To understand how the U.S. government can wield economic power around the globe, we need to take a closer look at how the Office of Foreign Assets Control (OFAC) operates. For decades the main tool for OFAC has been primary sanctions. These are classic restrictions affecting U.S. citizens, U.S. corporate entities or transactions in the United States directly. If a transaction has a clear U.S. nexus, primary sanctions apply. But the landscape has shifted tremendously. Secondary sanctions have been an important pillar of U.S. economic statecraft in the past decade. What makes secondary sanctions unusual is what they entirely lack: A requirement for a U.S. connection. They don’t need a U.S. citizen or a U.S. corporation or USD transaction. Rather, secondary sanctions target foreign persons and international financial institutions that operate beyond the jurisdiction of the United States. The core mechanism is a decision, basically. A foreign company can engage with a target that’s sanctioned, or retain access to the U.S. financial system and consumer markets. It can't do both. If a foreign person, for example, has a “significant transaction” with a sanctioned person or is “engaged in a certain sector,” OFAC might apply steep sanctions. These sanctions effectively isolate the perpetrator from world trade.
Enforcement mechanisms often fall into one of three broad categories: SDN List Designation, Restrictions on Correspondent Banking, and Sectoral Restrictions. Sectoral restrictions, for instance, involve denying entire foreign sectors, such as energy or defense, access to U.S. financing, technology transfers or debt markets. The latest data suggests that the Treasury Department is using this technology very aggressively. Legal assessments of OFAC actions show more than 65% of secondary sanctions are directed at corporate entities rather than individuals. The legal structure that permits such activities is also growing at a rapid clip. Executive Orders like E.O. 14114, and 14404 which is in May 2026 are examples for Russia and Cuba. This extraterritorial reach pushes global financial institutions and multinational enterprises to operate as an extension of U.S. foreign policy compliance. Even if a company is based in Europe or Asia and simply has a local operation, it still needs to have a strong compliance framework. Inadequate screening of counterparties or ownership arrangements may result in indirect exposure to sanctioned firms, which can have disastrous economic effects.
The following topics is going to be covered in this article;
- Primary vs Secondary Sanctions: Critical Distinction
- Legal Theory: How OFAC Reaches Non-US Persons
- The Iran Secondary Sanctions Program
- The Russia Secondary Sanctions Program
- The North Korea Secondary Sanctions Program
- Compliance Implications for Non-US Firms
- The 'Significant Transaction' Standard
- CAATSA: The Statute That Codified Secondary Sanctions
- Recent Enforcement Examples
- Managing Secondary Sanctions Risk
1. Primary vs Secondary Sanctions: Critical Distinction
You have to split sanctions into two different legal frameworks to understand how they operate in the real world: primary and secondary. The difference between the two delineates the line between the end of U.S. legal jurisdiction and the beginning of U.S. economic leverage.
Primary Sanctions: The “U.S. Nexus”
Much of the primary sanctions are simply domestic legislation. These are used where a transaction has a direct link to U.S. jurisdiction. This is known in legal terminology as a 'U.S. nexus.' If such a relationship exists, the transaction is subject to main sanctions. This means that U.S. citizens are specifically forbidden from engaging in the conduct. Who, exactly, is a “U.S. person” or subject to U.S. jurisdiction? The scope is more vast than many international corporations grasp:
- Individuals: U.S. citizens and lawful permanent residents (green card holders) who reside or work anywhere in the world.
- Corporate Entities: Any entity incorporated under the laws of the United States or any state thereof, including all of its international branches.
- Physical Location: Any person who is physically present in the United States at the time of a transaction.
- The U.S. Dollar: Any transaction settled in U.S. dollars. Dollar clearance is routed through a U.S. correspondent bank; therefore, dollar transactions between two foreign corporations in Europe or Asia are automatically subject to U.S. main sanctions jurisdiction. If a U.S. individual or company violates main sanctions, they face direct civil and criminal consequences from the Department of Justice and OFAC. Giant fines and federal prison sentences are included.
