Sanctions: The US Perspective

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

45.1 Overview of the US sanctions regime

The United States imposes economic and trade sanctions on individuals, entities and jurisdictions based on US foreign policy and national security goals. These measures are administered and enforced primarily by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), through a combination of statutes, regulations, executive orders and interpretive guidance. OFAC’s regulations are strict liability, meaning that OFAC need not prove fault or intent to enter an enforcement action and issue a civil penalty. Additionally, if a party wilfully violates US sanctions laws, the Department of Justice (DOJ) and the US Attorney may pursue criminal investigations and enforcement actions. Other regulators, such as the Financial Crimes Enforcement Network and the New York Department of Financial Services, may also play a role in enforcing US sanctions regulations, imposing additional penalties for failures to maintain specific controls to help ensure compliance with OFAC administered regulations. Both federal and state regulators may pursue enforcement actions for the same conduct simultaneously, potentially leading to multiple related investigations by several entities.

The United States maintains comprehensive sanctions programmes, also called embargoes, generally prohibiting activity involving Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine. In addition to comprehensive sanctions, OFAC implements targeted sanctions on specific individuals and entities (persons) under one or more of its sanctions programmes targeting various activities, such as narcotics trafficking, terrorism, proliferation activities involving nuclear or other weapons of mass destruction, or human rights violations. Both direct and indirect activities involving governments or persons subject to targeted sanctions can give rise to violations of US sanctions laws.

45.1.1 Statutes and official guidance

The United States maintains several sanctions regimes, each with its own restrictions and regulations. In addition to the country-specific sanctions programmes, such as the Iranian Transactions and Sanctions Regulations (ITSR), which primarily govern US sanctions on Iran, OFAC can also sanction persons under several targeted sanctions programmes, such as the Foreign Narcotics Kingpin Act or the Global Magnitsky Act. Pursuant to these sanctions programmes, persons designated by the State or Treasury Departments will be added to OFAC’s List of Specially Designated Nationals and Blocked Persons (the SDN List). US persons are generally prohibited from engaging in any transactions, directly or indirectly, involving persons on OFAC’s SDN List, as well as any entity of which 50 per cent or more is owned by one or more persons on the SDN List, unless authorised by OFAC or exempt. In addition, the sanctions programmes administered by OFAC also generally prohibit US persons from ‘facilitating’ actions of non-US persons, which, although completely legal for a non-US person, could not be directly performed by US persons owing to sanctions restrictions.

OFAC also imposes sanctions on persons in certain sectors of Russia’s economy that are listed in OFAC’s Sectoral Sanctions Identifications List (SSI List). Listed persons operating in identified sectors of the Russian economy, such as financial services, energy and defence, will be added to the SSI List under one of the four Directives described in Executive Order 13662.2 Each Directive places specific prohibitions, requirements and restrictions on trans­actions by US persons with those listed persons.

OFAC maintains an updated list of US sanctions programmes and country information on its website3 and a list of compiled frequently asked questions that provide a wide range of details and guidance on topics, including OFAC’s interpretation of newly issued sanctions regulations, enforcement practices specific to certain sanctions programmes and the implementation of authorisations provided in general licences.4 OFAC also regularly releases separate guidance documents that advise companies of specific risk factors for certain industries and suggest best practices for designing appropriate sanctions compliance programmes.

OFAC’s enforcement authority and procedures are set forth in OFAC’s Economic Sanctions and Enforcement Guidelines at 31 CFR Part 501 Appendix A. The guidelines establish, among other things, the potential outcomes of an investigation or enforcement action and the method and relevant factors for calculating the base penalty amount of an apparent sanctions violation.

45.1.2 Persons to whom sanctions apply

US sanctions generally restrict activities within the jurisdiction of the United States and by US persons, generally defined as any US citizen, permanent resident alien, entity organised under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.5 For Iran and Cuba, the prohibitions also extend to any entity owned or controlled by a US person.

The US government may also impose sanctions against non-US persons for certain activity, even with no nexus to the United States. ‘Secondary sanctions’ authorise OFAC or the State Department to impose sanctions against non-US persons for certain specified activity with Iran, Russia, North Korea and Syria. These are intended to discourage non-US persons from engaging in the specified activity and can result in sanctions against the foreign company itself. For example, when the United States reimposed secondary sanctions for certain activity involving specified sectors of the Iranian economy following the US withdrawal from the Joint Comprehensive Plan of Action (JCPOA), non-US persons became exposed to secondary sanctions for engaging in certain significant activity involving Iran’s automotive, shipping, shipbuilding or energy sectors, or involving Iranian SDNs.6

45.1.3 Licensing

OFAC may issue a general licence or a specific licence to authorise certain activity that would otherwise be prohibited by sanctions.

A general licence is available to any person engaging in activity that fits the criteria set forth in the licence. Each general licence relates to a particular sanctions programme and generally offers broad authorisations covering certain categories of transactions. For example, a general licence is typically available to authorise the export of food, medicine and medical devices to countries subject to a comprehensive embargo. In addition to the general licence for the export of food, medicine and medical devices, most sanctions programmes also include general licences permitting certain transactions with respect to official business of the US federal government or international organisations such as the United Nations, certain transactions related to the transmission of telecommunications and the services for personal communications, and the provision of legal services related to the requirements and compliance with US law (among others). It is important to analyse carefully the general licence specific to each country programme as the requirements and restrictions may vary from programme to programme. For example, the general licence for the export of agricultural commodities, medicine and medical devices to Iran, set forth in the ITSR, includes authorisations only for certain ‘covered persons’ and excludes the export of some specified goods.7 Furthermore, some sanctions programmes contain general licences authorising the export of certain goods or services that are highly tailored to a specific country and its respective sanctions programme and that do not appear in any form in other country sanctions programmes. For example, Cuba and Venezuela have highly individualised sets of general licences that change frequently and are specific to the unique sanctions programme for each country.

Specific licences are granted case by case under certain limited situations and conditions. Requests for specific licences may be submitted directly to OFAC. These licences will typically be granted only if the activity is in the interest of US foreign policy.

45.1.4 Key jurisdictions

As noted above, the United States maintains comprehensive sanctions on Cuba, Iran, North Korea, Syria and the Crimea Region of Ukraine. Additionally, OFAC imposes significant sanctions on state-owned entities in Russia and the government of Venezuela. Cuba

The comprehensive sanctions on Cuba, governed by the Cuban Assets Control Regulations (CACR),8 generally prohibit any transaction by a person subject to US jurisdiction, including foreign entities owned or controlled by a US person, in which Cuba or a Cuban national has an interest. This includes the export of goods and services, including financial services, to Cuba and the import of Cuban goods into the United States. US persons are also prohibited from approving, financing, facilitating or guaranteeing any transaction by a foreign person in which they would be prohibited from engaging themselves.

The CACR contains several general licences authorising activities supporting the Cuban people and private enterprise in Cuba.9 Additionally, the CACR currently contains general licences regarding travel-related trans­actions for a variety of specified activities. All general licences should be checked frequently to confirm that relevant authorisations are still in effect and that additional restrictions or requirements have not been placed, limiting the scope of the general licences. Iran

OFAC’s sanctions programme on Iran is primarily governed by the ITSR.10 The Regulations generally prohibit the export, re-export, sale or supply, directly or indirectly, from the United States or by a US person, wherever located, of any goods, technology or services to Iran and US person facilitation of those prohibited transactions. The prohibitions in the ITSR also apply to foreign entities owned or controlled by a US person.

OFAC reimposed significant secondary sanctions that threaten sanctions on non-US persons for certain transactions involving Iranian SDNs and for specified activities in key sectors of the Iranian economy following the United States’ withdrawal from the JCPOA on 8 May 2018.11 With the issuance of Executive Order 13902 in January 2020, even more sectors of the Iranian economy became the subject of secondary sanctions, meaning that most trade with Iran now potentially carries secondary sanctions exposure.12 Korea

The North Korean Sanctions Regulations13 generally prohibit the export, re-export, sale or supply, directly or indirectly, from the United States or by a US person, wherever located, of any goods, technology or services to North Korea and facilitation of those prohibited transactions by US persons.

