How far a dollar reaches: a guide to OFAC extraterritoriality

What they are, how they operate, what their extraterritoriality means, and why a single dollar can bring a European transaction under United States jurisdiction

For a lawyer or a compliance officer trained in European logic, US sanctions appear, at first sight, to defy territorial common sense, crossing borders without a visa or right of residence. Union law traditionally thinks in terms of territory and nationality: you answer for what you do on your own territory or for what your nationals do, yet the Office of Foreign Assets Control (OFAC), the US Treasury agency that administers economic sanctions, thinks differently. For OFAC, the question is not where the company is located or what nationality it holds, but whether a transaction touches, however faintly, United States jurisdiction.

This shift of emphasis, from nationality to nexus, explains why a Romanian company may be exposed to US risk without any US partner sitting at the table: it is enough for the payment to settle in dollars through a US correspondent bank, for the product sold to contain technology of US origin, or for a name appearing on an OFAC list to surface in the counterparty’s ownership chain. We thus run, in turn, through the architecture of this regime: what OFAC is and on what it rests, what types of sanctions exist, how the lists and blocking work, what the 50% rule means, who is obliged to comply, what a US nexus is, how extraterritoriality manifests itself through secondary sanctions, how that which is otherwise prohibited comes to be authorised, and what all of this means for a European undertaking caught between two regimes.

What OFAC is and on what it rests
The Treasury Department has a long history in the management of sanctions. As far back as the period before the War of 1812, the Secretary of the Treasury, Gallatin, administered the sanctions imposed against Great Britain for the harassment of American sailors. During the Civil War, Congress passed a statute that prohibited transactions with the Confederacy, provided for the forfeiture of goods involved in such transactions, and established a licensing regime under rules and regulations administered by the Treasury.

OFAC is the successor of the Office of Foreign Funds Control (“FFC”), which was established at the beginning of the Second World War, following the German invasion of Norway in 1940. The FFC programme was administered by the Secretary of the Treasury throughout the war. The FFC’s initial purpose was to prevent the Nazis’ use of the occupied countries’ holdings of currency and securities and to prevent the forced repatriation of funds belonging to the citizens of those countries. These control measures were later extended to protect the assets of other invaded countries. After the United States formally entered the Second World War, the FFC played an important role in the economic war against the Axis Powers, by blocking enemy assets and prohibiting foreign trade as well as financial transactions.

OFAC was formally created in December 1950, after China’s entry into the Korean War, when President Truman declared a national emergency and blocked all Chinese and North Korean assets within United States jurisdiction. Its declared mission is to advance the foreign-policy and national-security objectives of the United States through economic instruments, without recourse to military force.

The legal basis of the sanctions is, in the overwhelming majority of cases, the International Emergency Economic Powers Act (IEEPA) of 1977, supplemented by the Trading with the Enemy Act (TWEA) of 1917 for a few historical programmes (notably, Cuba) and by the National Emergencies Act. The mechanism is recurrent: the President declares a national emergency with respect to an external threat, issues an executive order (Executive Order) defining the prohibitions and the categories of targets, and OFAC implements the order through detailed regulations, codified at 31 C.F.R. (Code of Federal Regulations), Chapter V. To these is added, for certain programmes, specific legislation adopted by Congress (for example CAATSA, Countering America’s Adversaries Through Sanctions Act, for Russia, Iran and North Korea), which may impose mandatory sanctions and may extend them beyond the executive’s margin of appreciation.

It should be borne in mind that a sanctions programme is not a homogeneous statute, but a body of regulations, executive orders, designations, derogations and guidance that are read together. This fragmentation is the source of many compliance errors: what is permitted under one programme is not, by analogy, permitted under another, a feature that gives rise to confusion, to fragmentary permissions and derogations, and to ambiguity in the risk of exposure to secondary sanctions.

Types of sanctions: from embargo to lists
OFAC sanctions fall, according to their scope, into two broad categories. Comprehensive sanctions amount to a near-total embargo: in practice all transactions with the targeted jurisdiction are prohibited, save those that are authorised. This category currently includes Cuba, Iran and North Korea, as well as the Crimea, Donetsk and Luhansk regions of Ukraine, treated as embargoed territories.

