The Office of Foreign Assets Control (OFAC) enforces several sanctions programs. While violations of OFAC sanctions will trigger civil monetary penalties (CMP) in most cases, some violations can also have criminal implications. These violations can implicate a host of federal statutes, and avoiding prison time (among other penalties) requires a comprehensive, strategic, and effective defense.
So, who must comply with OFAC sanctions—and what does it take to avoid criminal prosecution in 2023?
OFAC’s enforcement jurisdiction is extremely broad. While financial institutions must take steps to ensure that they do not facilitate transactions involving Specially Designated Nationals (SDNs) or other blocked parties, financial institutions are by no means the only parties subject to OFAC compliance. As OFAC explains in its online FAQs:
“U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches. In the cases of certain programs, foreign subsidiaries owned or controlled by U.S. companies also must comply. Certain programs also require foreign persons in possession of U.S.-origin goods to comply.”
In effect, this means that nearly all individuals and entities that have ties to the United States must comply with OFAC’s sanctions programs. These ties can be as significant as physical presence or citizenship, and as tangential as being in possession of goods shipped overseas from the United States. Due to the parallel risks of civil enforcement and criminal prosecution, all individuals and entities that engage in cross-border transactions must give due consideration to OFAC compliance, and they must take all necessary steps to ensure that they are not putting themselves at risk for fines, imprisonment, and other penalties.
Understanding OFAC Sanctions Compliance: Who Needs to Comply?
While OFAC’s enforcement jurisdiction is broad, it is not absolute. Not all financial transactions implicate OFAC’s sanctions programs, and transactions falling outside of OFAC’s jurisdiction can be conducted freely—subject to any other pertinent legal or regulatory requirements. With this in mind, to understand the scope of OFAC’s reach, it is helpful to look not only at the individuals and entities that fall within OFAC’s enforcement jurisdiction, but also the types of transactions that implicate OFAC’s sanctions programs.
We’ll start with the individuals that fall within OFAC’s enforcement jurisdiction. These include:
1. Entities and Individuals in the U.S. that Engage in Cross-Border Transactions
U.S.-based companies that conduct business with customers located outside of the United States must ensure that this business does not result in a violation of OFAC sanctions. The same is true for individuals in the U.S. (both citizens and non-citizens) who buy from foreign companies, provide services to foreign companies, invest in foreign companies, and do other business overseas. Generally speaking, OFAC does not distinguish between companies’ and individuals’ compliance obligations (though companies will need to take significantly greater steps to ensure compliance on an organization-wide scale). OFAC also makes clear that being unaware of a transaction’s sanctions-related implications is not an excuse for non-compliance.
2. Financial Institutions in the U.S. that Facilitate Cross-Border Transactions
OFAC’s sanctions also apply to financial institutions in the U.S. that facilitate cross-border transactions. This includes (but is not limited to) entities and individuals defined as financial institutions under the Bank Secrecy Act (BSA). This definition is extremely broad, and it covers several types of businesses (as well as individuals) that aren’t generally thought of as financial institutions in most scenarios. Some examples of entities that qualify as “financial institutions” under the BSA and are subject to OFAC’s sanctions include:
- FDIC-insured banks
- Credit unions
- Trust companies
- Loan and finance companies
- Private bankers
- Securities and commodities brokers and dealers
- U.S. branches of foreign banks
- Insurance companies
- Credit card system operators
- Gambling establishments
Again, these are just examples. Ultimately, if a company or institution in any line of business is involved with conducting or facilitating transactions between entities in the U.S. and abroad (or between two or more foreign entities), then it must give due consideration to OFAC sanctions compliance.
3. Entities (Including Financial Institutions) and Individuals on Foreign Soil
Along with individuals and entities in the U.S., individuals and entities on foreign soil must comply with OFAC’s sanctions in many circumstances as well. This includes, but is not limited to, financial institutions. Examples of individuals and entities in this category that may be subject to OFAC compliance obligations include (but are not limited to): (i) U.S. citizens and lawful permanent residents located abroad; (ii) foreign branches and subsidiaries of U.S. companies and financial institutions; and, (iii) foreign entities and individuals in possession of (or seeking to take possession of) goods originating from the United States through exporting, re-exporting, and other cross-border transactions.
