What Is the Scope of Us Economic Sanctions for Corporate Compliance?

The most expansive programs include sanctions on Iran, North Korea, Syria, Cuba, and Russia, along with targeted sanctions on specific individuals and entities designated as Specially Designated Nationals (SDNs) or Blocked Persons. Country-based programs generally prohibit all transactions with entities organized under the laws of the sanctioned country or owned or controlled by that country's government. Entity-specific programs target particular organizations, banks, and individuals regardless of their home country, and these designations change regularly as OFAC updates its SDN list. From a practitioner's perspective, corporations often underestimate the frequency of OFAC list updates and the compliance burden of screening against a database that may expand multiple times per week. Failure to screen transactions against the current SDN list before execution exposes a corporation to liability even if the transaction itself would have been permissible at the time of execution had the counterparty not been designated.

OFAC liability attaches not only to direct transactions but also to transactions involving entities in which a US person holds a 50 percent or greater ownership interest, or in which a US person exercises effective control. This means a corporation may be liable for transactions entered into by a foreign subsidiary or joint venture if the US parent exercises operational, financial, or strategic control. Courts and OFAC have interpreted control broadly to include situations where a US parent maintains veto rights over major decisions, consolidates financial results, or provides operational guidance, even if day-to-day decisions are made by foreign management. The practical implication is that a corporation cannot insulate itself from sanctions liability by placing operations in a foreign entity; the structure of ownership and decision-making authority determines liability exposure.

A corporation that discovers a violation may file a voluntary self-disclosure (VSD) with OFAC, which can result in mitigation of civil penalties but does not eliminate liability. OFAC's enforcement guidelines indicate that a corporation that discloses a violation promptly, cooperates fully, and demonstrates remedial measures may receive a penalty reduction; however, OFAC retains discretion to impose penalties even after a VSD. The decision to file a VSD involves substantial risk assessment because the disclosure itself becomes evidence of knowledge, and OFAC may use the disclosure to investigate related transactions or expand the scope of enforcement action. Corporations must weigh the potential benefit of penalty mitigation against the risk that disclosure will trigger a broader investigation that uncovers additional violations or expands the universe of transactions under review.

OFAC civil enforcement proceeds administratively without the procedural protections of criminal prosecution; OFAC may impose penalties without proving intent or knowledge, and a corporation cannot require a jury trial or confront witnesses in the same manner as in criminal proceedings. In contrast, criminal prosecution for sanctions violations proceeds through the US District Court for the Southern District of New York or other federal district courts, where prosecutors must prove knowing violation beyond a reasonable doubt and the defendant retains constitutional procedural rights. The civil penalty framework creates a lower evidentiary threshold, meaning OFAC can establish a violation based on evidence that would be insufficient for criminal prosecution. This dual-track exposure means a corporation may face civil penalties from OFAC and criminal prosecution from the Department of Justice simultaneously for the same underlying conduct, and the corporation cannot use a civil settlement to bar subsequent criminal charges.

OFAC guidance indicates that reasonable compliance includes screening all counterparties against the SDN list before transaction execution, maintaining records of screening results, and implementing secondary review for transactions involving high-risk jurisdictions or ambiguous counterparty information. Screening must occur at the point of transaction initiation, not retroactively, because a transaction executed before screening is complete creates liability regardless of the screening result. Documentation should include the date of screening, the screening tool used, the result, and any exceptions or escalations for manual review. Courts and OFAC have emphasized that screening is not a one-time event; ongoing monitoring of existing counterparties and periodic re-screening of high-risk relationships is expected. A corporation that can demonstrate that it conducted timely screening, documented the process, and escalated ambiguous results to compliance personnel establishes a stronger defense to allegations of knowing violation.

Dual-use goods and services (items with both civilian and military applications) may be subject to export controls and sanctions restrictions even when the ultimate end-user is not a designated entity or government. Corporations must evaluate not only the identity of the direct counterparty but also the likely end-use and end-user of the goods or services, and OFAC may prohibit transactions based on reasonable suspicion that the goods will be diverted to a sanctioned jurisdiction or entity. This requires corporations to implement due diligence procedures that go beyond SDN screening to include end-use verification, customer questionnaires, and background checks on counterparties in high-risk sectors or regions. Failure to conduct end-use due diligence on dual-use transactions creates liability even if the direct counterparty is not designated, because the corporation's knowledge or reasonable suspicion of prohibited end-use is sufficient to establish a violation.