Who Must Comply With OFAC Sanctions Regulations?

As the global economy develops and international relations become stronger, more and more organizations and individuals are faced with the need to comply with OFAC sanctions and various international regulations. The main regulator is the US Office of Foreign Assets Control (OFAC). Since OFAC sanctions have a significant impact on international trade and financial transactions, it is important to know who must comply with OFAC regulations and what consequences may arise if they are violated.

What are OFAC Sanctions?

The Office of Foreign Assets Control (OFAC) is the agency within the United States Department of the Treasury responsible for administering and enforcing economic and trade sanctions. These sanctions are based on U.S. foreign policy and national security interests and are designed to counter threats from foreign countries, entities, and individuals. As the agency itself explains:

“U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches. In the cases of certain programs, foreign subsidiaries owned or controlled by U.S. companies also must comply. Certain programs also require foreign persons in possession of U.S.-origin goods to comply.”

OFAC publishes and updates lists of sanctioned persons and entities, including the Specially Designated Nationals and Blocked Persons List (SDN List), which financial institutions and companies are required to consult. SDN Legal Services provided by our sanctions lawyers can help organizations and individuals navigate the complexities of this list.

Who must Comply with OFAC?

OFAC sanctions have extraterritorial effect and apply not only to U.S. persons and entities, but also to a number of foreign persons and entities. OFAC compliance program is mandatory for the following categories:

U.S. Citizens and Residents

All US citizens, regardless of their place of residence, as well as permanent residents (Green Card holders), are required to comply with OFAC sanctions. Compliance program means a ban on any transactions and interactions with persons and organizations under economic sanctions. For example, a US citizen is prohibited from conducting financial transactions with companies from Syria without an appropriate license.

Non-U.S. Persons

Foreign nationals and entities may also be subject to OFAC sanctions if:

• Activities within the United States: Any transactions conducted within the United States or using U.S. infrastructure, such as banking systems or servers, are subject to OFAC sanctions. For example, a European company conducting U.S. dollar transactions through a U.S. bank must comply with OFAC sanctions;
• Use of U.S. goods or technology: The export or re-export of U.S. goods, services, or technology. For example, selling equipment with U.S. components to North Korea is prohibited;

OFAC may sanction foreign individuals and entities for interacting with sanctioned persons or countries. For example, an Asian company may be sanctioned for interacting with Iranian entities on the SDN list.

Financial Institutions

Institutions that are required to comply with OFAC regulations, such as banks and other financial institutions that are registered in the United States or that conduct business in U.S. dollars.

Financial institutions that are subject to the BSA (and subject to OFAC oversight) include:

• FDIC-insured banks
• Commercial banks and trust companies
• Private bankers
• U.S. agencies and branches of foreign banks
• Credit unions
• Thrift institutions
• Brokers and dealers registered with the U.S. Securities and Exchange Commission (SEC)
• Unregistered securities and commodities brokers and dealers
• Investment bankers
• Investment companies
• Currency exchanges
• Issuers, redeemers, and cashers of traveler’s checks, money orders, and “similar instruments”
• Credit card system operators
• Insurance companies
• Precious metals, stones, and jewels dealers
• Pawnbrokers
• Loan and financing companies
• Travel agencies
• Licensed money transmission businesses
• Telegraph companies
• Automobile, airplane, and boat dealers
• Casinos and other gambling establishments
• Futures commission merchants, commodity trading advisors, and commodity pool operators registered under the Commodity Exchange Act (CEA)
• Other businesses and agencies designated by the U.S. Treasury Department

Business Entities in the U.S. and Abroad

Beyond regulating financial institutions under the BSA, OFAC also oversees a wide range of business entities, both within the U.S. and internationally. OFAC’s authority extends to:

• All entities operating within the United States
• U.S.-incorporated businesses and their foreign branches, regardless of location
• Certain foreign subsidiaries owned or controlled by U.S. companies
• Foreign individuals or entities handling U.S.-origin goods

While businesses operating exclusively within the U.S. may not typically encounter OFAC-related issues, even a single international transaction can trigger OFAC compliance obligations. In some instances, companies may find themselves facing OFAC scrutiny beyond their control, such as when a foreign customer from a sanctioned country initiates contact. Despite this, businesses must be ready to adhere to OFAC regulations in these situations.

