its attention to the digital assets sector. In 2021, OFAC issued guidance making clear that sanctions compliance obligations apply fully to virtual currency transactions. Since then, OFAC has: designated specific cryptocurrency wallet addresses belonging to SDN-listed parties; sanctioned cryptocurrency mixing services (Tornado Cash, Bitcoin Fog, Sinbad) used for money laundering; designated cryptocurrency exchanges that processed transactions for SDN-listed parties; and issued FAQs clarifying how the 50% rule applies to crypto assets.
For cryptocurrency businesses, crypto sanctions compliance requires real-time wallet screening against OFAC’s SDN list (including designated wallet addresses), transaction monitoring for exposure to sanctioned jurisdictions, and robust KYC/AML programs. Our lawyers advise crypto exchanges, DeFi protocols, and blockchain analytics firms on OFAC compliance obligations.
Frequently Asked Questions: What Is OFAC?
What does OFAC stand for?
OFAC stands for Office of Foreign Assets Control — a U.S. Treasury Department agency that administers and enforces economic and trade sanctions programs against designated foreign countries, governments, entities, and individuals.
Is OFAC part of the FBI or CIA?
No. OFAC is a component of the U.S. Department of the Treasury, within the Office of Terrorism and Financial Intelligence. It is a regulatory and enforcement agency focused on economic sanctions — not a law enforcement or intelligence agency. Criminal investigations triggered by OFAC referrals are conducted by DOJ, FBI, and HSI.
Does OFAC apply to non-U.S. companies?
Yes, in multiple ways. Non-U.S. companies that use U.S. dollars, U.S. financial institutions, or U.S.-origin technology are subject to OFAC jurisdiction for those transactions. Additionally, secondary sanctions programs (for Iran, Russia, and North Korea) can penalize non-U.S. companies even without a direct U.S. nexus. An OFAC legal counsel can assess your specific exposure.
What is the SDN list?
The Specially Designated Nationals list (SDN list) is OFAC’s primary designations list. Entities on the SDN list have their U.S.-held assets blocked, and U.S. persons are prohibited from transacting with them. The SDN list contains over 12,000 entries and is updated frequently. If you or your company has been listed, our team handles OFAC delisting proceedings.
What happens if you violate OFAC regulations?
OFAC violations can result in civil penalties up to $1,330,783 per violation (or twice the transaction value), criminal penalties up to $1 million plus 20 years imprisonment for willful violations, reputational damage, and loss of access to the U.S. financial system. If you believe you have committed a violation, contact our OFAC lawyers immediately to assess your options, including voluntary self-disclosure to reduce penalties.