OFAC Sanctions in KYB: Business Compliance Guide

Loona Järvloo

June 4, 2025

When Western governments imposed unprecedented sanctions on Russia in 2022, organizations globally scrambled to ensure compliance. The Office of Foreign Assets Control (OFAC), the enforcement arm of the US Treasury Department, stood at the center of this sanctions storm. For businesses conducting Know Your Business (KYB) verification, OFAC compliance has become a critical component carrying significant regulatory, financial, and reputational implications.

Featured in:

Featured Blog Posts

KYB

What is the End-to-End KYB Process?

June 3, 2025

Regulations

Mise à jour des lignes directrices conjointes ACPR / Tracfin : Que faut-il retenir ? Décryptage des principaux apports

May 22, 2025

Team

Meet Dotfile at Money 20/20 Europe & Transform Your KYB

May 14, 2025

OFAC's Unique Role in the Global Sanctions Landscape

The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions programs to support US national security and foreign policy objectives. Unlike other sanctions authorities, OFAC's reach extends far beyond American shores due to:

Global USD Dominance: Any transaction involving US dollars passes through the US financial system, bringing it under OFAC jurisdiction
Secondary Sanctions: OFAC can penalize non-US entities that do business with sanctioned parties
Extraterritorial Reach: US-owned or controlled foreign entities must comply with certain OFAC sanctions programs

This expansive jurisdiction makes OFAC compliance essential for businesses worldwide, not just those based in the United States.

‍

OFAC Sanctions Programs and Lists in KYB

OFAC List	Coverage	Restrictions	KYB Implications
SDN List	Individuals, entities, vessels, aircraft involved in terrorism, narcotics, human rights abuses, etc.	Complete asset blocking; all transactions prohibited	Screen all business entities and UBOs. Any match requires immediate blocking of relationship and possible asset freeze.
Sectoral Sanctions (SSI) List	Entities in specific sectors (e.g. Russian finance, energy, defense)	Restrictions on certain debt/equity transactions above set maturities	Identify if counterparties fall under SSI; some transactions may be allowed, but restrictions apply.
Foreign Sanctions Evaders (FSE) List	Entities and individuals facilitating evasion of US sanctions	US persons prohibited from transactions	Enhanced due diligence required on business partners; avoid US-linked transactions.
NS-PLC List	Members of Palestinian Legislative Council not otherwise listed	Limited restrictions	Review case-by-case; generally does not result in comprehensive blocking.

For KYB, these lists require more nuanced compliance approaches, as they may permit certain transactions while prohibiting others.
‍

The OFAC 50% Rule: A Unique Compliance Challenge

OFAC's "50% rule" creates one of the most challenging aspects of sanctions screening in KYB. Under this rule, any entity owned 50% or more, directly or indirectly, by sanctioned parties is itself considered sanctioned, even if not explicitly listed.

This rule requires businesses to:

Map complete ownership structures through all layers
Identify all direct and indirect owners
Calculate aggregate ownership percentages when multiple sanctioned parties are involved
Apply blocking requirements to unlisted entities that meet the 50% threshold

OFAC 50% Rule: Practical Implementation Steps

1. Standardize Methodology

Document your approach to aggregating ownership percentages
Create clear guidelines for determining control relationships
Establish procedures for handling complex structures

2. Use Visual Tools

Map multi-layered corporate structures
Calculate aggregate ownership across all possible paths
Document the analysis with screenshots or reports

3. Build an Audit Trail

Record all ownership information and sources
Document screening results for each identified owner
Maintain evidence of the aggregate ownership calculation

OFAC's Five-Pillar Framework for Sanctions Compliance

OFAC recommends building your sanctions compliance program around five essential pillars, which should be integrated into your KYB process:
‍

1. Management Commitment

Secure senior leadership approval for OFAC compliance protocols
Allocate adequate resources to OFAC screening technology and personnel
Establish clear reporting lines for sanctions-related issues
‍

2. Risk Assessment

Develop a specific OFAC risk assessment methodology
Identify high-risk jurisdictions, industries, and ownership structures
Document your risk-based approach to OFAC screening
‍