The second category is that of targeted and sectoral sanctions: here trade with an entire jurisdiction is not prohibited, only transactions with certain persons, entities or sectors. Russia is the most telling example: although it is not under a comprehensive embargo, the web of targeted and sectoral measures imposed after 2014, and massively after 2022 (energy, finance, defence), is so dense that, in practice, numerous transactions become impossible. The same logic captures Belarus, Venezuela, Myanmar and dozens of other programmes.

Cutting across this division lies the distinction between primary and secondary sanctions. Primary sanctions are addressed to US persons and to transactions with a US connection, whereas secondary sanctions are addressed to non-US persons and constitute the principal vehicle of extraterritoriality and the principal stressor for companies within the European jurisdiction

The OFAC list and the concept of blocking
The central instrument is the SDN List (Specially Designated Nationals and Blocked Persons). Inclusion on this list triggers “blocking”: the property and interests in property of the targeted person located within US jurisdiction are frozen, and US persons are, in principle, prohibited from any dealing with the listed person. Blocking is not confiscation; it is an immobilisation. The assets remain those of their holder, but they cannot be transferred, withdrawn, used or managed without OFAC authorisation. Where a US person holds control over blocked property or receives a payment instruction involving a blocked person, it is obliged to block the transaction and to report it to OFAC.

In addition to the SDN List, OFAC maintains a series of non-SDN lists, with generally less severe consequences: the SSI List (targeting sectors of the Russian economy), the FSE List (of those who evade sanctions), the NS-MBS List (menu-based sanctions), the NS-CMIC List (the Chinese military-industrial complex) and the CAPTA List (foreign financial institutions restricted at the level of correspondent accounts). These lists are updated several times a week, which turns screening into a continuous operation rather than a one-off check.

The 50% rule: the trap of indirect ownership
The most subtle and, at the same time, the most costly area of risk is the 50% rule. According to OFAC guidance, any entity owned 50% or more, directly or indirectly, individually or in the aggregate, by one or more blocked persons is itself considered blocked, even if its name appears on no list. The practical consequence is significant: a company may be “blocked” without appearing anywhere, and the partner dealing with it breaches the sanctions without having had any warning signal on the public lists.

The rule operates through aggregation and through propagation. Aggregation means that the holdings of several blocked persons are added together: if blocked person X holds 25% and blocked person Y holds another 25% of the same entity, the entity is blocked, and the holdings are cumulated even if the persons come from different sanctions programmes. Propagation means that, once an intermediary entity itself becomes blocked (because it is owned 50% or more by blocked persons), it is treated as a blocked person in the calculation of holdings at the lower levels, so that blocked status passes in a cascade along the ownership chain.

Two nuances are essential:

• The rule targets ownership, not control; that is, an entity that is controlled but not owned 50% or more is not automatically blocked. OFAC may, however, designate it separately or warn against transactions with entities in which blocked persons hold significant influence below the 50% threshold.
• Because these entities do not appear on the lists, the only real defence is due diligence on beneficial owners, the identification of holders with relevant interests, and the reporting of ownership status against the 50% threshold. This has been a cause of intensified compliance controls within KYC procedures and for the determination of the UBO, in light of the risk of secondary sanctions.Who must comply: the “U.S. person” and the extension to non-US persons
  The core of the compliance obligation is the US person (U.S. person). The category is broader than it seems, since it comprises (i) all US citizens and permanent residents, wherever they may be in the world, (ii) all natural and legal persons located within the territory of the United States, as well as (iii) all entities organised under US law, including their foreign branches. The exact definitions of the terms “U.S. person” and “person subject to US jurisdiction” are found in the regulations of each programme.

For certain programmes, the scope extends still further: foreign branches or subsidiaries owned or controlled by US persons must, in turn, comply (this is the case, for example, of the programmes concerning Russia, Iran and North Korea). Thus, a European subsidiary of a US group may be caught within the US obligations, even though it is registered and operates exclusively within the European Union.

The turning point for the non-US business environment is, however, another: non-US persons are not entirely outside the regime; they are prohibited (i) from causing, or conspiring to cause, a US person to breach the sanctions, (ii) they are prohibited from conduct that evades the sanctions, and, under certain programmes, (iv) the re-export of goods, technology or services of US origin obliges them to comply with the sanctions even if no US person is involved in the operation.

