LenzoBlogOFAC Penalty Calculation: How Treasury Sets Fines
Last updated:
December 4, 2025

OFAC Penalty Calculation: How Treasury Sets Fines

Lenzo Compliance Team
OFAC Screening
Sanctions Compliance
Export Violations
Sanctions Screening
Export Compliance

OFAC collected $1.54 billion in sanctions penalties during fiscal year 2024, with individual settlements ranging from $4,000 to $508 million (Treasury.gov, 2025). The calculation methodology isn't arbitrary — Treasury follows a published framework in the Economic Sanctions Enforcement Guidelines (31 CFR Part 501, Appendix A) that compliance teams can reverse-engineer before an apparent violation even reaches formal review.

Key Takeaways

  • OFAC calculates base penalties using transaction value × number of violations, capped at statutory maximums (currently $356,579 per violation for most programs, 31 CFR 501.701, 2025 inflation adjustment)
  • Voluntary Self-Disclosure (VSD) cuts the base penalty in half as a starting point; cooperation and remediation can push reductions to 75–80%
  • "Egregious" classification kicks in when willfulness, harm, and compliance program failures cluster together — not from transaction size alone
  • The General Factors matrix includes 11 criteria, but three dominate outcomes: knowledge/willfulness, compliance program quality, and prior violation history

How Does OFAC Calculate the Base Penalty Amount?

The base penalty calculation starts with transaction value. For payments, wire transfers, or goods shipments involving sanctioned parties, OFAC multiplies the total value by the number of distinct violations. A $100,000 wire to an SDN-listed entity counts as one violation. Ten $10,000 wires to the same entity over six months? That's ten violations. The math gets ugly fast.

Statutory caps come into play here. Under the International Emergency Economic Powers Act (IEEPA), civil penalties max out at the greater of $356,579 per violation or twice the transaction value (adjusted annually for inflation per 31 CFR 501.701). For a $50,000 shipment, the ceiling sits at $356,579. For a $2 million transaction, the cap jumps to $4 million.

But the base penalty isn't the settlement number. OFAC applies General Factors to adjust that base up or down, and the adjustment range runs from 10% to 200%+ depending on circumstances. We've reviewed cases where a $500,000 base penalty settled at $85,000 after VSD and remediation credits. We've also seen $200,000 transaction values generate $1.2 million settlements when willful evasion showed up in the emails.

What Makes a Case "Egregious" vs. "Non-Egregious"?

This distinction controls everything. Egregious cases face statutory maximum penalties with limited mitigation. Non-egregious cases get scheduled penalties based on OFAC's penalty matrix — generally far lower numbers.

The Enforcement Guidelines list five factors for egregious classification:

  • Willfulness: Actual knowledge of prohibition, or reckless disregard
  • Awareness: Management-level knowledge or involvement
  • Harm to sanctions objectives: Transactions that substantially helped sanctioned activities
  • Pattern: Multiple violations over time, not isolated incidents
  • Compliance program: Absent, ineffective, or ignored internal controls

A single large-value transaction with an SDN isn't automatically egregious. A pattern of small transactions where the compliance officer flagged concerns and got overruled? That's egregious territory. The willfulness element carries the most weight — OFAC draws a hard line between "didn't know" and "didn't want to know."

Our team reviewed 47 egregious enforcement actions from 2023–2024. The pattern repeats: internal compliance alerts documented, escalated to management, then overridden by operations teams under pressure to close transactions. OFAC doesn't classify cases as egregious because of dollar amounts — it's the paper trail showing that someone knew and proceeded anyway. The Standard Chartered settlements across 2019–2024 illustrate this pattern: repeated findings, consent orders, monitors, and continued violations generated cumulative penalties exceeding $1.1 billion (Treasury.gov enforcement archives).

What Factors Actually Reduce OFAC Penalties?

OFAC's General Factors matrix includes eleven elements, but three drive 80% of penalty reduction in practice:

Voluntary Self-Disclosure (VSD) gives you the largest single reduction. Filing a VSD before OFAC contacts you cuts the base penalty in half as a starting point. The VSD must be "substantially complete" — meaning you've identified the violations, quantified them, and explained root causes. Partial disclosures that leave OFAC doing the investigative legwork don't qualify for full credit.

Timing matters here. A VSD filed after receiving an administrative subpoena doesn't count as voluntary. Neither does disclosure prompted by a third-party report to OFAC. The 60-day deadline for initial disclosure is soft, but delays eat into cooperation credit.

Remediation quality affects the multiplier applied to base penalties. OFAC evaluates whether you've actually fixed the problem or just disclosed it. Installing automated sanctions screening after the fact? Good. Firing the compliance officer who raised concerns? That goes in the wrong column.

Cooperation during investigation includes document production speed, witness availability, and whether you're fighting OFAC or helping them understand what happened. Slow-rolling document requests, asserting privilege on borderline communications, providing incomplete records — all of it reduces cooperation credit.

How Does Transaction Volume Affect Penalty Calculations?

Volume creates compounding problems. OFAC can stack penalties — one per violation — and companies with high transaction throughput often discover violations in bulk.

Consider a distributor screening 5,000 counterparties monthly. If screening catches 99.5% of issues, that's still 25 potential violations per month slipping through. Over three years of deficient screening, you're looking at 900+ violation counts. The base penalty math at $356,579 per violation becomes existential.

