The OFAC compliance environment changed materially when the federal sanctions statute of limitations and related recordkeeping period expanded from five years to ten years. The new recordkeeping requirement became effective March 12, 2025, requiring organizations subject to OFAC regulations to preserve covered transaction records for a substantially longer period.
For settlement administrators, the practical issue is straightforward: funds cannot be distributed to a blocked person or through a prohibited transaction unless the activity is authorized or exempt. Administrators therefore need risk-based controls that identify sanctions concerns before settlement funds leave the account.
OFAC issued approximately $48.8 million in civil penalties across 12 public enforcement actions in 2024. Penalties vary by sanctions program and underlying statute, but violations can create substantial financial, legal, and reputational exposure. Automated OFAC screening workflows can help settlement teams screen claimants, investigate potential matches, preserve supporting records, and document payment decisions at scale.
Key Takeaways
- OFAC’s ten-year recordkeeping requirement became effective March 12, 2025, replacing the previous five-year period for covered records.
- All U.S. persons and entities must comply with applicable OFAC sanctions, including settlement administrators handling court-supervised distributions.
- OFAC does not prescribe one universal screening schedule, but administrators should use risk-based checkpoints before releasing funds.
- The 50 Percent Rule can block an unlisted entity when blocked persons own at least 50 percent of it, directly or indirectly, in the aggregate.
- A confirmed sanctions issue may require blocking or rejecting a transaction, depending on the applicable sanctions program.
- Blocked and rejected transaction reports generally must be submitted to OFAC within 10 business days.
- Annual Reports of Blocked Property are due September 30 for property held as of June 30.
- Automated screening supports faster reviews and stronger documentation, but performance depends on data quality, matching rules, and operational design.
Understanding OFAC Compliance for Settlement Distributions
The Office of Foreign Assets Control administers and enforces U.S. economic and trade sanctions based on national security and foreign policy objectives. Its programs may target governments, jurisdictions, individuals, companies, terrorist organizations, narcotics traffickers, weapons proliferators, cyber actors, and other designated parties.
According to the Treasury Department’s OFAC compliance guidance, organizations should develop risk-based sanctions compliance programs appropriate to their operations. OFAC identifies five essential components:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
- Training
These components are not a mandatory one-size-fits-all checklist for every organization. However, OFAC considers them when evaluating apparent violations and determining whether a company maintained reasonable compliance controls.
Who Must Comply With OFAC Sanctions
All U.S. persons must comply with applicable OFAC sanctions. This includes U.S. citizens and permanent residents, persons located in the United States, U.S.-organized entities, and their foreign branches.
A settlement administrator does not need to be a bank or money services business to face sanctions obligations. When an administrator possesses or controls settlement property, initiates payments, or instructs a financial institution to distribute funds, it must avoid prohibited dealings.
Payment providers and financial institutions may conduct their own screening, but that does not automatically eliminate the administrator’s responsibilities. The administrator remains responsible for its conduct, data, instructions, investigations, and decisions.
What Changed in 2025
The federal statute of limitations for certain sanctions violations expanded from five years to ten years in April 2024. OFAC then amended its recordkeeping regulations to align with that period.
The ten-year recordkeeping requirement became effective March 12, 2025. The confirming final rule was announced March 20 and published in the Federal Register on March 21.
For settlement administrators, covered records may include:
- Claimant identifying information used for screening
- Screening results and timestamps
- Potential-match investigation records
- Payment instructions and transaction records
- Blocked or rejected transaction reports
- OFAC licenses and related correspondence
- Documentation supporting clearance decisions
- Records showing the list version or data source used
Retention should be built into the administrator’s audit trail controls, rather than left to individual staff members or temporary case folders.
Building a Risk-Based Screening Workflow
OFAC does not require every settlement administrator to follow an identical sequence of screening events. The appropriate workflow depends on claimant volume, award value, geographic exposure, entity claimants, payment channels, list-update frequency, and the time between claim approval and disbursement.
A defensible workflow commonly uses several screening checkpoints.
Initial Claimant Screening
Screening at intake can identify obvious sanctions concerns before the administrator invests additional resources in validating and preparing a claim.
Initial screening may include:
- Full legal name
- Known aliases
- Date of birth
- Residential or business address
- Nationality or country information
- Government-issued identification data
- Entity registration and ownership details when relevant
The administrator should collect only the information authorized by the settlement process and necessary for eligibility, identity verification, tax compliance, fraud prevention, or sanctions review.
Pre-Distribution Rescreening
A claimant cleared months earlier may require another review before payment. OFAC frequently updates its sanctions lists, and the claimant’s information may also have changed.
Pre-distribution screening is especially important when:
- Significant time has passed since intake
- The claimant changed names or addresses
- Payment instructions were modified
- The payment involves a higher-risk jurisdiction
- The claimant is a legal entity
- An earlier result was cleared using limited information
Administrators should connect screening with claimant identity verification so investigators can compare potential matches against reliable identifying details.
Payment-Execution Controls
A final control before payment helps prevent an approved claim from being released after a material data change or new designation.
