OFAC Risk Assessment and Review

Schedule a Free Consultation Today

The risk assessment and review is a fundamental component of all compliance programs that have to do with the Office of Foreign Assets Control (OFAC). Only by examining and understanding the particular risks that you or your company faces when interacting with foreign nationals can you take the steps necessary to comply with U.S. economic sanctions and avoid the costly penalties of doing business with a sanctioned entity.

The OFAC lawyers at The Criminal Defense Firm serve as OFAC compliance professionals to companies large and small across the United States, guiding them through the complicated process of bringing their businesses in line with the rigorous and extremely important demands of U.S. international sanctions law.

Put our highly experienced team on your side

Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Former DA

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney
& Former District Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

John W. Sellers
Linda Julin McNamara

Former Chief, DOJ Appeals

Local Counsel

Elizabeth Stepp
Elizabeth Stepp

Litigation Counsel

Aaron L. Wiley
Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (OIG)

Timothy E. Allen
Timothy E. Allen

Former Senior Special Agent

Chris Quick
Chris Quick

Former Special Agent (FBI & IRS-CI)

David M. Bentz
David M. Bentz

Former U.S. Secret Service Agent

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Risk Assessment is a Core Component of OFAC Compliance

OFAC strongly recommends that companies under U.S. jurisdiction create and implement a sanctions compliance program to ensure that the company does not do business with an individual or entity that is under a trade embargo by the U.S. That sanctions compliance program, OFAC stresses, should use a risk-based approach to comply with the law efficiently, and should include at least the following five elements:

  1. A commitment to compliance from management,
  2. An assessment and review of the particular risks that the company is exposed to,
  3. Internal controls to detect, identify, and report potential violations of U.S. sanctions law,
  4. Auditing of established compliance protocols, and
  5. Employee training and retraining.

The OFAC compliance checklists that The Criminal Defense Firm uses for 2023 include all of these components.

Let’s take a closer look at the second element: Risk assessment and review.

A Close Risk Assessment Streamlines the Entire Compliance Process

One of the most important things to remember about the risk assessment stage of OFAC compliance is that it is meant to focus your company’s resources on the most pressing dangers and its worst exposures to legal liability under U.S. sanctioning law. By taking the risk assessment seriously and investing in the process, it can reduce the costs of coming up with the rest of the OFAC compliance system, and can mitigate the compliance protocol’s long-term expense to the company.

Looking at it from another way, shirking or even skipping the risk assessment stage in the OFAC compliance process has two very foreseeable outcomes:

  1. Your company’s OFAC compliance system will cover bases that it does not need to cover in order to prevent risks that do not exist, and
  2. Your company will continue to spend time, money, and other resources maintaining and enforcing those needless aspects of its compliance protocols.

Taking the risk assessment seriously can save your company lots of money in the long run and improve the efficacy of the OFAC compliance mechanisms that it ends up adopting.

Every Risk Assessment is Unique

Importantly, every single business – even those in the same industry or sector – will have unique risks when it comes to OFAC compliance. This is because every business will have a unique combination of:

  • International clients and customers
  • Foreign vendors or product suppliers
  • Other foreign involvement in the supply chain
  • International investments

Even companies that have similar combinations of these elements will still have different OFAC risks, as each international contact will come with different potential risks for U.S. sanctioning laws. As a result, OFAC tells companies that “there is no ‘one-size-fits-all'” approach to risk assessment, and that companies should conduct a “holistic review” of the entire organization to find “touchpoints to the outside world” that could expose them to either direct or indirect contact with Specially Designated Nationals (SDNs) that are the target of U.S. sanctions. This should include reviewing for risks to OFAC compliance that come from:

  • Customers
  • The company’s supply chain
  • Any intermediaries between the company and its suppliers or consumers
  • Counter-parties
  • The company’s geographical locations

Additionally, risk assessments for OFAC compliance are not a one-off obligation. They should be a routine aspect of ongoing compliance. Many companies make them a part of their OFAC internal auditing process. At the very least, an OFAC risk assessment should be conducted whenever the company has added a new avenue of exposure to international threats to the company’s compliance with OFAC. This can happen whenever the company:

  • Merges with another company
  • Goes through some other sort of acquisition
  • Changes a part of its supply chain
  • Acquires a new international customer or client

To help companies get an idea of how to start their OFAC risk assessment, the agency has promulgated regulations that aim to give compliance teams a sense of where they have to go to be successful. It is published in the Annex to Appendix A of 31 C.F.R. Part 501. While the Annex is specifically designed for use by financial institutions, it can provide a basic framework for risk assessments conducted by other sorts of companies, as well.

The Findings of the Risk Assessment and Review Should Inform the Rest of the Sanctions Compliance System

Once the OFAC risk assessment is complete, the internal investigators who conducted it and the company’s stakeholders or decision-makers should meet to review the findings. This review process should inform how the company moves forward with its OFAC compliance system. Areas of the company that have been found to be at high risk of an OFAC violation should be the focus of the compliance efforts, as they pose the greatest threat to the company.

Frequently Asked Questions About The Criminal Defense Firm and OFAC Compliance

What are the Penalties of Violating OFAC-Enforced Sanctions?


OFAC is tasked with enforcing the economic sanctions that America imposes on its enemies and on threats to its interests abroad, including terrorist organizations, global pariahs, and leaders that destabilize their region. Those sanctions forbid American individuals and companies from doing business with sanctioned parties, and carry substantial penalties for violations.

If OFAC has reason to believe that you dealt with a sanctioned party deliberately or willfully, it can file criminal charges. The precise penalties will depend on the Congressional legislation that authorized the particular sanction that was allegedly violated. However, convictions often carry at least tens of thousands of dollars in fines for each violation, as well as multiple decades in prison.

Even accidental violations of sanctions face harsh punishments, though. OFAC has the authority to impose steep civil penalties against companies that unwittingly do business with a sanctioned entity or individual. These penalties can increase if OFAC has cause to believe that your compliance mechanisms failed to adequately prevent the violating transactions.

Finally, there are the non-legal repercussions of an OFAC violation. If news that you or your company dealt with an enemy of America reaches the public’s eye, it can be a huge blow to your business reputation. This is particularly true if the sanctioned party that ended up being the beneficiary of your dealings has any notoriety. In many cases, the fallout from the negative publicity of the violation can end up being more financially painful than the legal penalties imposed by OFAC.

What Makes The Criminal Defense Firm Different from Other OFAC Compliance Providers?


There are several different things that set The Criminal Defense Firm’s OFAC team apart from other law firms and compliance services providers.

First, we have both compliance professionals and defense lawyers under our roof. This enhances both sides of the services that we provide. Our defense lawyers have experience handling allegations of OFAC violations, which helps them guide our compliance team away from problematic compliance structures that they have seen fail for other clients. Meanwhile, our compliance professionals understand what it takes to create an effective compliance protocol, which can assist our defense lawyers when they negotiate with OFAC during an allegation of wrongdoing.

Second, both our lawyers and compliance professionals have extensive experience handling cases similar to your own. Many of them only came to The Criminal Defense Firm after spending numerous years within federal law enforcement agencies prosecuting white collar and financial offenses similar to OFAC violations.

Finally, you do not have to worry about your OFAC matter getting delegated to a lawyer or compliance professional with less experience in the field than the ones that drew you to our firm. That cannot happen because we only have senior-level professionals on our staff. All of the work done on your legal case or your compliance system will be performed by the same experienced professionals that made you call The Criminal Defense Firm in the first place.

Why Don't You Call Yourselves the Best OFAC Compliance Team?


When our prior clients say things similar to this about The Criminal Defense Firm in their testimonials, we do not find the need to repeat it.

OFAC Sanctions Professionals and Defense Lawyers at The Criminal Defense Firm

It is very difficult to create an OFAC compliance structure that is not only effective at insulating the company from legal liability, but also efficient as well. Companies need to do both. An OFAC compliance protocol that is extremely good at preventing OFAC violations, but that is so onerous and cumbersome that it saps up lots of time and money, is not in the company’s best interests.

The OFAC compliance and defense lawyers at The Criminal Defense Firm have the defense lawyers and the compliance professionals needed to effectively insulate your company while still letting it function at a high level.

Contact us online or call our national law office at (866) 603-4540 to get started at your company.

Dallas 214-817-2053
Houston 713-454-7814
Detroit 313-634-0925
Baton Rouge 225-269-8749
New York 332-239-7345
Winter Park 407-890-0460
Miami 786-751-3247
Portland 207-222-7742
Nationwide 866-603-4540