Banks occupy a uniquely exposed position under U.S. sanctions law. Every wire transfer, every account opening, every letter of credit carries the potential to touch a sanctioned party or jurisdiction — and the consequences of missing that connection can be severe. Understanding what OFAC means for banking, and how financial institutions manage their obligations, is essential for anyone operating in or with the U.S. financial system. If your bank account has been frozen or your transactions have been blocked, speaking with OFAC lawyers can help you understand your options.
What Is OFAC and Why Does It Matter to Banks?
The Office of Foreign Assets Control (OFAC) is a division of the U.S. Department of the Treasury responsible for administering and enforcing economic and trade sanctions. OFAC implements sanctions against foreign countries, terrorist organizations, narcotics traffickers, weapons proliferators, and other threats to U.S. national security and foreign policy. Banks — as the backbone of the U.S. payment system — are among the most directly affected institutions. Unlike other regulatory bodies that require affirmative action, OFAC’s jurisdiction is strict-liability in nature: even an inadvertent transaction involving a sanctioned party can result in civil penalties. OFAC attorneys regularly advise financial institutions on building defensible compliance programs before violations occur.
OFAC Screening Obligations for Banks
Banks are expected to screen customers, transactions, and counterparties against OFAC’s published sanctions lists as part of a risk-based approach tailored to the institution’s specific risk profile. That profile is shaped by the products and services offered, the customer base, geographies served, and the volume of international transactions processed. Screening must cover wire transfers, ACH payments (both domestic and cross-border), checks, loans, credit cards, deposit accounts, trade finance instruments, and letters of credit. There is no minimum transaction threshold — even small-value payments must be screened if there is reason to believe a sanctioned party is involved.
The primary target of screening is the SDN list — the Specially Designated Nationals and Blocked Persons List — but OFAC maintains several additional lists, including the Foreign Sanctions Evaders (FSE) List, the Sectoral Sanctions Identifications (SSI) List, and various Non-SDN lists applicable to specific programs such as the Capta List or the Palestinian Legislative Council List. Banks must screen not only against the SDN list but also check whether any counterparty is 50% or more owned by a blocked person, which triggers identical obligations under OFAC’s so-called “50% rule.”
Screening frequency is determined by internal policy, but banks should re-screen customer databases whenever OFAC updates its lists, which can happen multiple times per week. Failure to detect a sanctioned party after a list update is not automatically excused — OFAC expects institutions to maintain responsive systems. Partnering with sanctions database screening specialists ensures your institution stays current with all designations and list changes.
Correspondent Banking and OFAC Risk
Correspondent banking relationships — where one bank holds accounts for and processes transactions on behalf of another — create layered OFAC risk. The nested nature of these relationships means a U.S. correspondent bank may process payments on behalf of a foreign respondent bank without visibility into the ultimate originator or beneficiary of the funds. This lack of transparency is precisely the pathway that sanctioned parties exploit to access the U.S. financial system.
U.S. correspondent banks bear responsibility for the transactions they process, even when the payment instruction comes through a foreign bank. This means reviewing the originating institution, its jurisdiction, and the nature of the underlying transaction. For trade finance — letters of credit, documentary collections, trade guarantees — OFAC risk runs through multiple parties: the applicant, the beneficiary, the issuing bank, and the confirming bank. Any one of these can be a Specially Designated Nationals list target, and processing the transaction without detection constitutes a potential violation. When blocked assets are identified in a correspondent banking context, they must be frozen immediately and reported to OFAC.
OFAC has repeatedly emphasized that U.S. financial institutions cannot outsource their compliance obligations to foreign respondent banks. Due diligence on correspondent relationships must include sanctions risk as a core component, particularly for banks in high-risk jurisdictions or those with opaque beneficial ownership structures.
The BSA/AML and OFAC Intersection
OFAC compliance and Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) obligations are legally distinct but operationally intertwined. The BSA requires financial institutions to implement Customer Identification Programs (CIP), Customer Due Diligence (CDD), and transaction monitoring systems — infrastructure that substantially overlaps with the screening required under OFAC. For this reason, the FFIEC’s BSA/AML Examination Manual treats OFAC compliance as a sound practice that should be integrated into an institution’s broader AML risk management framework.