To all of this is added the prohibition on “facilitation” or intermediation: a US person may not indirectly support a transaction that it could not carry out directly, for example by using a foreign company to deal with a sanctioned party while itself supplying the necessary means.

US nexus: how US law reaches an apparently foreign transaction
“US nexus” is the very premise of the entire system: the link, however thin, that brings a transaction under US jurisdiction and activates the primary sanctions even where the parties appear to have nothing American about them. This nexus may be created through a series of elements, satisfied separately or cumulatively.

• The involvement of a US person in the chain of the transaction, whether as a party or as an intermediary, adviser or service provider;
• The US origin of the goods: merchandise, components, software or technology of US provenance triggers US rules even after re-export;
• Currency is the most insidious element that draws in a US nexus: a payment denominated in dollars settles almost inevitably through a US correspondent bank, which causes a transfer between two non-US parties to “touch” the US financial system at the moment of clearing;
• Any use of US financial infrastructure and any conduct carried out on the territory of the United States.

Thus, we encounter the dollar trap: a Romanian company that receives or pays in dollars in an otherwise purely European operation may unintentionally create a US connection sufficient for OFAC to assert its jurisdiction. For the compliance function, the first question in a risk analysis is not “do we have a US partner?”, but rather “where and through what does the value pass, in what currency, through which banks, and with what goods, resources or funds?”.

Extraterritoriality: secondary sanctions, facilitation and the “causing” of a breach
If primary sanctions require a US nexus, secondary sanctions are the instrument through which the United States reaches non-US persons even in the absence of such a link. The mechanism does not, as a rule, consist of a direct fine, but of an imposed choice: the non-US person who carries out a given activity with an already sanctioned party risks either being designated on the SDN List itself, or being cut off from correspondent accounts and from dollar clearing (through the CAPTA List, the Correspondent Account or Payable-Through Account Sanctions List). For a bank or a company that depends on dollar funding and settlement, the second option becomes a matter that jeopardises its very existence.

The triggering criterion is, in many programmes, a significant transaction, assessed on a multifactorial basis (size, frequency, nature, the extent to which it facilitates the sanctioned activity), without a fixed monetary threshold. For example, CAATSA authorises sanctions against any person, whether US or not, who knowingly conducts a significant transaction with Russia’s defence or intelligence sector. At the level of US persons, the same extension manifests itself through the prohibition on facilitating a breach, under which OFAC sanctions conduct that causes another party to breach a programme.

It is only here that the true exposure of European companies arises. They are not caught because they have done business in the United States, but because of the place through which the dollar circulates, because of the origin of a piece of equipment, or because of who is hidden, through the 50% rule, behind an apparently neutral counterparty. The lever that sustains this whole edifice is not, ultimately, the law, but the centrality of the dollar in international trade and finance: so long as access to dollar clearing remains indispensable, the threat of being deprived of that access has the force of a real sanction.

Licences: how that which has been prohibited becomes lawful again
A frequently misunderstood notion is that an OFAC licence lifts or removes a sanction. In reality, a licence does not repeal the prohibition; it opens a narrow and strictly delimited exception within an otherwise prohibited perimeter. Licences come as a temporary waiver, intended to mitigate the significant impact of the sanctions, so as not to create major bottlenecks in various markets (such as, for example, the energy sector) and not to paralyse pre-existing commercial relationships. There are two categories of licence, delimited by their scope, the persons or transactions covered, and their duration.

• The general licence (General License) is a normative and public authorisation, self-executing as a matter of law, which permits a predefined category of transactions or covers a category of persons without the need for an individual application: if the operation falls squarely within its conditions, you may act without prior approval.

In this sense, a general licence, having a more abstract field of application, ordinarily authorises recurring categories of operations, for example humanitarian activities, administrative or fiscal transactions, and, most frequently, wind-down and maintenance.

This last example is the most commonly encountered authorisation, since it marks the transitional period between an entity’s normal operation and its designation on the sanctions list. The wind-down period is authorised under general licences as a period of commercial adjustment, in which commercial relationships begun before the designation may be brought to a close under normal conditions, so as to avoid major bottlenecks in the affected markets, to allow suppliers to be paid, or to allow the obligations assumed by the designated entity to be performed.