Secondary Sanctions: The Power of Economic Leverage
Secondary sanctions are a distinct type of risk. They don’t have a U.S. connection. They are directed at non-U.S. persons who are conducting all of their business outside the United States and may even be dealing in foreign currencies. Because the U.S. government cannot simply arrest a foreign executive or punish a foreign corporation that has no connection whatsoever to the United States, secondary sanctions work on a forced choice. "The US Treasury basically tells foreign entities: Either you conduct business with our sanctioned targets or you do business with the U.S. financial system and consumer market, but you can't do both. Secondary sanctions normally are imposed as restrictions on foreign persons engaging in a “significant transaction” with a sanctioned party. OFAC has no specific price barrier in determining whether a transaction crosses the line into “significant.” There is a range of factors considered:
- The amount, value, and frequency of the transaction.
- The strategic relevance of the commodities or services to the target of the sanctions.
- The degree of management awareness at the foreign company.
- If the deal was hidden using nefarious means (shell corporations, stripped wire data, etc).
The Penalty: Exclusion from the U.S. Financial System
If a non-U.S. individual is found to be in violation of secondary sanctions, they do not receive the regular regulatory penalties. Instead, they suffer an economic death penalty. OFAC has three major tools to prevent these violators from participating in global commerce:
- SDN designation: The foreign entity can be added directly to the list of Specially Designated Nationals (SDNs). All their assets that come under U.S. jurisdiction are frozen, and U.S. persons are prohibited from interacting with them. Global banks screen against the SDN list to preserve their compliance profiles. Being on the list effectively isolates the corporation from the global financial system.
- The CAPTA List: OFAC has a specific tool for foreign financial institutions called the List of Foreign Financial Institutions Subject to Correspondent Account or Payable-Through Account Sanctions (CAPTA List). OFAC puts foreign banks on this list if they help sanctioned targets with large transactions. U.S. banks are then legally barred from opening or retaining correspondent accounts for that foreign bank. A foreign bank can't clear U.S. dollars without a correspondent account. This usually kills its capacity to execute cross-border trading.
- Capital Market Restrictions: OFAC restricts a foreign company’s access to U.S. debt and equity markets in specific regimes. This significantly limits its ability to acquire capital or obtain financing.
2. Legal Theory: How OFAC Reaches Non-US Persons
Secondary sanctions are not extraterritorial law enforcement. In a strict legal sense, the U.S. is not asserting direct judicial jurisdiction over a French business entity or a Japanese trading firm that operates outside U.S. borders. Instead, the whole structure hinges on a smart application of domestic sovereignty, known as conditional access.
The Theory of Conditional Access
The U.S. government has total discretion to determine who may enter the U.S. domestic market and utilize its financial infrastructure. International law gives a sovereign state the freedom to control its own borders and markets. Secondary sanctions weaponize this liberty by making access to the market a luxury.
Instead of telling a foreign corporation not to do business with a blacklisted country, the U.S. changes the foreign company’s option architecture. You have a sovereign right to buy and sell with an adversary of the United States. The US also has an equally sovereign right to say it doesn't want to do business with anyone who supports its rivals.
This transforms the mechanism from a legal restriction to a business ultimatum. The target is presented with a calculated option to either continue a business relationship with a sanctioned market or maintain access to the U.S. commercial and financial sector. The latter is nearly always substantially more lucrative; thus, the foreign person does this. It is an experiment in internal sovereignty with an enormous, global, extraterritorial influence.
The Statutory Architecture: Specific Statutes vs. General IEEPA
OFAC’s secondary sanctions jurisdiction is not derived from a wide blanket application of the International Emergency Economic Powers Act (IEEPA) of 1977. IEEPA is the foundation for almost all primary sanctions regimes. It allows the president wide economic powers to freeze assets and prohibit transactions following a declaration of a national emergency over an uncommon and extreme threat. But the statutory wording of IEEPA historically limited how far it can be enforced directly. It applies to property under U.S. jurisdiction or to transactions involving U.S. individuals. It doesn’t scale organically to a foreign corporation trading with a foreign target in foreign currency.
OFAC turns to program-specific legislation established by Congress to fill this void and reach non-U.S. people without a domestic nexus. In these special acts, Congress creates a supplementary structure, directing the executive branch to police foreign actors.
