verified_user
Standardful
Homechevron_rightStandardschevron_rightOFAC Sanctions Compliance (SDN Screening)
ActiveInternational Standardupdate Standard Updated: May 2019fact_check Fact checked: Jun 28, 2026

OFAC Sanctions Compliance (SDN Screening)

A Framework for OFAC Compliance Commitments — Economic Sanctions Regulations, 31 CFR Chapter V (SDN List screening under IEEPA/TWEA)

apartmentPublishing Organization:Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury

Standard Introduction

OFAC Sanctions Compliance (SDN Screening) is an active standard published by Office of Foreign Assets Control (OFAC), U.S. Department of the Treasury. It is commonly used across Finance & Banking, Technology, Services, Logistics & Transportation, Energy and applies in United States, Global.

Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with OFAC Sanctions Compliance (SDN Screening).

Implementation Roadmap

1
Phase 1schedule Duration: 3-6 weeks

Define US sanctions compliance program scope

Identify the products, services, systems, entities, jurisdictions, teams, vendors, data flows, and stakeholders covered by OFAC Sanctions Compliance. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for management commitment, risk assessment, internal controls, testing and auditing, training, sanctions screening, blocked property, rejected transactions, reporting, recordkeeping, third parties, geographies, products, and escalation.

2
Phase 2schedule Duration: 4-10 weeks

Assess obligations and gaps

Compare current practices with the expected US sanctions compliance program approach. Review sanctions risk assessment, screening list governance, customer and counterparty screening, transaction screening, geolocation controls, escalation procedures, blocking and rejection workflows, licensing review, third-party controls, testing, audit, and training, then prioritize gaps by legal exposure, user or safety impact, customer commitments, operational dependency, reporting deadlines, and assurance readiness.

3
Phase 3schedule Duration: 8-24 weeks

Implement controls and evidence

Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain sanctions risk assessments, policies, screening logs, alert dispositions, blocked property reports, rejected transaction records, license files, escalation decisions, training records, audit reports, system tuning records, and remediation evidence as traceable evidence.

4
Phase 4schedule Duration: Ongoing

Review, report, and improve

Run management reviews, internal checks, technical testing or independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, reporting cycles, or stakeholder expectations change.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and records

checklist Monitoring and assurance

Frequently Asked Questions

Who needs OFAC Sanctions Compliance?

expand_more

OFAC Sanctions Compliance is most relevant to US persons, foreign entities doing business with the United States or U.S. persons, financial institutions, exporters, fintechs, crypto firms, and global companies exposed to OFAC sanctions risk. The exact scope depends on products, services, jurisdictions, reporting duties, customer commitments, technical requirements, and the organization's role in the relevant ecosystem.

Is OFAC Sanctions Compliance certifiable?

expand_more

OFAC sanctions compliance is a legal risk-management obligation, not a certification. OFAC’s framework describes five essential components of a risk-based sanctions compliance program.

What should implementation focus on first?

expand_more

Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, customers, auditors, assurance providers, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.

What evidence is useful for OFAC Sanctions Compliance?

expand_more

Useful evidence includes sanctions risk assessments, policies, screening logs, alert dispositions, blocked property reports, rejected transaction records, license files, escalation decisions, training records, audit reports, system tuning records, and remediation evidence. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.

How often should the program be reviewed?

expand_more

Review it at planned intervals and whenever laws, products, vendors, incidents, reporting cycles, customer commitments, technical standards, or assurance expectations change. Higher-risk obligations should have more frequent monitoring and management reporting.

Official Documentation

View All

Related Categories