National security enforcement actions are among the most complex matters in the federal system. They are characterized by parallel criminal and civil regulatory proceedings; interagency coordination between DOJ, Treasury, Commerce, State, and the Intelligence Community; and in criminal cases, the potential application of the Classified Information Procedures Act (CIPA, 18 U.S.C. App. 3), which governs the use of classified evidence in criminal proceedings.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency of the U.S. Treasury Department that administers and enforces economic and trade sanctions based on U.S. national security and foreign policy goals. OFAC sanctions programs are among the most complex and rapidly evolving areas of federal regulatory compliance — programs are added, modified, and expanded through executive orders with minimal notice, and the consequences of violations are severe regardless of whether the violating party had knowledge of the sanctioned status.
OFAC administers and enforces U.S. economic and trade sanctions programs against designated foreign countries, terrorist organizations, international narcotics traffickers, and proliferation networks. OFAC's Specially Designated Nationals (SDN) List and sector-specific sanctions programs identify the specific parties and countries subject to restrictions. A key feature of OFAC sanctions is strict civil liability — a party can commit a civil violation without any knowledge of the sanctioned counterparty's status.
OFAC violations typically come to the government's attention through:
Financial institution reporting — banks and money service businesses file Suspicious Activity Reports (SARs) and blocked transaction reports directly to OFAC when they identify transactions that may involve SDNs or sanctioned jurisdictions.
Voluntary self-disclosure by the company or its counsel after an internal investigation or compliance audit identifies potential violations.
Referrals from other federal agencies — DOJ, FBI, DHS — who encounter OFAC violations in the course of other investigations.
Tips from industry competitors, former employees, or foreign governments.
OFAC uses a published penalty matrix that considers both the base penalty amount and a series of aggravating and mitigating factors to determine the final civil monetary penalty:
| Factor Type | Aggravating Factors (Increase Penalty) | Mitigating Factors (Decrease Penalty) |
|---|---|---|
| Knowledge | Management knew of or recklessly disregarded the violation | Violation was not voluntarily disclosed but OFAC gives credit for good faith |
| Pattern | Part of a pattern of violations; similar prior violations | Isolated, non-recurring transaction; first violation |
| Harm | Significant harm to U.S. sanctions program objectives; transactions with designated terrorist organizations or WMD proliferators | De minimis harm; transactions with less sensitive sanctions programs |
| Cooperation | Failure to cooperate; obstruction of OFAC's investigation | Voluntary self-disclosure; full cooperation; immediate remediation |
| Compliance Program | No compliance program; compliance program was a facade | Sophisticated and effective compliance program in place; violation caught by the program |
Individuals and entities who believe they have been improperly placed on the SDN List may submit a petition for removal to OFAC's Office of Global Targeting. The petition process involves: submitting a formal written petition with supporting evidence demonstrating why the designation criteria are not met; OFAC's review of the petition with classified and unclassified information; and a final agency determination. Judicial review of OFAC designations is available in federal district court under the Administrative Procedure Act (5 U.S.C. § 706), though courts apply significant deference to OFAC's national security determinations.
| Sanctions Program | Key Prohibitions | Civil Penalty Per Transaction | Criminal Exposure |
|---|---|---|---|
| Iran (IEEPA / ITSR — 31 C.F.R. Part 560) | Virtually all trade and financial transactions with Iran or Iranian nationals absent OFAC license | Up to $356,579 or 2× value of transaction | Up to $1M + 20 years imprisonment (50 U.S.C. § 1705) |
| Russia (IEEPA / Ukraine-Russia EOs) | Broad restrictions on specified sectors; targeted SDN designations | Up to $356,579 or 2× value | 50 U.S.C. § 1705: up to $1M + 20 years |
| SDN List — All Programs | Any transaction with a designated individual or entity worldwide | Up to $356,579 per violation | 50 U.S.C. § 1705: up to $1M + 20 years |
| Cuba (TWEA / CACR — 31 C.F.R. Part 515) | Almost all commercial transactions absent OFAC license | Up to $91,138 per violation | 50 U.S.C. App. § 16: criminal exposure for willful violations |
| North Korea (IEEPA / NKSR) | Comprehensive sanctions — among the broadest prohibitions in the OFAC regime | Up to $356,579 per violation | 50 U.S.C. § 1705: up to $1M + 20 years |
The International Traffic in Arms Regulations (ITAR), administered by the State Department's Directorate of Defense Trade Controls (DDTC), control the export of defense articles on the United States Munitions List (USML). The Export Administration Regulations (EAR), administered by the Commerce Department's Bureau of Industry and Security (BIS), control dual-use items on the Commerce Control List (CCL) with both commercial and military applications.