- Countering America’s Adversaries Through Sanctions Act (CAATSA): CAATSA was signed into law in 2017 and directly states statutory requirements to impose sanctions on non-U.S. people. For instance, CAATSA’s Section 228 requires the president to impose penalties on any foreign person who knowingly conducts a significant transaction for or on behalf of a person barred under the U.S. Russia-related sanctions.
- Iran-Related Statutory Engines: A good deal of the architecture of modern secondary sanctions was developed through laws aimed at Iran. Current regulations, including the Iranian Transactions and Sanctions Regulations (ITSR), are based on clear legislative authority such as the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 (CISADA), the Iran Threat Reduction and Syria Human Rights Act of 2012 (TRA), and the Iran Freedom and Counter-Proliferation Act of 2012 (IFCA).
OFAC’s actions on secondary sanctions are not some nebulous, generic emergency jurisdiction exercises. It’s employing a well-crafted statutory procedure that Congress established to address specific wrongdoing by foreign actors. Exclusion from the market is used as the ultimate enforcement tool.
3. The Iran Secondary Sanctions Program
The Iranian sanctions regime is the world’s oldest, most complex, and most rigorously enforced secondary sanctions program. It's the playbook for how the U.S. exerts economic pressure on the world. The program’s depth is a reflection of the various statutory powers that power it. The legislation and executive action are an interwoven web.
The Statutory Framework
The legal foundation for targeting non-U.S. persons engaged in Iran-related activities is a combination of congressional statutes and presidential executive orders:
CISADA (2010): The Comprehensive Iran Sanctions, Accountability, and Divestment Act was a milestone. That pretty much set the present playbook on secondary sanctions. CISADA, in particular, targeted foreign financial institutions. The Treasury might deny a foreign bank access to U.S. correspondent accounts if it carried out large dollar transactions for the Islamic Revolutionary Guard Corps (IRGC) or any Iranian institution linked to nuclear proliferation or terrorism.
IFCA (2012): Iran Freedom and Counter-Proliferation Act: Congress stepped up pressure. The IFCA greatly enlarged the scope of secondary sanctions by targeting entire sectors of the Iranian economy. It imposed penalties on foreign persons that do business with Iran's energy, maritime, and shipbuilding industries or that trade in precious metals or certain industrial goods with Iran.
ITSR: Iranian Transactions and Sanctions Regulations is the regulation code (located at 31 CFR Part 560) where OFAC actually puts into effect and enforces these statutory directives. The ITSR takes the broad legislation established by Congress and turns it into the specific regulations that worldwide compliance teams have to follow.
Executive Orders: The executive branch makes frequent use of executive orders to modify sanctions in light of the quickly changing geopolitical scene. In 2018, President Trump signed E.O. 13846 when the United States withdrew from the Joint Comprehensive Plan of Action (JCPOA, or the Iran nuclear deal). This order reimposed the secondary sanctions that had been temporarily suspended.
The Main Targets
OFAC’s secondary sanctions enforcement is largely focused on the following key sectors of foreign activity, whereas the Iran program is quite large:
- Foreign Financial Institutions (FFIs): The banks are the choke point. A foreign bank that knowingly engages in or supports a “significant financial transaction” for a designated Iranian entity could be placed on the CAPTA List. Examples for the aforementioned entities include the Central Bank of Iran or the National Iranian Oil Company. Losing correspondent banking privileges in New York is an existential threat to almost any international bank. This is causing global banks to “de-risk” Iranian deals.
- The “Teapot” Refineries and the Energy Sector: The Iranian economy is very dependent on oil exports. OFAC aggressively targets foreign companies involved in the purchase, acquisition, sale, transportation, or marketing of Iranian petroleum and petrochemical products. Enforcement has been focused in recent years on the “shadow fleet” of tankers and independent refineries, or teapot refineries, in Asia. They try to purchase Iranian petroleum at a discount and mask the provenance of the oil with ship-to-ship transfers and false documentation.
- Support for IRGC and Missile Programs: The U.S. sees the Islamic Revolutionary Guard Corps as a sprawling organization that dominates large parts of the Iranian economy. Any non-U.S. person providing material support, products, or technology to the IRGC, its affiliates, or Iran’s ballistic missile programs faces prompt and harsh secondary sanctions. Because the IRGC’s control of Iranian enterprises is often concealed through shell companies and proxy directors, international investors have an exceptionally high burden of due diligence in any business consideration inside Iran.
4. The Russia Secondary Sanctions Program
When the war in Ukraine started, the United States used primary sanctions extensively to isolate Russia. That meant extensive list-based designations and sectoral bans on what U.S. persons may do. The Treasury Department reversed course when the Russian economy adjusted. President Biden signed Executive Order 14114 on December 22, 2023. This order shifted the very architecture of Russia sanctions (E.O. 14024) and dramatically affected the compliance environment for the global banking community. The U.S. approved explicit secondary sanctions on FFIs for the first time under the modern Russia sanction program.
Targeting Russia’s Military-Industrial Base
E.O. 14114 contains severe implications for any foreign bank that engages in or supports a “significant transaction” with Russia’s military-industrial base. Specifically, the U.S. can bar that bank from retaining correspondent or payable-through accounts in the U.S., or it can impose full blocking restrictions on the bank (adding it to the SDN List). The legal standard is what makes the situation especially problematic for multinational banks. Unlike earlier sanctions regimes that may require a foreign bank to behave “knowingly,” the authority under E.O. 14114 generally operates on a strict liability threshold. Even if international banks did not know that the transaction concerned the Russian military, they could be sanctioned.
The June 2024 Expansion: A Massive Escalation
If E.O. 14114 was the opening act, the advisory published by OFAC on June 12, 2024, was the bomb that went off in compliance departments around the world. It was hard to nail down transactions related to the “military-industrial base” before June 2024, but they were quite specific. Banks have to filter for some defense contractors, technological enterprises, and manufacturing sectors. But in its June 2024 guidance, OFAC radically redefined the phrase. Russia “has marshalled its entire economy to support the war effort,” the Treasury said. Thus, OFAC has enlarged the term of “Russia’s military-industrial base” to cover all persons blocked under E.O. 14024. The move meant that vast commercial enterprises, including Russia’s biggest financial institutions, Sberbank and VTB Bank, were suddenly part of the military-industrial base. In practical terms, that implies that nearly any designated Russian business with which a European or Asian bank does a transaction can potentially be subject to secondary penalties by the U.S. The only major exceptions left are some transactions involving food, agriculture, medicine, energy, and telecommunications.
Real World Impact on Global Banks
Just like the Treasury had planned, it worked. No significant financial institution is going to take the risk of losing access to the U.S. dollar. The implementation of E.O. 14114 and the guidelines in June 2024 prompted a ripple of “de-risking” throughout the global financial sector. Banks in regions with economic ties to Russia suddenly started to stall or refuse payments connected to Russia. Foreign banks have had to beef up their compliance programs. They look for covert payment channels, changed invoices, or shell organizations trying to funnel money into the Russian military economy.
5. The North Korea Secondary Sanctions Program
The total embargo on North Korea prohibits U.S. citizens and companies from engaging in commerce with the country. But the fact is that the Democratic People's Republic of Korea (DPRK) still requires hard currency to sustain its government, its military, and its weapons programs. North Korea relies heavily on an illegal global network of third-country brokers. They use front firms, shadow cargo fleets, and international brokers. China, Russia, or Southeast Asia frequently hosts these brokers to facilitate the transport of money and goods. The Treasury Department utilizes a secondary sanctions program to target these facilitators.
The Legal Arsenal: NKSPEA & Executive Orders
The present North Korea secondary sanctions framework is based on two primary pillars:
- NKSPEA (2016): The North Korea Sanctions and Policy Enhancement Act marked a significant milestone. Before 2016, the U.S. had the power to determine how to punish foreign businesses who did business with Pyongyang. NKSPEA made secondary sanctions compulsory. The law requires the executive branch to impose sanctions on any U.S. or foreign organization that materially contributes to North Korea’s nuclear development, arms trade, or cyber assaults. It calls for sanctions on anyone who helps the dictatorship import luxury goods or trade in raw resources like coal and iron.
- Executive Order 13810 (2017): While NKSPEA established the legal framework, E.O. 13810 initiated action within the global banking sector. The order explicitly authorized OFAC to target foreign financial institutions.