US Persons vs. Non-US Persons — Key Distinctions

Under OFAC regulations, the term “U.S. person” carries a precise legal meaning that determines the scope of compliance obligations. Understanding this distinction is fundamental for any entity assessing its exposure to U.S. sanctions law.

Who Qualifies as a U.S. Person?

For OFAC purposes, a U.S. person includes:

• U.S. citizens, wherever located globally — a U.S. passport holder living in Dubai is still a U.S. person subject to all OFAC programs;
• U.S. permanent residents (Green Card holders), regardless of their physical location at the time of any transaction;
• All persons physically present within the United States, including foreign nationals temporarily in the U.S. on visas;
• All entities organized or incorporated under U.S. law — corporations, LLCs, partnerships, trusts, and other legal entities formed in any U.S. state or territory;
• Foreign branches of U.S.-incorporated entities — a branch office in London of a Delaware corporation is a U.S. person for OFAC purposes.

U.S. persons are subject to all OFAC sanctions programs in their entirety. They may not transact with SDN-listed parties, process payments to comprehensively sanctioned countries, or provide services to designated entities — regardless of where the transaction physically takes place or in what currency it is denominated.

When Do Non-US Persons Face OFAC Exposure?

Non-U.S. persons are not generally subject to OFAC’s primary sanctions. However, the following categories of non-U.S. persons do fall within OFAC’s jurisdictional reach:

• Persons physically present in the United States at the time of a transaction, regardless of citizenship;
• Persons processing U.S.-dollar transactions through the U.S. financial system — virtually all USD wire transfers clear through a U.S. correspondent bank, creating a U.S. nexus;
• Persons dealing in U.S.-origin goods, technology, or services covered by export control regulations;
• Persons subject to secondary sanctions for specifically prohibited activities involving sanctioned jurisdictions or SDN-listed parties.

This distinction has significant practical implications. A non-U.S. company conducting trade entirely outside the United States, in non-U.S. currencies, without U.S.-origin goods and without U.S. customers, may not be subject to primary OFAC sanctions — but may face secondary sanctions risk if it engages with specifically targeted parties. The practical conclusion: any business with even marginal U.S. exposure should treat OFAC compliance as a live obligation, not a theoretical concern.

Secondary Sanctions: When Non-US Entities Must Comply

Secondary sanctions represent OFAC’s most powerful extraterritorial enforcement tool. Unlike primary sanctions — which prohibit U.S. persons from engaging in certain conduct — secondary sanctions target non-U.S. persons who engage in specific activities, even where those activities have no direct U.S. nexus.

How Secondary Sanctions Work

Secondary sanctions are authorized by legislation such as CAATSA (Countering America’s Adversaries Through Sanctions Act), the Iran Freedom and Counter-Proliferation Act (IFCA), and a series of Executive Orders targeting Russia, North Korea, and Venezuela. Under these authorities, OFAC can designate — or threaten to designate — foreign entities for conduct that occurs entirely outside U.S. territory and involves no U.S. persons or U.S. financial infrastructure.

Common secondary sanctions triggers include:

• Significant transactions with Iran’s energy, shipping, or financial sectors — even a foreign refinery purchasing Iranian crude may trigger U.S. secondary sanctions;
• Material support for Russia’s defense, intelligence, or energy industries — particularly relevant for manufacturers of dual-use goods sold to Russian military entities;
• Financial services provided to North Korea-affiliated entities or transactions that facilitate North Korean weapons programs;
• Arms purchases from Russia’s defense sector under CAATSA Section 231, which targets any government or entity making such purchases;
• Correspondent banking relationships with sanctioned Iranian financial institutions, which can result in the foreign bank being cut off from the U.S. dollar system.