3. Internal Controls

Create written procedures for OFAC screening in KYB
Implement technology solutions with OFAC-specific configurations
Establish escalation protocols for potential OFAC matches
‍

4. Testing and Auditing

Conduct independent testing of OFAC screening effectiveness
Regularly audit OFAC compliance within your KYB process
Document and address any identified weaknesses
‍

5. Training

Provide OFAC-specific training to KYB personnel
Ensure staff understand the 50% rule and its implications
Keep training updated as OFAC guidance evolves

‍

OFAC Screening in the KYB Process: When and How

OFAC screening should be integrated throughout the KYB lifecycle:

‍

Initial Onboarding

Screen the business entity against all OFAC lists
Screen all beneficial owners and controlling parties
Apply the 50% rule to identify indirectly sanctioned entities
Document all screening results, including false positives
‍

Trigger-Based Screening

Changes in ownership or control
Updates to OFAC sanctions lists
New business activities in high-risk jurisdictions
New business relationships with OFAC-sanctioned countries
‍

Ongoing Monitoring

Implement automated alerts for OFAC list updates
Conduct periodic rescreening based on risk level
Monitor for changes in ownership that might trigger the 50% rule

‍

OFAC Enforcement: Unique Considerations for KYB

OFAC's enforcement approach has several distinctive characteristics that affect KYB processes:

‍

Strict Liability Standard

OFAC applies a strict liability standard, meaning violations can occur even without knowledge or intent. For KYB, this means:

Even inadvertent failures in screening can result in penalties
"We didn't know" is not a valid defense
The burden is on the business to identify sanctioned parties
‍

Enforcement Factors

When determining penalties, OFAC considers:

Whether the violation was "egregious" or "non-egregious"
The existence of an effective compliance program
Self-disclosure of violations
Remedial actions taken
‍

Mitigating Factors in KYB

To mitigate potential penalties, ensure your KYB process:

Documents all reasonable steps taken to identify sanctioned parties
Maintains evidence of screening against the most current OFAC lists
Demonstrates good-faith efforts to understand complex ownership structures
Shows prompt action when potential matches are identified
‍

OFAC vs. Other Sanctions Regimes: What Makes OFAC Different

Feature	OFAC (US)	EU Sanctions	UK Sanctions (OFSI)	UN Sanctions
Jurisdictional Reach	Global via USD, US persons, US-linked entities	EU territory, EU businesses, EU citizens	UK territory, UK businesses, UK citizens	Member states must implement; varies by country
Ownership Rules	Aggregate 50% rule (direct & indirect ownership)	Generally 50%, not always aggregate; varies	50% rule, similar to OFAC (aggregate); direct/indirect	Depends on each resolution
Secondary Sanctions	Yes, can affect non-US entities	Rare, usually no	Rare, usually no	No
Strict Liability	Yes (no intent or knowledge required)	No (intent or negligence usually required)	No (intent or negligence usually required)	No (enforcement left to member states)
Penalty Severity	Very high (millions or billions in fines)	High	High	Depends on country implementation

‍

Technology Solutions for OFAC Compliance in KYB

Effective OFAC screening requires specialized technology capabilities:
‍

Essential Features for OFAC Screening Tools

OFAC-Specific Data Coverage

Real-time updates to OFAC lists (SDN, Consolidated, and program-specific)
Historical OFAC data for audit purposes
OFAC enforcement action database

Advanced Matching Capabilities

Fuzzy matching algorithms calibrated for OFAC's false positive threshold
Transliteration support for non-Latin alphabets
Alias and nickname recognition

50% Rule Support

Ownership structure visualization
Aggregate ownership calculation
Indirect ownership path identification

OFAC-Specific Workflow

Specialized case management for OFAC alerts
OFAC-compliant documentation templates
Audit trails that meet OFAC requirements
‍

Best Practices Specific to OFAC Compliance in KYB
‍

1. Implement a Risk-Based Approach

Identify entities with heightened OFAC risk (e.g., those with connections to sanctioned countries)
Apply enhanced due diligence to high-risk relationships
Document your risk assessment methodology
‍

