Five Things to Know About OFAC’s Requirements - Federal Lawyer
WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo
Quick Practice Area Locator

Five Things to Know About OFAC’s Requirements

OFAC’s Requirements

Global turmoil and the war in Ukraine have made the United States drastically expand the breadth of the economic sanctions that it has imposed on foreign nationals. Using statutes passed by Congress that authorize him to do so, the President of the United States has imposed these sanctions against thousands of people, companies, and other organizations that pose a threat to the United States’ foreign interests and its national security. However, it is up to the Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury to enforce them.

To help enforce these economic sanctions, OFAC has released lots of guidance for domestic companies on how they can comply with them.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney


Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Here are five things that the OFAC compliance and defense lawyers at Oberheiden P.C. think that American companies and their stakeholders should know about these compliance requirements for 2023.

1. Make Sure You Have OFAC’s 5 Basic Requirements Covered

The amount of compliance guidance that OFAC has released, as well as the occasional specificity of that material, can be a double-edged sword for American individuals and companies. It means that OFAC has some fairly high expectations that you and your company will take their input to heart and follow their recommendations. Varying from them should only be done if the variance can be strongly justified.

According to OFAC’s guidance materials, the five basic compliance requirements are:

  1. A managerial commitment to achieving compliance
  2. Risk assessments and reviews
  3. Internal controls that are reasonably designed to detect OFAC violations and to respond to them appropriately
  4. Auditing
  5. Employee training and retraining

If your company has decided that any of these elements are unnecessary, there should be a strong explanation ready in case OFAC investigates your company for a potential violation of sanctions. If OFAC is unpersuaded by your rationale, the penalties that the agency imposes are likely to be significantly higher than if all of its recommended compliance measures had been carried out to the letter.

2. Now is the Time to Audit Your OFAC Compliance Efforts

Given that the fourth element to a compliance strategy that satisfies OFAC’s requirements is auditing, conducting an audit of your OFAC compliance mechanisms should already be on your company’s agenda.

However, the recent actions that the U.S. has taken against foreign nationals should spur companies into expediting their next scheduled auditing session or into planning new ones.

As Dr. Nick Oberheiden, OFAC compliance and defense lawyer and founding partner of the national law firm Oberheiden P.C., says, “There is no time like the present to review the efficacy of your OFAC compliance system. New individuals and companies are getting added to the list of Specially Designated Nationals (SDNs) every week thanks to the turmoil across the globe. The odds of inadvertently doing business with one of them has probably never been higher. Taking the time to audit your OFAC compliance efforts is the best way to make sure they are working as they should and are effectively insulating the company from legal liability and the significant costs of violating sanctions. If the audit finds a shortcoming, it can be addressed before it leads to a violation.”

3. Review Your Cybersecurity Protocols

One area that should demand your immediate attention is the cybersecurity aspect of your OFAC compliance efforts. Not only are the parties that have been getting added to the list of SDNs technologically savvy and willing to engage in cyberwarfare to get what they want, but OFAC also recently altered its regulations pertaining to cybersecurity requirements in compliance efforts.

A relatively large portion of the new additions to the SDN list of sanctioned individuals and organizations have to do with the Russian invasion of Ukraine. Many of them are tied to the Kremlin in some way. This gives them access to potent and highly-skilled weapons in cyberwarfare. If history is any indicator, Russian actors – particularly those remotely tied to the state – are willing and able to resort to cyberattacks to achieve their goals. It would not be a surprise if they were to resort to it in an attempt to evade sanctions.

Perhaps because of this very real possibility, OFAC updated its cybersecurity requirements and regulations in September of 2022, after the war in Ukraine had started. Published at 15 C.F.R. Part 758, these new regulations tell domestic companies how OFAC thinks that they should protect themselves from cyberattacks conducted by sanctioned parties. The final rule that announced these changes explains some of OFAC’s reasoning behind them.

4. It May Be Wise to Appoint an OFAC Compliance Officer

Particularly for companies that have not taken action on their OFAC compliance requirements in some time, it may be wise to appoint a compliance officer whose sole job is to handle OFAC-related matters.

Delegating OFAC compliance to a corporate officer or manager who already has other tasks can overburden them. The variety of jobs that they have can also become a distraction, leading to poor performance on not just OFAC compliance, but also in the officer’s other responsibilities. In either situation, your company would continue to be exposed to the serious penalties that come with a violation of U.S. sanctions – a violation that becomes far more likely to happen if the company is not in full OFAC compliance.

By appointing an OFAC compliance officer – even temporarily or on a contractual basis, for a period of time only long enough to bring the company back up to speed with OFAC’s requirements – you can ensure that the job gets done.

5. Keep Up to Date with the OFAC SDN Lists

Through it all, though, the most important OFAC requirement is to know who is a sanctioned party and to avoid dealing with them. The first and most fundamental part of satisfying this requirement is to keep apprised of the SDN lists that OFAC publishes. If you do not know who is on them or who has been added to them recently, it will be impossible to avoid them in the course of your company’s business dealings.

Contact Us Today

I accept the Terms and Conditions.(Required)

Why Clients Trust Oberheiden P.C.

  • 2,000+ Cases Won
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorney
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Serving Clients Nationwide
Email Us 888-680-1745
WordPress Lightbox