Practical Impact on Non-US Businesses

When a non-U.S. entity is designated under a secondary sanctions program, U.S. persons and U.S. financial institutions are prohibited from transacting with that entity — effectively cutting it off from U.S. markets and the U.S. dollar clearing system. For most international companies, this consequence is commercially devastating, even if the company has no direct U.S. customers.

This dynamic has led major non-U.S. banks in Europe, Asia, and the Middle East to adopt OFAC-equivalent compliance programs voluntarily — not because they are legally required to comply with primary U.S. sanctions, but because they cannot afford the secondary sanctions risk of being designated or losing U.S. correspondent banking access. For non-U.S. companies with significant global trade volumes, OFAC secondary sanctions compliance is effectively a business necessity, regardless of legal obligation.

OFAC Compliance for Foreign Subsidiaries of US Companies

One of the most frequently misunderstood areas of OFAC compliance concerns the treatment of foreign subsidiaries of U.S. companies. The general rule under U.S. sanctions law is that OFAC’s primary sanctions apply to U.S. persons — which includes U.S. companies and their foreign branches, but not necessarily their foreign subsidiaries. However, this general rule is subject to several critical exceptions that every U.S.-headquartered multinational must understand.

Cuba and Iran: Direct Extension of Compliance Obligations

For the comprehensive sanctions programs targeting Cuba and Iran, OFAC regulations explicitly extend compliance obligations to foreign entities owned or controlled by U.S. companies. A German subsidiary of a U.S. parent corporation cannot lawfully engage in transactions with Cuban or Iranian counterparties that the U.S. parent itself would be prohibited from conducting. This is one of the broadest extraterritorial applications of U.S. sanctions law and frequently surprises multinational companies with European or Asian subsidiaries.

The Facilitation Prohibition

Even where OFAC does not directly regulate a foreign subsidiary, U.S. parent companies are prohibited from “facilitating” transactions by their foreign subsidiaries that U.S. persons would be prohibited from conducting directly. This prohibition is broad and captures a wide range of upstream conduct, including:

• Approving, guaranteeing, or financing a subsidiary’s transaction with a sanctioned party;
• Providing letters of credit or performance bonds for such transactions;
• Directing or supervising subsidiary conduct involving sanctioned entities;
• Providing back-office support, IT infrastructure, compliance services, or shared services to facilitate prohibited transactions;
• Routing proceeds from prohibited transactions through the U.S. parent’s accounts or financial systems.

Practical Recommendations for US Multinationals

A U.S.-owned multinational should treat its foreign subsidiaries’ transactions with the same OFAC scrutiny applied to the U.S. parent — not merely because those subsidiaries may be directly regulated, but because the U.S. parent’s facilitation liability means the compliance obligation flows upward through the corporate structure. Best practice is to implement a group-wide OFAC sanctions compliance policy that applies to all subsidiaries, regardless of where they are incorporated, and to conduct consolidated due diligence on all counterparties at the group level.

OFAC Penalties for Non-Compliance

The consequences of violating OFAC compliance requirements are severe and extend beyond financial penalties. Understanding the enforcement landscape is essential for any business assessing its OFAC obligations.

Civil Penalties

Civil monetary penalties for OFAC violations can reach the greater of $368,136 per violation (adjusted annually for inflation) or twice the amount of the underlying transaction. For egregious violations — particularly those involving willful or reckless conduct — OFAC applies a penalty matrix that can result in fines reaching tens of millions of dollars. In recent enforcement actions, OFAC has penalized companies for as little as a single wire transfer routed through the U.S. financial system in violation of sanctions.

Criminal Penalties

Willful violations of OFAC sanctions can result in criminal prosecution. Individuals face up to 20 years in prison and fines of up to $1 million per violation. Corporations can face fines of up to $1 million per willful violation. Criminal referrals typically follow patterns of deliberate evasion, falsification of records, or structuring transactions to avoid detection.

