The US Sanctions - Risk and Compliance Management

Office of Foreign Assets Control (OFAC) - Sanctions Programs and Information

The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.

OFAC publishes lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.

Consolidated Sanctions List (Non-SDN Lists)

In order to make it easier to comply with OFAC's sanctions regulations, the office is now offering all of its non-SDN sanctions lists in a consolidated set of data files "the Consolidated Sanctions List". These consolidated files comply with all OFAC's existing data standards. In the future, if OFAC creates a new non-SDN style list, the office will add the new data associated with that list to these consolidated data files if appropriate. While the consolidated sanctions list data files are not part of OFAC's list of Specially Designated Nationals and Blocked Persons "the SDN List," the records in these consolidated files may also appear on the SDN List. You may visit:

Specially Designated Nationals And Blocked Persons List (SDN)

As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked, and U.S. persons are generally prohibited from dealing with them. You may visit:

Sanctions List Search

This Sanctions List Search application ("Sanctions List Search") is designed to facilitate the use of the Specially Designated Nationals and Blocked Persons list ("SDN List") and other sanctions lists administered by OFAC.

sanctions risk 1

You may visit:

The US Treasury 2021 Sanctions Review

Note: This document is explanatory only and does not have the force of law. It does not modify statutory authorities, Executive orders, regulations, or regulatory guidance. It is not intended to be, nor should it be interpreted as, comprehensive, or as imposing requirements under U.S. law, or otherwise addressing any requirements under applicable law. It is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

After the September 11, 2001 attacks, economic and financial sanctions (“sanctions”) became a tool of first resort to address a range of threats to the national security, foreign policy, and economy of the United States.

This tool rests on the formidable strength of, and trust in, the U.S. financial system and currency. At their core, sanctions allow U.S. policymakers to impose a material cost on adversaries to deter or disrupt behavior that undermines U.S. national security and signal a clear policy stance.

Treasury’s work on sanctions is conducted in close partnership with other parts of the Executive Branch, in particular the Department of State and the National Security Council, which lead the formulation of the foreign policy and strategic goals that sanctions serve, as well as the Department of Justice. The Department of State also implements certain sanctions authorities in consultation with the Treasury.

Over the last 20 years, the Department of the Treasury (Treasury), in close coordination with the Department of State, has successfully employed sanctions to address various national security challenges.

sanctions risk 2

When used effectively, sanctions have the capacity to disrupt, deter, and prevent actions that undermine U.S. national security. However, the United States now faces new, emerging challenges to the efficacy of sanctions as a national security tool: cybercriminals; strategic economic competitors; and a workforce and technical infrastructure under pressure from growing financial complexity and competing demands from policymakers, market participants, and others.

To ensure sanctions continue to support U.S. national security objectives, the U.S. government must adapt and modernize the underlying operational architecture by which sanctions are deployed. These changes are also needed to keep pace with the evolution of the global financial architecture, which has a profound impact on the efficacy of U.S. financial sanctions. American adversaries—and some allies—are already reducing their use of the U.S. dollar and their exposure to the U.S. financial system more broadly in cross-border transactions. While such changes have multiple causes beyond U.S. financial sanctions, we must be mindful of the risk that these trends could erode the effectiveness of our sanctions.

In addition, technological innovations such as digital currencies, alternative payment platforms, and new ways of hiding cross-border transactions all potentially reduce the efficacy of American sanctions. These technologies offer malign actors opportunities to hold and transfer funds outside the traditional dollar-based financial system. They also empower our adversaries seeking to build new financial and payments systems intended to diminish the dollar’s global role. We are mindful of the risk that, if left unchecked, these digital assets and payments systems could harm the efficacy of our sanctions.

Steps to Modernize Sanctions

1. Adopting a structured policy framework that links sanctions to a clear policy objective.

Economic and financial sanctions should be tied to clear, discrete objectives that are consistent with relevant Presidential guidance—such as countering forces that fuel regional conflict, ending support to a specific violent organization or other malign and/or illicit activities, stopping the persecution of a minority group, curtailing nuclear proliferation activities, enhancing multilateral pressure, or ceasing specific instances of atrocities. To accomplish this, Treasury will adopt the use of a structured policy framework in order to inform its recommendations on the use of sanctions. This framework should reflect key policy considerations and ask whether a sanctions action:

a) Supports a clear policy objective within a broader U.S. government strategy: Sanctions should be deployed alongside other measures as part of a larger strategy in support of specific policy objectives.

b) Has been assessed to be the right tool for the circumstances: Sanctions should incorporate rigorous economic analysis, technical expertise, and intelligence to ensure that they are the right tool in our national security arsenal to pursue the identified objective.