| Regime | Administered By | Key Prohibition | Criminal Penalty |
|---|---|---|---|
| ITAR (22 C.F.R. Parts 120–130) | State Dept. (DDTC) | Export or transfer of USML items without a State Dept. license | Up to $1M + 20 years imprisonment per violation (22 U.S.C. § 2778) |
| EAR (15 C.F.R. Parts 730–774) | Commerce Dept. (BIS) | Export of CCL items to controlled destinations without a Commerce license | Up to $1M + 20 years per violation (50 U.S.C. § 4819) |
| IEEPA Criminal Violations | DOJ | Willful violation of emergency economic powers sanctions orders | Up to $1M + 20 years per violation (50 U.S.C. § 1705) |
FARA requires individuals and entities acting as agents of foreign principals in a political or quasi-political capacity to register with the DOJ and to disclose their activities, funding sources, and disbursements. FARA enforcement has intensified dramatically since 2016, with the DOJ's National Security Division actively pursuing criminal prosecutions for failure to register and for filing false FARA registrations. Criminal FARA violations carry up to 5 years imprisonment and $250,000 in fines per count.
National security enforcement matters require coordinated defense across criminal, civil, and regulatory tracks. Contact MB Law for a confidential assessment of OFAC, export control, or FARA exposure before the government identifies the issue first.
OFAC's Enforcement Guidelines (31 C.F.R. Part 501, Appendix A) provide that a timely, complete, and accurate voluntary self-disclosure will be considered a substantial mitigating factor and can reduce the base penalty amount by up to 50%. A VSD must be submitted in writing to OFAC's Compliance Programs Division and must include: a description of the apparent violation; the identities of all parties involved; the value and nature of the transactions; the date range of the violations; and the steps taken to implement corrective measures.
Critical strategic consideration: the VSD process requires disclosing the full scope of the violation. A VSD that inadvertently discloses more than was investigated — or that opens new lines of inquiry — can expand the government's view of the problem rather than resolving it. MB Law manages all aspects of the VSD process: scoping the disclosure, drafting the VSD submission, coordinating with OFAC, and negotiating the final penalty determination.
Irrespective of the particular economic sanctions regime implicated, confronting an OFAC enforcement inquiry constitutes a high-stakes matter demanding sophisticated legal strategy and decisive intervention. When you face an OFAC investigation, our attorneys can intervene immediately and interface directly with OFAC on your behalf. We can also expeditiously conduct a thorough compliance audit to assess the issues at hand and identify viable defenses to resolve the matter on the most favorable terms attainable. Whether demonstrating adherence to a general or specific license, or establishing that any technical violations were inadvertent and do not warrant escalation to criminal prosecution, we execute a precisely tailored defense strategy calibrated to the circumstances of your case.
As with any robust compliance framework, the policies and procedures comprising an OFAC compliance program must be specifically calibrated to an organization's unique risk profile. Nevertheless, the U.S. Department of the Treasury has issued authoritative guidance on what a comprehensive OFAC Sanctions Compliance Program (SCP) should encompass.
OFAC has articulated that "senior management's commitment to, and support of, an organization's risk-based SCP is among the most determinative factors in its effectiveness." Consistent with this principle, OFAC expects demonstrable evidence that leadership treats the organization's compliance obligations with appropriate gravity—ensuring, for instance, that the compliance function receives adequate resources, staffing, and institutional support.
Any entity subject to OFAC jurisdiction must conduct a comprehensive, enterprise-wide assessment—examining operations from the executive suite to front-line functions—to evaluate touchpoints with external parties and identify current and prospective compliance risks. When evaluating an organization's sanctions exposure, leadership must look beyond the existing regulatory framework and continuously reassess potential risks as sanctions regimes evolve with considerable frequency. OFAC expects organizations not merely to identify risks but to analyze and understand the root causes underlying those vulnerabilities.
A robust OFAC compliance program must incorporate detailed, comprehensible internal controls that equip personnel with the information necessary to prevent potential violations. These controls should be disseminated throughout the organization, and management must take affirmative steps to ensure all employees understand their compliance responsibilities. Internal controls should function as an integrated system enabling the organization to detect, escalate, and remediate potential violations in a timely manner.
A compliance program achieves its intended purpose only when personnel fully comprehend their compliance obligations. Accordingly, training constitutes a foundational element of any effective OFAC sanctions compliance program.
ATTORNEY ADVERTISING. This website is for informational purposes only. Visiting this website does not create an attorney-client relationship. Do not submit confidential information until an engagement agreement has been executed. Past results do not guarantee future outcomes.