Reputational and Business Consequences

Beyond monetary penalties, OFAC enforcement actions are publicly disclosed. A public enforcement notice can damage relationships with correspondent banks, investors, and customers. Some businesses have lost banking relationships entirely following an OFAC action — a consequence that can threaten operational continuity. The reputational damage from being named in an OFAC settlement often outlasts the financial penalty itself.

Mitigating factors — including the existence of a robust OFAC compliance program, lack of prior violations, and cooperation with OFAC investigators — can substantially reduce penalties. Voluntary self-disclosure to OFAC before an enforcement action begins is one of the most powerful tools available to violators seeking penalty reduction.

Individual vs. Corporate Liability Under OFAC

OFAC sanctions enforcement targets both corporate entities and the individuals who manage, direct, or own them. Understanding how liability is allocated between individuals and companies is critical for executives, directors, compliance officers, and beneficial owners operating in high-risk sectors.

Corporate Liability

Companies and corporate entities are directly liable for OFAC violations committed by their employees, agents, or subsidiaries acting within the scope of their authority. This includes violations resulting from inadequate compliance programs, failure to screen transactions, or systemic process failures — even if senior management was unaware of the specific violation that occurred. OFAC applies strict liability for civil violations: intent is not required, and good faith alone does not constitute a defense. The company’s culpability may be reduced by mitigating factors such as the existence of a robust compliance program, cooperation with investigators, and voluntary self-disclosure.

Individual Liability

OFAC can and does pursue individuals personally for sanctions violations. Individual liability arises in several distinct contexts:

• Executives and decision-makers who willfully or recklessly ignore identified sanctions risk in business decisions;
• Compliance officers who knowingly approve or authorize transactions that should have been blocked;
• Beneficial owners who use corporate structures or nominee arrangements to evade sanctions designations;
• Employees who cause a company to commit a sanctions violation, even where senior management was not directly involved.

The OFAC 50% Rule has important individual liability implications: when an SDN-listed individual owns 50% or more of a corporate entity, that entity is itself treated as blocked — without needing to be individually listed on the SDN List. This means that an individual’s OFAC designation automatically triggers blocking obligations on all entities they control, creating cascading compliance obligations for counterparties.

Personal Criminal Exposure for Executives

In egregious cases, OFAC refers matters to the Department of Justice for criminal prosecution. Individuals convicted of willful OFAC violations face up to 20 years imprisonment and personal fines of up to $1 million per violation. Prosecutorial targets typically include individuals who took affirmative steps to conceal sanctions violations — such as falsifying shipping documents, structuring transactions through intermediaries, or providing false certifications to U.S. correspondent banks.

Directors and officers of companies operating in high-risk sectors — including financial services, energy trading, and international logistics — should ensure they have conducted a personal assessment of their OFAC exposure and that their organizations have implemented compliance controls sufficient to support an affirmative defense. The presence or absence of a documented compliance program is among the first things OFAC and DOJ prosecutors examine when assessing individual culpability.

Industries With Special OFAC Obligations

While OFAC compliance requirements apply broadly, certain industries face heightened scrutiny due to the nature of their operations. If your business falls into one of these categories, building a robust OFAC compliance program is not optional — it is essential.

Financial Institutions and Banks

Banks, credit unions, money service businesses, and payment processors face the most stringent OFAC obligations. They are required to screen all customers, counterparties, and transactions against the SDN List and other OFAC-maintained lists in real time. A single missed match can result in multi-million dollar penalties. U.S. correspondent banks are also responsible for the cross-border wire transfers they process, even when initiated by foreign banks — making screening at every step mandatory.

Cryptocurrency and Virtual Asset Companies

OFAC has made clear that sanctions obligations apply fully to virtual currency transactions. Crypto exchanges, wallet providers, DeFi platforms, and NFT marketplaces with U.S. nexus must screen users at onboarding and block transactions involving SDN-listed wallet addresses. OFAC publishes lists of blocked cryptocurrency addresses, and processing a transaction to or from one of these addresses — even unknowingly — constitutes a sanctions violation. In 2023–2025, OFAC imposed significant penalties on crypto businesses for inadequate screening protocols.