• The specific licence (Specific License) is, by contrast, an individual document, issued by OFAC on a case-by-case basis, following a detailed application submitted through the licensing portal, in which the applicant justifies the transaction and identifies all the parties, including the beneficial owners.

The specific licence applies only to the applicant or to the persons indicated in the licence; it is not public in character. The comparison between the two types of licence may be analysed from the perspective of the difference between a normative and an individual administrative act.

A specific licence cannot be issued for persons or transactions/operations that fall within the scope of an already existing general licence.

An important rule for the interpretation of licences must be noted, namely that licences do not transfer from one programme to another, each programme being capable of being regarded as an entire, distinct legal system. While the explanations OFAC provides under the heading Frequently Asked Questions are generally applicable to all programmes, they present elements or indications that cannot be carried over by analogy from one programme to another, unless the licence specifies as much.

The compliance programme
Compliance with US sanctions operates, on the civil side, on a standard of strict liability: intent is irrelevant for establishing the breach. In other words, you need not have intended to breach the sanctions in order to breach them; a good-faith error remains a breach. This standard explains why even a technical mistake can attract direct or secondary sanctions.

OFAC does not impose a single compliance model, but it has published a reference framework which, although formally optional, is in practice the benchmark by which the seriousness of a company is assessed in the event of an incident. Among the essential elements of an effective international-sanctions compliance programme are (i) management commitment, which secures resources and authority for the compliance function; risk assessment, tailored to clients, products, geographies and channels, (ii) internal controls, including policies, procedures and screening against the lists of designated persons and entities, (iii) testing and auditing, to detect and correct deficiencies, and (iv) training of the relevant personnel. These components translate operationally into screening against the SDN List and the consolidated lists, the analysis of beneficial owners and application of the 50% rule, knowledge of the clientele, record-keeping, and the reporting of blocked and rejected transactions. The scope of the programme is calibrated to the risk profile: a small company does not need the same infrastructure as a global financial institution.

Procedurally, OFAC has at its disposal a spectrum of responses, from the mildest to the most severe: closing the matter with no action, a cautionary letter, a finding of violation without a monetary penalty, a civil penalty, or referral to the Department of Justice for criminal prosecution.

Where it intends to impose a penalty, OFAC first issues a pre-penalty notice, to which the alleged violator has the right to respond in writing, and the vast majority of cases are resolved through negotiated settlements rather than litigation. This procedural architecture is precisely what makes early cooperation and voluntary self-disclosure instruments for reducing exposure, rather than mere gestures of goodwill.

OFAC in relation to UN, EU and UK sanctions
For a European compliance function, OFAC rarely operates alone. A cross-border transaction must often be screened simultaneously against several regimes, convergent in purpose but distinct in reach. UN sanctions are established by Security Council resolutions and are binding on member States, but they tend to be the narrowest, focused on specific persons and on multilaterally negotiated embargoes. European Union sanctions are adopted within the framework of the common foreign and security policy and implemented through directly applicable regulations, which bind Union nationals and companies and conduct carried out on its territory, preferring, as a rule, targeted and sectoral measures to total country embargoes. Following Brexit, the United Kingdom administers an autonomous regime through OFSI, within HM Treasury. Of all of these, the US regime administered by OFAC has the broadest extraterritorial projection, precisely because of the centrality of the dollar.

A number of practical consequences must be taken into account. First, a person or an entity may be listed under one regime and absent from another, so that a “clean” result on the European screening does not guarantee a clean one at OFAC, and vice versa. Next, the thresholds, the definitions of ownership and of control, and the catalogue of prohibited conduct differ from one regime to another: the Union uses, for example, its own ownership-and-control test, the application of which is not identical to OFAC’s 50% rule. Finally, licences and derogations are granted by different authorities and do not transfer between regimes. The result is that simultaneous compliance with several regimes is not the sum of separate checks, but an exercise in reconciling obligations that overlap and, more often than not, contradict one another.

For a Union company, the picture is not complete without the EU “Blocking Statute”. Regulation (EC) No 2271/96, reactivated and updated in 2018 following the United States’ withdrawal from the nuclear agreement with Iran, prohibits European operators from complying, directly or indirectly, with certain US extraterritorial measures listed in its annex, which currently target the sanctions concerning Cuba and Iran, the rationale being that the Union does not recognise the extraterritorial application of laws adopted by third States.