The payment system should stop or route transactions for review when:
- A claimant produces a potential list match
- Payment data differs from approved claimant data
- A new OFAC designation affects the transaction
- The beneficiary account belongs to another person
- The destination or intermediary creates sanctions concerns
- The claim involves an entity with unresolved ownership questions
This control should not automatically treat every fuzzy match as a confirmed sanctions violation. It should place the payment on hold while trained personnel investigate.
Understanding OFAC Lists and Potential Matches
The Specially Designated Nationals and Blocked Persons List is OFAC’s best-known sanctions list. It includes individuals, entities, groups, vessels, and aircraft whose property and interests in property are blocked.
OFAC also maintains non-SDN sanctions lists covering restrictions that may differ from full blocking. Administrators should screen against the lists relevant to their activities rather than assuming the SDN List captures every prohibition.
Why Name Matching Alone Is Insufficient
Many designated parties have aliases, transliterated names, incomplete birth dates, multiple addresses, or identification documents from different jurisdictions. Two unrelated people may also share the same name.
OFAC’s own search tool uses fuzzy logic, but a numerical match score does not determine whether a result is valid. Administrators must evaluate the complete record.
A match investigation may compare:
- Name and aliases
- Date and place of birth
- Nationality
- Address
- Passport or national identification number
- Entity type
- Vessel or aircraft details
- Sanctions program
- Ownership information
A different middle name or address may help resolve a match, but no single field should be treated as conclusive without considering the full record.
Investigating Potential Matches
A documented investigation procedure should instruct reviewers to:
- Confirm that the screening input is accurate.
- Review the complete OFAC listing.
- Compare available identifiers.
- Request additional claimant information when necessary.
- Determine whether the result is a false positive, unresolved match, or confirmed match.
- Escalate unresolved or confirmed results to qualified compliance personnel or counsel.
- Preserve the evidence supporting the decision.
Administrators should avoid releasing a payment merely because a claimant insists that the result is incorrect. They should also avoid indefinitely withholding legitimate funds when reliable information clearly resolves the match.
Applying the 50 Percent Rule
The SDN List does not identify every blocked entity. Under OFAC’s 50 Percent Rule, an entity is considered blocked when one or more blocked persons own 50 percent or more of it in the aggregate, directly or indirectly.
For example, an entity is blocked when one blocked person owns 30 percent and another blocked person owns 20 percent. The combined ownership reaches 50 percent even though neither person independently owns a majority.
Ownership Versus Control
The rule is based on ownership, not control. An entity controlled by a blocked person is not automatically blocked under the 50 Percent Rule when blocked ownership remains below 50 percent.
Control can still create significant sanctions risk. OFAC may separately designate a controlled entity, and transactions involving the controlling person may implicate other prohibitions. Administrators should therefore escalate unusual control arrangements even when ownership falls below the threshold.
Corporate Claimant Reviews
The 50 Percent Rule does not require full beneficial-ownership collection from every corporate claimant in every settlement. The administrator should use a risk-based process.
Additional ownership review may be appropriate when:
- A claimant operates in a sanctioned or high-risk jurisdiction
- Screening identifies a possible connection to a blocked person
- The entity has opaque or layered ownership
- Payment instructions involve a related company
- Public records indicate sanctioned investors or parent entities
- The award value or transaction structure increases exposure
Administrators should obtain enough reliable information to evaluate direct and indirect ownership and preserve the basis for the conclusion.
Blocking, Rejecting, and Holding Payments
A potential match should normally result in a temporary administrative hold while the administrator investigates. A confirmed sanctions issue requires analysis of the applicable sanctions program.
When Property Must Be Blocked
Blocking freezes property in the possession or control of a U.S. person. Blocked funds are not transferred to OFAC and are not forfeited merely because they are blocked.
When blocking is required, the holder generally must:
- Stop the transaction
- Place the funds in an appropriate blocked account
- Prevent unauthorized transfers or withdrawals
- File an initial blocked-property report within 10 business days
- Maintain complete supporting records
- Include qualifying property in the annual report
Blocked funds may be released only when authorized by OFAC, such as through a general license, specific license, or removal of the blocking condition.
When a Transaction Must Be Rejected
Some sanctions prohibit a transaction without requiring the underlying property to be blocked. In those circumstances, the transaction may need to be rejected rather than frozen.
Both blocked and rejected transactions generally must be reported within 10 business days. Administrators should review the applicable program and consult counsel when the proper treatment is uncertain. The distinction is explained further in Talli’s guide to flagged claimant payments.
Annual Blocked Property Reporting
A person holding blocked property as of June 30 must generally submit an Annual Report of Blocked Property by September 30. The report should include all reportable blocked property held on the June 30 reporting date.
An administrator that did not hold blocked property as of June 30 does not file an empty annual report merely because it conducted sanctions screening during the year.
Selecting Automated Screening Technology
High-volume class action distributions can involve thousands or hundreds of thousands of claimants. Manual searches become difficult to manage when names contain spelling variations, aliases, transliterations, or incomplete identifiers.
An automated system should support accurate screening without treating every similar name as a confirmed match.