In addition to the primary sanctions detailed above, a number of North Korea-related executive orders authorise the imposition of secondary sanctions on persons determined to be engaging in certain specified commercial activities involving North Korea.14

The Syrian Sanctions Regulations15 generally prohibit the export, re-export, sale or supply, directly or indirectly, from the United States or by a US person, wherever located, of any services to Syria and US person facilitation of those prohibited transactions.

Additionally, Section 7412 of the National Defense Authorization Act for Fiscal Year 2020 (also titled the Caesar Syria Civilian Protection Act of 2019) authorised sanctions against any foreign person determined to knowingly provide significant financial, material or technological support to, or knowingly engage in a significant transaction with, certain persons in Syria, primarily relating to the government of Syria and its military or any foreign person subject to sanctions with respect to Syria.16 region of Ukraine

The Ukraine-Related Sanctions Regulations generally prohibit the export re-export, sale or supply, directly or indirectly, from the United States or by a US person, wherever located, of any goods, technology or services to Crimea and facilitation of those prohibited transactions by US persons.17

Russia is not subject to a comprehensive embargo but to significant targeted sectoral sanctions on persons in identified sectors of Russia’s economy, although a number of Russian persons also appear on OFAC’s SDN List. In addition, pursuant to Executive Order 13662,18 OFAC issued Directives 1 to 4 imposing sectoral sanctions against entities identified on OFAC’s SSI List19 operating in certain sectors of the Russian economy, such as financial services, energy and defence.20

Directives 1 to 3 contain prohibitions on dealing in new debt with a maturity longer than that defined in the Directive or, for Directive 1, new equity on behalf of designated Russian entities operating in Russia’s financial, energy and defence sectors. Directive 1 was expanded by Executive Order 14024, published on 15 April 2021, to prohibit US financial institutions from participating in the primary market for rouble or non-rouble denominated funds by, or the lending of rouble or non-rouble denominated funds to Russia’s Central Bank, National Wealth Fund or Ministry of Finance.21

Directive 4 prohibits the export or re-export by a US person, directly or indirectly, of goods, services or technology in support of deep-water, Arctic offshore or shale projects, including new projects outside Russia in which an entity subject to Directive 4 has an ownership interest of 33 per cent or more.

Companies engaging in transactions with SSI entities should scrutinise payment terms to ensure that they do not violate the requirements of the applicable Directive.

The United States also maintains secondary sanctions on Russia. The Countering America’s Adversaries Through Sanctions Act (CAATSA) mandates the imposition of sanctions against persons that the President determines have knowingly facilitated a ‘significant transaction’22 for or on behalf of any person subject to sanctions imposed by the United States with respect to the Russian Federation, including for or on behalf of a Russian person or entity on OFAC’s SDN List.23 OFAC has effectively limited this threat of sanctions to transactions with any Russian person on its SDN list.24

CAATSA also mandates that the President impose sanctions on persons determined to have knowingly engaged in a significant transaction with a person involved in the intelligence or defence sectors of the Russian government. The Department of State published the List Regarding the Defense Sector of the Government of the Russian Federation25 of persons determined to be part of, or operating for or on behalf of, Russian defence or intelligence sectors.26

Finally, CAATSA also mandates that the President impose sanctions on persons determined to have made significant investments above a specified threshold that directly and significantly contribute to Russia’s ability to construct energy export pipeline projects initiated on or before 2 August 2017, or that provide significant goods, services, technology, information or support to directly and significantly facilitate the maintenance or expansion of the construction, modernisation or repair of energy export pipelines.27

Executive Order 13884 blocks all property and interests in property of the government of Venezuela.28 This means that US persons are generally prohibited from engaging in any transaction in which the government of Venezuela has an interest, including with entities of which 50 per cent or more is owned by the government of Venezuela.

Additionally, Executive Order 13850 blocks the property of additional persons who may be contributing to the situation in Venezuela, including those operating in specified sectors of the Venezuelan economy as determined by the Secretary of the Treasury.29 Notably, OFAC designated the Venezuelan state oil company, Petróleos de Venezuela SA, pursuant to this authority on 28 January 2019.

OFAC has published several general licences authorising certain activities by US persons that would otherwise be prohibited by the Venezuela-related sanctions programme. A majority of these general licences change frequently and are very specific as to what actions they authorise and to whom they apply. As such, companies should ensure they scrutinise and carefully monitor any general licence relied on to conduct business otherwise prohibited by the Venezuela-related Executive Orders.