FinTech and Payment Platforms

FinTech companies — including digital payment platforms, peer-to-peer transfer apps, buy-now-pay-later providers, and neobanks — face the same OFAC obligations as traditional financial institutions, often with less compliance infrastructure in place. OFAC has consistently held that innovative payment models do not diminish sanctions obligations. A FinTech platform processing payments for a merchant located in a sanctioned jurisdiction, or accepting funding from a user whose wallet appears on the SDN List, is exposed to full OFAC enforcement regardless of its technological novelty or its terms of service disclaimers.

Legal Professionals and Law Firms

Attorneys and law firms providing services to clients who are SDN-listed persons, entities in comprehensively sanctioned countries, or parties subject to blocking orders face specific OFAC compliance considerations. While certain legal representation activities may be authorized under OFAC general licenses — including representation in U.S. legal proceedings — providing legal services that directly benefit a blocked person’s commercial interests may require a specific OFAC license. Law firms should conduct thorough conflicts screening using current OFAC lists before accepting any client with international connections, particularly in the sanctions-adjacent practice areas of international trade, finance, corporate M&A, and cross-border litigation.

Exporters and Importers

Any U.S. company — or foreign company using U.S.-origin goods, technology, or software — that exports products internationally must verify that neither the buyer, end-user, nor destination country is sanctioned. This includes re-exporters and intermediaries. Export control violations often overlap with OFAC violations, particularly when dual-use technology reaches Iran, North Korea, or Russia without proper licenses.

Technology and Software Companies

SaaS providers, cloud service operators, and software developers serving global customers must screen users at registration and block access from sanctioned jurisdictions. Providing software-as-a-service to users in Cuba, Iran, Syria, or North Korea — even via free trials or freemium models — can constitute a prohibited service export. Technology companies are increasingly targeted by OFAC enforcement, including platforms that enable communications, data storage, or financial services.

Healthcare, Pharmaceuticals, and Insurance

Healthcare providers, pharmaceutical companies, and insurers must screen vendors, partners, and patients involved in international transactions. While OFAC provides certain humanitarian exemptions — including for medical supplies and food — these exemptions are narrow and require licensing in many cases. Insurers must also screen policyholders and beneficiaries, particularly for marine, aviation, and trade credit policies that may involve parties in sanctioned countries.

OFAC Compliance Checklist for Businesses

OFAC recommends a risk-based compliance approach tailored to each organization’s size, industry, and exposure. Based on OFAC’s published Framework for Compliance Commitments, here is a practical 10-point OFAC compliance checklist every business should follow. If you need assistance implementing any of these steps, our OFAC compliance attorneys are available to help.

1. Secure senior management commitment. Designate a compliance officer and ensure leadership formally endorses the OFAC compliance program in writing. Tone from the top is the foundation of any effective sanctions compliance culture.
2. Conduct a sanctions risk assessment. Map your business activities, customer base, transaction types, and geographic exposure to identify where OFAC risk is highest. Update this assessment annually or whenever your business model changes.
3. Screen all parties against OFAC lists. Before onboarding any customer, vendor, or partner, screen against the SDN List, Consolidated Sanctions List, and sector-specific lists. Use automated screening software where volume warrants it.
4. Screen transactions in real time. For financial institutions and payment processors, real-time transaction screening is mandatory. Flag and hold any payment involving a sanctioned party, jurisdiction, or blocked asset.
5. Perform enhanced due diligence on high-risk counterparties. Investigate ownership structures to identify ultimate beneficial owners (UBOs). The 50% rule means that entities owned 50% or more by an SDN are also blocked — even if not individually listed.
6. Establish clear escalation and blocking procedures. Document exactly what employees should do when a potential match is identified: who to notify, how to hold the transaction, and when to block or reject it. Ambiguity at this stage leads to violations.
7. Train employees on OFAC requirements. All staff who handle transactions, onboard clients, or manage vendor relationships must receive regular OFAC training — at minimum annually. Training records should be retained and auditable.
8. Monitor OFAC list updates continuously. OFAC updates its sanctions lists multiple times per week. Subscribe to OFAC email alerts and ensure your screening system pulls the latest lists automatically. A match missed due to an outdated list is still a violation.
9. Audit and test your compliance program regularly. Conduct internal and independent audits of your OFAC procedures. Test screening systems with known SDN names. Identify gaps before OFAC does.
10. Report violations promptly via voluntary self-disclosure. If a potential OFAC violation is discovered, consult with an OFAC voluntary self-disclosure attorney immediately. Proactive disclosure to OFAC is a significant mitigating factor and can reduce penalties by up to 50%. Time matters — delays in reporting are treated as aggravating factors. For entities with additional U.S. registration obligations, also review your BOI reporting requirements under FinCEN rules.

Implementing this checklist is a baseline — not a ceiling. The sophistication of your OFAC compliance program should reflect your actual risk exposure. High-volume businesses, financial intermediaries, and companies operating in high-risk geographies will need more advanced controls. Our sanctions lawyers can assess your current program and recommend improvements aligned with OFAC’s enforcement priorities.

Practical Compliance Steps for New Businesses

For companies newly entering international markets or beginning operations that touch the U.S. financial system, building an OFAC compliance framework from the outset is far more effective — and far less costly — than retrofitting controls after a violation has occurred. The following startup compliance steps are designed for businesses in their early operational stages.

Step 1 — Determine Your OFAC Footprint

Before taking any other compliance action, assess whether your business has U.S. sanctions exposure. Ask: Are you a U.S. person or entity? Do you process U.S. dollar transactions? Do you use U.S.-origin goods, software, or services? Do you have U.S. customers or investors? A single “yes” creates OFAC compliance obligations.

Step 2 — Screen Your Initial Customer and Vendor List

Before your first international transaction, screen all known counterparties against the SDN List and OFAC’s Consolidated Sanctions List. Free screening tools are available directly through the U.S. Treasury website for low-volume businesses. Higher-volume businesses should integrate an automated screening API from day one.

Step 3 — Identify High-Risk Jurisdictions in Your Business Model

If your business model involves customers, suppliers, or transaction flows connected to Iran, Russia, Cuba, Syria, North Korea, or Venezuela, seek qualified legal counsel before proceeding. These comprehensive sanctions programs carry strict prohibitions that cannot be navigated without understanding your specific exposure and available licensing options.

Step 4 — Draft a Written Sanctions Policy

Even a concise, one-page written sanctions policy — signed by the business owner or CEO — demonstrates management commitment to compliance and constitutes a significant mitigating factor in any future OFAC inquiry. The policy should identify who is responsible for compliance, how screening is conducted, and what steps employees must take when a potential match is identified.

Step 5 — Build Screening Into Your Onboarding Process

Sanctions screening should be a standard, non-negotiable step in every customer, vendor, and partner onboarding workflow — not an afterthought applied retrospectively when a problem arises. Integrate a clear “hold and review” protocol for any potential SDN match before onboarding is completed or a transaction is processed.

Step 6 — Register for OFAC Update Notifications

Subscribe to OFAC’s free email alert service to receive real-time notifications when the SDN List or other OFAC-maintained lists are updated. OFAC may update its lists multiple times per week following breaking geopolitical events. A compliance gap caused by an outdated list is treated by OFAC as a violation regardless of intent.

Step 7 — Know When to Seek Legal Advice

If you identify a potential OFAC issue — whether a past transaction involving a party that has since appeared on the SDN List, a customer in a high-risk jurisdiction, or a business opportunity that may require an OFAC license — consult an OFAC attorney before taking any unilateral action. Voluntary self-disclosure, if handled correctly and promptly, can reduce civil penalties by up to 50% and significantly reduces the likelihood of criminal referral.

Frequently Asked Questions: Who Must Comply With OFAC Sanctions?

Does OFAC apply to individuals, or only to companies?

