At a basic level, OFAC risk in the securities and investment sector stems from the possibility of engaging in prohibited business with a person or country subject to US economic sanctions. For example, opening a brokerage account for a blocked person—or a person in a country subject to comprehensive sanctions—would constitute a violation of OFAC sanctions, unless authorized by OFAC or exempt. So too would executing a trade involving an embargoed country, or individual or entity on Treasury's Specially Designated Nationals (SDN) list.
Protecting yourself or your company from doing business directly with an individual or entity that appears on OFAC's SDN List is relatively straightforward. One of the most effective and common methods of risk mitigation is to screen customers' names and other keywords in transactions against the SDN List in order to identify and investigate possible OFAC issues.
Given the dynamic nature of the U.S., E.U., and other sanctions programs, including the speed with which programs are announced and evolve, another key element of effective compliance is regular employee training, including developing the ability to identify potential sanctions issues and resolve them appropriately. Automated screening can go only so far in helping to detect sanctions violations. In the end, identifying your institution's frontline employees and making sure they are aware of and understand the sanctions vulnerabilities you may face is the ultimate weapon in any effective OFAC compliance program.
Since no two firms are exactly alike, every firm will exhibit a different OFAC risk profile that calls for its own compliance program—there is no "one size fits all" solution appropriate for every person operating in the securities and investment sector. Some measures that are appropriate for large, multinational investment firms may be unnecessary or impractical for a small, regional broker-dealer with a different business model. A large international firm involved in the securities custody industry may find it prudent, given its particular risk profile, to employ software designed to alert the firm to securities transactions that may implicate US sanctions, including by identifying questionable or unusual activity, relationships across multiple data sources, and evasion attempts. However, such sophisticated software might not be necessary for a smaller firm that principally holds securities issued by US companies on behalf of US customers.
"One of the most important activities for which my office is responsible is the listing of illicit actors on OFAC's SDN list." Under Secretary for Terrorism and Illicit Finance David Cohen