Skip to main content

Enforcement Actions (2024-2025)

Last Updated: 2025-12-28 Status: Complete

Understanding recent enforcement helps calibrate your compliance program.

Major Cases

CasePenaltyYearViolation Summary
GVA Capital Ltd.$215.99M2025Managing U.S. investments for sanctioned Russian oligarch Viktor Vekselberg
EFG International AG$3.74M2024Processing transactions for clients in multiple sanctions programs
Payward (Kraken)$24M+2022Crypto exchange facilitated transactions from sanctioned regions (Crimea, Cuba, Iran, Sudan, Syria)

2024 OFAC Enforcement Statistics

Total Enforcement Actions: 12 actions in 2024

Total Penalties: $48.8M (civil penalties)

Industry Breakdown:

  • Financial Services: ~90% of total penalties
  • Other industries: ~10%

1. Continued Focus on Financial Institutions

Banks and payment processors remain primary enforcement targets. Regulators expect sophisticated compliance programs.

2. Increasing Crypto Enforcement

Cryptocurrency platforms face heightened scrutiny. OFAC expects same compliance standards as traditional finance.

3. Emphasis on Compliance Program Effectiveness

Penalties correlate with:

  • Whether company had compliance program
  • Effectiveness of program
  • Response to violations
  • Voluntary self-disclosure

4. Strict Liability Consistently Applied

No intent required for liability. "We didn't know" is not a defense.

Lessons from Enforcement Actions

1. Geographic Screening Failures

Issue: Many violations involve failure to screen transaction geography (IP addresses, customer locations).

Lesson: Implement IP geolocation screening for all transactions, not just merchant onboarding.

2. Insufficient Ongoing Monitoring

Issue: One-time onboarding screening is not enough. Ongoing monitoring gaps lead to violations.

Lesson: Screen merchant base against SDN updates at least daily. Don't rely on vendor assumptions.

3. Vendor Reliance Risks

Issue: Assuming third-party vendors are screening properly without verification.

Lesson:

  • Verify vendor screening frequency in writing
  • Conduct periodic testing of vendor capabilities
  • Maintain oversight of vendor performance

4. Compliance Program Weaknesses

Common Deficiencies:

  • Lack of written policies
  • Insufficient training
  • No independent audits
  • Poor documentation

Lesson: Invest in comprehensive compliance program before it's tested by regulators.

5. Voluntary Self-Disclosure Benefits

Pattern: Cases involving voluntary self-disclosure and remediation received significantly reduced penalties.

Lesson: If you discover a violation, consider voluntary disclosure to OFAC. Consult legal counsel immediately.

Penalty Calculation Factors

OFAC considers these factors when determining penalties:

Aggravating Factors (Higher Penalties)

  • Willful or reckless conduct
  • Actual knowledge of violation
  • Attempts to conceal
  • Pattern of violations
  • Harm to sanctions program objectives
  • No compliance program

Mitigating Factors (Lower Penalties)

  • Voluntary self-disclosure
  • Substantial cooperation
  • Remedial response
  • Effective compliance program
  • Isolated occurrence
  • No actual knowledge

Compliance Program Elements That Matter

Based on enforcement actions, OFAC values:

  1. Management Commitment

    • Senior leadership involvement
    • Adequate resources allocated
    • Compliance officer authority

  2. Risk Assessment

    • Regular, documented assessments
    • Customer/geographic risk evaluation
    • Product/service risk analysis

  3. Internal Controls

    • Screening at multiple points
    • Escalation procedures
    • Blocking mechanisms

  4. Testing & Auditing

    • Independent testing
    • Periodic audits
    • Remediation tracking

  5. Training

    • Regular, documented training
    • Role-appropriate content
    • Testing of knowledge

References

Official OFAC Resources

Share: