OFAC Sanctions Audit & SDN List: Technical Compliance Mechanics

Q: 📂 Technical Snapshot: OFAC Sanctions Matrix

Q: 🛡️ "Blocked" vs. "Rejected" Transactions

Technically, OFAC distinguishes between two actions: * Blocking (Freezing): You take the money and put it in a separate, interest-bearing account that the customer cannot touch. You must report this to OFAC within 10 days. The title to the money stays with the customer, but the "Right to Use" it i

引导语：OFAC Sanctions Audit & SDN List（OFAC 制裁审计与 SDN 名单）是全球贸易中的“地缘政治禁区”。本文从全面制裁与针对性制裁的技术差异、核心的“50% 规则”（50% Rule）及其穿透效应，以及模糊匹配（Fuzzy Logic）在名单筛选中的应用三个维度，深度解析合规团队如何防范违规交易，并揭示了通过“暗箱转运”与“离岸架构”规避制裁的常见审计漏洞。

TL;DR: The Office of Foreign Assets Control (OFAC) is an agency of the US Treasury Department that enforces economic and trade sanctions based on US foreign policy. Technically, OFAC manages the SDN List (Specially Designated Nationals)—a database of individuals, groups, and entities (like terrorists, drug traffickers, and sanctioned state-owned companies) whose assets must be blocked. For corporate auditors, an OFAC violation is a "Nuclear Event": US persons and companies are strictly prohibited from doing business with anyone on the list, and any assets related to such transactions must be "Frozen" immediately. Fines for violations (e.g., BNP Paribas, ZTE) can reach into the billions.

📂 Technical Snapshot: OFAC Sanctions Matrix

Component	Comprehensive Sanctions	Targeted (Smart) Sanctions
Scope	Entire countries (e.g., Iran, North Korea, Cuba)	Specific individuals, entities, or sectors
Trigger	Any transaction involving the jurisdiction	Matches against the SDN or SSI lists
The 50% Rule	Automatic (State-controlled)	Critical: Applies to entities owned >50% by SDNs
Facilitation	Prohibited for US persons anywhere	Prohibited if it supports an SDN transaction
Licensing	General or Specific licenses required	Case-by-case exemptions (e.g., humanitarian)
Forensic Risk	High (Trade monitoring)	Extreme (Beneficial ownership lookup)

🔄 The Sanctions Screening Logic Flow

The following diagram illustrates the technical "Match and Block" process that every international payment and customer must pass through to prevent an OFAC breach:

graph TD A["Initiate Global Wire Transfer / New Client"] --> B["Phase 1: Name Screening against SDN List"] B --> C["Fuzzy Logic Engine: Check for variations/aliases"] C --> D{"Is there a 'Potential Match'?"} D -- "NO" --> E["Clearance: Transaction Proceeds"] D -- "YES" --> F["Phase 2: Manual False Positive Review"] F --> G{"Is it a 'Confirmed Match'?"} G -- "NO (Same name, different DOB)" --> E G -- "YES" --> H["Phase 3: COMPLIANCE ACTION"] H --> I["BLOCKING: Assets are frozen / Reporting to OFAC"] I --> J["Filing ARB (Annual Report of Blocked Property)"] K["The 50% Rule Audit: Does an SDN own the counterparty?"] --> G

🏛️ Technical Framework: The 50% Rule

The most dangerous technical trap in sanctions compliance is the OFAC 50% Rule.

The Rule: Any entity owned 50% or more in the aggregate, directly or indirectly, by one or more sanctioned persons (SDNs) is itself considered sanctioned, even if that entity is NOT on the list.
The Complexity: If SDN A owns 25% of Co and SDN B owns 26% of Co, the company is sanctioned.
The Forensic Audit: Auditors must "unlayer" the ownership chain of every foreign supplier to ensure that an SDN is not hiding behind a shell company. This is why "Beneficial Ownership" data is the primary technical currency of sanctions compliance.

⚙️ Fuzzy Logic and Name Matching

Because names are spelled differently across languages (e.g., Vladimir vs. Wladimir), screening systems use Fuzzy Logic (Levenshtein Distance).

Phonetic Matching: Identifying names that sound the same but are spelled differently.
String Proximity: Identifying names that are 80% similar.
The Penalty of Speed: If the fuzzy logic is too loose, you get too many "False Positives" (blocking innocent people). If it is too tight, an SDN slips through. Managing this "Fuzzy Threshold" is a core technical task for a Chief Compliance Officer.