The Threat Facing Foreign Banks
North Korea Sanctions Regulations, under 31 CFR Part 510, include unbelievably harsh rules for international banks. Any foreign bank that knowingly engages in or supports any “significant transaction” relating to North Korean commerce, or on behalf of a blocked North Korean person, will be subject to prompt secondary sanctions. OFAC can require U.S. banks to close the foreign bank’s correspondent or payable-through accounts. Without those accounts, a foreign bank cannot clear U.S. dollars. Or, OFAC may opt to designate the foreign bank itself on the SDN list.
Why Enforcement is So Heavy
Implementing the North Korea program is hugely resource-intensive because the DPRK is very adept at covering its tracks. North Korean operatives don’t often utilize government banks. An example of a transaction might be: A Chinese electronics manufacturer pays a Russian logistics company. Red flags include ship-to-ship transfers at sea to smuggle oil and coal, false shipping manifests, and nested accounts when a front firm hides behind a regional bank. The secondary sanctions of OFAC are intended to make the danger of transacting with them so utterly unacceptable to any foreign bank wishing to maintain access to the U.S. dollar.
6. Compliance Implications for Non-US Firms
For compliance practitioners outside the United States, secondary sanctions are the ultimate operational nightmare. This is where legal theory confronts the realities of corporate existence. The most problematic aspect of this system is the speed with which risk cascades across counterparties, fully circumventing the necessity for any direct U.S. relationship. Many foreign CEOs incorrectly feel that they are sheltered from OFAC if their company has no U.S. office, uses no U.S. technology, and has no direct U.S. correspondent bank account. This is a serious miscalculation. Your manufacturing firm might not undertake U.S. correspondent banking, but your local regional bank certainly does. If your firm does something that exposes it to secondary sanctions, your local bank will confront a troubling dilemma. They must drop you as a client straight away or risk losing their capacity to clear U.S. currency themselves. No bank will jeopardize its worldwide market access for one commercial customer; thus, the compliance risk is directly on you to address. By association, you are radioactive. If one bank abandons you, others will soon follow.
The problem is aggravated by OFAC’s self-inflicted ambiguity about what really causes a penalty. Statutes sometimes provide for sanctions for anyone who facilitates “significant transactions” with a designated party. But OFAC has a well-earned reputation for not articulating a hard dollar limit on what constitutes a major transaction. There is no safe harbor amount. Instead, the Treasury considers all of the facts and circumstances. They consider the quantity and frequency of the trades, the strategic significance of the commodities to the sanctioned target, management awareness, and whether any deceptive methods were utilized to conceal the transaction. As this definition is completely subjective and assessed retrospectively by regulators, compliance practitioners should presume the threshold is quite low. A single transaction giving critical technology to a sanctioned organization can easily be considered substantial. Such a definition makes non-U.S. corporations over-comply. Foreign corporations must establish compliance processes that virtually replicate U.S. regulations to protect their financial lifelines, vetting their counterparties and digging into complex ownership arrangements deep in their supply chains.
This is one of the the operational gaps Sanction Scanner was built to close off. Standard name matching tools were designed for primary sanctions logic; a defined list, a name check, a result. Secondary sanctions exposure is structurally different than the primary. It lives in ownership structures, transaction geographies, counterparty relationships, and indirect connections that no single screening pass will surface. At Sanction Scanner, we work with more than 800 organisations across 70+ countries, a significant share of which operate outside the United States but carry real secondary sanctions exposure. That experience shaped the architecture of our new Secondary Sanctions tool that is built specifically so that compliance teams outside the U.S. can operationalise the kind of layered, relationship aware screening that secondary sanctions actually demand.
7. The Significant Transaction Standard
The first question a non-U.S. bank or firm asks when it gets notified that it will be sanctioned for engaging in a "significant transaction" with a prohibited party is usually the threshold question. In actuality, the OFAC does not function with a concrete monetary value. There is no safe harbor amount. Instead, OFAC uses what it terms the “totality of the facts and circumstances” criterion. What this implies is that they look back at the circumstances of the deal. OFAC has typically outlined a particular set of parameters they employ to decide whether a transaction crosses the threshold into being significant.
