OFAC 50% Rule: What It Requires and Who It Applies To

What is OFAC 50% Rule?

The OFAC 50 Percent Rule is guidance published by the U.S. Treasury's Office of Foreign Assets Control on August 13, 2014, at https://ofac.treasury.gov/recent-actions/20140813. It establishes that any entity owned 50% or more in the aggregate by one or more persons on OFAC's Specially Designated Nationals and Blocked Persons (SDN) list is itself treated as blocked under U.S. sanctions law, even if the entity is not explicitly named on the list.

The rule addresses a gap in sanctions enforcement. Before 2014, blocking obligations technically attached only to named parties on the SDN list. A sanctioned individual could structure holdings through a shell company and, if that company wasn't listed, some institutions would clear it. The 2014 guidance removed that loophole. Ownership stakes from multiple SDN holders aggregate: three SDN-listed persons each holding 20% of a company produce 60% aggregate SDN ownership. That company is blocked.

The rule also works recursively. If an SDN owns 50%+ of Company A, Company A is treated as an SDN. If Company A in turn owns 50%+ of Company B, Company B is also blocked, even if no SDN appears directly in Company B's ownership register.

OFAC updated the guidance in October 2018 with clarifying FAQ at https://ofac.treasury.gov/faqs/answer/43, addressing tiered corporate structures and partial ownership scenarios.

The OFAC SDN (US-OFAC) list names over 15,000 parties across dozens of sanctions programs. The 50% Rule multiplies the practical universe of blocked entities well beyond that figure. An institution that screens only named entities on that list is not compliant.

Who does OFAC 50% Rule apply to?

The rule applies to "U.S. persons," which OFAC defines broadly, and to foreign entities that touch the U.S. financial system in any material way.

Covered entities include:

• U.S. banks and credit unions: All depository institutions chartered in the United States, including U.S. branches of foreign banks. These institutions carry dual obligations under the broader BSA/AML framework and sanctions screening requirements.
• Broker-dealers and investment advisers: Required to screen customers and counterparties before onboarding and at each transaction.
• Money service businesses (MSBs): Remittance providers, currency exchangers, and prepaid card issuers operating under U.S. charter or processing USD.
• Insurance companies: Writing or renewing policies for blocked entities is a sanctions violation.
• U.S. corporations with international subsidiaries: The parent's exposure extends to subsidiaries processing USD or booking transactions through U.S. accounts.
• Foreign financial institutions using U.S. correspondent accounts: Any foreign bank clearing USD through a U.S. correspondent must apply OFAC screening. Failure risks losing that correspondent relationship.
• Fintech platforms and payment processors: Platforms incorporated in the U.S. are U.S. persons subject to the same obligations regardless of their customer base's geography.

There is no size exemption. A two-person fintech startup and a global systemically important bank carry identical legal obligations under the 50% Rule. The practical compliance burden scales with transaction volume and counterparty complexity. The legal duty doesn't.

What does OFAC 50% Rule require?

1. Screen beneficial ownership, not just entity names. Matching a customer's name against the SDN list is necessary but not sufficient. Institutions must identify Ultimate Beneficial Owner (UBO) chains and determine whether any SDN-listed person holds, directly or indirectly, 50% or more of the entity in aggregate.

2. Aggregate ownership stakes across multiple SDN holders. No single SDN needs a majority stake. If SDN-A owns 30% and SDN-B owns 25%, the aggregate is 55%. That entity is blocked. Screening systems must support multi-party ownership aggregation, not just single-name threshold matching.

3. Apply the rule recursively through ownership chains. A blocked entity blocks everything downstream it controls at 50%+. If an SDN owns 60% of Holding Co., Holding Co. is blocked. If Holding Co. owns 51% of Operating Co., Operating Co. is blocked too. A two-level trace is the minimum; complex holding structures require deeper analysis.

4. Rescan on material ownership changes. A company that passes screening today may not pass in 90 days if an SDN acquires a stake. Periodic rescreening, driven by both elapsed time and triggering events (new beneficial ownership disclosures, adverse media, sanctions list updates), is part of the obligation.

5. Block and report property interests. When a 50% Rule match is confirmed, the institution must block the transaction, freeze any property interest, and report to OFAC within 10 business days under 31 C.F.R. § 501.603. OFAC can demand records going back five years.

6. Document screening rationale. OFAC examiners want evidence that a cleared decision was actively made, not just that a system ran and returned no hit. If a complex ownership structure was analyzed and cleared, compliance needs a written memo showing the ownership trace and the reasoning.

7. Train relevant staff. KYC and onboarding teams must understand that a clean SDN name-match result doesn't mean a customer is sanctions-clean. Training completion records are reviewed during examinations.

What evidence do regulators expect?

OFAC examinations follow the FFIEC BSA/AML Examination Manual framework. On audit day, examiners look for:

• Written sanctions compliance policy: Must explicitly address the 50% Rule. A policy that only says "screen against the SDN list" will draw a finding.
• Customer risk assessments with beneficial ownership analysis: Risk ratings should flag customers where UBO identification is difficult or where ownership structures involve low-disclosure jurisdictions such as the British Virgin Islands, Cayman Islands, or Panama.
• Screening system configuration evidence: Vendors like Refinitiv World-Check, Dow Jones Watchlist, or LexisNexis Bridger must be configured to flag ownership and control relationships, not just SDN-named parties. Examiners request screenshots, query logs, and threshold settings.
• Ownership trace documentation: For higher-risk customers, a file note showing the UBO analysis: who owns the entity, at what percentage, and whether any SDN stake was identified or ruled out.
• Periodic rescreening logs: Evidence that screening continues post-onboarding. Batch rescreening frequency, typically monthly or quarterly depending on risk tier, must be logged.
• Training completion records: Annual sanctions training covering the 50% Rule, signed off by relevant staff.
• Independent audit or testing results: A testing program that validates the SDN and ownership screening process. Findings and remediation evidence belong in the audit file.
• Escalation and blocking report logs: Records of cases where a potential 50% Rule match was escalated, the decision made, and any SAR Filing (US-FinCEN) or OFAC blocking report submitted.