OFAC sanctions apply to both individuals and companies. All U.S. citizens, permanent residents, and persons physically present in the United States are required to comply with OFAC regulations, regardless of whether they operate through a corporate entity. Individuals can face personal civil and criminal penalties for OFAC violations — including fines of up to $1 million per willful violation and up to 20 years imprisonment for the most serious offenses.

Are foreign banks subject to OFAC sanctions?

Foreign banks are generally not subject to OFAC’s primary sanctions unless they transact in U.S. dollars through U.S. correspondent banks, process payments with a clear U.S. nexus, or engage in conduct that triggers secondary sanctions. However, most major international banks voluntarily adopt OFAC-equivalent compliance programs to preserve access to U.S. financial markets and correspondent banking relationships — making OFAC screening a de facto global standard for internationally active financial institutions.

Does OFAC compliance apply to cryptocurrency transactions?

Yes. OFAC has confirmed that sanctions obligations apply fully to virtual currency transactions. Crypto exchanges, wallet providers, DeFi platforms, and any service with a U.S. nexus must screen users and transactions against OFAC lists — including OFAC’s published list of blocked cryptocurrency wallet addresses. Transacting with a blocked wallet address, even unknowingly, constitutes a sanctions violation. Ignorance of a wallet’s SDN status is not recognized as a complete defense.

What happens if I unknowingly transact with a sanctioned party?

OFAC may impose civil penalties for violations even where the violator had no actual knowledge that a sanctions violation was occurring. Civil liability is strict — intent is not a required element for a civil violation. However, lack of knowledge and the existence of a documented, robust compliance program are mitigating factors that OFAC weighs when calculating penalty amounts. If you discover an inadvertent violation, you should consult an OFAC attorney about voluntary self-disclosure before taking any other steps — prompt disclosure is the most effective penalty mitigation tool available.

Are non-US companies with no US operations ever subject to OFAC?

Non-U.S. companies with no U.S. operations, U.S. customers, U.S.-dollar transactions, or U.S.-origin goods are generally not subject to OFAC’s primary sanctions. However, secondary sanctions can apply to non-U.S. entities for specific conduct — such as significant transactions with Iran’s energy sector, material support for Russia’s defense industry, or arms purchases from designated Russian entities — even without any U.S. nexus whatsoever. Additionally, any non-U.S. company that processes U.S.-dollar payments through a U.S. correspondent bank is subject to OFAC’s primary sanctions for those specific transactions. The extraterritorial reach of U.S. sanctions law means that “no U.S. operations” does not guarantee immunity from OFAC consequences.

Contact OFAC Compliance and Defense Lawyers

OFAC compliance program is a complex and dynamic process that requires a professional approach. Violation of sanctions can lead to serious legal and financial consequences.

If you have any problems related to the imposition of sanctions on you or your company, we recommend that you contact us. Our team of qualified OFAC sanctions lawyers has many years of experience in the field of international sanctions legislation and is ready to provide the following services:

1. Compliance consultations: we will help develop and implement effective OFAC compliance program. An OFAC compliance lawyer will analyze your activities and point out potential risks;
2. Counterparty verification: we carry out an in-depth analysis and verification of partners and clients against sanctions lists. This allows you to avoid unintentional interaction with persons from the SDN List;
3. Personnel training: we conduct trainings and seminars for employees on current issues of sanctions legislation. Sanctions lawyers will help your staff stay abreast of the latest changes;
4. Legal support: we represent clients in negotiations with regulatory authorities, provide assistance in investigations;
5. Monitoring changes: We provide timely information on changes in sanctions legislation and new OFAC requirements. For example, if your company plans to enter into a contract with a foreign partner, an OFAC compliance attorney will conduct a full check and ensure the security of the transaction. By contacting us, you can minimize risks and ensure full OFAC compliance programs.

Contact our experienced OFAC Compliance and Defense Lawyers for expert guidance on navigating complex sanctions regulations. Get in touch today to ensure your operations stay compliant and secure.