Mr. Sanctions

Category: Guidance

  • December 16, 2025: Canada adds a ship-ton of new guidance

    The Sanctions Bureau at Global Affairs Canada has released guidance related to the listing of ships under Canada’s sanctions regime.

    From their Frequently Asked Questions:

    Q: What are “Listed”, “Named” or “Designated” Ships?

    A: Some sanctions regulations prohibit certain activities in relation to certain ships, identified by their International Maritime Organization (IMO) number. In such cases, the relevant sanctions regulation will refer to “listed”, “named”, or “designated” ships. These terms are often used interchangeably when discussing sanctions, although regulations are specific in their usage of these terms.

    Q: What happens when a ship is designated?

    A: When a ship’s International Maritime Organization (IMO) number is listed under Regulations pursuant to the Special Economic Measures Act, the ship is subject to a ban on docking in Canada or passing through Canada.

    From the Listed persons, mistaken identity and delisting page:

    Listed persons or ships under the United Nations Act

    When the United Nations Security Council (UNSC) decides to impose sanctions in response to a threat to international peace and security, it is practice that a Security Council Committee is created to oversee implementation of the sanctions. Each committee publishes the names of individuals, entities or ships affected by the corresponding sanctions. They also publish the specific measures that apply to each listed name. With the exception of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism (RIUNRST), regulations made under Canada’s United Nations Act refer to the names of listed persons (both individuals and entities) and ships published by the relevant Security Council Committee. The names of persons listed under RIUNRST are published in the Schedule to the regulations.

    See the United Nations Security Council Consolidated List available on the United Nations web site for all individuals, entities and ships subject to measures imposed by the Security Council.

    The Forms for delisting applications, requests for particulars and certificate of mistaken identity page has been updated to say:

    An individual or entity designated pursuant to either the Special Economic Measures Act (SEMA) or the Justice for Victims of Corrupt Foreign Officials Act (JVCFOA) may apply to the Minister of Foreign Affairs to have their name removed from the sanctions list. Any person that owns, operates or manages a ship listed under the SEMA may also apply to the Minister  of Foreign Affairs to have the International Maritime Organization (IMO) number of the ship removed from the sanctions list.

    To apply for the delisting of your name as a designated individual or entity, or for the delisting of a ship’s IMO number from the Consolidated Canadian Autonomous Sanctions List, complete the form below. Once submitted, Global Affairs Canada will assess the information and contact you directly if additional information is required. Processing times for any delisting application only starts the day the Sanctions Bureau receives all required documentation to complete the application, and no further information or clarification is required. Note that required information may vary based on the specific circumstances that apply. The department will contact you if additional information is required.

    Designated individuals or entities, or their representatives (such as a legal representative, private individual, corporate representative, NGO or another representative), can also request information pertaining to their designation. These requests for particulars can also be submitted using the forms below.

    Those who own, operate or manage a ship listed in regulations made under Special Economic Measures Act, or their representatives, can request information pertaining to the ship’s designation using the online form below.

    Note: Any details, including personal information, provided in an application for delisting, a request for particular or certificate of mistaken identity, may be sent to the RCMP and other agencies or departments of the Government of Canada. These details are used to verify the identity of applicants and designated individuals, entities or ships, and to assess whether a designated individual, entity or ship meets the criteria to have their name removed from the sanctions list, as well as for the administration and enforcement of the sanctions regime.

    and two forms were added:

    , ,

  • Can you be worse than terse?

    My Business Writing professor said you couldn’t, but I don’t know. I asked Gemini to produce a summarized version of the OFAC Enforcement Guidelines, and this is what I got back:

    This document acts as the “Sentencing Guidelines” for violating U.S. economic sanctions (OFAC rules). If you or your company trade with a banned country, terrorist, or sanctioned entity, this guide dictates your punishment.