45.2 Offences and penalties

Generally, US primary sanctions prohibit transactions only by US persons or transactions subject to US jurisdiction. For Cuba and Iran, the restrictions also apply to foreign entities that are owned or controlled by a US person. ‘Owned or controlled’ is understood to encompass holding at least 50 per cent of the equity interest by vote or value, a majority of seats on the board of directors, or otherwise controlling actions, policies and personnel decisions of the foreign entity.30

Although non-US companies are generally not themselves required to comply with OFAC regulations, they can still face potential liability for exporting goods or services from the United States to a target of US sanctions or for ‘causing a violation’ by involving a US person in a transaction that would be prohibited for that US person.31 The most typical way that such a violation by a non-US person might occur is if a transaction involving a target of US sanctions is denominated in US dollars because most US dollar transactions clear through US banks and therefore involve the services of a US financial institution.32

Under secondary sanctions, access by a non-US company to US markets or the US financial system may be restricted, including by being added to the SDN List, if it engages in certain conduct relating to Iran, Russia or North Korea.

45.3 Commencement of sanctions investigations

The US government can learn of a potential sanctions violation in a number of ways, including through voluntary self-disclosure (VSD), a report of a blocked or rejected transaction, referral from another government agency and even publicly available information, such as a media report.

If a company learns of a potential violation, it may submit a VSD to OFAC. This has many benefits, including a significant reduction in the base penalty for a potential enforcement action. However, parties should carefully consider whether to file based on the circumstances of and facts surrounding the potential violation and their history of engagement with OFAC.

In addition to VSDs, the US government often learns of potential violations through blocked or rejected transaction reports filed by US persons, typically financial institutions, based on suspected sanctions violations. Since June 2019, all US persons must submit reports to OFAC within 10 business days of blocking or rejecting a transaction.33 Previously, all parties had to report transactions involving blocked property to OFAC, but only US financial institutions were obliged to report rejected transactions.34

OFAC may also learn of sanctions violations through anti-money laundering reports, primarily suspicious activity reports, or through criminal investigations conducted by the DOJ or other federal and state law enforcement agencies.

On learning of a potential violation, OFAC may send an initial request for information to the parties with an administrative subpoena or, depending on the nature of the violation, send an informal set of questions to the involved parties, including non-US persons.

45.4 Enforcement

45.4.1 Factors to consider

The test in the United States for civil enforcement of sanctions is one of strict liability. This means that companies can be liable for sanctions violations without proof of knowledge, fault or intent, highlighting the importance of sanctions compliance programmes. Parties should also determine whether there was a wilful violation of US sanctions laws that could lead to a criminal investigation or enforcement action. Parties should balance the need to move quickly after identifying a potential violation with taking the time to understand the nature of the violation to determine whether a VSD is appropriate and to whom the parties should report.

45.4.2 Compliance framework

In May 2019, OFAC issued its Framework for Compliance Commitments.35 This guidance document encourages a risk-based approach, noting that no single compliance programme is suitable for every institution. However, the document provides five components that OFAC highlights as essential to any effective compliance programme:

  • management commitment;
  • risk assessment;
  • internal controls;
  • testing and auditing; and
  • training.

Since publishing the Framework, OFAC has highlighted the importance of an effective risk-based compliance programme and reserved the final paragraph of published enforcement actions to discuss how the facts relate to the Framework and how both the party subject to the enforcement actions and other businesses in its industry can mitigate risks by implementing compliance policies and procedures proportional to the risks faced by the party and industry as a whole.36 OFAC has indicated that the strength of a party’s compliance programme can also be a significant mitigating or aggravating factor that it will consider when calculating a penalty amount.37

To further mitigate sanctions risks, parties should also ensure that their compliance programme meets the criteria presented in the DOJ’s ‘Evaluation of Corporate Compliance Programs’.38 The DOJ will evaluate a party’s compliance programme when determining whether to impose a monitor on the party once an enforcement action relating to an apparent violation of US sanctions laws is concluded.

