OFAC & Sanctions — SDN List, the 50% Rule & Secondary Sanctions *(OUTLINE + BULLET BODY)*

Sanctions are different from everything else in AML — and the difference can end a career. With money laundering, you investigate, you form suspicion, you file a report, and intent matters. With OFAC sanctions, intent often doesn't matter at all. Process a single payment for the wrong party — even by accident, even if their name was spelled differently — and your institution can be liable. That's strict liability, and it's why sanctions screening is run as its own discipline. Let's break down OFAC: the lists, what you actually do when you get a hit, and the rule that traps people who only screen the names in front of them — the fifty-percent rule.

- The **Office of Foreign Assets Control** is part of the **US Department of the Treasury**. It administers and enforces **economic and trade sanctions** based on US foreign policy and national security goals. - Sanctions can be **comprehensive** (target an entire country/region — e.g., embargoes) or **targeted/"list-based"** (target specific persons, entities, vessels, aircraft). - OFAC sanctions apply to **all US persons** (US citizens and permanent residents wherever located, entities organized under US law and their foreign branches, and anyone physically in the US) — and, via certain authorities, to transactions touching the US financial system or US-origin goods. - Distinct from AML: OFAC is **sanctions/prohibition** enforcement, not suspicious-activity reporting. But institutions run **sanctions screening** as part of their broader financial-crime program.

- **SDN List** — the **Specially Designated Nationals and Blocked Persons List**: individuals and entities whose **assets are blocked** and with whom US persons are **generally prohibited from dealing**. Includes terrorists, narcotics traffickers, proliferators, and persons tied to sanctioned regimes. - **Consolidated Sanctions List / non-SDN lists** — e.g., the **Sectoral Sanctions Identifications (SSI) List** (narrower, sector-specific restrictions), the **Foreign Sanctions Evaders (FSE) List**, and the **Non-SDN Menu-Based Sanctions** list — these impose **specific** restrictions rather than full blocking. - Institutions must screen customers, counterparties, and transactions against these lists — and update as OFAC adds/removes names frequently.

- **Blocking (freezing):** when a transaction involves an **SDN or blocked property/interest**, the institution must **freeze the assets** — place them in a **blocked (interest-bearing) account**, deny the parties access, and **report to OFAC within 10 business days**; an annual report of blocked property is also required. The money does **not** go back to the sender; it is held. - **Rejecting:** when a transaction is **prohibited but no blockable property interest** of an SDN is involved (e.g., a payment to a comprehensively sanctioned country that doesn't involve blocked-party property), the institution **rejects/returns** the transaction rather than freezing it — and also **reports the rejection to OFAC** (generally within 10 business days). - Memory hook: **Block = freeze and hold** (SDN/blocked party); **Reject = bounce it back** (prohibited but not blockable). Getting this wrong is a classic exam trap.

- OFAC enforcement operates on a **strict-liability** basis: a US person can be held **civilly liable even without knowledge or intent** that a transaction was prohibited. - Penalties can be **severe** (large civil monetary penalties per violation, plus reputational and criminal exposure for willful violations). - Mitigating factors: a **risk-based sanctions compliance program**, **voluntary self-disclosure**, and remediation can reduce penalties — but they don't change the underlying strict-liability standard. - Exam cue: "even if the institution did not know," "no intent required" → strict liability.

- OFAC's **50% Rule:** any entity **owned 50% or more**, directly or indirectly, **in the aggregate**, by one or more blocked (SDN) persons is **itself blocked** — **even if it does not appear on the SDN List by name**. - Aggregation matters: if two different SDNs each own 30% of a company (60% total), the company is blocked, even though neither owns a majority alone. - This is why screening only the names presented to you is insufficient — you must understand **ownership** to catch entities blocked **by operation of the rule**. - Note: 50% is a bright line for blocking; OFAC also cautions about entities **controlled** by or majority-owned by blocked persons as a risk even below the line. - Exam cue: "entity not on the list but majority-owned by an SDN" → blocked under the 50% Rule.

- **Primary sanctions** restrict **US persons**. **Secondary sanctions** target **non-US persons** by threatening to cut them off from the US market/financial system if they engage in certain dealings with sanctioned parties — even where no US person or US jurisdiction is involved. - Effect: they pressure foreign banks and companies to comply with US sanctions to preserve access to the US dollar and US markets. - Exam cue: "applies to a foreign person with no US nexus, by threatening loss of US-market access" → secondary sanctions.

- Institutions must implement **risk-based sanctions screening**: screen customers at onboarding and on an **ongoing** basis, screen **transaction parties** (originators, beneficiaries, banks in the payment chain), and **re-screen** when lists change. - Screening uses **fuzzy/approximate matching** to catch spelling variants, transliterations, and aliases — generating **false positives** that must be reviewed and cleared (a topic we'll revisit in the Tools domain). - A hit must be investigated promptly; true matches trigger **block or reject** plus **OFAC reporting**. Do **not** process the payment while a potential true match is unresolved. - OFAC expects a sanctions compliance program built on: **management commitment, risk assessment, internal controls, testing/audit, and training** (OFAC's five components).

Sanctions live by their own rules. OFAC, inside Treasury, runs the SDN List and others. When you hit a true match, you either block — freeze and hold the funds in a blocked account — or reject, bouncing a prohibited but non-blockable transaction; either way you report to OFAC within ten business days. Liability is strict: no intent required. And the fifty-percent rule blocks any entity that sanctioned persons own at least half of, aggregated, even if it's not named on the list. Secondary sanctions reach foreign actors through the threat of losing US-market access. Next, we leave the United States to round out the global map: the EU's AML Directives and new AMLA authority, the US Foreign Corrupt Practices Act, and the UK's Proceeds of Crime Act and Money Laundering Regulations.