OFAC SDN List & 50% Rule

The Office of Foreign Assets Control (OFAC) administers and enforces U.S. economic and trade sanctions. The Specially Designated Nationals and Blocked Persons (SDN) List, country-based programs, and the 50% Rule together form the operational core of OFAC sanctions compliance for any U.S. financial institution, U.S.-incorporated entity, or foreign entity processing U.S.-dollar payments. OFAC sanctions operate as strict liability: transacting with a sanctioned party is itself the violation, regardless of intent.

Who is bound

OFAC compliance is mandatory for "U.S. persons" – U.S. citizens and permanent residents wherever located, U.S.-incorporated entities and their foreign branches, and any person physically in the United States. The reach is broader than the formal definition. Foreign entities processing transactions through the U.S. financial system, foreign subsidiaries of U.S. parents in some sanctions programs, and any party that "causes" a U.S. person to violate sanctions are also exposed. Fintechs touching U.S. dollar payment rails should treat themselves as in scope by default.

The SDN List

OFAC's consolidated list of individuals, entities, vessels, and aircraft blocked under one or more sanctions programs. U.S. persons are prohibited from transacting with anyone on the list, must block any property of an SDN that comes into their possession, and must report blocked property to OFAC. The list is updated frequently – often multiple times per week – and the practical impact of a designation is immediate. Programs that ingest the list once a quarter are not compliant.

The 50% Rule

The 50% Rule, codified in OFAC guidance dating to 2008 and reaffirmed in August 2014, is the rule that breaks naive screening programs. Any entity owned 50% or more, directly or indirectly, individually or in the aggregate, by one or more SDNs is itself blocked – even if the entity is not on the published SDN List. Aggregation matters: two SDNs each owning 30% of an entity together cross the 50% threshold and the entity is blocked.

Operationally this means a compliant program needs identification of ultimate beneficial owners, aggregation logic across SDNs, and the ability to apply the 50% threshold at the time of onboarding and on an ongoing basis. Beneficial-ownership data quality is the limiting factor in most programs and the area where examiners and OFAC investigators concentrate their attention.

Country-based and sectoral programs

Beyond the SDN List, OFAC operates comprehensive country-based programs (Iran, Cuba, Syria, North Korea, parts of Russia and Ukraine), sectoral programs that target specific industries within a country, and list-based programs (Sectoral Sanctions Identifications List, Foreign Sanctions Evaders List, Non-SDN Menu-Based Sanctions List, and others). Different programs prohibit different conduct: blocking, narrow restrictions on specific transaction types, restrictions on debt or equity tenor. Reading screening as "match against SDN" is insufficient – the program needs treatment of country and sector layers as well.

Violations and enforcement

Common violations in fintech programs:

• Onboarding a customer that maps to an SDN through a fuzzy-name match the screening tool missed
• Processing a payment to a beneficiary with an address tied to a country-based sanction
• Onboarding a corporate customer where a 50%+ UBO is an SDN but the BO data was incomplete
• A vendor in the workflow processed a transaction without the same screening discipline

OFAC enforces through cautionary letters, settlement agreements with civil monetary penalties, and referrals to other enforcement agencies. Penalties range from no action up to multi-billion-dollar settlements. Settlements are published with name, conduct description, and the OFAC analysis – which then becomes industry guidance for what every other program should have caught.

Program elements

OFAC's 2019 framework for compliance commitments outlines five components: senior-management commitment, risk assessment, internal controls, testing and audit, and training. The operational elements that give those bones flesh:

• Up-to-date SDN List ingestion (at least daily, ideally event-driven)
• Fuzzy matching tuned against false-positive and false-negative rates
• Beneficial-ownership identification with 50% Rule aggregation logic
• Country-based screening on transactions and addresses
• Hit disposition workflows with documented rationale
• Blocking and rejection records, with OFAC reporting where required
• Vendor oversight – every vendor in the workflow must screen with the same discipline
• Documented program governance and periodic independent testing

How FinQub supports OFAC compliance

FinQub orchestrates sanctions screening across the major vendors – Refinitiv World-Check, Dow Jones Risk & Compliance, ComplyAdvantage, LSEG, plus internal lists – with consistent fuzzy-match thresholds, list-update governance, and unified hit disposition. Beneficial-ownership identification flows into the 50% Rule logic at workflow time. Every screen, every match, every disposition lands in a hash-chained audit trail tagged with the OFAC framework.

OFAC subpoenas and examiner queries return the complete record by date, customer, or program in a single export. The trail also captures vendor identity per screen, so when a vendor changes or a new vendor enters the workflow, screening continuity is preserved and demonstrable.