What Is Economic Sanctions Law and Why Does It Matter to Corporations?

The International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) authorize the President to impose sanctions during national emergencies or wartime, and Congress has delegated enforcement authority to OFAC. Corporations operating in regulated industries face additional compliance obligations under the Bank Secrecy Act and Anti-Money Laundering regulations, which require financial institutions to screen customers and transactions against sanctions lists. Violations of sanctions laws can result in civil penalties up to $20 million per violation (or 20 percent of the transaction value, whichever is greater), and criminal penalties including imprisonment for willful violations. The statutory framework is intentionally broad, which means that indirect transactions, structuring arrangements, or attempts to evade sanctions through third parties can all trigger liability.

In practice, New York courts and federal tribunals increasingly scrutinize corporate compliance programs when sanctions violations surface in litigation or regulatory review. A corporation's failure to implement reasonable screening procedures, maintain audit trails, or train employees on sanctions requirements can be treated as evidence of recklessness or negligence, even if the specific violation was inadvertent. OFAC publishes enforcement guidance and maintains a publicly searchable Specially Designated Nationals (SDN) List that corporations must check before engaging in transactions; delays in updating internal screening systems or gaps in third-party due diligence are common trigger points for enforcement action. The practical significance is that corporations cannot rely on we did not know as a defense; regulators expect proactive, documented compliance infrastructure scaled to the organization's transaction volume and international exposure.

The most straightforward prohibited transaction involves dealing directly with an entity or individual on OFAC's Specially Designated Nationals (SDN) List. However, the SDN List is dynamic and updated frequently, which means corporations must implement continuous monitoring rather than one-time screening. Transactions with non-SDN entities may still be prohibited if those entities are owned or controlled by SDN persons, if they are operating in a sanctioned country, or if they are engaged in sanctioned activities. A common corporate compliance failure involves screening only at the point of initial engagement and failing to update designations when parties are subsequently added to sanctions lists or when business relationships evolve to involve new jurisdictions or transaction types.

Secondary sanctions expand corporate exposure by targeting foreign companies that do business with sanctioned entities or countries. A U.S. .orporation may face penalties not only for direct dealings but also for facilitating transactions between foreign parties and sanctioned jurisdictions, even if the U.S. .ompany itself does not directly transact with the sanctioned party. This is where supply chain risk becomes acute: a manufacturer may unknowingly purchase components from a foreign supplier that sources materials from a sanctioned country, or a financial services firm may process a payment that ultimately benefits a sanctioned entity. Corporations managing global operations must therefore implement due diligence protocols that extend to customers' customers and suppliers' suppliers.

Screening involves checking counterparties, beneficial owners, and transaction parties against OFAC lists and other sanctions databases before engaging in transactions. Due diligence goes deeper and requires investigation of the customer's business, ownership structure, end-use of goods or services, and jurisdictional connections. Monitoring is ongoing and should flag changes in designations, new regulatory guidance, or shifts in customer activity that may indicate sanctions risk. In practice, corporations that maintain contemporaneous documentation of their screening and due diligence decisions create a record that can help mitigate penalties if a violation is later discovered. Conversely, corporations that cannot produce screening records, training materials, or written compliance policies face heightened civil penalties and increased exposure to criminal referral.

OFAC may issue specific licenses authorizing transactions that would otherwise be prohibited, and certain activities are exempted by regulation or statute. For example, some humanitarian transactions, legal services, and communications may be permitted even with sanctioned parties. Corporations should not assume that a transaction is permissible simply because it appears to serve a beneficial purpose; instead, they should consult OFAC guidance, seek specific licenses where appropriate, and document the legal basis for proceeding. Economic sanctions licensing and exemption determinations can be fact-intensive, and corporations operating in sensitive areas such as humanitarian aid, academic exchange, or legal representation of sanctioned parties should seek specialized counsel to navigate the regulatory uncertainty.

OFAC enforcement investigations typically begin with a civil investigative demand (CID) requesting documents, transaction records, and compliance procedures. Corporations should treat the CID as a critical juncture requiring immediate involvement of counsel experienced in sanctions enforcement. The investigation phase is when corporations can establish mitigation narratives by demonstrating the adequacy of prior compliance efforts, the inadvertent nature of any violation, and the promptness of remediation. Remediation should include not only correcting the specific violation but also enhancing compliance infrastructure to prevent recurrence. OFAC publishes enforcement actions and settlement agreements that reveal the agency's penalty calculations and the factors it considers in mitigation; corporations should study these precedents to understand enforcement trends and the consequences of different violation categories.

Sanctions violations can trigger both civil OFAC enforcement and criminal prosecution under the International Emergency Economic Powers Act. A single transaction may result in civil penalties, criminal charges, and collateral consequences such as debarment from government contracts or loss of banking relationships. In cases involving willful violations, structuring to evade sanctions, or involvement of organized crime or terrorism, prosecutors may pursue criminal charges that carry prison sentences. For corporations, this means that internal investigations of potential sanctions violations should assume the possibility of criminal exposure and should be conducted with appropriate legal privilege and attorney involvement. Corporations that conduct internal investigations without counsel risk waiving privilege and creating evidence that prosecutors can later use in criminal proceedings.

Corporations should evaluate and document their current sanctions compliance posture now, before violations are discovered or enforcement actions initiated. Key steps include conducting a comprehensive audit of screening procedures and databases, reviewing transaction records from the past three to five years to identify any potential violations, and assessing whether the compliance program is proportionate to the organization's international exposure. Organizations should formalize their compliance policies in writing, establish clear escalation procedures for ambiguous transactions, and ensure that employees in transaction-processing roles understand their sanctions obligations. Documenting the completion of these evaluations and any remedial actions creates a record that demonstrates good-faith compliance efforts and can significantly influence regulatory and judicial outcomes if violations are later discovered. Additionally, corporations should establish a process for monitoring OFAC guidance updates and regulatory changes so that compliance procedures remain current as the sanctions landscape evolves.