45.4.3 Best practices

Once an investigation has commenced, parties should proactively collaborate and co-operate with the agency conducting the investigation. OFAC enforcement actions and enforcement guidelines highlight co-operation as a mitigating factor to be taken into account in an enforcement action.39 Furthermore, if the DOJ is conducting an investigation relating to a wilful violation of US sanctions, the party must fully co-operate with the DOJ to receive the benefits associated with submitting a VSD. Generally, full co-operation includes internal investigations to discover the root cause of an apparent violation, responding to regulators’ requests for additional information in a timely and complete manner, preserving all sensitive or relevant documents, and collaborating with regulators to develop and implement effective remedial measures.40

Once an investigation has commenced, under no circumstances should parties attempt to hide or destroy material information or evidence. Any indication that the parties have attempted to oppose an investigation is likely to lead federal and state investigators into taking a more hostile approach. to OFAC

OFAC generally views VSDs favourably and a VSD will reduce the base penalty of an apparent violation by up to 50 per cent. To be considered voluntary, a disclosure must be self-initiated and submitted to OFAC before it or any other government agency or official discovers the apparent violation. One exception is that a VSD to another government agency may be considered a VSD to OFAC, case by case. A VSD to OFAC must include, or be followed by, a report containing sufficient details to provide a complete understanding of the circumstances of the apparent violation. In some instances, it may be beneficial to the party to make a preliminary disclosure to OFAC before knowing all the facts to be timely and ensure disclosure is considered voluntary. Parties should ensure that their VSD and follow-up report contain all the details known at the time they are made and be prepared to respond to any follow-up enquiries.41

OFAC’s enforcement guidelines list several instances where notices will not be considered a VSD, including licence applications, notifications from a third party of an apparent violation or substantially similar apparent violation because it blocked or rejected a transaction, or if the disclosure:

  • includes false or misleading information or is materially incomplete;
  • is not self-initiated;
  • is made without the authorisation of senior management; or
  • is in response to an administrative subpoena or other enquiry form.42 to the DOJ

The DOJ’s VSD policy, published on 13 December 2019, states that all business organisations, including financial institutions, are eligible for all the benefits detailed by the policy.43 Similar to other DOJ self-disclosure policies, companies are eligible for the benefits of the updated VSD policy when they (1) voluntarily self-disclose export control or sanctions violations to the National Security Division’s Counterintelligence and Export Control Section (CES), (2) fully co-operate with the investigation and (3) remediate any violations appropriately and in a timely manner. The threshold for eligibility is self-disclosure of potential violations to CES. Unlike with OFAC, self-disclosing to any other regulatory agency is not considered an eligible VSD to the DOJ under its new policy.44 Accordingly, to obtain the benefit of self-disclosure in a criminal investigation, parties must disclose to DOJ before OFAC.

For a party’s disclosure to be considered voluntary, it must be made before there is an imminent threat of disclosure or government investigation, and reasonably promptly after discovery of the offence. Further, the party must disclose all relevant facts known to it at the time of the disclosure.45 To receive credit for full co-operation, parties are required to:

  • disclose all relevant facts in a timely manner;
  • co-operate proactively with the DOJ;
  • preserve, collect and disclose all relevant documents and information;
  • deconflict witness interviews when required; and
  • make officers and employees of the party available for interviews by the DOJ when so requested.46

Finally, parties are required to demonstrate a thorough analysis of the causes of underlying conduct and, where appropriate, engage in remediation; implement an effective compliance programme; discipline employees identified by the party as responsible for the oversight; retain business records and prohibit the improper destruction of those records; and take any additional steps that demonstrate recognition of the seriousness of a party’s misconduct.47


Submitting a VSD to OFAC can have several benefits, the most significant of which is that it is considered a mitigating factor in the calculation of a potential penalty amount. In some cases, a VSD can allow a party to avoid an enforcement action altogether if OFAC determines the conduct does not constitute a violation or that it does not warrant a civil monetary penalty. However, there are general costs associated with making a VSD to either OFAC or the DOJ, including legal expenses, government investigation, additional scrutiny, reputational harm and, in some cases, large monetary penalties. There is also the potential for a government investigation to reveal unknown or undisclosed violations.