c) Incorporates anticipated economic and political implications for the sanctions target(s), U.S. economy, allies, and third parties and has been calibrated to mitigate unintended impacts: Sanctions should be designed to tailor their impact so that costs fall on intended targets and that potential negative impact on others is minimized.

d) Includes a multilateral coordination and engagement strategy: Where possible, sanctions should be coordinated with allies, incorporating shared intelligence and resources, and accompanied by engagement with relevant stakeholders including industry, financial institutions, allies, civil society, and the media.

e) Will be easily understood, enforceable, and, where possible, reversible: Sanctions should be clearly communicated so that targets, allies, and others understand their specific objectives and the circumstances under which they may be escalated or reversed in response to the target’s behavior.

The consistent application of this sanctions policy framework will establish clear criteria for the use of sanctions. Treasury should also seek to develop and implement an analytical construct to assess its sanctions programs and actions systematically, incorporating this policy framework and building on existing evaluation efforts. The product of these assessments could be recommendations to augment, adapt, or wind down individual authorities or to list or delist particular individuals or entities.

2. Incorporating multilateral coordination, where possible.

Sanctions are most effective when coordinated as an Administration with allies and partners who can magnify economic and political impact. This coordination also enhances the credibility of U.S. international leadership and shared policy or security goals of the United States and its allies.

Coordinated actions also help mitigate the economic impact on American workers and firms. Allies and partners can be encouraged to coordinate sanctions policy through:

(1) collaboration and sharing of policy frameworks and information;

(2) ongoing efforts to harmonize sanctions regimes; and

(3) efforts to build sanctions coordination into existing multilateral fora. These multilateral efforts include advocating for UN sanctions when possible and appropriate to ensure global applicability of restrictive measures and amplify messaging, as well as working through other multilateral organizations. The State Department, in particular, as the U.S. Government interagency lead for the formulation of foreign policy, is an essential partner and leader in this work.

3. Calibrating sanctions to mitigate unintended economic, political, and humanitarian impact.

Treasury should seek to tailor sanctions in order to mitigate unintended economic and political impacts on domestic workers and businesses, allies, and non-targeted populations abroad. This will protect key constituencies and help preserve support for U.S. sanctions policy.

For example, U.S. small businesses may lack the resources to bear the costs of sanctions compliance while competing with large companies at home and abroad; uncalibrated sanctions could unnecessarily lead them to turn down business opportunities in order to avoid these costs. Better tailored sanctions can help avoid these costs and maintain the competitiveness of U.S. businesses.

In addition, Treasury must address more systematically the challenges associated with conducting humanitarian activities through legitimate channels in heavily sanctioned jurisdictions. Where possible and appropriate, Treasury should expand sanctions exceptions to support the flow of legitimate humanitarian goods and assistance and provide clear guidance at the outset when sanctions authorities are created and implemented, particularly related to vulnerable populations.

Going forward, Treasury will continue to review its existing authorities to consider the unintended consequences of current sanctions regimes on humanitarian activity necessary to support basic human needs, as well as potential changes to address them while continuing to deny support to malicious actors. We believe this effort is worthy of significant time and effort to ensure the world understands that the provision of legitimate humanitarian assistance reflects American values.

4. Ensuring sanctions are easily understood, enforceable, and adaptable.

Sanctions are only as effective as their implementation, especially with regard to communication and engagement. In order to better calibrate the use of this tool, Treasury needs to communicate and coordinate more effectively with stakeholders affected by the use of financial sanctions. Treasury can build on existing outreach and engagement capabilities through enhanced communication with industry, financial institutions, allies, civil society, and the media, as well as new constituencies, particularly in the digital assets space.

Treasury should enhance its public messaging and engagement with key audiences domestically and internationally around its sanctions, ensuring that the messaging augments and closely aligns with key stakeholder groups. It should also coordinate closely with the Department of State on messaging for foreign engagement. Enhancing the public information on the Treasury website and communicating in plain language would also improve public understanding of the intent and effect of sanctions.

5. Investing in modernizing Treasury’s sanctions technology, workforce, and infrastructure.

Modernization requires investing in Treasury’s sanctions workforce and operational capabilities. The Department must have the right expertise, technology, and staff to support a robust and effective sanctions policymaking and implementation process. These investments will sustain Treasury’s ability to execute a core tool of U.S. foreign policy and national security, protect the integrity of the U.S. financial system, and build on constructive relationships with a wide array of sanctions stakeholders.

