OFAC Sanctions Compliance (SDN Screening)
A Framework for OFAC Compliance Commitments — Economic Sanctions Regulations, 31 CFR Chapter V (SDN List screening under IEEPA/TWEA)
Standard Introduction
OFAC Sanctions Compliance (SDN Screening) is an active standard published by Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury. It is commonly used across Finance & Banking, Technology, Services, Logistics & Transportation, Energy and applies in United States, Global.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with OFAC Sanctions Compliance (SDN Screening).
Implementation Roadmap
Define US sanctions compliance program scope
Identify the products, services, systems, entities, jurisdictions, teams, vendors, data flows, and stakeholders covered by OFAC Sanctions Compliance. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for management commitment, risk assessment, internal controls, testing and auditing, training, sanctions screening, blocked property, rejected transactions, reporting, recordkeeping, third parties, geographies, products, and escalation.
Assess obligations and gaps
Compare current practices with the expected US sanctions compliance program approach. Review sanctions risk assessment, screening list governance, customer and counterparty screening, transaction screening, geolocation controls, escalation procedures, blocking and rejection workflows, licensing review, third-party controls, testing, audit, and training, then prioritize gaps by legal exposure, user or safety impact, customer commitments, operational dependency, reporting deadlines, and assurance readiness.
Implement controls and evidence
Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain sanctions risk assessments, policies, screening logs, alert dispositions, blocked property reports, rejected transaction records, license files, escalation decisions, training records, audit reports, system tuning records, and remediation evidence as traceable evidence.
Review, report, and improve
Run management reviews, internal checks, technical testing or independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, reporting cycles, or stakeholder expectations change.
Compliance Checklist
checklist Scope and accountability
checklist Controls and records
checklist Monitoring and assurance
Frequently Asked Questions
Who needs OFAC Sanctions Compliance?
expand_more
OFAC Sanctions Compliance is most relevant to US persons, foreign entities doing business with the United States or U.S. persons, financial institutions, exporters, fintechs, crypto firms, and global companies exposed to OFAC sanctions risk. The exact scope depends on products, services, jurisdictions, reporting duties, customer commitments, technical requirements, and the organization's role in the relevant ecosystem.
Is OFAC Sanctions Compliance certifiable?
expand_more
OFAC sanctions compliance is a legal risk-management obligation, not a certification. OFAC’s framework describes five essential components of a risk-based sanctions compliance program.
What should implementation focus on first?
expand_more
Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, customers, auditors, assurance providers, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.
What evidence is useful for OFAC Sanctions Compliance?
expand_more
Useful evidence includes sanctions risk assessments, policies, screening logs, alert dispositions, blocked property reports, rejected transaction records, license files, escalation decisions, training records, audit reports, system tuning records, and remediation evidence. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.
How often should the program be reviewed?
expand_more
Review it at planned intervals and whenever laws, products, vendors, incidents, reporting cycles, customer commitments, technical standards, or assurance expectations change. Higher-risk obligations should have more frequent monitoring and management reporting.
Official Documentation
Official PDF for OFAC Sanctions Compliance (SDN Screening)
Official publication or summary for OFAC Sanctions Compliance (SDN Screening)
Official online resource
Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for OFAC Sanctions Compliance (SDN Screening)