The intersection matters for enforcement as well. A bank that fails its AML obligations may simultaneously be exposing itself to OFAC liability, and vice versa. Examiners from the OCC, Federal Reserve, FDIC, and NCUA all review OFAC compliance during routine BSA/AML examinations. Understanding AML and OFAC compliance together — rather than in silos — is critical for building a defensible program. The FATF grey list also informs banks’ risk-based approach to correspondent relationships and customer due diligence, since FATF-listed jurisdictions carry elevated sanctions exposure.
How Banks Implement OFAC Compliance Programs
OFAC does not prescribe a specific program structure, but its Framework for OFAC Compliance Commitments identifies five essential components: (1) management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training. A robust OFAC compliance program for a bank typically includes the following elements:
Automated interdiction software: Most banks of any significant size use automated screening systems that check transactions and customer data against OFAC lists in real time. These systems use fuzzy logic to catch name variations, transliterations, and alternate spellings. They generate alerts that trained compliance staff then review and resolve. An OFAC compliance checklist should be used to verify that all required screening categories are covered.
Dedicated compliance personnel: Banks must designate a responsible officer — often a Chief Compliance Officer or BSA/OFAC Officer — with the authority and resources to implement and maintain the program. This person is responsible for policy development, staff training, escalation protocols, and coordination with OFAC when a potential match is identified.
Transaction blocking and rejection procedures: When a match is confirmed, the bank must either block or reject the transaction, depending on whether the sanctioned party has a blockable interest in the funds. Blocked funds must be placed in an interest-bearing account and reported to OFAC within 10 business days. Rejected transactions — where no blockable property interest exists — are simply refused and also reported within 10 business days. Understanding the distinction between blocking and rejecting is critical; improper handling of either can itself constitute a violation.
Voluntary self-disclosure: When a bank discovers a potential violation, voluntary self-disclosure to OFAC is a significant mitigating factor. OFAC’s penalty guidelines treat VSD as substantially reducing potential civil monetary penalties, often cutting the base penalty in half. Banks that discover violations should consult OFAC enforcement defense counsel promptly to evaluate the VSD option and manage the disclosure process effectively.
Frequently Asked Questions: OFAC in Banking
Are all banks required to have an OFAC compliance program?
Yes. All U.S. financial institutions, including banks, credit unions, and non-bank financial institutions subject to U.S. jurisdiction, are required to comply with OFAC regulations. While OFAC does not mandate a specific program structure, the expectation is that every institution maintains a risk-based compliance program commensurate with its products, customers, and transaction volumes. Small community banks have the same obligation as large multinational institutions — only the scale and sophistication of the program may differ.
What is the difference between a blocked and a rejected transaction?
A blocked transaction occurs when a sanctioned party has a property interest in the funds — the money must be frozen in an OFAC-compliant interest-bearing account, and the block must be reported to OFAC within 10 business days. A rejected transaction occurs when the transfer is prohibited but no blockable property interest exists — the bank simply refuses to process it and reports the rejection. The distinction matters: misclassifying a blocked transaction as merely rejected (and returning the funds rather than holding them) is itself a violation.
Can a bank be penalized for a mistaken OFAC block?
Banks are generally not penalized for good-faith blocking of transactions where a reasonable match was identified. However, if a bank fails to unblock funds promptly after a false positive is resolved, or maintains an overly aggressive blocking posture without proper resolution procedures, this can create legal exposure for the institution. From the customer’s perspective, if your funds have been incorrectly blocked, an qualified OFAC sanctions lawyer can assist in resolving the false positive and recovering access to your assets.
How do secondary sanctions affect banks?
Secondary sanctions extend U.S. sanctions reach beyond traditional jurisdictional limits, targeting foreign banks and financial institutions that conduct significant transactions with sanctioned parties — even when neither party is a U.S. person. Foreign banks that process payments involving Iran, Russia, North Korea, or other heavily sanctioned regimes risk losing access to the U.S. financial system, correspondent banking relationships with U.S. banks, and exposure to U.S. dollar clearing. This extraterritorial reach makes OFAC compliance a global concern for any institution with U.S. dollar exposure.
What should a bank do when it discovers a potential OFAC violation?
The bank should immediately preserve relevant records, engage outside sanctions lawyer counsel to conduct a privileged internal investigation, assess whether blocking or rejection obligations have been met, and evaluate the voluntary self-disclosure option. Speed matters — delayed reporting can itself be an aggravating factor. Engaging experienced OFAC legal counsel early in the process ensures the institution’s response is both legally sound and strategically optimized to minimize penalty exposure.