Join us at Transfer 2025 to hear how industry leaders are building payments infrastructure for a real-time world.Register Today →
An OFAC check is a screening process used by financial institutions, businesses, and government agencies to ensure that individuals or entities involved in a transaction are not listed on sanctions lists maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC).
OFAC checks are a critical part of compliance efforts aimed at preventing transactions with sanctioned parties, including individuals linked to terrorism, narcotics trafficking, money laundering, and other illegal activities. Conducting an OFAC check helps businesses and financial institutions avoid regulatory penalties and maintain compliance with U.S. sanctions laws.
How Does an OFAC Check Work?
OFAC checks are multi-step processes to keep organizations from running afoul of sanctions lists and U.S. regulations. Doing so requires an organization to:
- Collect Customer and Transaction Data – Organizations gather details on customers, vendors, or financial transactions that need to be verified.
- Compare Data to Sanctions Lists – The information is checked against OFAC’s databases, including:
- SDN List – Individuals and entities blocked from conducting business with U.S. companies.
- Sectoral Sanctions Identifications (SSI) List – Entities subject to sector-based restrictions.
- Foreign Sanctions Evaders (FSE) List – Parties who have violated U.S. sanctions laws.
- Flag Potential Matches – If a name, business, or transaction appears on an OFAC list, the entity must take action to remain compliant, which may include blocking the transaction or reporting it to OFAC.
- Review and Make Decisions – Organizations conduct due diligence to determine whether a flagged match is valid or a false positive. If a valid match is found, they must halt the transaction and report it to OFAC.
Who Needs to Conduct OFAC Checks?
Many industries are required to perform OFAC checks to comply with U.S. law. Banks and other financial institutions, for example, must screen customers and transactions to ensure no links exist to sanctioned entities or individuals. Payment processors and fintechs must also remain compliant with OFAC regulations.
As more cryptocurrency exchanges emerge, they are increasingly required to screen crypto transactions to root out sanctioned wallets or entities. Businesses engaging in international trade—including those that import, export, or operate globally—must verify that they are not dealing with restricted countries or entities.
Lenders, mortgage companies, and insurance providers must also ensure that applicants are not sanctioned entities, and in sensitive industries, some employers perform OFAC checks during background screenings as well.
Non-compliance with OFAC regulations can result in severe financial and legal consequences, including civil penalties, criminal penalties, and reputational damage. Civil penalties may range from thousands to millions of dollars per violation, while criminal penalties could result in imprisonment for willful violations. Businesses that fail to comply risk losing credibility and facing regulatory scrutiny.
Are OFAC Checks Different Than OFAC Sanctions?
Yes, OFAC checks are different than OFAC sanctions. The former applies to entities and individuals listed on OFAC watch lists, while sanctions apply to entire governments, jurisdictions, or countries. Sanctions are a tool employed by OFAC to support American national interests. An OFAC check is a way to see if a person or entity is subject to an OFAC sanction.
Try Modern Treasury
See how smooth payment operations can be.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
The “Check Clearing for the 21st Century” Act, commonly known as “Check 21,” is a federal law enacted in 2004 to modernize the check payment system.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
An OFAC check is a screening process used by financial institutions, businesses, and government agencies to ensure that individuals or entities involved in a transaction are not listed on sanctions lists maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC).
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.