    Here is the condensed version of how it works:

    1. The Spectrum of Punishment

    When you break the rules, the outcome ranges from a slap on the wrist to a major blow:

    • No Action: They drop the case.
    • Cautionary Letter: A formal warning (“Don’t do it again”).
    • Finding of Violation: A permanent mark on your record, but no money is owed.
    • Civil Monetary Penalty: You are fined cash.

    2. The “Scorecard” for Fines

    If they decide to fine you, they don’t pick a random number. They use a formula:

    • Base Fine: They start with a standard amount based on the dollar value of the illegal transaction.
    • Adjustments: They raise or lower that amount based on General Factors:
      • Fine Increases: If you did it on purpose (willful), were reckless, tried to hide it, or have a history of breaking rules.
      • Fine Decreases: If you cooperated, had a compliance program in place to stop it (but it failed), and took immediate steps to fix the error.

    3. The “Golden Rule” (Voluntary Self-Disclosure)

    This is the most critical part of the document. If you find your own mistake and tell the government about it before they catch you, your base penalty is automatically cut in half (50% off).

    The Bottom Line:

    OFAC treats honest mistakes much differently than reckless law-breaking. If you mess up: Confess early, cooperate fully, and fix the problem to minimize your penalty.

    So, I thought some important detail was missing, so I modified the prompt a few times:

    Summarize https://www.ecfr.gov/current/title-31/subtitle-B/chapter-V/part-501/appendix-Appendix%20A%20to%20Part%20501 in layperson-friendly terms. Include discussion of the penalty process, the General Factors which go into the calculation of the penalty, including any subcategories under each General Factor, and the Penalty Grid, which is based on egregiousness of the conduct and voluntary self-disclosure. Include the entire Applicable Schedule Amount table, and the current statutory maximum fines under TWEA, IEEPA, and the Kingping Act. Include a short introduction, and a short section of takeaways.

    and got back the following:

    Here is a summary of Appendix A to Part 501 of Title 31 (Economic Sanctions Enforcement Guidelines), broken down into layperson-friendly terms.

    Introduction

    This document is the official “rulebook” used by the Office of Foreign Assets Control (OFAC)—the agency that enforces U.S. sanctions (like those against Iran, Russia, or terrorist groups). It explains exactly how the government decides on the punishment when an individual or company violates these sanctions. It is designed to make penalties predictable, consistent, and transparent.

    The Penalty Process

    When OFAC suspects a violation, they follow a formal legal process. They do not simply send a bill; you have opportunities to explain yourself.

    1. Investigation: OFAC gathers evidence, often by issuing a subpoena (a legal demand for documents) or by reviewing a voluntary self-disclosure you submitted.
    2. Initial Determination: OFAC reviews the facts and chooses an outcome:
      • No Action: The case is dropped.
      • Cautionary Letter: A formal warning. No fine is issued, but you are told to fix your compliance mistakes.
      • Finding of Violation: A formal record that you broke the law, but without a monetary fine.
      • Civil Monetary Penalty: A cash fine.
    3. Pre-Penalty Notice: If they choose to fine you, they send this notice first. It explains what you did wrong and the proposed fine amount.
    4. Response: You usually have 30 days to reply. You can argue that you are innocent or admit the mistake and argue for a lower fine based on the “General Factors” (see below).
    5. Final Penalty Notice: After reading your response, OFAC issues the final fine.
    6. Settlement: At almost any stage, you can negotiate a settlement to resolve the case (usually for a lower amount) without going through the full legal fight.

    General Factors (The “Scorecard”)

    OFAC uses these factors to judge how “bad” the violation was. These are the levers that raise or lower your penalty.

    A. Willful or Reckless Violation of Law (Intent)

    • Willfulness: Did you know it was illegal and do it anyway?
    • Recklessness: Were you careless? Did you ignore red flags?
    • Concealment: Did you try to hide the evidence?
    • Pattern of Conduct: Was this a one-time accident or a habit?
    • Management Involvement: Did senior managers know?

    B. Awareness of Conduct (Knowledge)

    • Actual Knowledge: Did you know the transaction was happening?
    • Reason to Know: Should you have known? Was the info readily available?