In particular, Treasury should invest in deepening its institutional knowledge and capabilities in the evolving digital assets and services space to support the full sanctions lifecycle of activities. To better facilitate compliance, Treasury should expand its use of technology to provide critical information to domestic and foreign audiences affected by sanctions actions. This includes making certain tactical and operational improvements. For example, stakeholders reported that Treasury’s public website is viewed as cumbersome to navigate, and could be improved to offer clearer guidance to better support humanitarian groups and regulated entities, as well as sanctions targets themselves.

The United States faces a changing world where financial innovation, shifts in global economic activity, and new geopolitical challenges are redefining how economic power can be used to support national security objectives. These shifts are accompanied by new and rising threats for which sanctions may be a critical tool of U.S. policy.

To effectively confront these changes, Treasury must modernize and adapt its sanctions policy and operational framework. A refined policy rubric and options for modernizing Treasury’s sanctions infrastructure will provide Treasury with the right tools to stay ahead of these changes and the adversaries seeking to take advantage of them. Though it will require Treasury, and others in the U.S. government, to make difficult decisions about where and when to recommend the use of sanctions, doing so will ultimately strengthen Treasury’s use of sanctions in the long-term. These changes will lay the groundwork for future Treasury leadership to address tomorrow’s challenges.

The Framework from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers and enforces U.S. economic and trade sanctions programs against targeted foreign governments, individuals, groups, and entities in accordance with national security and foreign policy goals and objectives.

OFAC strongly encourages organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP).

While each risk-based SCP will vary depending on a variety of factors—including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations—each program should be predicated on and incorporate at least five essential components of compliance:

(1) management commitment;

(2) risk assessment;

(3) internal controls;

(4) testing and auditing; and

(5) training.

If after conducting an investigation and determining that a civil monetary penalty (“CMP”) is the appropriate administrative action in response to an apparent violation, the Office of Compliance and Enforcement (OCE) will determine which of the following or other elements should be incorporated into the subject person’s SCP as part of any accompanying settlement agreement, as appropriate.

As in all enforcement cases, OFAC will evaluate a subject person’s SCP in a manner consistent with the Economic Sanctions Enforcement Guidelines (the “Guidelines”). When applying the Guidelines to a given factual situation, OFAC will consider favorably subject persons that had effective SCPs at the time of an apparent violation.

For example, under General Factor E (compliance program), OFAC may consider the existence, nature, and adequacy of an SCP, and when appropriate, may mitigate a CMP on that basis. Subject persons that have implemented effective SCPs that are predicated on the five essential components of compliance may also benefit from further mitigation of a CMP pursuant to General Factor F (remedial response) when the SCP results in remedial steps being taken.

Finally, OFAC may, in appropriate cases, consider the existence of an effective SCP at the time of an apparent violation as a factor in its analysis as to whether a case is deemed “egregious.”

Management Commitment

Senior Management’s commitment to, and support of, an organization’s risk-based SCP is one of the most important factors in determining its success. This support is essential in ensuring the SCP receives adequate resources and is fully integrated into the organization’s daily operations, and also helps legitimize the program, empower its personnel, and foster a culture of compliance throughout the organization.

General Aspects of an SCP: Senior Management Commitment.

Senior management commitment to supporting an organization’s SCP is a critical factor in determining the success of the SCP. Effective management support includes the provision of adequate resources to the compliance unit(s) and support for compliance personnel’s authority within an organization.

The term “senior management” may differ among various organizations, but typically the term should include senior leadership, executives, and/or the board of directors.

I. Senior management has reviewed and approved the organization’s SCP.

II. Senior management ensures that its compliance unit(s) is/are delegated sufficient authority and autonomy to deploy its policies and procedures in a manner that effectively controls the organization’s OFAC risk. As part of this effort, senior management ensures the existence of direct reporting lines between the SCP function and senior management, including routine and periodic meetings between these two elements of the organization.

III. Senior management has taken, and will continue to take, steps to ensure that the organization’s compliance unit(s) receive adequate resources—including in the form of human capital, expertise, information technology, and other resources, as appropriate—that are relative to the organization’s breadth of operations, target and secondary markets, and other factors affecting its overall risk profile.

These efforts could generally be measured by the following criteria:

A. The organization has appointed a dedicated OFAC sanctions compliance officer;

B. The quality and experience of the personnel dedicated to the SCP, including:

(i) the technical knowledge and expertise of these personnel with respect to OFAC’s regulations, processes, and actions;

(ii) the ability of these personnel to understand complex financial and commercial activities, apply their knowledge of OFAC to these items, and identify OFAC-related issues, risks, and prohibited activities; and

(iii) the efforts to ensure that personnel dedicated to the SCP have sufficient experience and an appropriate position within the organization, and are an integral component to the organization’s success; and

C. Sufficient control functions exist that support the organization’s SCP—including but not limited to information technology software and systems—that adequately address the organization’s OFAC-risk assessment and levels.