When federal authorities analyze a transaction, they look at several factors to see how serious the conduct is:
- Size, Number, and Frequency: Regulators will look at the sheer volume and value of transactions, but there is no dollar minimum. A massive single wire transfer may be significant, but so may a long succession of extremely tiny, regular payments that mount up over time.
- Deceptive Practices: This is by far the most annoying factor. If a corporation tries to conceal the true character of a transaction, OFAC will very definitely find it to be material. SWIFT messages are being stripped of identifying data, employing complicated webs of shell firms or routing payments through obscure third-country authorities, with big red flags waving.
- Management Awareness: Regulators seek to discover who in the organization was aware of the action. If a lower-level employee committed a mistake, it could be seen as a compliance failure. The danger increases exponentially if the C-suite or senior leadership were aware of the sanctioned ties or if the activity was part of a purposeful corporate pattern of conduct.
- Effect on Program Goals: OFAC evaluates whether the particular transaction truly harmed U.S. national security interests. Selling consumer clothing to a sanctioned country might not shift the needle. However, the provision of dual-use technology, drone components, or specialized financial services that provide active support to a designated regime is almost always deemed to be of enormous significance, regardless of the dollar amount.
- Ongoing relationship: Regulators consider the relationship between the foreign entity and the sanctioned party. A one-off transaction that is entirely accidental is considered quite differently from a continuous, ongoing business connection in which the foreign company is a devoted supplier or financial conduit for the blocked person.
The message to non-U.S. corporations is rather strong. Then you have to assume the threshold is really low.
8. CAATSA: The Statute That Codified Secondary Sanctions
Arguably the most influential piece of economic statecraft legislation of the 21st century, the Countering America’s Adversaries Through Sanctions Act (CAATSA) was passed in August 2017.
Before CAATSA, secondary sanctions were mostly pursued through executive orders. This allowed the president to swiftly overturn, alter, or suspend them if the geopolitical winds changed. Congress took action to permanently alter that equation. CAATSA passed by large veto-proof majorities, codifying existing penalties and enacting new, more punitive secondary measures against three specified targets: Russia, Iran, and North Korea.
The act stripped the White House of its traditional variance. It sent a message to the world that secondary sanctions are no longer only ephemeral diplomatic measures. They were woven into the fabric of federal law.
Russia: The Section 231 Defense Trap
Section 231 of CAATSA changed everything for global defense and aerospace contractors. This clause specifically compels the United States government to apply secondary penalties on any individual, anywhere in the world, that knowingly participates in a substantial transaction with the defense or intelligence sectors of the Russian Federation. These Russian entities are publicly listed by the State Department. Companies such as Rosoboronexport, Russia’s primary arms seller, risk being barred from the U.S. banking system if governments and non-U.S. defense businesses acquire their equipment. For a more comprehensive overview for Russia sanctions, you can check our guide.
Iran: Section 105 IRGC Designation
For Iran, CAATSA took a different but equally destructive path under Section 105. This section required the president to impose severe terrorism-related penalties on Iran’s Islamic Revolutionary Guard Corps (IRGC), as well as its international leaders, agents, and affiliates. The Global Terrorism Sanctions Regulations legally required any foreign bank or company that did business with the IRGC to immediately be subject to severe secondary sanctions, Congress ensured. The IRGC is like a giant business conglomerate that controls construction, telecommunications, and energy in Iran, so Section 105 effectively turned the whole Iranian economy into a minefield for foreign investment.
North Korea: Expanding the Chokehold
Title III of CAATSA focused on North Korea, increasing the mandatory secondary sanctions regime created the year before. The law addressed directly the cash streams Pyongyang utilizes to fund its nuclear goals. It called for sanctions on non-U.S. individuals who bought North Korean minerals, provided maritime insurance to North Korean boats, or used North Korean forced labor abroad.
9. Recent Enforcement Examples
As you move from legal theory to actual enforcement, you see how aggressive the United States has become. The Treasury and the Department of Justice make an example of significant worldwide institutions that try to go around these rules.
