Sanctions: OFAC Penalties on European Companies

The relationship between the US and the EU has undoubtedly been friendly. However, the recent sanctions regime implemented by the Office of Foreign Assets Control (OFAC) of the US Treasury Department has created friction with the EU’s blocking statute. Under OFAC’s sanctions regime, EU companies with US touchpoints are mandated to comply with US sanctions. On the other hand, the EU’s blocking statute prohibits EU companies from complying with US sanctions against Iran. This article examines some of the issues arising from the EU and US sanctions regimes by highlighting some of the latest enforcement trends by OFAC against EU financial institutions. In addition, it proffers recommendations to mitigate OFAC sanctions violations by EU institutions.

Blocking Statute

The EU’s blocking statute was first introduced in 1996 to protect EU companies from the harsh effects of US sanctions against Iran, Cuba and Libya. In August 2018,1 the regulation was updated in response to re-imposed US sanctions against Iran by the Trump administration.2 This update was made to protect the interest of EU companies, which in turn created an additional compliance burden and a dilemma for EU companies with US touchpoints. According to the blocking statute, ending commercial activity with an Iranian company or Iran only for the purposes of complying with US secondary sanctions can be punishable with a fine of up to 500,000 euros. In addition, the blocking statute3 prohibits EU persons from the following:

  • Complying with any requirement or prohibition listed under US sanctions against Cuba, Libya and Iran (the ‘blocked sanctions’)
  • Recognising or enforcing any judgment or decision of a judicial or administrative authority outside the European community giving effect to blocked sanctions

EU vs US Lists of Sanctioned Persons and Entities

It is easier for EU companies to comply with US sanctions when persons and entities are targeted by both lists. However, the difference between the lists of sanctioned persons and entities in the EU and the US presents challenges to multinational companies and compliance professionals.

Whilst compliance with international sanctions regimes requires a deliberate commitment from the organisation’s top management, the uncertainty and ambiguity in sanctions legislation and global enforcement frameworks have continued to concern companies globally. Any European organisation that wants to comply with sanctions regimes will have to count the cost and take an informed business decision on whether there could be a reason other than OFAC sanctions to discontinue business with a US-sanctioned entity. For example, EU companies can discontinue business for commercial reasons without reference to US sanctions. This is a better way to avoid claims arising from the discontinuation of business because of US sanctions.

EU Waivers

The blocking statute is not a defence for violating US sanctions. In addition, failure to obtain a waiver from the EU is not ground for exempting non-compliance with US sanctions. OFAC views violations of US sanctions strictly and even considers the blocking statue to be an aggravating factor that requires severe enforcement actions. Therefore, it is in the interest of EU companies to seek timely and appropriate waivers where non-compliance will have severe commercial consequences.

Penalties on European Businesses

The EU and Switzerland together account for most payments for violating US sanctions. Europeans paid 83% of the total amount of fines or over 4.6 billion US dollars. When the fines paid by Switzerland are added to those of the EU, their aggregate share amounts to 94% (over 5.3 billion US dollars) out of a total fine of 5.6 billion US dollars between 2009 and 2019. Cases of sanctions violations vary among European countries. For instance, British firms have paid 15 out of 40 fines whilst France, the Netherlands and Germany account for five fines each out of the 40. It is on record that Swedes have paid fines three times; Italians twice; and Danes, Belgians and Austrians once each. Lastly, a company from Luxembourg paid a fine just once.4

It is worth noting that 22 out of 40 EU companies fined were banks. For over 10 years, European banks have paid more than 4.5 billion US dollars in fines5 to the US Treasury Department. The French bank BNP Paribas SA paid over 963 million US dollars in 2014. In 2019, the British bank Standard Chartered paid over 639 million US dollars and the Italian bank UniCredit paid a combined 611 million US dollars for its German, Austrian and Italian branches.6 In 2012, the Dutch bank ING paid 619 million US dollars whilst the British bank HSBC paid 375 million US dollars.7

Top management of EU companies must pay equal attention to US sanctions as they do to EU sanctions

The exposure of EU companies to US sanctions is high, and the blocking statute has only made the situation more difficult for EU companies. It is one thing to meet the requirements of an effective sanctions programme under OFAC’s guidelines when assessed in the face of a violation, it is another matter altogether to turn wilful blindness to US sanctions. EU companies that are interested in complying with US sanctions in relation to Iran, Cuba, Venezuela or sanctions in general, must pay attention to the following components of their sanctions’ compliance programme.

How Can EU Companies Mitigate OFAC Sanctions Violations?

The first and most basic task of a compliance professional is to identify situations that can pose potential compliance risks and proffer steps to mitigate these risks. Compliance professionals must highlight compliance obligations as applicable under both the US sanctions and the blocking statute by assessing the severity of the risk. In addition, they must consider the extent of the company’s activities with the US and the impact that compliance with US sanctions will have on EU contracting partners. However, how the company proceeds should be decided by top management, not the compliance professional.

In order to mitigate the risk of violating US sanctions, compliance professionals must ensure that the sanctions compliance programmes of EU companies satisfy OFAC’s sanctions guidelines. When evaluating EU companies and the efficacy of their sanctions compliance programme (regarding OFAC sanctions), particular attention will be given to the components of the sanctions compliance programme in order to determine whether or not they meet OFAC’s standards. The following are some of the essential elements of an effective compliance programme as defined by OFAC.8

Senior Management Commitment

Top management of EU companies must pay equal attention to US sanctions as they do to EU sanctions. To accomplish this, the sanctions compliance policy must be designed to consider US sanctions as well as evolving changes with the US’ sanctions landscape. Top management may request compliance officers within the organisation to provide periodic updates on OFAC sanctions by monitoring online publications from the US Treasury Department and how these can impact the company’s operations.9

Top EU management companies could show their commitment to sanctions compliance by providing their compliance professionals or officers the right tools and adequate resources to achieve the desired objective of sanctions compliance for the financial institutions.

Risk Assessments

OFAC defines risk assessment as a holistic review of the organisation, from top to bottom, to assess touchpoints to the outside world. This is critical as it forms the basis to take an informed decision by EU companies. Proper risk assessment will help EU companies determine whether or not compliance with the blocking statute or other EU directives will be of less consequence than complying with US sanctions. Adequate mapping of the various US touchpoints is important for avoiding US sanctions violations. EU companies must care to know their trading partners, their suppliers and their clients. In addition, they must know what products and services are being procured and the geographical locations of their customers. Effective third-party risk assessment will reduce the likelihood of violating US sanctions and help avoid fines or penalties.

Internal Controls

Internal controls are measures required to check and align internal operations of an organisation to comply with a given sanctions policy or directive. In other words, EU companies should have clearly articulated policies and procedures that incorporate OFAC compliance obligations to prevent any violation of existing US sanctions. This means that compliance with OFAC’s directives on sanctions will form an integral component of the sanctions compliance programme of EU companies. Whenever EU companies need to screen a third party, these will not only be screened against the EU sanctions list, but the US sanctions list as well.

Testing and Auditing

Testing controls to determine the efficacy of policies and procedures put in place to prevent sanctions violations is a sign of commitment to comply with US sanctions. In addition, periodic audits help identify gaps and weaknesses in compliance programmes. EU companies that are committed to sanctions compliance must have clear procedures on their sanctions compliance audit. Early detection of gaps provides the opportunity for a proactive response, which is an indication of a working and effective sanctions compliance programme.


EU companies must be up-to-date with the development of the US sanctions landscape. Compliance officers in the various organisations must be periodically trained on the enormity of the obligations and expectations under various sanctions instruments. Furthermore, there must be clear understanding of the scope and extent of the application of US sanctions to EU companies. Knowing and understanding what a given sanctions directive or policy encompasses is the beginning of compliance.


EU companies must care to know their trading partners, their suppliers and their clients

Whilst alliances between the US and the EU may shift, EU companies must remain committed to comply with US sanctions for as long as it threatens their corporate existence. Counting the cost of non-compliance is not desired by any company that wants to remain profitable. Compliance professionals should take advantage of ACAMS’ Global Sanctions Monthly Updates to learn more about the current issues arising from OFAC sanctions. 

Ibrahim Yeku, CAMS, LLB, LLM, CAMS, CCEP-I, founder,, Nigeria,

  1. “Commission Delegated Regulation (EU) 2018/1100 of 6 June 2018, amending the Annex to Council Regulation (EC) No 2271/96 protecting against the effects of extra-territorial application of legislation adopted by a third country, and actions based thereon or resulting therefrom,” EUR-Lex,
  2. “Blocking statute,” European Commission,
  3. “Council Regulation (EC) No 2271/96 of 22 November 1996, protecting against the effects of the extra-territorial application of legislation adopted by a third country, and actions based thereon or resulting therefrom,” EUR-Lex,
  4. Ivan Timofeev, “Europe Under Fire from US Secondary Sanctions,” Russian International Affairs Council, 7 June 2019,
  5. “Civil Penalties and Enforcement Information,” U.S. Department of the Treasury,
  6. “Settlement Agreements,” U.S. Department of the Treasury,
  7. “Europe Under Fire from US Secondary Sanctions,” Russian International Affairs Council, 7 June 2019,
  8. “A framework for OFAC Compliance Commitments,” U.S. Department of the Treasury,
  9. “Office of Foreign Assets Control——Sanctions Programs and Information,” U.S. Department of the Treasury,

Leave a Reply