OFAC Sanctions in KYB: Business Compliance Guide
Loona Järvloo
June 4, 2025
When Western governments imposed unprecedented sanctions on Russia in 2022, organizations globally scrambled to ensure compliance. The Office of Foreign Assets Control (OFAC), the enforcement arm of the US Treasury Department, stood at the center of this sanctions storm. For businesses conducting Kn
OFAC's Unique Role in the Global Sanctions Landscape
The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions programs to support US national security and foreign policy objectives. Unlike other sanctions authorities, OFAC's reach extends far beyond American shores due to:
- Global USD Dominance: Any transaction involving US dollars passes through the US financial system, bringing it under OFAC jurisdiction
- Secondary Sanctions: OFAC can penalize non-US entities that do business with sanctioned parties
- Extraterritorial Reach: US-owned or controlled foreign entities must comply with certain OFAC sanctions programs
This expansive jurisdiction makes OFAC compliance essential for businesses worldwide, not just those based in the United States.
OFAC Sanctions Programs and Lists in KYB
| OFAC List | Coverage | Restrictions | KYB Implications |
|---|---|---|---|
| SDN List | Individuals, entities, vessels, aircraft involved in terrorism, narcotics, human rights abuses, etc. | Complete asset blocking; all transactions prohibited | Screen all business entities and UBOs. Any match requires immediate blocking of relationship and possible asset freeze. |
| Sectoral Sanctions (SSI) List | Entities in specific sectors (e.g. Russian finance, energy, defense) | Restrictions on certain debt/equity transactions above set maturities | Identify if counterparties fall under SSI; some transactions may be allowed, but restrictions apply. |
| Foreign Sanctions Evaders (FSE) List | Entities and individuals facilitating evasion of US sanctions | US persons prohibited from transactions | Enhanced due diligence required on business partners; avoid US-linked transactions. |
| NS-PLC List | Members of Palestinian Legislative Council not otherwise listed | Limited restrictions | Review case-by-case; generally does not result in comprehensive blocking. |
For KYB, these lists require more nuanced compliance approaches, as they may permit certain transactions while prohibiting others.
The OFAC 50% Rule: A Unique Compliance Challenge
OFAC's "50% rule" creates one of the most challenging aspects of sanctions screening in KYB. Under this rule, any entity owned 50% or more, directly or indirectly, by sanctioned parties is itself considered sanctioned, even if not explicitly listed.
This rule requires businesses to:
- Map complete ownership structures through all layers
- Identify all direct and indirect owners
- Calculate aggregate ownership percentages when multiple sanctioned parties are involved
- Apply blocking requirements to unlisted entities that meet the 50% threshold
OFAC 50% Rule: Practical Implementation Steps
1. Standardize Methodology
- Document your approach to aggregating ownership percentages
- Create clear guidelines for determining control relationships
- Establish procedures for handling complex structures
2. Use Visual Tools
- Map multi-layered corporate structures
- Calculate aggregate ownership across all possible paths
- Document the analysis with screenshots or reports
3. Build an Audit Trail
- Record all ownership information and sources
- Document screening results for each identified owner
- Maintain evidence of the aggregate ownership calculation
OFAC's Five-Pillar Framework for Sanctions Compliance
OFAC recommends building your sanctions compliance program around five essential pillars, which should be integrated into your KYB process:
1. Management Commitment
- Secure senior leadership approval for OFAC compliance protocols
- Allocate adequate resources to OFAC screening technology and personnel
- Establish clear reporting lines for sanctions-related issues
2. Risk Assessment
- Develop a specific OFAC risk assessment methodology
- Identify high-risk jurisdictions, industries, and ownership structures
- Document your risk-based approach to OFAC screening
3. Internal Controls
- Create written procedures for OFAC screening in KYB
- Implement technology solutions with OFAC-specific configurations
- Establish escalation protocols for potential OFAC matches
4. Testing and Auditing
- Conduct independent testing of OFAC screening effectiveness