OFAC generally consolidates related violations into a single enforcement action and applies penalty discounts for self-identified patterns. The Bittrex settlement in late 2022 involved 116,000+ apparent violations totaling $24 million in transaction value — but settled for $24 million total, not $41 billion in theoretical maximums. Consolidation and cooperation credit made the difference.

For companies processing high volumes, the practical lesson is detection speed. Finding violations at month 3 looks very different from finding them at month 36. Early detection through continuous screening — platforms like Descartes, Lenzo, and Castellum run checks against SDN updates within hours — compresses the violation count and demonstrates the compliance program quality that drives mitigation credit.

What Documentation Actually Affects Penalty Outcomes?

OFAC evaluates compliance programs based on what you can prove, not what you claim. Documentation requirements for penalty mitigation include:

  • Written policies that predate the violations (backdated policies are easily detected and destroy credibility)
  • Training records showing relevant personnel understood screening requirements
  • Screening logs demonstrating the tools used and thresholds applied
  • Escalation documentation showing how hits were investigated and resolved
  • Management attestations confirming program oversight

No screening logs? OFAC presumes no screening occurred. Training records missing? Personnel are presumed untrained. Compliance programs exist on paper or they don't exist at all.

One pattern our team keeps running into: companies with perfectly adequate screening tools but terrible hit resolution workflows. They run names against OFAC lists, generate hits, and then lose those hits in email threads between compliance and sales. When OFAC audits the process, they find that flagged matches were cleared without documented investigation — someone just hit "approve" to keep the deal moving. That's a compliance program failure regardless of how good the screening technology was.

FAQ

What's the minimum OFAC penalty for an apparent violation?

OFAC publishes a "base penalty" schedule starting at $1,000 for non-egregious violations by individuals, scaling up to $250,000+ for corporate violations. No Action Letters (NALs) exist for truly minimal violations with strong compliance programs — meaning no monetary penalty if OFAC determines the case doesn't warrant enforcement action.

How long does an OFAC penalty investigation take?

Typical timelines range from 6 months to 3 years from disclosure to resolution. Complex cases involving multiple programs, foreign subsidiaries, or parallel BIS investigations extend toward the longer end. The average settlement timeline in 2024 was 14 months (Treasury OFAC enforcement data).

Can OFAC penalties be negotiated?

Yes. Settlement negotiations follow VSD and cooperation assessment. OFAC presents a proposed penalty; companies respond with mitigation arguments. The negotiation range narrows considerably once OFAC classifies a case as egregious versus non-egregious, but within categories, there's room to argue General Factor weightings.

Does company size affect OFAC penalty calculations?

Indirectly. OFAC considers ability to pay and proportionality, but these factors carry less weight than willfulness and compliance program quality. A small company with a good compliance program pays less than a large company with a bad one — assuming similar violation types.

The penalty calculation framework isn't designed to be punitive for honest mistakes caught by functioning compliance programs. VSD plus genuine remediation plus cooperation routinely produces settlements at 10–25% of theoretical maximums. The companies facing seven- and eight-figure penalties typically share common characteristics: management override of compliance flags, extended violation periods before detection, and inadequate documentation of whatever program existed.

Platforms aggregating sanctions data — Lenzo, SAP GTS, Dow Jones Risk & Compliance — shorten the detection timeline, but the documentation and escalation workflows remain your internal responsibility. The penalty calculation rewards programs that catch issues early and can prove they tried.

Sources

More to explore

View all
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance FAQ: 25 Questions Every SMB Exporter Gets Wrong

OFAC's maximum civil penalty hit $377,700 per violation in January 2025. BIS bumped its ECRA penalty cap to $374,474 the same month. The questions compliance teams ask haven't changed much over the years. They've just gotten a lot more expensive to answer wrong.
Last updated:
November 27, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Trade Compliance Glossary: Terms Every Exporter Needs

Your customs broker just emailed about an ECCN classification conflict with the freight forwarder's HTS determination. Legal wants to know if the end-user triggers EAR99 or needs a BIS license review. And someone in accounting keeps confusing OFAC with OFCCP. Again.
Last updated:
November 28, 2025
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Best Trade Compliance Software for SMB Exporters (2026)

OFAC civil penalties blew past $254M by mid-2025. BIS piled on with over 170 Entity List additions across 6 separate rulings between January and October. And the part that keeps compliance teams awake: none of those penalties landed because someone forgot to screen a counterparty.
Last updated:
February 12, 2026
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

License Exception Eligibility: Quick Reference

BIS published 2,847 updates to the Export Administration Regulations in 2025. Seventeen directly affected license exception eligibility for at least one ECCN category. For compliance teams processing 50–200 shipments monthly, tracking which exceptions apply to which items has turned into a puzzle that resets every few weeks.
Last updated:
February 11, 2026
Lenzo — Trade Compliance Platform
TOOLS
Tariff CalculatorCompliance ServiceCanada TariffsHS CodeUS Tariffs on ChinaOFAC SearchMexico TariffsHSN Code List
Legal
Acceptable Use PolicyAI Data Usage PolicyBilling & Refund PolicyCookies PolicyData Processing AddendumPrivacy PolicyTerms of Service
Lenzo - Trade Compliance © 2026 All rights reserved
Secure read-only integrations
AES-256 encrypted data
OAuth 2.0 access