When submitting a VSD to OFAC, in particular, parties should carefully consider the possibility that the conduct was wilful and that, as a result, OFAC may refer the case to the DOJ for criminal enforcement, removing the option to have a VSD accepted by the DOJ.

If a party submits a VSD to the DOJ that satisfies the requirements of its updated VSD policy, there is a presumption that the party will receive a non-prosecution agreement and pay no fine, in the absence of aggravating factors.48 However, even if a party receives a non-prosecution agreement, at a minimum it will not be permitted to retain any of the unlawfully obtained gain and will be required to pay all disgorgement, forfeiture or restitution resulting from the misconduct.49 Even if there are aggravating circumstances, the DOJ will still recommend a fine of at least 50 per cent less for a qualifying party than would have been levied in the absence of a VSD and will not require the imposition of a monitor if the party has implemented an effective compliance programme at the time of resolution.50 By filing with the DOJ, a party may invite a criminal investigation in addition to heavy, continuing disclosure obligations.

Overall, effective use of OFAC and the DOJ’s VSD programmes rests in the strength of a party’s compliance programme, policy and procedures. Even if the policy and procedures fail to prevent an apparent violation, they can help parties quickly and more accurately determine the nature of the violation and whether a VSD to OFAC or the DOJ is necessary and beneficial.

Other government authorities

In addition to OFAC and the DOJ, parties should also consider notifying potential violations to relevant US and non-US regulators, shareholders, counterparties, insurers and other interested parties. Parties should also be aware that OFAC maintains memoranda of understanding with several state and federal banking regulatory agencies, which may impose penalties on financial institutions in connection with apparent violations of US sanctions laws.51 As such, financial institutions should consider notifying their regulators of potential violations. Parties should also determine whether the potential violation of US sanctions laws also violates sanctions laws in foreign jurisdictions and whether it would be appropriate to make disclosures to the relevant regulatory bodies. All these considerations should be made while conscious of the requirements for VSD submissions to OFAC and the DOJ, namely, when a VSD is no longer considered eligible for the benefits.

OFAC enforcement actions often end in settlement. Settlement discussions may be initiated by either OFAC or the party committing the apparent violation at several points during the enforcement process. These settlements can also include multiple violations or be a part of a comprehensive settlement with other federal, state or local agencies that are also pursuing investigations or enforcement actions relating to the apparent violation.52

45.5 Trends and key issues

45.5.1 Recent enforcement activity

Since the release of its Framework for Compliance Commitments in May 2019, OFAC has been able to map compliance programmes against the Framework to determine whether a party’s compliance programme should be considered an aggravating or mitigating factor. For example, in an enforcement action against Eagle Shipping International, OFAC stated that:

[a]s noted in OFAC’s Framework for Compliance Commitments, this case demonstrates the importance for companies operating in high-risk industries (e.g., international shipping and trading) to implement risk-based compliance measures, especially when engaging in transactions involving exposure to jurisdictions or persons implicated by US sanctions.53

Recent enforScement activity has also shown that OFAC is willing to use a minimal or indirect nexus to the United States to proceed with an enforcement action against a non-US party.54 OFAC has also showed its willingness to expand its extraterritorial jurisdiction to penalise non-US companies for transactions that would not have been covered by OFAC’s jurisdiction if not for the use of servers located in the United States.55 Late 2020 also saw OFAC publish its first enforcement actions targeting apparent violations of US sanctions laws in the cryptocurrency industry.56

45.5.2 Potential pitfalls

Companies should be wary of OFAC’s continued use of increasingly indirect and tenuous links to the US financial system to bring enforcement actions against foreign parties for ‘causing a violation’ by US banks. As such, non-US companies should scrutinise the structure of transactions to or with persons or countries subject to US sanctions to ensure that there are no potential direct or indirect links to the US financial system, including transactions that use US dollars. Additionally, given the emphasis OFAC places on its Framework for Compliance Commitments, companies should ensure that their compliance programmes are in line with the Framework.


1 David Mortlock and Britt Mosman are partners, and Nikki Cronin and Ahmad El-Gamal are associates, at Willkie Farr & Gallagher LLP.

2 Exec. Order No. 13662, 79 Fed. Reg. 16169-71 (24 March 2014).

3 Available at

4 The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) FAQs are available at

5 See OFAC FAQ #11.

6 OFAC will consider the totality of the circumstances when determining whether a transaction is significant, using seven factors: (1) the size, number and frequency of the transaction(s); (2) the nature of the transaction(s); (3) the level of awareness of management and whether the transaction(s) are part of a pattern of conduct; (4) the nexus between the transaction(s) and a blocked person; (5) the impact of the transaction(s) on statutory objectives; (6) whether the transaction(s) involve deceptive practices; and (7) such other factors that the Secretary of the Treasury deems relevant case by case. OFAC FAQ #545.

7 31 CFR §§ 560.530 (3)(ii), 560.530 (4).

8 31 CFR Part 515.

9 31 CFR §§ 515.502 to 515.591.

10 31 CFR Part 560.

11 Exec. Orders 13902 and 13871 authorise the imposition of secondary sanctions on specified transactions involving Iran’s iron, steel, aluminium copper, construction, mining, manufacturing and textile sectors. See Exec. Order No. 13902, 85 Fed. Reg. 2003 (10 Jan. 2020); Exec. Order No. 13871, 84 Fed. Reg. 20761 (10 May 2019).

12 See Exec. Order No. 13902, 85 Fed. Reg. 2003 (10 Jan. 2020).

13 31 CFR Part 510.

14 Exec. Order No. 13810, 82 Fed. Reg. 44705 (20 Sep. 2017).

15 31 CFR Part 542.

16 Caesar Civilian Protection Act, Section 7412(2) of the National Defense Authorization Act for Fiscal Year 2020.

17 31 CFR Part 589.

18 Exec. Order No. 13662, 79 Fed. Reg. 16169-71 (24 Mar. 2014).

19 The SSI List is available at

20 Exec. Order No. 13662, 79 Fed. Reg. 16167 (20 Mar. 2014).

21 OFAC FAQ #890; See also, Exec. Order No. 14024, 86 Fed. Reg. 20249 (15 Apr. 2021).

22 See discussion on ‘significant transactions’, supra note 6.

23 See Countering America’s Adversaries Through Sanctions Act [CAATSA] § 228.

24 OFAC FAQ #541.

25 The US Department of State’s List Regarding the Defense Sector of the Government of the Russian Federation can be found at

26 See CAATSA § 231.

27 CAATSA § 232.

28 Exec. Order No. 13884, 84 Fed. Reg. 38843 (6 Aug. 2019).

29 Exec. Order No. 13850, 83 Fed. Reg. 55243 (2 Nov. 2018).

30 31 CFR §§ 515.329, 560.215. For example, in 2019, OFAC entered enforcement proceedings against General Electric regarding apparent violations by three of its non-US subsidiaries for accepting payments from a party owned by the Cuban government and on OFAC’s SDN List. See ‘OFAC Enforcement Information for October 1, 2019’, The General Electric Company, available at

31 50 USC § 1705.

32 One example can be found in OFAC’s enforcement action against Standard Chartered Bank (SCB), a financial institution headquartered in the United Kingdom. In 2019, SCB entered into a global settlement with OFAC and other US federal agencies for processing transactions involving persons or countries subject to comprehensive sanctions. The majority of the transactions concerned Iran-related accounts maintained by SCB’s Dubai branches that processed US dollar transactions through SCB’s branch office in New York or other US financial institutions. See ‘OFAC Enforcement Information for April 9, 2019’, Standard Chartered Bank, available at

33 See 31 CFR § 501.603.

34 An example of OFAC learning of a potential violation through a blocked transaction report can be found in the enforcement action against Hotelbeds USA. OFAC was notified of the apparent violations through a blocked payment report filed by a US financial institution related to a Cuba-travel related transaction. See OFAC ‘Enforcement Information for June 13, 2019’, at

35 ‘A Framework for OFAC Compliance Commitments’ is available at

36 See ‘OFAC Enforcement Information for February 26, 2020’, Société International de Télécommunications Aéronautiques SCRL, available at (‘As noted in OFAC’s Framework for Compliance Commitments issued in May 2019, companies can mitigate sanctions risks by conducting risk assessments and exercising caution when engaging in business transactions with entities that are affiliated with, or known to transact with, OFAC-sanctioned persons or jurisdictions, or otherwise pose high risks due to their joint ventures, affiliates, subsidiaries, customers, suppliers, geographic location, or the products and services they offer’).

