OFAC and Sanctions

The Office of Foreign Assets Control, OFAC, sits in the U.S. Treasury and administers economic and trade sanctions against targeted countries, regimes, terrorists, narcotics traffickers, and others who threaten national security or foreign policy.

Its rules live in thirty-one C-F-R Chapter Five, drawing authority from statutes like the International Emergency Economic Powers Act at fifty U-S-C seventeen-oh-one. Here's the scope that surprises candidates: OFAC applies to all U.S.

persons and entities, not just banks, and not just to consumer accounts. Every U.S.

bank must comply. Unlike the B-S-A, OFAC isn't about reporting suspicious activity, it's about not doing prohibited business in the first place. Keep that distinction sharp; the exam tests it.

OFAC publishes the Specially Designated Nationals and Blocked Persons List, the S-D-N List, naming individuals and entities U.S. persons generally may not deal with.

Beyond named persons, there are country-based programs and sectoral sanctions targeting parts of an economy. Banks must screen, comparing customers, beneficial owners, and transaction parties against the S-D-N List and other sanctions lists, at onboarding and on an ongoing basis, including when lists update. Screening should be risk-based and reasonably designed to catch matches, including fuzzy matches and aliases.

On the exam, OFAC screening is presented as a core control, and a fact pattern may turn on whether the bank screened a wire's beneficiary, not just its own customer. That distinction is crucial: OFAC obligations attach to transactions, not only to account holders, so a bank processing a payment must consider every party to it, originator, beneficiary, and intermediary, against the lists. A bank can have perfectly clean customers and still violate sanctions by processing a payment for a blocked third party.

Effective screening is therefore both customer-level, at onboarding and on list updates, and transaction-level, in real time as payments move. The exam rewards candidates who remember that transaction screening reaches beyond the bank's own customers.

A key operational distinction the exam tests: blocking versus rejecting. When a transaction involves blocked property, say, funds of an S-D-N, the bank must block the funds, freeze them in a special account, and not return them. When a transaction is merely prohibited but doesn't involve blockable property, the bank rejects it, refuses to process and returns it.

Which action applies depends on the specific sanctions program. In both cases the bank must report to OFAC, blocked transactions within ten business days and on an annual basis, and rejected transactions as required. Remember the verbs: block means freeze and hold; reject means refuse and return.

Choosing the wrong action is itself a violation.

OFAC enforcement operates on essentially strict liability: a bank can violate sanctions without intending to, and substantial civil penalties can follow. That's why screening must be robust. One nuance the exam favors is the 50 Percent Rule: an entity that is owned, fifty percent or more, in the aggregate, by one or more blocked persons is itself treated as blocked, even if that entity isn't named on the S-D-N List.

So you can't stop at the names on the list; you must consider ownership. This is where OFAC connects to B-S-A beneficial-ownership work. When a question hides a blocked owner behind an unlisted company, the 50 Percent Rule is the answer.

The rule also aggregates: if two separate blocked persons each own thirty percent of a company, their combined sixty-percent stake means the company is blocked, even though neither owner alone hits fifty percent. That aggregation is a favorite exam wrinkle, because it tests whether you'll look past the surface and add up sanctioned ownership. The practical lesson for a compliance program is that screening can't stop at the name on the account; it must reach through to the people who actually own and control the entity, which is exactly why OFAC and B-S-A beneficial-ownership work go hand in hand.

OFAC compliance looks structurally like B-S-A compliance: a risk-based program with management support, internal controls, independent testing, training, and an accountable officer. The program should assess sanctions risk whenever the bank enters new products, customer segments, or geographic markets. When a screening hit occurs, the bank investigates whether it's a true match or a false positive and documents the decision carefully, because clearing a real match by mistake is a violation.

This program orientation ties OFAC into the compliance-management domain. For the exam, treat OFAC as both a transaction-level control and a program you must build, govern, and test, just like the B-S-A.

Recap of OFAC. The Office of Foreign Assets Control administers U.S.

sanctions under thirty-one C-F-R Chapter Five, binding all U.S. persons.

Banks screen customers and transaction parties against the S-D-N and other lists on a risk basis. Blocking means freezing and holding; rejecting means refusing and returning, and both require reporting to OFAC. Liability is essentially strict, and the 50 Percent Rule blocks entities majority-owned by sanctioned persons even when unlisted.

Go test yourself, then we move into Domain two with RESPA and Reg X.