    C. Harm to Sanctions Program Objectives (Impact)

    • Economic Benefit: Did money or goods actually reach the sanctioned target?
    • Implications for U.S. Policy: Did your action embarrass the U.S. or help an enemy?
    • License Eligibility: If you had just asked for permission first, would OFAC have said “yes”? (If so, the harm is lower).

    D. Individual Characteristics

    • Commercial Sophistication: Are you a large, global bank (held to a high standard) or a small local business?
    • Size & Financial Condition: Can you afford the fine?
    • Sanctions History: Have you been in trouble with OFAC in the last 5 years?

    E. Compliance Program

    • Did you have an internal system (software/rules) to prevent this?
    • Was that system appropriate for your company’s size?

    F. Remedial Response (Fixing It)

    • Did you stop the violation immediately?
    • Did you investigate yourself to find the root cause?
    • Did you implement new controls to ensure it never happens again?

    G. Cooperation with OFAC

    • Voluntary Self-Disclosure: Did you turn yourself in? (This is the most critical factor).
    • Responsiveness: Did you answer OFAC’s questions quickly and honestly?
    • Tolling Agreements: Did you agree to extend the statute of limitations to give OFAC more time?

    H. Timing: How long ago did this happen?

    I. Other Enforcement: Did another agency (like a banking regulator) already fine you?

    J. Future Compliance: Will a fine here serve as a good deterrent for others?

    The Penalty Grid

    OFAC calculates the “Base Penalty” using a matrix based on two questions:

    1. Was the conduct Egregious (severe/willful)?
    2. Did you Voluntarily Self-Disclose (confess)?
    ScenarioDefinitionBase Penalty Calculation
    1. Non-Egregious + DisclosedYou made a mistake and told OFAC yourself.50% of the Transaction Value (Capped at $188,850 per violation).*
    2. Non-Egregious + No DisclosureYou made a mistake, but OFAC caught you.The “Applicable Schedule Amount” (See table below).
    3. Egregious + DisclosedYou did it on purpose, but you confessed.50% of the Statutory Maximum.
    4. Egregious + No DisclosureYou did it on purpose and OFAC caught you.The Statutory Maximum.

    *Note: For very small violations in Scenario 1, the penalty is capped at much lower amounts based on the schedule.

    Applicable Schedule Amount Table

    This table is used for Non-Egregious cases (mistakes) where you did not voluntarily disclose. The fine is based on the value of the illegal transaction.

    Transaction ValueApplicable Schedule Amount (Base Penalty)
    Less than $1,000$1,000
    $1,000 to $10,000$10,000
    $10,000 to $25,000$25,000
    $25,000 to $50,000$50,000
    $50,000 to $100,000$100,000
    $100,000 to $200,000$200,000
    $200,000 or moreThe Statutory Maximum (See below)

    Current Statutory Maximum Fines (2025)

    For “Egregious” cases (or high-value non-egregious cases), the penalty is the “Statutory Maximum.” These amounts are adjusted annually for inflation. As of January 15, 2025, the maximums per violation are:

    • IEEPA (International Emergency Economic Powers Act): The greater of $377,700 or twice the value of the transaction. (This covers most sanctions programs like Iran, Russia, and Terrorism).
    • TWEA (Trading With the Enemy Act): $111,308. (Primarily covers Cuba).
    • Kingpin Act (Foreign Narcotics Kingpin Designation Act): $1,876,699.

    Takeaways

    • Honesty Saves Money: Voluntarily self-disclosing a violation automatically cuts the base penalty calculation in half.
    • Intent is Expensive: The difference between “Egregious” (reckless) and “Non-Egregious” (mistake) is massive—often the difference between a $10,000 fine and a multi-million dollar fine.
    • Compliance is a Shield: Even if you fail, having a compliance program in place lowers your penalty under the “General Factors.”
    • Cooperate: Hiding documents or delaying the investigation is considered “Concealment” and will dramatically increase your fine.

