The Devil Is in the Details: Five Critical Differences Between OFAC and OFSI Regulations

“It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” — Mark Twain

One of the biggest mistakes multinational companies make is assuming that U.S. and UK sanctions compliance are essentially the same. They’re not.

Last week’s joint guidance issued by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and the UK’s Office of Financial Sanctions Implementation (OFSI) is an excellent resource because it highlights both the similarities and the important differences between the two sanctions regimes. While the agencies continue to strengthen their partnership, they are also reminding companies that compliance under one system does not automatically satisfy the other.

In our previous article, we discussed the strategic significance of the joint guidance and what it says about increasing coordination between OFAC and OFSI. Here, let’s focus on what every multinational compliance officer should be doing Monday morning.

Why This Matters

  • Small differences between OFAC and OFSI requirements can create significant compliance risks.
  • A sanctions screening tool alone will not identify every issue.
  • Companies need compliance professionals who understand how these legal differences affect real-world business decisions.

Here are five important distinctions that deserve immediate attention.

1. Ownership Isn’t Always Enough—Control Matters Too

Most sanctions professionals are familiar with OFAC’s well-known 50 Percent Rule. If one or more blocked persons own, individually or in the aggregate, 50 percent or more of an entity, that entity is itself considered blocked—even if it does not appear on the SDN List. OFSI takes a different approach.

Ownership remains important, but UK sanctions also focus on control. An entity may be considered sanctioned if a designated person has the practical ability to direct its affairs, even when ownership alone may not tell the complete story. Conversely, OFSI generally does not aggregate separate designated persons’ ownership interests in the same manner as OFAC.

Practical Lesson: Beneficial ownership analysis must go beyond percentages. Governance, voting rights, board appointments, and practical influence all deserve careful attention.

2. Reporting Requirements Are Not the Same

Many companies assume that once they understand OFAC reporting obligations, they are covered globally. Not so fast.

OFAC requires reports involving blocked property, rejected transactions, annual blocked property reports, and other required filings. OFSI’s reporting framework is structured differently and, importantly, does not require reporting rejected transactions in the same manner as OFAC. Instead, UK reporting obligations depend heavily on whether a company qualifies as a “relevant firm” or “relevant institution” and the applicable sanctions regime.

Practical Lesson: Global reporting procedures should be tailored to each jurisdiction rather than copied from one sanctions program to another.

3. Voluntary Disclosure Remains One of Your Best Risk Management Tools

Both agencies encourage voluntary self-disclosure. Both reward cooperation. But they do not reward it equally.

OFAC may reduce the base civil penalty by up to 50 percent for qualifying voluntary self-disclosures. OFSI may reduce a monetary penalty by up to 30 percent, depending on the facts and timing of the disclosure.

Practical Lesson: When a potential sanctions issue arises, companies should evaluate disclosure obligations early—not after an internal investigation has dragged on for months.

4. Strict Liability Has Become the New Normal

There was a time when companies could argue they lacked knowledge of a sanctions violation. Those days are largely over.

Both OFAC and OFSI now operate under strict liability standards for civil enforcement, although OFSI’s standard changed in 2022. In many cases, regulators no longer need to prove that a company intended to violate sanctions laws before imposing civil penalties.

Practical Lesson: Intent is no substitute for effective compliance controls.

5. One Global Compliance Program Beats Two Separate Programs

Perhaps the most important lesson has nothing to do with legal doctrine.

Companies often organize compliance by geography:

  • U.S. sanctions team.
  • UK sanctions team.
  • EU sanctions team.

That organizational chart may make sense internally. Risk doesn’t follow organizational charts.

International transactions routinely cross jurisdictions, financial institutions, shipping routes, counterparties, and payment systems. Regulators increasingly expect companies to manage those risks holistically.

That is exactly why this joint guidance matters. It reflects two regulators speaking with one voice while acknowledging that important legal differences remain.

Volkov’s Bottom Line

Many organizations genuinely believe they have a strong sanctions compliance program because they have robust OFAC controls. That belief may be sincere—but it can also be incomplete.

The new OFAC-OFSI guidance is a reminder that global compliance requires more than checking boxes. It requires understanding how different legal systems operate, identifying where those systems intersect, and building practical compliance programs that work across borders.

At Corruption, Crime &Compliance, we believe the best compliance programs are built on common sense, practical risk management, and an unwavering commitment to ethics and integrity. Our mission is to help organizations simplify complex regulatory challenges, strengthen ethical cultures, and build compliance programs that work in the real world. Because in today’s global economy, effective compliance isn’t just about following the rules—it’s about earning trust, protecting your business, and doing the right thing.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *