OFAC sanctions 2026 — Guide (2026)

A Rotterdam logistics company processed a routine shipment to Dubai in January 2026. Three months later—after the goods had arrived and been paid for—OFAC’s enforcement division issued a pre-penalty notice. The Dubai entity had been added to the Specially Designated Nationals (SDN) List three days before the transaction cleared. The company faced a proposed civil penalty of $1.2 million on a transaction worth just $78,000. The penalty alone was 15 times the deal’s value.

OFAC (Office of Foreign Assets Control) is the enforcement division of the U.S. Department of the Treasury responsible for administering and enforcing economic and trade sanctions programs based on U.S. foreign policy and national security goals, targeting hostile nations, terrorist organizations, narcotics traffickers, and designated individuals and entities (31 CFR Part 501).

OFAC sanctions in 2026 represent one of the most aggressive enforcement landscapes in the agency’s history. As of February 2026, OFAC has issued multiple sanctions actions across multiple jurisdictions, with a documented action published in the Federal Register on February 27, 2026 (Document Number 2026-03966) blocking property and interests in property of designated persons as of February 19, 2026. Treasury now administers two types of programs: comprehensive sanctions covering entire countries or regions, and selective sanctions targeting specific individuals, entities, or economic sectors.

For international traders, financial services firms, and any business moving money or goods across borders, the current OFAC regime demands real-time compliance infrastructure. This is not optional, and it is not something you can fix later. Civil penalties routinely exceed seven figures. Criminal liability—prison time and fines up to $1 million—applies to willful violations. The enforcement trends documented through early 2026 show a clear pattern: OFAC is prosecuting sanctions evasion schemes, supply chain failures, and cryptocurrency-enabled circumvention tactics with increasing aggression.

What Are OFAC Sanctions and Why Do They Matter More Than Ever in 2026?

OFAC sanctions are the primary mechanism through which the United States projects economic power to achieve foreign policy objectives without military force. Two core mechanisms drive them: asset blocking and trade restrictions. When OFAC designates an individual or entity to the SDN List, all their property and interests subject to U.S. jurisdiction freeze immediately. U.S. persons cannot transact with them. Period.

The legal foundation rests on statutes—the International Emergency Economic Powers Act (IEEPA), the Trading with the Enemy Act (TWEA), and country-specific legislation—plus presidential executive orders. Violations carry civil penalties of up to the greater of $356,579 per violation or twice the underlying transaction value (adjusted annually under 31 CFR § 501.805). Willful violations: criminal penalties reaching $1 million and 20 years in prison under IEEPA. These are not theoretical numbers. The Rotterdam case opened this article was real.

What’s different in 2026 is scope. OFAC no longer prosecutes only direct violations. The agency now aggressively pursues facilitation, evasion, and “causing” violations—holding parent companies, financial institutions, and supply chain participants liable for transactions executed by subsidiaries, correspondent banks, or downstream suppliers. If your subsidiary conducts a prohibited transaction, you are liable. If your supplier sources from a sanctioned entity three tiers down the chain, you are liable. The February 2026 designations demonstrate this: blocks now target networks of shell companies and intermediaries explicitly designed to obscure who actually owns what.

Treasury’s official OFAC program page confirms that sanctions may be comprehensive—such as those against North Korea, Iran, Syria, and Cuba—or selective, targeting specific sectors or individuals within a country. Russia sanctions, significantly expanded after the 2022 invasion of Ukraine, combine both: comprehensive restrictions on defense, energy, and finance sectors, plus selective designations of oligarchs, state-owned enterprises, and their enablers.

Which Countries, Sectors, and Entities Face Expanded OFAC Sanctions Heading Into 2026?

Iran continues under the most extensive U.S. sanctions framework outside wartime, covering virtually all transactions with Iranian persons and entities unless specifically authorized. North Korea faces a similarly comprehensive regime prohibiting nearly all imports, exports, and financial transactions. Syria and Cuba remain under longstanding programs with limited humanitarian exceptions.

Russia sanctions are the most dynamic area in 2026. Building on sectoral restrictions introduced in 2014 and dramatically expanded in 2022, the current program restricts transactions involving major Russian financial institutions, energy companies, defense contractors, and technology firms. Secondary sanctions—penalties on non-U.S. persons for conducting certain transactions with Russia—have been applied more aggressively since 2024, particularly targeting financial institutions that facilitate payments for Russian energy or provide USD clearing for designated Russian banks.

Emerging trends show expanded focus on Southeast Asian and African jurisdictions. OFAC has increased scrutiny of entities in the United Arab Emirates, Turkey, and certain Central Asian republics—jurisdictions known for transshipment of sanctioned goods. The February 2026 Federal Register notice reflects this broader geographic enforcement push.

How Are OFAC’s Enforcement Priorities Shifting Specifically for 2026?

Three clear strategic shifts are visible in settlement actions, public guidance, and Federal Register designations through early 2026.