Understanding the Scope of OFAC’s Sanctions Programs
Next, we can take a look at the scope of OFAC’s sanctions programs. Even if an individual or entity is generally subject to OFAC’s enforcement jurisdiction, this has few (if any) implications if the individual or entity does not engage in or facilitate transactions that are subject to OFAC sanctions. With this in mind, OFAC’s sanctions programs cover the following types of cross-border transactions:
1. Transactions with Specially Designated Nationals (SDNs) and Related Parties
In the vast majority of cases, OFAC sanctions compliance obligations are triggered by transactions involving SDNs. As OFAC explains, SDNs’ “assets are blocked and U.S. persons are generally prohibited from dealing with them.” As a result, financial institutions and other entities must have policies and procedures in place to identify SDNs before executing or facilitating transactions, and individuals must ensure that their counterparties are not SDNs as well.
OFAC has also implemented “secondary sanctions” that apply to entities and individuals that are affiliated with SDNs. Identifying these related parties presents additional challenges, and it is no less important. With respect to both SDNs and related parties, financial transactions that are generally prohibited may be permissible under a general or specific license. When relying on an OFAC license, however, parties must be extremely careful to ensure that their transaction falls within the license’s limiting parameters.
2. Transactions Involving Parties in Sanctioned Countries
In addition to SDNs and their related parties, OFAC sanctions also prohibit or restrict transactions with other parties located in sanctioned countries. OFAC’s list of sanctioned countries currently includes:
- Hong Kong
- North Korea
- Sudan, Darfur, and South Sudan
While OFAC’s country-based sanctions do not necessarily prohibit all transactions in all scenarios, any time a transaction involves a party located in one of these countries, this should raise a flag that OFAC compliance requires careful consideration before moving forward. As noted above, violations of OFAC sanctions can not only lead to significant CMP, but they can also lead to criminal prosecution in some cases. The risk of criminal prosecution can be especially high when dealing with parties in countries that present anti-terrorism, national security, or foreign policy concerns.
3. Transactions Involving Parties in Sanctioned Sectors
OFAC has also implemented sanctions targeting certain sectors in jurisdictions around the globe. Similar to OFAC’s country-based sanctions, these sectoral sanctions can apply to transactions involving both SDNs and non-SDNs. OFAC has implemented several sectoral sanctions, and determining if a transaction implicates one of these sanctions requires a knowledgeable and detail-oriented legal analysis.
Understanding the Consequences of OFAC Non-Compliance
Now that we’ve covered who must comply with OFAC sanctions in 2023, we can address the consequences of non-compliance. At a minimum, OFAC sanctions violations can expose individuals and entities to civil monetary penalties, and these penalties can climb into the tens of millions, hundreds of millions, or even billions of dollars. This is largely due to the fact that OFAC imposes CMP on an individual transaction basis, so companies and financial institutions that suffer from systemic compliance failures (i.e., failure to adequately screen for SDNs) can face the aggregate consequences of numerous sanctions violations.
OFAC sanctions violations can also lead to criminal charges in some cases. This includes (but is not necessarily limited to) cases involving knowing and willful violations. For example, if a company’s executives knowingly authorize transactions with an SDN (and without an applicable general or specific license), then both the company and the individuals involved could potentially be at risk for prosecution under various federal criminal statutes. These statutes generally include provisions for both criminal fines and prison time—with maximum sentences in the range of 10 to 20 years in many cases.
Contact the OFAC Sanctions Defense Lawyers at The Criminal Defense Firm
Do you have questions or concerns about OFAC sanctions compliance in 2023? Or, are you (or is your company or financial institution) facing scrutiny from OFAC or the U.S. Department of Justice (DOJ)? If so, we encourage you to contact us promptly for more information. To speak with an OFAC sanctions defense lawyer at The Criminal Defense Firm in confidence as soon as possible, call 866-603-4540 or tell us how we can reach you online today.