OFAC Compliance FAQ
Who Must Comply with OFAC?
All U.S. organizations and individuals persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches. Certain programs also require foreign persons in possession of U.S. origin goods to comply.
What are the basic steps towards OFAC compliance?
If a transaction is taking place by someone on the SDN list:
1. Company must determine if the individual is subject to OFAC actions.
2. Company should call OFAC to verify that the hit is not a false positive first.
3. Company must block the asset or reject the transaction
4. Company must file a SAR report within 10 business days to OFAC.
What is the SDN list?
SDN stands for Specially Designated Nationals and Blocked Persons, and is a public database maintained by OFAC and the U.S. Treasury. This list consists of individuals and entities that are subject to the sanctions programs of the OFAC.
What is a SAR report and when do I need to fill one out?
OFAC compliance involves the use a Suspicious Activity Report (SAR). If you are aware of, or observe, suspicious activity involving an individual on the OFAC list, you are required to fill out a SAR.
Can I tell the customer they are on the OFAC list?
You are permitted to inform customer they are on the OFAC list, and that is the reason their assets were blocked or transaction rejected.
How long do I need to keep OFAC records for?
OFAC-affected transactions must be kept for five years and made available to OFAC on request.
What is the penalty for OFAC non-compliance?
Failure to comply with OFAC can result in fines up to $10 million and 30 years in prison for a corporation.
How is OFAC AND BSA AML related?
Both Anti-Money Laundering (AML) and the OFAC compliance requirements should be taken together as functionally necessary in order to protect a financial institution, maintain its safety and soundness, comply with the law, and enhance the protection of the United States. It is in the interests of financial institutions to view AML and OFAC compliance as complementary.
What Federal law or regulation does OFAC fall under?
OFAC regulations fall under the Code of Federal Regulations (CFR) 31 CFR 500.
How can your workforce be trained to help meet OFAC compliance?
This is an important issue. Learning, training, and reskilling the worforce is a never-ending thing. As such, consider investing in a modern, online, customizable Learning Management System (LMS) software to meet your particular needs. For more information, see Workplace Training Software for OFAC.