Common failure modes

• Name-only screening. The most common failure: institutions screen against the SDN list by entity name but never trace beneficial ownership. A shell company owned 80% by an SDN passes because the shell's name isn't on the list. This is precisely what the 50% Rule was written to catch.

• No ownership aggregation in screening tools. Many legacy screening systems alert on a single-name match but don't aggregate partial SDN ownership across multiple holders. A configuration audit often surfaces this gap only after an examination finding, not before.

• Stale UBO data. Beneficial ownership information collected at onboarding goes out of date. An SDN acquires a 60% stake in an existing customer's parent company. The institution doesn't find out because it hasn't updated ownership records since account opening.

• Jurisdictional blind spots. Customers with ownership structures in non-disclosure jurisdictions present incomplete UBO pictures. Treating "unknown" as "no SDN" is a documented enforcement trigger. OFAC expects enhanced scrutiny when ownership cannot be confirmed.

• Incomplete chain tracing. Institutions examine one ownership level and stop. OFAC's guidance is clear: follow the chain to its logical end. A subsidiary of a blocked holding company is blocked regardless of whether the SDN appears in that subsidiary's direct share register.

• No documented clearing rationale. OFAC has cited institutions where screening ran and returned no match, but no audit trail showed how a complex structure was actually analyzed. "The system cleared it" is not a defensible compliance position.

OFAC's enforcement information page at https://ofac.treasury.gov/civil-penalties-and-enforcement-information documents recurring themes across settled actions. Beneficial ownership analysis failures appear consistently.

Penalties for non-compliance

OFAC penalties are public, substantial, and per-violation. Civil penalties under the International Emergency Economic Powers Act (IEEPA) currently run up to $356,579 per violation, or twice the value of the underlying transaction, whichever is greater. Each transaction that should have been blocked counts separately.

Criminal liability applies to willful violations. Individuals face up to $1 million in fines and 20 years' imprisonment under 50 U.S.C. § 1705. Corporate criminal penalties can substantially exceed that figure.

Recent enforcement actions show the real exposure:

• BitPay, Inc. (February 2021): OFAC assessed $507,375 for 2,102 apparent violations. BitPay's screening failed to block transactions with users in sanctioned jurisdictions. OFAC noted that a properly configured compliance program would have caught them. See https://ofac.treasury.gov/recent-actions/20210218.
• Payoneer Inc. (August 2021): $1,418,105 penalty for transactions involving persons in sanctioned jurisdictions, partly due to inadequate sanctions screening procedures. See https://ofac.treasury.gov/recent-actions/20210831.
• UniCredit S.p.A. (March 2019): A combined $611 million settlement with OFAC, the U.S. Department of Justice, and New York regulators for processing transactions tied to SDN-listed entities and sanctioned countries. See https://home.treasury.gov/news/press-releases/sm576.

OFAC also factors in remediation. Voluntary self-disclosure typically reduces civil penalties by 50%. Institutions with a functioning compliance program, full cooperation, and prompt remediation receive base penalty calculations rather than enhanced ones. That difference can be tens of millions of dollars.

Related regulations and frameworks

The 50% Rule doesn't sit in isolation. Several other rules create parallel or overlapping obligations that compliance teams must track together.

FinCEN CDD Rule: The FinCEN CDD Rule (US-FinCEN) requires covered financial institutions to identify and verify beneficial owners at a 25% ownership threshold for AML purposes. The CDD Rule's 25% threshold and OFAC's 50% threshold are distinct legal requirements. Meeting CDD doesn't satisfy the OFAC screening obligation, and clearing a customer under OFAC doesn't close out the CDD requirement.

Corporate Transparency Act: The CTA requires U.S. entities to file beneficial ownership information with FinCEN at a 25% threshold. Access to that FinCEN database is currently restricted to law enforcement. Institutions can't rely on CTA filings for their own 50% Rule analysis. They must independently verify ownership structures.

FATF Recommendation 24: FATF Rec 24 (FATF) calls on countries to maintain accurate beneficial ownership records on legal persons. The OFAC 50% Rule is the U.S. implementation of this principle at the financial institution level.

UNSC designations: UN Security Council designations feed directly into U.S. OFAC programs. Entities owned 50%+ by UNSC-designated persons are treated as blocked under the corresponding OFAC sanctions program.

BSA framework: The 50% Rule operates inside the broader BSA compliance structure. An OFAC screening failure often triggers parallel BSA/AML scrutiny around Customer Due Diligence (CDD) and onboarding procedures. Examiners treat the two as linked. A gap in one commonly signals a gap in the other.

How FluxForce supports OFAC 50% Rule compliance

FluxForce's AI agents handle beneficial ownership chain analysis at transaction time. Aiden Flux screens UBO data against the SDN list, aggregates partial ownership stakes from multiple SDN holders, and flags any entity where combined SDN ownership reaches or exceeds 50%. Nova Sentinel monitors existing customer profiles for ownership changes and triggers automatic rescreening when updates arrive. Every decision includes a full audit trail and a written clearing memo. Book a demo to see the 50% Rule workflow in action.