// GLOSSARY -- SECURITY & COMPLIANCE

What is OFAC Compliance?

1 min read Updated

OFAC compliance refers to adherence to the rules and regulations of the US Office of Foreign Assets Control, which administers economic sanctions programs prohibiting transactions with designated persons, entities, and jurisdictions.

WHY IT MATTERS

OFAC is the primary US sanctions enforcement body. Its SDN (Specially Designated Nationals) list includes individuals, entities, and cryptocurrency addresses that US persons are prohibited from transacting with. Violations can result in civil penalties of $300,000+ per transaction or criminal prosecution.

In crypto, OFAC compliance means: screening recipient addresses against the SDN list, not interacting with sanctioned protocols (like Tornado Cash, which was sanctioned in 2022), and maintaining records of compliance checks. This applies to all US persons and entities, including those operating agent wallets.

For AI agent operators, OFAC compliance must be automated. Manual compliance checks are impossible when agents execute transactions autonomously. Compliance must be embedded in the transaction pipeline — checking every recipient address before every transaction.

HOW POLICYLAYER USES THIS

PolicyLayer enforces OFAC compliance by checking agent transaction recipients against sanctioned address lists. Transactions to sanctioned addresses are blocked automatically — making compliance a built-in property of every agent transaction.

FREQUENTLY ASKED QUESTIONS

Does OFAC apply to DeFi?
Yes. The Tornado Cash sanctions established that OFAC applies to decentralized protocols. US persons cannot interact with sanctioned smart contracts or addresses, regardless of whether they're centralized or decentralized.
How often is the OFAC list updated?
Irregularly — OFAC adds and removes entries as sanctions change. Compliance systems should check against the latest list in real-time, not a cached version.
What if an agent unknowingly transacts with a sanctioned address?
OFAC operates on strict liability — intent doesn't matter. If you transacted with a sanctioned address, you may be liable. This is why automated screening is essential for agent wallets.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.