    Depending on what level of detail you need for your role, you may be able to deal with the ultra-condensed version. But it’s a cautionary tale about asking AI tools to summarize without knowing the source material and knowing what you want to see come back. And I suspect the Goldilocks result is really a combination of the two responses… but that’s just me.

    What do you think?

    , , ,

  • OTSI tells you how to report sanctions violations well

    From the OFSI Blog post from yesterday:

    What does good breach reporting look like?

    Office of Trade Sanctions Implementation, 16 December 2025 – Trade Sanctions

    Why does reporting matter? 

    The Office of Trade Sanctions Implementation (OTSI) is responsible for enforcing UK trade sanctions relating to sanctioned services and the movement of sanctioned goods overseas. These sanctions are restrictive measures set by government to comply with UN obligations, promote international peace, support national security, and prevent terrorism. Sometimes, businesses or individuals may find out about a possible breach of these sanctions. When this happens, OTSI wants to hear from you.  

    If you’re a provider of financial or legal services, or a money service business, you have a legal obligation to report suspected breaches of trade sanctions. However, anybody else can voluntarily submit a report. If you think you, or someone else, may have breached trade sanctions, you can find out more information on how to report a suspected breach

    Any report should include the following: 

    • Contact details: Your name and email address
    • Details of the suspected breacher: The name and address of the business or person you suspect of breaching trade sanctions
    • Other parties’ details: The name and contact details (if they are known) of other people and businesses also involved in the activity
    • Supporting documents: Attach any emails, contracts, or other papers that help explain the situation. The more you can share, the better

    OTSI has already received a large number of breach reports since its launch in October 2024. Reporters use our online reporting tool in different ways. None of these are wrong or unhelpful, as most reports assist in building a picture of breaches, evasion and wider behaviour.  

    As well as reporting suspected breaches, a previous blog also highlighted the role that reporting ‘near misses’ can have in strengthening trade sanctions compliance. 

     There are important elements of breach reports that help OTSI to promote compliance with UK trade sanctions. Below, we detail what a useful breach report looks like. 

    What does a useful breach report look like? 

    OTSI investigates and carefully assesses potential trade sanctions breaches. This involves developing a complete understanding of the suspected activity. Questions we want answers to are: 

    1) When did the activity take place?  

    2) Who are the parties involved?  

    3) What specific good or service was provided? 

    We want to make reporting as easy as possible. Here are a few things that make a useful report: 

    • UK nexus: Clearly state how the activity is connected to the UK. Did it happen in the UK, or involve a UK company or UK person overseas?  
    • Clear narrative: Explain what happened in your own words. Simple, honest details are best
    • Sanctions prohibition: If you know which rule or rules may have been broken, let us know. If you aren’t sure, that’s fine too
    • Contact with other authorities: If you inform or intend to inform other public bodies, please mention this in your report
    • Supporting documents: These can be the difference between a useful report and a comprehensive report

    What not to include in a breach report 

    In general, OTSI does not require information that lacks a clear connection to the UK. However, if you are uncertain, it is better to report than not. 

    Keep things simple and clear. Use plain English. Tell us what you know. We would rather get a short report than nothing at all. 

    Remember: good reporting helps OTSI enforce trade sanctions and helps you too. The more comprehensive the initial report, the less likely it is we will need to contact you to clarify something.  

    OTSI welcomes all reports 

    OTSI values openness and honesty. If you think a trade sanctions regulation may have been breached, please submit a report to us. You don’t need to be an expert – any information helps, and more detail reduces follow-up questions. Your information could help boost the effectiveness of UK sanctions, and every report is handled carefully.  

    , ,

  • The OFAC Enforcement road less traveled

    Many of us, if not most of us, skip the part of the Federal Register that explains why the Enforcement Guidelines (the eCFR version is much easier on the eyes) came to be, and the comment period prior to its publication. Here’s a simplified version of those sections from the Federal Register version:

    1. Background

    Why was this document written?

    The Office of Foreign Assets Control (OFAC) enforces economic sanctions (punishments) against foreign countries, terrorists, and drug traffickers to protect U.S. national security.

