Everything small businesses need to know about OFAC sanctions compliance.
The Office of Foreign Assets Control (OFAC) is a division of the U.S. Department of the Treasury. It administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. OFAC targets foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy, or economy of the United States.
OFAC is not a niche regulatory body — its regulations apply broadly to virtually all U.S. persons and entities, including small businesses. Ignorance of OFAC requirements is not a defense, and OFAC has pursued enforcement actions against businesses of all sizes, from multinational banks to small exporters.
The Specially Designated Nationals and Blocked Persons List (SDN List) is OFAC’s primary sanctions list. It contains the names of over 12,000 individuals and entities whose assets are blocked (frozen) and with whom U.S. persons are generally prohibited from engaging in any transactions.
The SDN list includes:
The list is updated frequently, often multiple times per week. A party that was not on the list last month may be added today, which is why periodic rescreening is essential.
The short answer: virtually all U.S. businesses. OFAC’s regulations apply to all U.S. persons, which includes:
If your business exports goods, provides services to foreign clients, processes international payments, or sells products online to customers outside the U.S., you have OFAC obligations. Even purely domestic businesses can face liability if they unknowingly transact with a sanctioned party operating within the United States.
OFAC violations carry severe penalties, and the agency does not distinguish between intentional violations and negligent ones:
Civil penalties: Up to $356,579 per violation (adjusted annually for inflation) or twice the value of the underlying transaction, whichever is greater.
Criminal penalties: Up to $1,000,000 in fines and up to 20 years imprisonment per violation.
OFAC has a strict liability standard for civil penalties — meaning you can be penalized even if you did not know the other party was sanctioned. Intent matters for criminal penalties, but civil enforcement does not require proof of willful violation.
In practice, OFAC considers several factors when determining penalties: whether the violation was voluntarily self-disclosed, whether the company had a compliance program, the level of awareness, and the dollar value of the transactions. Having a documented screening process is one of the strongest mitigating factors.
SDN screening is the process of checking the names of your customers, vendors, business partners, and other parties against the SDN list (and ideally, other sanctions lists) before engaging in a transaction. Effective screening requires:
Simple exact-match lookups are insufficient. Sanctioned parties often use alternate spellings, transliterations (especially for Arabic, Chinese, and Russian names), and aliases. An effective screening system uses fuzzy matching algorithms that catch:
Good screening tools assign a confidence score to each potential match, allowing you to set thresholds. A 95%+ match likely requires investigation and blocking. A 60% match may be a false positive that can be cleared with additional due diligence.
OFAC expects businesses to maintain records of their screening activities. If you are ever audited or investigated, you need to demonstrate that you screened parties and how you resolved any potential matches.
OFAC’s guidance and best practices recommend screening at multiple points:
While the SDN list gets the most attention, a comprehensive compliance program screens against multiple government lists:
| List | Agency | Purpose |
|---|---|---|
| OFAC SDN List | Treasury (OFAC) | Blocked persons and entities |
| OFAC Consolidated Sanctions | Treasury (OFAC) | Country-based sanctions programs |
| BIS Entity List | Commerce (BIS) | Export control restrictions |
| BIS Denied Persons List | Commerce (BIS) | Denied export privileges |
| BIS Unverified List | Commerce (BIS) | Unverified end-use parties |
| DDTC ITAR Debarred | State (DDTC) | Arms export debarred parties |
| State Dept AECA Debarred | State Dept | Arms Export Control Act debarred |
ScreenGuard by NormSuite screens names against all seven major U.S. sanctions and export control lists simultaneously. It uses multi-layer fuzzy matching with confidence scores, catches aliases and name variations, and maintains an audit trail of every screening. The free tier includes 5 screenings per day — enough for small businesses to start building a compliance process immediately.
Screen a Name FreeOFAC (Office of Foreign Assets Control) is a division of the U.S. Department of the Treasury that administers and enforces economic sanctions programs against targeted foreign countries, terrorists, narcotics traffickers, and others.
The SDN (Specially Designated Nationals) list is OFAC’s primary sanctions list containing the names of individuals and entities whose assets are blocked and with whom U.S. persons are generally prohibited from dealing.
Virtually all U.S. persons and businesses must comply with OFAC regulations. This includes any company that exports goods or services, processes payments, or engages in transactions with foreign parties.
Civil penalties can reach $356,579 or more per violation (adjusted annually for inflation). Criminal penalties can include fines up to $1,000,000 and imprisonment up to 20 years per violation.
Best practice is to screen at onboarding, before every transaction, and periodically (at least monthly) against updated lists. The SDN list is updated frequently, sometimes multiple times per week.