- Regularly audit OFAC compliance within your KYB process
- Document and address any identified weaknesses
5. Training
- Provide OFAC-specific training to KYB personnel
- Ensure staff understand the 50% rule and its implications
- Keep training updated as OFAC guidance evolves
OFAC Screening in the KYB Process: When and How
OFAC screening should be integrated throughout the KYB lifecycle:
Initial Onboarding
- Screen the business entity against all OFAC lists
- Screen all beneficial owners and controlling parties
- Apply the 50% rule to identify indirectly sanctioned entities
- Document all screening results, including false positives
Trigger-Based Screening
- Changes in ownership or control
- Updates to OFAC sanctions lists
- New business activities in high-risk jurisdictions
- New business relationships with OFAC-sanctioned countries
Ongoing Monitoring
- Implement automated alerts for OFAC list updates
- Conduct periodic rescreening based on risk level
- Monitor for changes in ownership that might trigger the 50% rule
OFAC Enforcement: Unique Considerations for KYB
OFAC's enforcement approach has several distinctive characteristics that affect KYB processes:
Strict Liability Standard
OFAC applies a strict liability standard, meaning violations can occur even without knowledge or intent. For KYB, this means:
- Even inadvertent failures in screening can result in penalties
- "We didn't know" is not a valid defense
- The burden is on the business to identify sanctioned parties
Enforcement Factors
When determining penalties, OFAC considers:
- Whether the violation was "egregious" or "non-egregious"
- The existence of an effective compliance program
- Self-disclosure of violations
- Remedial actions taken
Mitigating Factors in KYB
To mitigate potential penalties, ensure your KYB process:
- Documents all reasonable steps taken to identify sanctioned parties
- Maintains evidence of screening against the most current OFAC lists
- Demonstrates good-faith efforts to understand complex ownership structures
- Shows prompt action when potential matches are identified
OFAC vs. Other Sanctions Regimes: What Makes OFAC Different
| Feature | OFAC (US) | EU Sanctions | UK Sanctions (OFSI) | UN Sanctions |
|---|---|---|---|---|
| Jurisdictional Reach | Global via USD, US persons, US-linked entities | EU territory, EU businesses, EU citizens | UK territory, UK businesses, UK citizens | Member states must implement; varies by country |
| Ownership Rules | Aggregate 50% rule (direct & indirect ownership) | Generally 50%, not always aggregate; varies | 50% rule, similar to OFAC (aggregate); direct/indirect | Depends on each resolution |
| Secondary Sanctions | Yes, can affect non-US entities | Rare, usually no | Rare, usually no | No |
| Strict Liability | Yes (no intent or knowledge required) | No (intent or negligence usually required) | No (intent or negligence usually required) | No (enforcement left to member states) |
| Penalty Severity | Very high (millions or billions in fines) | High | High | Depends on country implementation |
Technology Solutions for OFAC Compliance in KYB
Effective OFAC screening requires specialized technology capabilities:
Essential Features for OFAC Screening Tools
OFAC-Specific Data Coverage
- Real-time updates to OFAC lists (SDN, Consolidated, and program-specific)
- Historical OFAC data for audit purposes
- OFAC enforcement action database
Advanced Matching Capabilities
- Fuzzy matching algorithms calibrated for OFAC's false positive threshold
- Transliteration support for non-Latin alphabets
- Alias and nickname recognition
50% Rule Support
- Ownership structure visualization
- Aggregate ownership calculation
- Indirect ownership path identification
OFAC-Specific Workflow
- Specialized case management for OFAC alerts
- OFAC-compliant documentation templates
- Audit trails that meet OFAC requirements
Best Practices Specific to OFAC Compliance in KYB
1. Implement a Risk-Based Approach
- Identify entities with heightened OFAC risk (e.g., those with connections to sanctioned countries)
- Apply enhanced due diligence to high-risk relationships
- Document your risk assessment methodology
2. Focus on Data Quality
- Collect comprehensive identifying information for accurate matching
- Standardize name formats to reduce false positives
- Maintain up-to-date beneficial ownership information
3. Manage False Positives Effectively
- Develop clear procedures for investigating potential OFAC matches
