What are secondary sanctions and how do they work?

Secondary sanctions allow OFAC to penalise non-US persons who engage in significant transactions with sanctioned parties, even where no US nexus exists. Non-US companies can face sanctions designation, loss of access to the US financial system, or other penalties for dealings with specified sanctioned targets.

What mitigating factors does OFAC consider in enforcement?

OFAC considers whether the company had an effective compliance programme, whether the violation was voluntarily self-disclosed, the individual's or entity's compliance history, cooperation with OFAC, and whether the violation was wilful or the result of a systemic compliance failure. Voluntary self-disclosure can reduce penalties by up to 50%.

TOPICS·TRADE & SANCTIONS·US TREASURY / OFAC

US OFAC Sanctions Program

The Office of Foreign Assets Control administers the world's most far-reaching economic sanctions regime -- with extraterritorial secondary sanctions, strict liability, and penalties reaching into the billions. Every company touching the US financial system must comply.

USEXECUTIVE ORDERS81 regulations tracked10 active programmesUpdated April 2026

THE ESSENTIALS

The Office of Foreign Assets Control (OFAC) is a division of the US Department of the Treasury that administers and enforces economic sanctions against targeted countries, individuals, and entities. Unlike most national sanctions authorities, OFAC operates on a strict liability basis -- meaning a company can be penalised for a sanctions violation even without knowledge or intent. Any transaction that touches the US financial system, uses US dollars, or involves a US person is within OFAC's jurisdiction.

OFAC maintains more than 35 active sanctions programmes, ranging from comprehensive embargoes against countries like Iran, Cuba, North Korea, and Syria to targeted list-based designations against individuals, entities, and vessels worldwide. The centrepiece is the Specially Designated Nationals (SDN) List, which contains over 15,000 entries that all US persons -- and in many cases non-US persons -- must screen against before conducting any transaction.

What makes OFAC uniquely powerful is its secondary sanctions authority. Through executive orders and statutory provisions, OFAC can penalise non-US companies for significant transactions with certain sanctioned targets -- even when no US person or US dollar is involved. This extraterritorial reach means that virtually every multinational company must maintain an OFAC compliance programme, regardless of where it is headquartered.

Penalties are severe. Civil fines can reach USD 368,136 per violation or twice the transaction value (whichever is greater), and wilful violations carry criminal penalties of up to USD 1 million and 20 years imprisonment. In 2023 alone, Binance paid USD 968 million to settle OFAC violations related to processing transactions involving sanctioned jurisdictions. OFAC's 2019 "Framework for Compliance Commitments" outlines five pillars that every sanctions compliance programme should follow.

What

US sanctions programme administered by OFAC, prohibiting transactions with sanctioned countries, entities, and individuals worldwide. Operates under IEEPA and a constellation of Executive Orders.

Who

All US persons and entities, including foreign branches. Non-US persons face secondary sanctions risk for significant transactions with certain sanctioned parties -- no US nexus required.

When

Ongoing and continuously evolving. OFAC updates the SDN list multiple times per week. New Executive Orders and designations take immediate effect upon publication.

Penalty

Civil: up to USD 368,136 per violation or twice the transaction value. Criminal: up to USD 1,000,000 fine and 20 years imprisonment per wilful violation. Strict liability applies.

ACTIVE SANCTIONS PROGRAMMES

OFAC administers more than 30 sanctions programmes targeting countries, entities, and individuals. Programmes range from comprehensive embargoes (nearly all transactions prohibited) to targeted list-based designations.

Russian government, financial sector, energy, defense, technology

Iranian government, financial sector, energy, shipping, petrochemicals

DPRK government, WMD proliferation, luxury goods

Cuban government and military entities

Syrian government, energy sector, military

PdVSA, gold sector, government officials

Chinese military-industrial complex, surveillance technology

Designated terrorist organisations and financiers worldwide

Narcotics traffickers and their networks

Malicious cyber actors, ransomware operators

SDN SCREENING PROCESS

The SDN List is the backbone of OFAC compliance. It contains over 15,000 entries including individuals, entities, vessels, and aircraft. Effective screening requires far more than simple name matching.

Ingest OFAC lists

Download and parse SDN List, Consolidated Sanctions List, SSI List, NS-MBS List, CAPTA List, and Non-SDN Chinese Military-Industrial Complex List. OFAC publishes updates frequently -- often multiple times per week.

Pre-process and normalize

Normalize names, addresses, and identifiers. Handle transliterations, aliases, name variations, and script differences (Arabic, Cyrillic, Chinese). Index for fuzzy matching.

Screen counterparties

Run all customers, beneficiaries, intermediaries, and transaction parties against the processed list. Use fuzzy matching algorithms to catch spelling variations and partial matches.

Review potential matches

Trained compliance analysts review each potential hit. Compare all available identifiers: full name, date of birth, nationality, passport numbers, addresses, vessel IMO numbers.