2. Focus on Data Quality

Collect comprehensive identifying information for accurate matching
Standardize name formats to reduce false positives
Maintain up-to-date beneficial ownership information
‍

3. Manage False Positives Effectively

Develop clear procedures for investigating potential OFAC matches
Document the rationale for clearing false positives
Maintain an audit trail of all match reviews
‍

4. Stay Current with OFAC Guidance

Subscribe to OFAC updates and announcements
Review OFAC enforcement actions for compliance lessons
Adjust your procedures as OFAC guidance evolves
‍

The Consequences of OFAC Violations in KYB

OFAC violations can lead to severe consequences:
‍

Financial Penalties

Civil monetary penalties can reach millions of dollars
Penalties are assessed per violation, potentially resulting in massive aggregate fines
Recent penalties have included a $1.4 billion fine against UniCredit Group in 2019
‍

Operational Impacts

Mandatory compliance program enhancements
Independent compliance consultants or monitors
Ongoing reporting obligations to OFAC
‍

Reputational Damage

Public enforcement actions
Loss of banking relationships
Difficulty establishing new business partnerships
‍

Individual Liability

Personal liability for compliance officers and executives
Potential criminal charges for willful violations
Career implications for responsible individuals
‍

Key Takeaways for OFAC Compliance in KYB

OFAC's global reach makes compliance essential for businesses worldwide
The 50% rule creates unique challenges in identifying indirectly sanctioned entities
A risk-based approach should guide the intensity of OFAC screening efforts
Technology solutions must support OFAC-specific requirements
Documentation is critical for demonstrating compliance efforts

For organizations navigating OFAC compliance in KYB, a structured approach based on OFAC's five pillars provides the strongest foundation. By understanding OFAC's unique requirements and implementing appropriate controls, businesses can effectively manage sanctions risk while maintaining efficient operations.
‍

How Dotfile Can Help with OFAC Compliance

Dotfile provides end-to-end business verification including comprehensive OFAC sanctions screening for both companies and individuals. Our platform automates the complex process of identifying and monitoring sanctioned entities and their ownership structures, helping you comply with OFAC's challenging 50% rule. With Dotfile, you can streamline your OFAC compliance operations, reduce risk, and build trust with regulators and partners alike.

Frequently Asked Questions

How does OFAC compliance in KYB differ from other sanctions regimes?

OFAC has unique global reach, strict liability, and the 50% rule for indirect ownership. Its secondary sanctions can impact non-US entities, and penalties are among the highest globally. Unlike some regimes, OFAC violations do not require intent or knowledge.

What is the OFAC 50% rule and how does it impact business verification?

The 50% rule means any entity that is 50% or more owned (directly or indirectly) by one or more SDNs is also considered blocked, even if not listed. You must map all ownership layers and aggregate sanctioned ownership to determine exposure.

How often should OFAC screening be performed for KYB?

OFAC screening is required at onboarding, whenever there are changes in ownership/control, when OFAC lists are updated, and during periodic reviews based on risk. High-risk relationships may require real-time or more frequent screening.

What are the consequences of failing to comply with OFAC requirements?

Penalties include multi-million dollar fines, mandatory compliance enhancements, reputational damage, and even personal liability for compliance officers or executives. OFAC applies a strict liability standard, so intent is not required for enforcement.

What documentation should be maintained for OFAC compliance?

Maintain records of screening activities (dates, lists checked, results), ownership analysis for 50% rule compliance, match resolutions, and evidence of risk-based approach and enhanced due diligence for high-risk cases.

How can businesses reduce false positives in OFAC sanctions screening?

Improve data quality, use advanced matching technology with fuzzy logic, adjust threshold settings, collect comprehensive data, and document all match investigations and resolutions for audit purposes.

‍

Automate Your OFAC Screening

Dotfile makes it easy to verify, screen, and monitor business partners and owners—so you always meet OFAC requirements and keep your operations moving.

Book a Demo

‍

Ready to transform your KYB workflow?
It all starts here.

Book a demo