- Document the rationale for clearing false positives
- Maintain an audit trail of all match reviews
4. Stay Current with OFAC Guidance
- Subscribe to OFAC updates and announcements
- Review OFAC enforcement actions for compliance lessons
- Adjust your procedures as OFAC guidance evolves
The Consequences of OFAC Violations in KYB
OFAC violations can lead to severe consequences:
Financial Penalties
- Civil monetary penalties can reach millions of dollars
- Penalties are assessed per violation, potentially resulting in massive aggregate fines
- Recent penalties have included a $1.4 billion fine against UniCredit Group in 2019
Operational Impacts
- Mandatory compliance program enhancements
- Independent compliance consultants or monitors
- Ongoing reporting obligations to OFAC
Reputational Damage
- Public enforcement actions
- Loss of banking relationships
- Difficulty establishing new business partnerships
Individual Liability
- Personal liability for compliance officers and executives
- Potential criminal charges for willful violations
- Career implications for responsible individuals
Key Takeaways for OFAC Compliance in KYB
- OFAC's global reach makes compliance essential for businesses worldwide
- The 50% rule creates unique challenges in identifying indirectly sanctioned entities
- A risk-based approach should guide the intensity of OFAC screening efforts
- Technology solutions must support OFAC-specific requirements
- Documentation is critical for demonstrating compliance efforts
For organizations navigating OFAC compliance in KYB, a structured approach based on OFAC's five pillars provides the strongest foundation. By understanding OFAC's unique requirements and implementing appropriate controls, businesses can effectively manage sanctions risk while maintaining efficient operations.
How Dotfile Can Help with OFAC Compliance
Dotfile provides end-to-end business verification including comprehensive OFAC sanctions screening for both companies and individuals. Our platform automates the complex process of identifying and monitoring sanctioned entities and their ownership structures, helping you comply with OFAC's challenging 50% rule. With Dotfile, you can streamline your OFAC compliance operations, reduce risk, and build trust with regulators and partners alike.
Frequently Asked Questions
How does OFAC compliance in KYB differ from other sanctions regimes?
OFAC has unique global reach, strict liability, and the 50% rule for indirect ownership. Its secondary sanctions can impact non-US entities, and penalties are among the highest globally. Unlike some regimes, OFAC violations do not require intent or knowledge.
What is the OFAC 50% rule and how does it impact business verification?
The 50% rule means any entity that is 50% or more owned (directly or indirectly) by one or more SDNs is also considered blocked, even if not listed. You must map all ownership layers and aggregate sanctioned ownership to determine exposure.
How often should OFAC screening be performed for KYB?
OFAC screening is required at onboarding, whenever there are changes in ownership/control, when OFAC lists are updated, and during periodic reviews based on risk. High-risk relationships may require real-time or more frequent screening.
What are the consequences of failing to comply with OFAC requirements?
Penalties include multi-million dollar fines, mandatory compliance enhancements, reputational damage, and even personal liability for compliance officers or executives. OFAC applies a strict liability standard, so intent is not required for enforcement.
What documentation should be maintained for OFAC compliance?
Maintain records of screening activities (dates, lists checked, results), ownership analysis for 50% rule compliance, match resolutions, and evidence of risk-based approach and enhanced due diligence for high-risk cases.
How can businesses reduce false positives in OFAC sanctions screening?
Improve data quality, use advanced matching technology with fuzzy logic, adjust threshold settings, collect comprehensive data, and document all match investigations and resolutions for audit purposes.
Automate Your OFAC Screening
Dotfile makes it easy to verify, screen, and monitor business partners and owners—so you always meet OFAC requirements and keep your operations moving.
Book a Demo
Ready for Anywhere?
Verify any business, enter any market, defend every decision. Every signal orchestrated, every decision traceable, from one platform.