Disposition and escalation

Classify as false positive (clear) or true match (block). True matches require immediate blocking of property and rejection of prohibited transactions. Escalate to BSA/AML officer and senior management.

Report to OFAC

File blocking reports within 10 business days of blocking property. File annual reports of blocked property held. Report rejected transactions. Consider voluntary self-disclosure for apparent violations.

OFAC COMPLIANCE FRAMEWORK: 5 PILLARS

OFAC's May 2019 "Framework for Compliance Commitments" establishes five essential components of an effective sanctions compliance programme. OFAC considers the existence and adequacy of these pillars in every enforcement action.

Senior management must ensure adequate resources for the sanctions compliance programme, designate a dedicated sanctions compliance officer, and foster a culture of compliance throughout the organisation.

KEY ELEMENTS

☐Board or senior management review and approval of SCP

☐Adequate staffing, budget, and technology resources

☐Direct reporting line from compliance to senior management

☐Enforcement of compliance failures through personnel consequences

MAJOR ENFORCEMENT ACTIONS

OFAC enforcement actions demonstrate the severity of non-compliance. The cases below represent some of the largest sanctions penalties, collectively totalling $3.3B in fines.

2023Multiple

Cryptocurrency exchange processed transactions involving sanctioned jurisdictions including Iran, Syria, Cuba, and Crimea without adequate compliance controls.

2023Iran

Processing of trade finance transactions involving parties in Iran through intermediary banks without proper due diligence.

2021Multiple

Digital payment service provider allowed persons in sanctioned jurisdictions to transact through its platform.

2019Iran, Burma, Cuba, Sudan

Conspiracy to violate IEEPA by processing USD transactions through US banks on behalf of sanctioned parties.

2019Iran, Burma, Cuba, Libya, Sudan

Stripping payment messages of information identifying sanctioned parties before sending through US correspondent accounts.

2014Sudan, Cuba, Iran

Systematic violations involving concealment of sanctioned party identities in USD wire transfers over a multi-year period.

SECONDARY SANCTIONS RISK ASSESSMENT

Secondary sanctions extend OFAC's reach beyond US jurisdiction. Non-US companies face risk of designation, loss of US correspondent banking access, or other penalties for significant dealings with sanctioned targets.

Significant financial transactions with the Central Bank of Iran or designated Russian financial institutions

Knowingly providing material support to SDN-listed persons

Facilitating significant transactions for or on behalf of comprehensively sanctioned governments

Significant transactions in the Russian energy sector (beyond price cap compliance)

Facilitating deceptive shipping practices for sanctioned oil

Providing specialised financial messaging services to designated banks

Trade in luxury goods with sanctioned persons

Investment in sanctioned sectors without adequate due diligence

Providing services to entities 50%+ owned by sanctioned persons (OFAC 50% Rule)

Humanitarian trade through licensed channels

Transactions covered by OFAC general licenses

Incidental processing of information or telecommunications involving sanctioned jurisdictions

OFAC vs EU SANCTIONS COMPARISON

Companies operating internationally must navigate both regimes. Key structural differences in scope, enforcement, and extraterritorial reach require careful dual-compliance strategies.

ASPECT	US / OFAC	EU
Administering authority	OFAC (Treasury Department)	Council of the EU; Member State authorities
Legal basis	IEEPA, Trading with the Enemy Act, Executive Orders	CFSP decisions + Council Regulations
Extraterritorial reach	Broad: primary + secondary sanctions	Limited: applies to EU persons and EU territory
Secondary sanctions	Yes: can penalise non-US persons for significant dealings with sanctioned targets	No formal mechanism; EU Blocking Statute prohibits compliance with certain US secondary sanctions
SDN / Designated list	SDN List + multiple subsidiary lists (~15,000+ entries)	Consolidated List (~2,500+ entries)
Penalties	Civil: up to $368K/violation or 2x value; Criminal: up to $1M and 20 years	Set by Member States; 2024 Directive harmonises as criminal offences
Voluntary self-disclosure	Formal programme; up to 50% penalty reduction	No harmonised mechanism; varies by Member State
Crypto / virtual currency	Explicit OFAC guidance since 2018; designated crypto addresses on SDN List	MiCA/TFR require sanctions screening; no designated addresses
Russia sanctions scope	SDN designations, sectoral (SSI/CAPTA), price cap	Asset freezes, trade bans, price cap, 19 packages adopted
Compliance framework	5 Pillars: commitment, risk, controls, testing, training	No harmonised framework; national guidance varies

VIRTUAL CURRENCY & CRYPTO SANCTIONS

OFAC has been at the forefront of applying traditional sanctions frameworks to digital assets. The virtual currency industry faces unique compliance challenges that OFAC is actively addressing through guidance and enforcement.

Designated wallet addresses

OFAC was the first sanctions authority to add digital currency addresses to the SDN List (November 2018). Compliance programmes must screen blockchain addresses, not just entity names.