IV. Senior management promotes a “culture of compliance” throughout the organization.

These efforts could generally be measured by the following criteria:

A. The ability of personnel to report sanctions related misconduct by the organization or its personnel to senior management without fear of reprisal.

B. Senior management messages and takes actions that discourage misconduct and prohibited activities, and highlight the potential repercussions of non-compliance with OFAC sanctions; and

C. The ability of the SCP to have oversight over the actions of the entire organization, including but not limited to senior management, for the purposes of compliance with OFAC sanctions.

V. Senior management demonstrates recognition of the seriousness of apparent violations of the laws and regulations administered by OFAC, or malfunctions, deficiencies, or failures by the organization and its personnel to comply with the SCP’s policies and procedures, and implements necessary measures to reduce the occurrence of apparent violations in the future. Such measures should address the root causes of past apparent violations and represent systemic solutions whenever possible.

Risk Assessment

Risks in sanctions compliance are potential threats or vulnerabilities that, if ignored or not properly handled, can lead to violations of OFAC’s regulations and negatively affect an organization’s reputation and business. OFAC recommends that organizations take a risk-based approach when designing or updating an SCP.

One of the central tenets of this approach is for organizations to conduct a routine, and if appropriate, ongoing “risk assessment” for the purposes of identifying potential OFAC issues they are likely to encounter. As described in detail below, the results of a risk assessment are integral in informing the SCP’s policies, procedures, internal controls, and training in order to mitigate such risks.

While there is no “one-size-fits all” risk assessment, the exercise should generally consist of a holistic review of the organization from top-to-bottom and assess its touchpoints to the outside world.

This process allows the organization to identify potential areas in which it may, directly or indirectly, engage with OFAC-prohibited persons, parties, countries, or regions.

For example, an organization’s SCP may conduct an assessment of the following:

(i) customers, supply chain, intermediaries, and counter-parties;

(ii) the products and services it offers, including how and where such items fit into other financial or commercial products, services, networks, or systems; and

(iii) the geographic locations of the organization, as well as its customers, supply chain, intermediaries, and counter-parties. Risk assessments and sanctions-related due diligence is also important during mergers and acquisitions, particularly in scenarios involving non-U.S. companies or corporations.

Internal Controls

An effective SCP should include internal controls, including policies and procedures, in order to identify, interdict, escalate, report (as appropriate), and keep records pertaining to activity that may be prohibited by the regulations and laws administered by OFAC.

The purpose of internal controls is to outline clear expectations, define procedures and processes pertaining to OFAC compliance (including reporting and escalation chains), and minimize the risks identified by the organization’s risk assessments. Policies and procedures should be enforced, weaknesses should be identified (including through root cause analysis of any compliance breaches) and remediated, and internal and/or external audits and assessments of the program should be conducted on a periodic basis.

Given the dynamic nature of U.S. economic and trade sanctions, a successful and effective SCP should be capable of adjusting rapidly to changes published by OFAC. These include the following:

(i) updates to OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), the Sectoral Sanctions Identification List (“SSI List”), and other sanctionsrelated lists;

(ii) new, amended, or updated sanctions programs or prohibitions imposed on targeted foreign countries, governments, regions, or persons, through the enactment of new legislation, the issuance of new Executive orders, regulations, or published OFAC guidance or other OFAC actions; and

(iii) the issuance of general licenses.

Testing and Auditing

Audits assess the effectiveness of current processes and check for inconsistencies between these and day-to-day operations.

A comprehensive and objective testing or audit function within an SCP ensures that an organization identifies program weaknesses and deficiencies, and it is the organization’s responsibility to enhance its program, including all program-related software, systems, and other technology, to remediate any identified compliance gaps.

Such enhancements might include updating, improving, or recalibrating SCP elements to account for a changing risk assessment or sanctions environment.

Testing and auditing can be conducted on a specific element of an SCP or at the enterprise-wide level.


An effective training program is an integral component of a successful SCP. The training program should be provided to all appropriate employees and personnel on a periodic basis (and at a minimum, annually) and generally should accomplish the following:

(i) provide job-specific knowledge based on need;

(ii) communicate the sanctions compliance responsibilities for each employee; and

(iii) hold employees accountable for sanctions compliance training through assessments.