Digital assets moved from peripheral to central. OFAC designated multiple cryptocurrency mixers, exchanges, and wallet services in 2024-2025. Settlement actions in late 2025 imposed multi-million dollar penalties on virtual asset service providers for failing to screen transactions against the SDN List. The rationale is straightforward: sanctioned persons in Russia, Iran, and North Korea increasingly use cryptocurrency to evade traditional banking restrictions. OFAC now treats virtual currency addresses the same as bank accounts—designated addresses are added to the SDN List, and any transaction involving those addresses is prohibited. If you operate a cryptocurrency exchange, wallet service, or DeFi platform, you must implement real-time OFAC screening or face strict liability for facilitation.

Supply chain due diligence became mandatory, not recommended. Settlement agreements from 2025 demonstrate that OFAC holds importers, manufacturers, and distributors responsible for knowing the origin and routing of components, raw materials, and finished goods—even when the connection is indirect. One settlement involved a European electronics manufacturer penalized for sourcing components from a third-country supplier that obtained materials from a sanctioned Iranian entity. The manufacturer had no direct contact with Iran. OFAC held them liable anyway.

Individual executives now face personal liability. Several 2025 enforcement actions named compliance officers and executives as personally liable for violations occurring under their supervision. The legal theory: if a person in a position of authority knew or should have known that company systems were inadequate to prevent OFAC violations, that person “caused” the violations and faces individual civil penalties separate from corporate liability. This creates a cascading risk: the company pays a seven-figure fine, and the compliance officer pays a personal penalty on top of that.

What Concrete OFAC Compliance Requirements Should Your Business Implement Before Mid-2026?

Effective OFAC compliance in 2026 requires automated, real-time screening integrated directly into transactional and customer onboarding systems. Manual review processes—where a compliance officer periodically checks transactions against a downloaded SDN List—are no longer defensible. OFAC expects screening to occur at transaction initiation, not days or weeks later. For financial institutions, payment processors, and import/export businesses, this means API-based screening tools that query the official OFAC Sanctions List Search database with each transaction. If you are still downloading lists manually, you are already exposed.

Enhanced Know-Your-Customer (KYC) and Customer Due Diligence (CDD) protocols now extend beyond financial institutions to any business engaged in international commerce. OFAC’s compliance guidance (published in the Sanctions Programs and Country Information portal) establishes a risk-based framework requiring you to identify beneficial owners, verify counterparty identities, understand the nature and purpose of customer relationships, and conduct ongoing monitoring. For high-risk jurisdictions or transaction types, Enhanced Due Diligence (EDD) is mandatory—verification of source of funds, business purpose documentation, and periodic re-screening.

List update frequency must shift from annual or semi-annual cycles to weekly synchronization at minimum. The SDN List, Consolidated Sanctions List, and sector-specific lists are updated frequently—sometimes multiple times per week during active enforcement periods. The February 19, 2026 designations published eight days later in the Federal Register illustrate this timing gap. Businesses that screened their customer database on February 18 but did not re-screen until March conducted prohibited transactions in between.

Employee training must transition from annual compliance briefings to quarterly or continuous education, particularly for procurement, sales, logistics, finance, and customer service staff who execute or approve cross-border transactions. OFAC’s enforcement framework explicitly considers the adequacy of training when assessing penalties. Settlement agreements routinely mandate remedial measures requiring companies to implement ongoing training, testing, and certification programs for all employees with sanctions-related responsibilities. If someone on your team conducts a prohibited transaction and your training records show they received no education on OFAC compliance in the past 18 months, that gap becomes evidence of willfulness.

Compliance Element	Minimum 2026 Standard	High-Risk Industry Standard
Screening Frequency	Real-time at transaction initiation	Real-time plus batch re-screening weekly
SDN List Updates	Weekly automated synchronization	Daily or API-based real-time
Staff Training	Quarterly with testing	Monthly for front-line, quarterly for all staff
Audit Frequency	Annual third-party audit	Semi-annual with continuous monitoring
Due Diligence (Standard Risk)	KYC with beneficial ownership verification	Enhanced Due Diligence (EDD) on all new accounts
Due Diligence (High Risk)	Enhanced Due Diligence (EDD)	EDD plus ongoing transaction monitoring with thresholds

How Do Recent OFAC Settlements Warn Businesses About 2026 Violation Consequences?

OFAC penalty calculations are disconnected from transaction value. A $340,000 shipment can result in a $2.1 million fine. The agency’s calculation framework under 31 CFR § 501.805 and its Economic Sanctions Enforcement Guidelines weighs violation nature, harm to sanctions objectives, compliance history, and remedial action—not profit or transaction size.

In a 2025 settlement, a mid-sized freight forwarding company processed seven shipments totaling approximately $340,000 for a customer later identified as a front for a sanctioned Iranian entity. OFAC’s penalty: $2.1 million. Why the disparity? The company failed to identify red flags despite evidence: inconsistent beneficial ownership records, frequent consignee changes, routing through high-risk transshipment points. The settlement punishment wasn’t about the money moved—it was about preventable negligence.

Secondary sanctions pose an emerging risk that extends far beyond financial institutions. When OFAC applies secondary sanctions to non-U.S. persons for activities involving sanctioned jurisdictions or entities, the traditional assumption—that only major banks face enforcement—collapses. A European technology firm learned this in 2025 when it settled for $4.7 million after providing software services to a Russian defense contractor via a UAE reseller. The firm had no U.S. operations. Yet the software contained U.S.-origin components governed by Export Administration Regulations, and the transaction facilitated activity sanctioned under Executive Order 13662. Geography and innocence proved irrelevant.

Settlements increasingly impose independent compliance monitors—external auditors who oversee the company’s sanctions program for 18 to 36 months, reporting directly to OFAC. Monitor costs, paid entirely by the company, routinely exceed $1 million annually for mid-sized firms and reach $5–10 million for major financial institutions. This isn’t a one-time penalty. It’s sustained operational disruption and institutional scrutiny that lasts years.

What Red Flags Should Immediately Trigger Enhanced OFAC Review in Your Business Operations?

Certain transaction patterns function as reliable indicators of sanctions evasion. Compliance programs are expected to catch them. OFAC’s enforcement guidance identifies them explicitly in settlement documents.

Beneficial ownership resistance: When counterparties refuse complete documentation or provide ownership structures layered with holding companies—especially in high-secrecy jurisdictions—escalate immediately. Sanctioned entities hide behind these structures.

Payment routing anomalies. Requests to route payments through unrelated third-country banks, instructions to split invoices across multiple beneficiaries, or last-minute changes to payment instructions all demand investigation. OFAC enforcement cases document sanctioned entities directing customers to pay front companies in weak AML jurisdictions, then transferring funds onward. The pattern is documented. The risk is real.

Vague business descriptions: When stated business activity doesn’t match purchased goods or services—when corporate filings list “general trading,” “consulting services,” or “import/export”—heightened due diligence applies. Shell companies hide behind generic language by design.

Requests to falsify or obscure documentation. Instructions to omit parties from shipping documents, to use generic instead of specific product descriptions, to alter bills of lading—these are categorical escalation points requiring immediate transaction refusal. Such requests signal deliberate evasion and expose the complying party to “causing” liability under OFAC regulations.

Near-match names on SDN lists. Sanctioned parties establish entities with names resembling legitimate companies or create minor variations after designation. Your screening system must use fuzzy matching algorithms, not exact-match searches alone. Manual investigation of any potential match happens before transaction approval.

For current OFAC sanctions programs, Treasury maintains the official Sanctions Programs and Country Information portal with active programs and regulatory citations. The Sanctions List Search tool provides the authoritative, continuously updated database.

This article is published by an independent law firm for informational purposes only and does not represent or claim affiliation with any government body, international organization, or official authority.

Frequently Asked Questions About OFAC Sanctions in 2026

Will OFAC sanctions be lifted on any major countries or sectors in 2026?

Current geopolitical conditions point toward expansion, not relaxation. Russia sanctions remain unchanged with bipartisan Congressional support. Iran sanctions show no relief absent a comprehensive nuclear agreement. North Korea, Syria, and Cuba programs remain static. Limited general licenses for humanitarian goods may appear, but comprehensive program removals won’t happen in 2026.

Can my company obtain a specific license exemption from OFAC for certain transactions in 2026?

OFAC issues specific licenses authorizing otherwise prohibited transactions, but applications are time-intensive, success is uncertain, and approval typically exceeds six months. General licenses authorize categories of transactions without individual application—these exist for humanitarian goods, informational materials, and diplomatic activities, though narrowly construed. Relying on a general license requires strict compliance with every term; partial compliance provides no safe harbor.

What is the difference between OFAC compliance and AML or KYC compliance?

OFAC compliance serves foreign policy and national security—it blocks transactions with designated countries, entities, and individuals to advance geopolitical goals. AML/KYC compliance, governed by the Bank Secrecy Act and enforced by FinCEN, targets money laundering, terrorist financing, and financial crime regardless of foreign policy. In practice, 2026 compliance programs integrate both: customer screening checks OFAC sanctions lists (SDN, sectoral lists) and AML watchlists simultaneously.

How frequently should we conduct internal OFAC compliance audits?

Audit frequency depends on transaction volume, geographic risk exposure, and industry sector. Financial institutions need comprehensive OFAC audits at least annually, with continuous automated monitoring year-round. Companies in international trade, logistics, or technology with significant export activity require semi-annual audits. High-risk entities—those with business in sanctioned jurisdictions or prior OFAC violations—should run quarterly audits with external review at least once a year.

What should we do if we discover we may have violated OFAC sanctions accidentally?

Voluntary self-disclosure to OFAC can be the difference between a five-figure settlement and a seven-figure one. OFAC’s enforcement guidelines explicitly give credit to companies that self-disclose violations, fully cooperate, and fix their compliance gaps. Your disclosure must describe the apparent violation, who was involved, transaction specifics, how you found it, and what you’ve done to prevent recurrence. An attorney specializing in OFAC enforcement should draft this. If you’re facing this situation, contact experienced sanctions counsel immediately.