🛡️ "Blocked" vs. "Rejected" Transactions

Technically, OFAC distinguishes between two actions:

Blocking (Freezing): You take the money and put it in a separate, interest-bearing account that the customer cannot touch. You must report this to OFAC within 10 days. The title to the money stays with the customer, but the "Right to Use" it is suspended.
Rejecting: You simply refuse to do the transaction and send the money back. This is only allowed if the transaction does not involve an interest of an SDN (e.g., a transaction with a sanctioned country but no sanctioned person).

🔍 Forensic Indicators of "Sanctions Evasion"

Investigators look for these technical signals of "Shadow Trade":

"Going Dark": Ships turning off their Automatic Identification System (AIS) transponders when entering sanctioned waters (e.g., near Iran or North Korea).
U-Turn Transactions: Money from a sanctioned country going to a "Friendly" third-party (like Dubai or Turkey) before entering the US financial system.
Vague "Port of Origin" labels: Invoices that list the origin of oil or gold as "International Waters" or "Middle East" to hide a sanctioned source.
The "Nested Account" Trap: A foreign bank in a sanctioned country opening an account at a non-sanctioned bank, and using that account to process USD payments for its SDN clients.

🏛️ The Vault: Real-World Reference Files

To see how sanctions violations have crippled the world's largest banks, cross-reference these dossiers in The Vault:

BNP Paribas: The $8.9B Fine (2014): A technical study in how a French bank systematically stripped "Wire Tags" and used "Cover Payments" to hide transactions with Sudan, Iran, and Cuba.
ZTE: The Sanctions Export Ban: Analyze how a Chinese tech giant was almost destroyed after being caught shipping US-made components to Iran in violation of an OFAC settlement.
The 'Enrica Lexie' Oil Tanker Audit: Explore how AIS data is used to track "Ship-to-Ship" transfers of sanctioned crude oil.

Frequently Asked Questions (FAQ)

What is an "SDN"?

A Specially Designated National. These are the "Top Tier" sanctioned persons. Doing business with them is a criminal offense for US persons.

Does OFAC apply to non-US persons?

Technically, No, but effectively Yes. If a European company uses US Dollars (which clear through New York), the transaction falls under OFAC jurisdiction. This is known as "Secondary Sanctions" risk.

What is a "General License"?

It is a technical permission published by OFAC that allows anyone to do a specific type of business with a sanctioned entity (e.g., exporting food or medicine) without asking for a specific permit.

Conclusion: The Mandate of Global Restraint

OFAC Sanctions Audit & SDN List Reports are the definitive "Geopolitical Filter" of the modern economy. They prove that in a market of frictionless capital, Trade is a privilege controlled by foreign policy. By establishing a rigorous framework of fuzzy logic screening, 50% rule audits, and beneficial ownership transparency, the compliance and legal teams ensure that the company does not become a tool for sanctioned actors. Ultimately, OFAC mechanics ensure that corporate growth is grounded in national security—proving that in the end, the most resilient company is the one that has the technical maturity to navigate the map of global risk.

Keywords: OFAC sanctions audit mechanics SDN list screening, the 50% rule sanctions compliance, fuzzy logic name matching OFAC, blocked vs rejected transactions sanctions, sanctions evasion techniques AIS transponders, specially designated nationals and blocked persons list.

Bilingual Summary: OFAC enforces trade sanctions and manages the SDN list to prevent transactions with sanctioned entities. OFAC 制裁审计与 SDN 名单报告（OFAC Sanctions Audit & SDN List）是企业参与全球金融体系的“准入红线”。其技术核心在于“名单筛选”与“50% 规则”：任何被美国财政部列入 SDN 名单的个人或实体，其资产必须被立即冻结；同时，由制裁对象合计持股 50% 以上的非名单实体也自动受限制。报告深度解析了模糊匹配逻辑（Fuzzy Logic）在排除“假阳性”中的应用，以及通过“掩盖原产地”或“嵌套账户”进行制裁规避的常见手段。对于审计团队而言，核心在于确保跨境支付不涉及受限主体，避免因违反制裁法而面临数十亿美金的巨额罚款。