    • The Catalyst: In 2007, the President signed a new law (the IEEPA Enhancement Act) that drastically increased the maximum fines for breaking sanctions rules. Because the potential fines became so much higher, OFAC needed to create a clear, written set of rules explaining exactly how they decide whether to fine someone and how much that fine should be.
    • The History: OFAC had tried to create these guidelines before (proposing versions in 2003 and 2006). In 2008, they published a temporary (“interim”) version of these rules. This document is the final version, incorporating feedback they received from the public and industry groups.

    2. Comments and Responses

    After publishing the temporary rules in 2008, OFAC received feedback from banks, trade groups, and lawyers. Here is a summary of what those groups asked for (“Comments”) and how OFAC answered (“Responses”).

    A. Voluntary Self-Disclosure (Confessing)

    • Comment: Industry groups wanted OFAC to clearly define what counts as “voluntarily” telling on yourself. They also wanted to know exactly how much “credit” they would get for it.
    • Response: OFAC clarified the definition. Most importantly, they confirmed that if you genuinely confess a violation before the government finds out, your base penalty will be reduced by 50%. They view this as a major incentive for honesty.

    B. Risk-Based Compliance (Internal Rules)

    • Comment: Companies asked OFAC to clarify what a “good” compliance program looks like. They were worried they would be punished for not having a perfect system, even if they were a small business.
    • Response: OFAC agreed that “one size does not fit all.” A small charity doesn’t need the same complex software as a global bank. OFAC said they will judge a company’s compliance program based on its specific size and risk profile.

    C. Cooperation

    • Comment: Commenters wanted to know if they would get credit for cooperating with an investigation even if they didn’t turn themselves in (voluntary self-disclosure).
    • Response: Yes. OFAC added a specific point stating that substantial cooperation—like quickly providing documents or signing agreements to extend deadlines—can lower your fine, even if you didn’t confess first.

    D. Determining the Fine (Penalty Calculation)

    • Comment: Many people were confused about how OFAC calculates the “value” of a transaction to set the fine (e.g., if a bank processes a $100 illegal check, is the value $100?).
    • Response: OFAC kept its method but provided more clarity. Generally, the fine is based on the dollar value of the illegal transaction. They also clarified that they distinguish between “egregious” (reckless/bad) cases and simple mistakes. Egregious cases get much higher fines.

    E. Sanctions History (Your Permanent Record)

    • Comment: Companies were worried that a mistake they made 20 years ago would count against them today.
    • Response: OFAC agreed to a limit. They stated that, generally, they will only look at your “Sanctions History” for the last 5 years. If you haven’t had a violation in 5 years, a new mistake is treated as a “first offense” (which gets a lower penalty).

    F. Foreign Laws and Secrecy

    • Comment: Global companies pointed out that some foreign countries have laws that make it illegal to share customer data with the U.S. government. They feared being fined by OFAC for failing to provide information that was legally blocked abroad.
    • Response: OFAC said they will consider this on a case-by-case basis. However, they expect companies to try their hardest to get the information to OFAC legally. You can’t just use foreign laws as an easy excuse to hide information.

    , ,

  • FCDO’s Syria guidance for businesses and NGOs, simplified

    Go read the guidance document for all the links and detail if you want to know more…

    Background

    Interest from UK businesses in operating within Syria has grown recently, prompting the UK government to clarify the legal and policy landscape. The government supports UK businesses investing and trading in Syria, provided they follow UK laws and the activity is actually destined for Syria. However, businesses must assess their own risks, particularly regarding bad actors who might try to exploit the situation or use deceptive tactics to bypass rules.

    The political situation in Syria has shifted significantly. Following the fall of the Assad regime in December 2024, the UK government removed many sanctions in April 2025 to aid recovery. Further steps toward normalization occurred in late 2025: the UK removed Hay’at Tahrir Al-Sham (HTS) from its list of banned terrorist organizations in October, and in November, the UK removed the Syrian President and Interior Minister from the specific ISIL/Al-Qaida sanctions list. While Syria remains a high-risk environment, the new government is working toward stability, and there are potential commercial opportunities in this lower middle-income market.

    What has (and hasn’t) changed

    Significant changes to the UK’s Syria sanctions rules took effect on April 24, 2025. To help the Syrian people rebuild, the UK lifted bans on trade, finance, aviation, and energy production. Financial freezes were also removed from entities previously controlled by the Assad regime, such as the Central Bank of Syria, government ministries, and energy or media companies. The current Government of Syria itself is not subject to sanctions.

    Despite these relaxations, strict prohibitions remain in place to hold specific individuals accountable. You still cannot do business with people or entities subject to asset freezes. There are also continued bans on exporting chemical and biological weapons technology, goods used for internal repression or spying, and military equipment. Specific trade restrictions apply to the “Governing Authority of Syria”—which includes the transitional authorities and the Central Bank—regarding gold, precious metals, and diamonds. Luxury goods also cannot be sent to Syria. If you are a specific type of regulated firm, you have a legal duty to report suspected sanctions breaches.

    UN counter-terrorism sanctions

    Separate from the UK’s own rules, the United Nations maintains a counter-terrorism sanctions list (the ISIL/Al-Qaida regime) that still affects business in Syria. While the UK has removed the Syrian President and Interior Minister from its version of this list, other individuals and groups remain designated. Notably, while the UK has de-listed HTS domestically, HTS remains on the UN sanctions list.

    The Government of Syria is not on this UN list, meaning interactions with the government generally do not violate these sanctions. However, strict asset freezes and bans on military goods apply to anyone who is on the UN list. This prohibits providing funds or economic resources to them directly or indirectly. Limited exceptions exist, primarily to allow for the payment of basic expenses, but these usually require a licence.

    Relevant UK counter-terrorism laws

    Under UK law, the Terrorism Act 2000 defines which organizations are “proscribed” (banned). As of October 2025, HTS is no longer a proscribed organization, meaning membership or support for it is no longer a criminal offense in the UK. However, the group Da’esh (ISIL/ISIS) remains banned and poses a threat.

    The government aims to ensure that counter-terrorism laws do not stop legitimate humanitarian work. The Crown Prosecution Service (CPS) has guidance stating that prosecuting genuine aid organizations is generally not in the public interest. Additionally, the law offers specific protections: there is a legal defense for “genuinely benign” meetings with banned groups (such as for delivering aid), and organizations can apply to the National Crime Agency for a defense against potential terrorist financing charges for specific transactions.

    Humanitarian exceptions and exemptions

    Petroleum exceptions

    The regulations include a specific rule allowing the use of funds to purchase or supply petroleum products for humanitarian purposes. Since the general ban on petroleum trade was lifted in April 2025, this rule now primarily protects aid organizations if they need to deal with frozen assets to get fuel. If an organization relied on this rule for activities before April 2025, they must notify the government by the end of the year. For activities after April 2025, notification is only needed if the activity would otherwise breach an asset freeze.

    General licence

    In February 2025, a “General Licence” was issued to facilitate aid. This allows eligible aid organizations (and the banks that serve them) to carry out activities necessary for humanitarian assistance and basic human needs without violating asset freezes. This licence applies to the UK’s independent sanctions but not to the UN sanctions, which have their own separate humanitarian exemption.

    Related guidance documents

    Businesses and organizations should consult the specific statutory guidance for both the Syria and ISIL/Al-Qaida sanctions regimes to understand the full technical details of prohibitions and licences. A “sanctions hub” on the government website creates a central place to search for all relevant policies.

    In addition to sanctions and terrorism laws, other legal frameworks still apply. You must comply with export controls for military and dual-use goods, anti-money laundering regulations, and laws against bribery and corruption. If you are unsure whether your planned activities might break the law—especially given the complexity of the different legal regimes—you should seek independent legal advice.

    So, what do you think of this summary? Is it “enough” for you, or are you better served by the guidance document, for a first read?

    , ,