This contradiction creates a system in which you lose if you comply, but you also lose if you do not comply, since to observe the US sanctions may mean breaching Union law, while to observe the Union’s Blocking Statute may mean exposure to the US sanctions.

There is, however, an authorisation/derogation mechanism through which the Commission may permit, in justified cases, compliance with the US measures where non-compliance would seriously harm the interests of the operator or of the Union. In practice, for a Romanian company, managing this conflict means less an abstract choice and more a documentary discipline: commercial decisions motivated by reasons of their own, not mechanically attributable to the US sanctions, and a conflict-of-laws analysis carried out in good time, not under the pressure of an incident.

The making of the Romanian precedent: OFAC sanctions and a critical infrastructure in Romania
Historically, Romania has not been a jurisdiction at the centre of international sanctions regimes, unlike States situated in conflict zones, States targeted by sectoral embargoes, or economies directly exposed to broad restrictive measures. Romania has been more of a friend to the jurisdictions that imposed sanctions, over time merely applying the sanctions adopted at European Union level or, indirectly, sanctions relevant to international commercial partners.

This geopolitically favourable positioning created the conditions for the domestic regulatory framework, until the end of last year, to be oriented towards the formal implementation of international sanctions with direct applicability (such as those of the European Union), rather than towards the effective administration of major economic effects capable of causing serious bottlenecks in the Romanian markets or in strategic sectors. In other words, Romania, until recently, had not faced a situation in which a sanctioning measure adopted outside its legal system directly affected the functioning of Romanian companies, paralysed the activity of private or State legal actors, or affected the monetary flow and the economic stability of Romanian citizens.

This context changed in October 2025, with the measures adopted by OFAC against actors with a significant indirect presence in the ownership chain in Romania. The OFAC sanctions shook the entire Romanian business community, since the legal framework on international sanctions did not provide for the measures the State could take to alleviate the effects of unilateral sanctions that lack direct applicability in Romania (since US jurisdiction does not benefit from the direct applicability of the European Union, but would have had to be enacted through another normative act conferring on it domestic legal force).

This event laid bare the gaps in the national legislative framework, the awkwardness of all the specialists when no doctrinal treatise can answer your questions, because you find yourself on the front line of a previously unencountered legal problem, namely the capacity to mobilise in order to manage the concrete effects of the sanctions on the national economy, on job security and on energy security, for Romanian citizens and Romanian companies operating on the territory of Romania.

To see how all these mechanisms fall into place in a concrete case, no example is more telling than the first in which OFAC sanctions reached, on a large scale, a critical infrastructure in Romania. At the end of 2025, OFAC designated on the SDN List, under Executive Order 14024 and for activity in the energy sector, two of the largest oil producers, together with more than thirty subsidiaries. By the mere application of the 50% rule, the blocking automatically extended to all entities owned, directly or indirectly, 50% or more by these companies, even though their names appeared on no list.

Here lies the specificity of the precedent: not a direct designation of a Romanian entity, but the cascade effect of the parent company’s designation upon a critical energy-infrastructure operator, registered in Romania and owned by the designated group.

The operator runs a refinery with a capacity of approximately 2.4 million tonnes per year, a network of around 300 fuel stations, representing a share of approximately 30% of the domestic market, and an 87% participation in an offshore concession in the Black Sea, in which the co-holder is a Romanian State operator with a 12% share. The stake was therefore not abstract: the indirect designation touched simultaneously the security of fuel supply, domestic fuel production, thousands of jobs and a strategic gas resource, which is why the impediment is a matter of energy security, not merely of commercial compliance.

Precisely because the blocking struck consumers and assets with no direct connection to the financing of an armed conflict, OFAC put in place all the permissions necessary to minimise the impact on the European markets. The response took the form of a series of general licences, issued and extended step by step, which exemplify the logic explained above: the licence does not lift the sanction, but opens temporary windows, with clearly defined deadlines renewed periodically. The chronology, essential for anyone following the matter, is as follows:

• 22 October 2025: together with the designation, OFAC issued GL 124A (a specific framework for the Caspian Pipeline Consortium and Tengizchevroil projects), GL 126 (the orderly wind-down of transactions with the two companies and with the entities owned 50% or more, until 21 November 2025), GL 127 (operations concerning debt, equity and derivative instruments, until 21 November 2025) and GL 128 (fuel stations, until 21 November 2025);
• 14 November 2025: GL 131 authorised the negotiation and conclusion of conditional contracts for the sale of the Austrian holding through which the group holds its international assets, as well as of the entities owned by it 50% or more, plus the maintenance and orderly wind-down of those entities, until 13 December 2025;
• 4 December 2025: OFAC separately designated the Austrian holding and the entities owned by it and issued GL 128B, dedicated exclusively to fuel stations (maintenance, operation, wind-down), with a deadline of 29 April 2026;
• 10 December 2025: GL 131A replaced GL 131, extending the authorisation until 17 January 2026;
• January to May 2026: GL 131B, 131C, 131D and 131E successively extended the window, and GL 128C extended the authorisation for fuel stations until 29 October 2026;
• 28 May 2026: GL 131F again extended the authorisation for negotiations, wind-down and maintenance, until 28 June 2026.

The defining feature of the entire series is, however, what the licences do not authorise. None of the iterations of GL 131 permits the actual sale, transfer or disposal of any asset: they authorise only the negotiation and conclusion of conditional contracts, the performance of which remains suspended pending a separate OFAC authorisation.

Moreover, OFAC announced that any approved sale would have to sever entirely the holding’s links with the parent company and to block, in an account subject to US jurisdiction, the sums owed to the latter until the sanctions are lifted. For a critical-infrastructure operator in Romania, the practical consequence is a prolonged state of transition: it may operate and may be negotiated over, but it cannot actually be sold without a second approval, and the flow of value towards the seller remains, by design, blocked.

Domestically, the situation generated a commensurate administrative precedent. Because the existing legislative framework covered exclusively the case of internationally recognised sanctions with direct applicability on Romanian territory, such as European Union sanctions, the Romanian State resorted to an emergency ordinance (OUG 66/2025 supplementing Government Emergency Ordinance no. 202/2008 on the implementation of international sanctions), which created an extended supervision regime, applicable to any company affected by unilateral international sanctions that lack direct applicability in Romania (OFAC sanctions): management remains in office, but a State-appointed supervisor oversees operations liable to fall within the scope of the sanctions, in order to reconcile compliance with the US regime with continuity of supply.

Thus, we encounter the very best example of the theoretical mechanism described earlier: a Romanian entity comes under sanctions not for anything it has done, but, through the 50% rule and the designation of the parent company, the blocking takes effect even though the entity appears on no list, and the return to normality does not run through a lifting of the sanction, but through a string of general licences with short deadlines. It is, at the same time, a reminder that in sanctions matters time is measured in weeks: each thirty-day extension represents, for those involved, the difference between energy security and a potential crisis.

In summary, a company exposed to cross-border trade, investment or financial services may use the following benchmarks as a starting point:

• Screening all the parties, including intermediaries and banks, against the SDN List and OFAC’s consolidated lists, as a continuous, not a one-off, operation;
• Analysing the beneficial owners and applying the 50% rule to aggregate and indirect ownership, in light of the fact that the targeted entity may appear on no list;
• Identifying the US connection (US nexus) of each transaction: currency (in particular the dollar and clearing through correspondent banks), US origin of the goods or technology, the involvement of a US person;
• Assessing the exposure to secondary sanctions where the counterparty or the sector is targeted, especially where it depends on dollar funding or settlement;
• While the existence of general licences can be verified in public databases, the existence of a specific licence is private, enforceable by the party in whose favour it was issued, and the burden of proof falls on the beneficiary of the licence, through the actual document, the correspondence with OFAC and so forth;
• Verifying a potential conflict with the European Union’s Blocking Statute;
• Building and maintaining a risk-calibrated compliance programme, with the four components recognised by OFAC.

The OFAC regime is not, in essence, a list of prohibited countries, but a method of projecting jurisdiction through connection, physical or virtual. For a European company, the risk comes not so much from the intention to do business with a sanctioned country, as from the invisible route of a payment, from the origin of a piece of equipment, or from a name hidden in the ownership architecture of a partner. To understand US sanctions therefore means less the memorising of lists and more learning to read a transaction: to see where exactly it touches, however discreetly, United States jurisdiction.