37 In OFAC’s enforcement action against Haverly Systems for violations of the Ukraine Related Sanctions Regulations, OFAC considered the fact that Haverly did not have a formal OFAC sanctions compliance programme at the time the apparent violations occurred was an aggravating factor. See ‘OFAC Enforcement Information for April 25, 2019’, available at

38 The DOJ’s ‘Evaluation of Corporate Compliance Programs’ is available at

39 For example, in OFAC’s enforcement action against Stanley Black & Decker, Inc and its subsidiary, OFAC found that Stanley Black & Decker’s co-operation with OFAC, including an extensive internal investigation and meaningful responses to OFAC’s requests for additional information, was a mitigating factor when determining the penalty amount. See OFAC ‘Enforcement Information for March 27, 2019’, available at

40 For guidance on co-operating with OFAC, see 31 CFR 501 Appendix A(III)(G). For guidance on the requirements necessary for credit for full co-operation with a DOJ sanctions-related investigation, see DOJ Export Control and Sanctions Enforcement Policy for Business Organizations, pp. 3 to 5.

41 31 CFR 501 Appendix A(I)(I).

42 Id.

43 The DOJ’s ‘Export Control and Sanctions Enforcement Policy for Business Organizations’ is available at

44 Id. at p. 3.

45 Id.

46 Id. at pp. 3 to 5.

47 Id. at pp. 5 to 6.

48 Id. at pp. 2 to 3.

49 Id.

50 Id.

51 The Department of the Treasury maintains a list of memoranda of understanding between OFAC and state and federal banking regulators at

52 One example of this is UniCredit Bank AG agreeing to pay approximately US$611 million to OFAC as part of a US$1.3 billion settlement with federal and state government partners. See, e.g., US Department of the Treasury press release, ‘US Treasury Department Announces Settlement with UniCredit Group Banks’ (15 April 2019), available at

53 See OFAC ‘Enforcement Information for January 27, 2020’, Eagle Shipping International, available at

54 For example, the enforcement action against British Arab Commercial Bank (BACB), OFAC considered even tenuous and indirect contact with US financial institutions as grounds for an enforcement action. OFAC found that BACB had violated Sudanese sanctions despite the fact that the transactions at issue were not processed to or through the US financial system. BACB operated a nostro account in a country that imports Sudanese-origin oil for the stated purpose of facilitating payments involving Sudan. The bank funded the nostro account with large, periodic US dollar wire transfers from banks in Europe, which in turn transacted with US financial institutions in a manner that violated OFAC sanctions. See OFAC ‘Enforcement Information for September 17, 2019’, British Arab Commercial Bank, available at

55 For example, the enforcement action against Société Internationale de Télécommunications Aéronautiques SCRL (SITA), OFAC’s basis for jurisdiction over SITA, a global information technology services provider headquartered in Switzerland and serving commercial air transportation, was that the technology provided to sanctioned parties was hosted on, and incorporated functions that routed messages through, US servers and contained US-origin software. See OFAC ‘Enforcement Information for February 26, 2020’, Société Internationale de Télécommunications Aéronautiques SCRL, available at

56 For example, enforcement action against BitGo, Inc., OFAC signalled its intent to enforce sanctions compliance in the cryptocurrency industry. The apparent violations involved users located in sanctioned jurisdictions signing up for and accessing BitGo’s secure digital wallet management services to engage in digital currency transactions. Despite having access to the IP addresses of its customers, tracked at the time for security purposes related to logins, BitGo did not use that information for sanctions compliance purposes. OFAC highlighted the importance of entities involved in providing digital currency services to implement sanctions compliance controls commensurate with their risk profile. The fact that BitGo did not implement appropriate, risk-based sanctions compliance controls and had reason to know the users were located in sanctioned jurisdictions based on their IP addresses were seen as aggravating factors. See OFAC ‘Enforcement Information for December 30, 2020’, at

Unlock unlimited access to all Global Investigations Review content