Frequently Asked Questions

GRS provides risk management services across business stages and multiple business segments:

• Financial Institutions and services companies (banks, credit unions, brokerage, etc.) benefit from the full suite of GRS services

• Growth companies looking to establish or enhance their enterprise risk program

• Start-ups planning for growth in order to provide insight to investors and bankers

• Industries that have an international nexus such as supply chain, sales offices, and customers have an elevated sanctions risk that require an OFAC Program.

• Professional Service Providers (PSPs) such as accountants, lawyers, and business advisors benefit from our risk awareness training to better service clients and identify potential risks.

Below are a few summary topics that should be known about OFAC.  Additional information is available through OFAC’s FAQ site or by sending an inquiry to GRS.

What is the Office of Foreign Assets Control (OFAC)?

• OFAC is a department of the U.S. Treasury that administers and enforces economic and trade sanctions programs to accomplish foreign policy and national security goals.

Who must comply with OFAC regulations?

• All U.S. persons (as legally defined) must comply with OFAC regulations.
  • All people (natural persons) that are U.S. citizens and permanent resident aliens regardless of where they are located
  • All entities (legal persons) within the United States, all U.S. incorporated entities and their foreign branches. In the cases of certain programs, foreign subsidiaries owned or controlled by U.S. companies also must comply. Certain programs also require foreign persons in possession of U.S.-origin goods to comply.

Are all of the SDNs listed and readily available to ensure compliance?

• No. Although it would greatly simplify the compliance process, typically OFAC only lists the individual SDN party and/or the ultimate parent company entity SDN. When one or more SDNs own an entity directly or indirectly 50% or more in the aggregate, the entity is considered blocked (or an SDN) regardless of whether it appears on OFAC’s list. This is called the 50% Rule.

Is there a de minimis transaction amount under which there would be no violation?

• No. US businesses, no matter how small, may have foreign suppliers or clients, which makes it imperative that PSPs and their clients understand the role of OFAC Compliance.

What changed in the Reporting, Procedures, and Penalties Regulation during June 2019?

• Reporting requirements were expanded in two key ways that constitutes a major change for any US businesses outside of the financial sector and may require many, many, more reports to OFAC than were previously required. The changes were:
  • Reporting requirements apply to any transaction rejected if it would violate sanctions, including transactions “related to wire transfers, trade finance, securities, checks, foreign exchange, and goods or services,” not just “funds transfers.”
  • Reporting requirements expanded to “any U.S. person”—not only U.S. financial institutions—but any U.S. citizen, green card holder, protected individual, or entity incorporated or registered in the U.S. (and foreign branches).

Is it true that only companies and businesses can be found in violation of Sanctions and required to pay fines?

• No, that is not true.  Any financial transaction or exchange of goods or services by a U.S. person with a designated person—even in the context of a personal relationship—may constitute a violation of U.S. sanctions.  An enforcement action dated August 11, 2020 demonstrates that an individual can be held accountable and subject to civil (and possibly criminal) charges.

Does OFAC prescribe specific requirements of a sanctions compliance program?

• There is a requirement not to violate the law by doing business with a target or failing to block property. Persons should develop a tailored, risk-based compliance program, which generally should include sanctions list screening and other appropriate measures. An adequate compliance solution will depend on a variety of factors, including the type of business involved. There is no single compliance program or solution suitable for every circumstance.

During May 2019 OFAC published A Framework for OFAC Compliance Commitments that outlines essential components of an effective sanctions compliance program (SCP) that employs a risk-based approach by developing, implementing, and routinely updating the SCP.

Stay tuned.  Risk examples will be posted here.