Logo
Book a Demo
Table of Contents

Solutions

Customer Onboarding Software

Name Screening Software
Customer Risk Assessment Software
Case Management Software
Contact Us

OFAC – At a Glance

  • OFAC is a US government authority that enforces and administers economic and trade sanctions.
  • OFAC ensures the prohibition of business operations with sanctioned individuals, entities, and countries, and requires mandatory screening against sanctions lists.
  • Citadel365 automates sanctions screening during customer onboarding and throughout the customer lifecycle to ensure OFAC compliance.

The Role of OFAC in AML Compliance

The Office of Foreign Assets Control (OFAC) is a part of the US Department of the Treasury responsible for administering and enforcing economic and trade sanctions in furtherance of US national security goals and foreign policy.

The regulatory body imposes sanctions against individuals, organisations, and jurisdictions linked to Money Laundering (ML), Terrorism Financing (TF), Proliferation Financing (PF), and other activities threatening US interests.

Further, OFAC mandates Regulated Entities in the US to perform sanctions screening and prohibit transactions with sanctioned individuals, businesses, or countries. Violating OFAC obligations results in penalties, even if entities act by mistake, thereby positioning OFAC compliance as strict liability under AML/CFT programs.

OFAC Sanctions Programs and Scope

OFAC imposes various types of sanctions, such as:

  • Country-Based Sanctions: Ban on imports, exports, trade, and financial transactions with the mentioned country.
  • List-Based Sanctions: Freeze assets of specific companies, individuals, groups, or ships and restrict business with them, of those mentioned in the Specially Designated Nationals (SDN) List.
  • Sectoral Sanctions: Targeted sanctions imposed on specific industries in a foreign country rather than the entire economy, as managed by the Sectoral Sanctions Identifications (SSI) List.

Regulated Entities in the US must screen against the SDN List and other sanctions lists to prevent ML/TF/PF risks. Further, OFAC sanctions rules also apply to non-US firms that use US dollars, US-origin technology or US bank branches to restrict transactions with prohibited persons or countries.

OFAC Compliance Risks and Common Violations

The following control failures lead to OFAC compliance risks:

  • Screening customers during onboarding rather than performing ongoing monitoring checks.
  • Avoiding screening checks on all related parties, such as beneficial owners or intermediaries, who may be sanctioned persons.
  • Using legacy systems that flag an exact match and miss out on aliases or misspellings.
  • Delay in updating screening software to reflect the latest OFAC Lists.

Regulated Entities that lead to OFAC breaches, even accidental ones, face large civil fines, regulatory inspections, and reputational damage.

Regulatory Expectations for OFAC Screening and Controls

OFAC mandates Regulated Entities in the US, and those conducting business in US dollars must implement a risk-based approach to screen customers, entities, and transactions against sanctions lists (such as SDN lists). Entities must perform screening during customer onboarding, transactions, and on an ongoing basis to avoid sanctions violations. Further, OFAC expects entities to follow a structured process for AML compliance. It involves instant alerts, investigation related to sanctions matches, escalating findings to senior management for deeper analysis, and documenting every action for regulatory inspections and reporting. Moreover, OFAC mandates entities to retain record-keeping documents for 10 years, including customer information, screening results, and decisions.

Managing OFAC Risk with Citadel365

Citadel365 provides a central platform for sanctions screening during customer onboarding and throughout the customer relationship to manage OFAC risk. By making the compliance journey consistent and organised, the software also allows configurable matching thresholds to reduce false positives and balance detection accuracy.
Further, Citadel365 features periodic screening and continuous re-screening of customers to ensure compliance with updated OFAC lists and check customers in real time. Additionally, the software with integrated alert handling and case management enables immediate action on flagged suspicious activity by generating and prioritising a case. Effective audit trails record every action taken to support regulatory reviews.

Integrating OFAC Controls into the AML Lifecycle

Integrating OFAC controls is crucial throughout the AML Lifecycle:

  • Customer Onboarding: Mandating the OFAC controls helps identify sanctioned individuals or entities early and prevents the onboarding of risky customers.
  • Customer Risk Assessment: OFAC controls implementation helps identify business risk posed by a sanctioned person, entity or country, labelling it as high-risk and instantly escalating it to senior management for further investigation and reporting.
  • Transaction Monitoring: Screening payments and counterparties against OFAC lists helps reduce the risk of prohibited transactions.
  • Case Management and Audit Trails: Ensure compliance with AML laws by documenting OFAC alerts, reviews, and outcomes in a single and organised system with detailed, chronological records.

OFAC FAQs for AML Professionals

OFAC stands for the Office of Foreign Assets Control, which is a US government agency that enforces economic sanctions against countries and individuals involved in ML/TF/PF activities and other serious threats. The OFAC rules apply to US persons and businesses, as well as to anyone who deals in or with the United States.

OFAC imposes large fines for sanctions violations, even if they were unintentional. Further, the firm may face regulatory inspections and reputational damage.

Firms must instantly update their systems to reflect changes to OFAC lists for screening customers and transactions in real time.

Yes, automation tools such as Citadel365 screen customers quickly, accurately, and in real time. It further reduces human error and false positives, ensuring firms detect risks early and remain compliant.