The Halkbank Indictment
The U.S. finally chose to penalize Halkbank with a criminal charge rather than a direct SDN listing, probably to avert the total collapse of a significant institution in, Turkey, a NATO partner country. But the entire issue is about the fear of secondary punishment. Halkbank was responsible for a vast conspiracy to help Iran avoid U.S. secondary sanctions, says the Justice Department. Iran was blocked from accessing its oil earnings kept at Halkbank due to U.S. regulations, so the bank allegedly employed a complicated web of gold deals and imitated humanitarian supplies to move billions of dollars on Iran's behalf. The subsequent federal indictment for fraud and sanctions evasion is a major warning. It indicates that attempts to conceal transactions to avoid secondary punishments will result in significant criminal liability and international legal conflicts.
DPRK Facilitation & Chinese Banks
Dandong Bank is a classic example of a bank that was genuinely cut off from the U.S. financial system. The U.S. authorities said the regional Chinese bank was a major money laundering problem and key financial conduit for North Korea. The bank crossed the red line by handling millions of dollars of transactions for firms tied to North Korea’s weapons of mass destruction program. The U.S. Treasury fully severed the Bank of Dandong from the U.S. financial system, cutting it off from global commerce. This wasn’t a unique instance. OFAC has repeatedly targeted networks of Chinese front companies, logistics organizations, and other industries, as well as regional financial institutions that receive payments for North Korea. Regulators often target independent Chinese refineries that import Iranian oil, adding them directly to the SDN list.
10. Managing Secondary Sanctions Risk
Because of the subjective nature of the laws surrounding secondary sanctions, bare minimum compliance is not an option for non-U.S. corporations. You have to construct a defensive shield that looks quite close to the compliance processes utilized by the giant Wall Street banks.
This means a major change in the way international corporations see risk. A transaction that's legal in your native nation isn't necessarily safe. You have to go actively hunting for hidden U.S. exposure. There are the main pillars that compliance practitioners operate on.
Geographic Exposure
Geographic exposure is much more than where your direct customer is located. You need end-to-end visibility. But where do those items truly go? Where are the payments going before they hit your bank? The focus of today’s enforcement is to detect diversions. Regulators have targeted high-risk transshipment centers in locations such as the UAE, Central Asia, and Eastern Europe. Exporting electronics to a distributor in a country that borders Russia comes with a very high geographical risk. You have to map the complete supply chain, including the freight forwarders, the local agents, and the end-user. The ultimate destination should not be a sanctioned jurisdiction.
Screen Against SDN and Program-Specific Lists
Most organizations realize they need to screen counterparties against the OFAC SDN list. For secondary sanctions, they often use other very precise lists.
Program-specific menu lists must be included in your screening software. For example, screen against the CAPTA List. You will also need to examine the Non-SDN Menu-Based Sanctions (NS-MBS) List, which covers entities under laws like CAATSA.
Apply the 50 Percent Rule (Even as a Non-U.S. Person)
OFAC enforces what’s called the 50 Percent Rule. The rule says that if a sanctioned person controls 50 percent or more of a firm, that corporation is automatically sanctioned, even if its name is not on any government list.
In addition, OFAC aggregates ownership. If Sanctioned Person A owns 30 percent of a corporation and Sanctioned Person B owns 20 percent, that’s 50 percent. This means a legal blocking of that company.
This is officially a U.S. primary sanctions rule, but non-U.S. individuals should strictly apply it in their own due diligence. You need to strip away the organizational layers and discover who the ultimate beneficial owners of your company partners are.
Document Compliance Decisions Rigorously
In the compliance world, documentation is essential; without it, an event is considered nonexistent. If a transaction is suspicious or if it includes a high-risk jurisdiction, you must fully document how and why you approved it.
If your local bank suddenly concerns a payment you got from a high-risk zone, they will freeze the funds. The only option to get that money freed and to stop the bank from removing you as a client is to provide them a clean audit trail. You must present to them the end-user certificates, the ownership screening results, and the legal reasoning that indicates the transaction did not violate secondary sanctions.
Managing secondary sanctions risk at this level of complexity requires more than a compliance policy document. It requires tooling that reflects how enforcement actually works in 2025 and 2026; across ownership chains, transaction networks, and program-specific lists that standard AML platforms were never designed to handle. Sanction Scanner's Secondary Sanctions tool, was built for exactly this environment. It gives compliance teams outside the United States a clear, actionable view of their secondary sanctions exposure, without adding operational friction or inflating false positive rates.