Mixer and tumbler services

OFAC designated Tornado Cash (August 2022) and Blender.io (May 2022) as sanctioned entities. Interacting with sanctioned mixer smart contracts is a violation regardless of intent.

DeFi and decentralised protocols

OFAC guidance clarifies that sanctions obligations apply regardless of whether a transaction is processed through a centralised exchange or a decentralised protocol. "Code is not law" in the OFAC context.

Ransomware payments

OFAC advisory (October 2020, updated 2021) warns that ransomware payments to sanctioned persons or jurisdictions may violate OFAC regulations. Companies should contact OFAC and law enforcement before paying.

Compliance expectations

Virtual currency industry participants are expected to implement the same risk-based sanctions compliance programme as traditional financial institutions, including KYC, transaction monitoring, and SDN screening.

2025-2026 KEY DEVELOPMENTS

The current administration has significantly reshaped the sanctions landscape with a return to maximum pressure campaigns, expanded secondary sanctions enforcement, and new guidance on emerging technologies.

2025-01

Trump administration reinstates maximum pressure on Iran

Executive orders reimpose and expand sanctions on Iranian petrochemical, petroleum, and financial sectors. Secondary sanctions enforcement intensified against entities facilitating Iranian oil trade.

2025-02

Russia sanctions architecture maintained

Despite diplomatic signals, the core Russia sanctions framework (SDN designations, energy price cap, export controls) remains intact. OFAC continues designations of evasion networks.

2025-03

OFAC expands China-related designations

New designations targeting Chinese entities supporting Russia military procurement and Iranian drone programmes. NS-CMIC List expanded to cover additional military-industrial entities.

2025-06

Crypto enforcement wave

Multiple enforcement actions against virtual asset service providers for inadequate sanctions screening. OFAC signals that "compliance by design" is the expected standard for DeFi protocols.

2025-09

Venezuela sanctions recalibrated

General licenses for certain oil sector transactions revoked. Sectoral sanctions on PdVSA and gold mining intensified following political developments.

2026-01

Updated OFAC compliance guidance

OFAC publishes supplemental guidance on AI-powered sanctions screening expectations, supply chain due diligence for dual-use technology, and secondary sanctions risk for non-US financial institutions.

LEGISLATIVE MILESTONES

Apr 23, 2026

YOU ARE HERE

KEY COMPLIANCE REQUIREMENTS

SDN list screening

Screen all counterparties against the Specially Designated Nationals and Blocked Persons (SDN) list.

Country-based sanctions

Comply with comprehensive and sectoral sanctions programmes targeting specific countries and regions.

Blocking and rejecting

Block (freeze) property of SDN-listed parties; reject prohibited transactions and report to OFAC within 10 days.

Risk-based compliance programme

Implement a risk-based OFAC compliance programme with management commitment, risk assessment, internal controls, testing, and training.

Voluntary self-disclosure

Self-report apparent violations to OFAC promptly; voluntary disclosure is a significant mitigating factor in enforcement.

License applications

Apply for specific or general OFAC licenses when transactions may be authorised under exceptions or exemptions.

WHO DOES THIS AFFECT?

Select your company type for tailored OFAC compliance guidance.

KEY OBLIGATIONS

☐Screen all transactions against SDN List and other OFAC lists

☐Block transactions involving blocked persons and report to OFAC within 10 days

☐Implement risk-based OFAC compliance programme

☐File annual reports on blocked property

☐Apply for specific licenses where permitted transactions require authorisation

YOUR FIRST STEP

Ensure your sanctions screening system covers all OFAC lists (SDN, SSI, CAPTA) with real-time updates and comprehensive fuzzy matching

KEY INTERPRETATIONS & FAQ

JUR.	TITLE	STATUS
US	Whistleblower Incentives and Protections	proposed
US	Technical Amendments to the EPCRA Hazardous Chemical Inventory Reporting Requirements To Conform to the 2024 OSHA Hazard Communication Standard	proposed
US	Technical Amendments to the EPCRA Hazardous Chemical Inventory Reporting Requirements To Conform to the 2024 OSHA Hazard Communication Standard	enforced
US	Concept Release on Residential Mortgage-Backed Securities Disclosures and Enhancements to Asset-Backed Securities Registration	proposed
US	Rescinding Reporting Requirements, Certification, Independent Verification, and DOE Review for Voluntary Greenhouse Gas Reporting	proposed
US	Beneficial Ownership Information Reporting Requirement Revision and Deadline Extension	enforced
US	Establishment of Reporting Requirements for the Development of Advanced Artificial Intelligence Models and Computing Clusters	proposed
US	Consumer Financial Protection Circular 2024-04: Whistleblower Protections Under CFPA Section 1057	enforced
US	Disclosure and Transparency of Artificial Intelligence-Generated Content in Political Advertisements	proposed
US	The Enhancement and Standardization of Climate-Related Disclosures for Investors; Delay of Effective Date	enforced