Core Screening Capabilities
Useful capabilities include:
- Automatic sanctions-list updates
- Batch and individual screening
- Fuzzy-name matching
- Alias and transliteration support
- Secondary identifier comparison
- Configurable matching thresholds
- Case-management queues
- Reviewer notes and approvals
- Timestamped audit logs
- Historical result retrieval
- Role-based access controls
- Exportable investigation records
The system should record which data and list version produced each result. Saving only a final “pass” or “fail” status may be insufficient when an auditor later asks how the decision was reached.
Avoiding Unsupported Automation Claims
Automation can reduce manual work, but there is no universal OFAC benchmark showing that screening always reduces a 45-day process to 10 days, cuts a fixed amount from every payment, or delivers ROI within six months.
Actual results depend on:
- Number of claimants
- Completeness of claimant data
- Percentage of international claimants
- Matching thresholds
- Frequency of list updates
- Number of false positives
- Staff expertise
- Integration with payment systems
- Documentation requirements
- Escalation procedures
Administrators should evaluate technology through testing with representative claimant data rather than relying exclusively on vendor-wide averages.
Connecting OFAC, KYC, and Fraud Controls
OFAC screening, KYC, tax documentation, and fraud prevention address different risks. They may share information and workflows, but they should not be treated as interchangeable.
KYC helps verify that the claimant is the person or entity represented in the claim. OFAC screening evaluates sanctions restrictions. Fraud controls look for manipulation, duplicate claims, account takeover, synthetic identities, or suspicious payment changes.
An integrated process may include:
- Identity validation
- Duplicate-claim detection
- Sanctions screening
- Entity ownership review
- Payment-account verification
- W-9 collection when required
- Transaction anomaly detection
- Manual escalation and approval
Talli’s KYC distribution guidance explains how identity controls can support settlement payment decisions without replacing sanctions analysis.
Why Audit Trails Matter
The ten-year retention period makes durable documentation essential. Records must remain retrievable even after staff changes, case closure, vendor migration, or payment-system replacement.
A complete sanctions audit trail should show:
- When screening occurred
- What claimant data was screened
- Which lists were checked
- What list version was used
- What potential matches appeared
- Who reviewed each result
- What evidence was considered
- Why the payment was cleared, held, blocked, or rejected
- When required reports were filed
- Whether licenses or other authorizations applied
These records support regulatory responses, court reporting, internal audits, and settlement reconciliation.
How Talli Supports OFAC-Controlled Disbursements
Talli is a purpose-built digital disbursement platform for class actions, mass torts, bankruptcy matters, and other legal distributions. Its platform combines claimant payment workflows with KYC verification, OFAC screening, W-9 collection, fraud mitigation, fund tracking, and audit logging.
Claims teams can upload claimant data, create payment campaigns, monitor payment status, and maintain visibility into fund flows from one dashboard. Talli also supports multiple redemption methods, including ACH, prepaid cards, PayPal, Venmo, and gift cards, while maintaining dedicated settlement-level fund structures.
For OFAC-related workflows, an integrated platform can help administrators:
- Screen claimant data before payment
- Route potential matches for review
- Preserve timestamped screening results
- Document investigation decisions
- Prevent held payments from being released
- Maintain records alongside payment activity
- Export audit-ready reports
- Coordinate screening with KYC and fraud controls
The primary benefit is not an unsupported promise that every settlement will achieve the same cost or timeline reduction. It is stronger operational control. Screening, payment status, claimant communications, and audit documentation remain connected instead of being divided among spreadsheets, email inboxes, and separate payment portals.
For administrators handling high-volume legal payments, Talli provides digital disbursement infrastructure designed around the compliance, reporting, and fund-control requirements of settlement distributions.
Frequently Asked Questions
What Happens When a Claimant Produces an OFAC Match?
The administrator should place the payment on hold and investigate the result using additional identifiers. If the match is confirmed, the administrator must determine whether the applicable sanctions program requires blocking or rejection. Any required report generally must be filed within 10 business days.
Does Every Corporate Claimant Require an Ownership Investigation?
No universal rule requires the same ownership review for every corporate claimant. Administrators should use a risk-based approach. Additional review is appropriate when screening, jurisdiction, ownership complexity, payment instructions, or other information suggests possible ownership by blocked persons.
How Does the 50 Percent Rule Work?
An entity is treated as blocked when one or more blocked persons own at least 50 percent of it in the aggregate, directly or indirectly. The entity may be blocked even when its name does not appear on an OFAC sanctions list.
What Records Must Be Kept for Ten Years?
Covered records generally include transaction records and documentation required under OFAC regulations. For settlement workflows, administrators should preserve screening inputs, results, match investigations, payment decisions, reports, licenses, correspondence, and evidence supporting clearance, blocking, or rejection.
How Often Should Claimants Be Rescreened?
OFAC does not impose one universal rescreening interval for settlement administrators. A risk-based process commonly screens at intake and again before payment, particularly when time has passed, claimant information has changed, OFAC has updated its lists, or the transaction presents elevated sanctions risk.
