On February 14, 2008, the Office of Foreign Assets Control (OFAC) issued guidance regarding blocked property that effectively created a new, second tier of specially designated persons with whom U.S. persons may not do business. The guidance deserves more careful attention than it might initially attract. It imposes appreciable but undefined new compliance obligations that should be evaluated carefully by persons subject to OFAC’s jurisdiction.
Specially Designated Nationals (“SDNs”) are persons, organizations, companies and even vessels that the U.S. government has identified as threatening national security.  SDNs are often suspected terrorists, drug dealers or members of rogue regimes. Persons subject to U.S. jurisdiction may not do business with SDNs, and moreover, are required to block (or “freeze”) SDN property that comes into the U.S. person’s possession.
OFAC’s new guidance states that U.S. persons must block not only the property of an SDN, but also the property of other entities in which an SDN has a 50% or greater interest – even if this other entity is not on OFAC’s SDN list. 
Accordingly, the guidance implies a second set of designations that are not published on OFAC’s SDN list or any other U.S. government list. U.S. persons must thus consider conducting additional due diligence to identify this new category of sanctioned entities – or run the risk of stiff new penalties administered under OFAC’s strict liability regime. 
Implications for the Private Sector
Through its guidance, OFAC has effectively deputized U.S. businesses in the task of designating would-be SDNs. The guidance implies an expectation that U.S. persons, through their own due diligence, will discover entities in which an SDN has a 50% or greater interest. The U.S. person must then refrain from doing business with entities on this self-made list, and moreover, must block the property of those entities. Accordingly, a U.S. financial institution must have procedures in place to identify and block transactions involving entities that are majority owned by an SDN – even though transaction documents on their face may lack any indication of an SDN ownership stake.
Aside from the financial and technical burdens of complying with this new mandate, the guidance creates a substantial risk of confusion in the financial system. In the absence of a centrally-determined list of SDNs, multiple financial institutions handling different stages of the same transaction may reach different conclusions as to whether an entity is controlled by an SDN. One bank might block while another passes off a transaction, each operating on a good faith interpretation of available information. It is unclear whether OFAC will have the resources or willingness to help resolve such differences.
A History of Unpublished Designations
OFAC has a trackrecord of non-public designations, such as the tacit sanctioning of the Corinthian Hotels chain when only a few business units of the chain appeared on the SDN list. U.S. persons were held responsible for knowing that certain hotels were off-limits, even though such lodging was offered in non-sanctioned countries and OFAC had provided no list to notify wary travelers.
More recently, on June 13, 2006, OFAC designated China Great Wall Industry Corporation as a weapons proliferator, but named only the company’s locations in Beijing, China and Moscow, Russia on the SDN list.  U.S. persons were expected to know that other Great Wall affiliates also were subject to blocking, despite the absence of such affiliates in OFAC’s publications. Instead of publishing a clarification, on July 12, 2006, OFAC simply revised its designation to include a reference to “all [China Great Wall] locations worldwide.” But the agency elected not to inform the public on its website or via its standard e-mail notification service of this small change in a list hundreds of pages long. Accordingly, many U.S. financial institutions were unaware of the broader scope of the designation until at least one received an OFAC administrative subpoena.
Compliance Officers Will Earn Their Stripes
Verifying whether an undesignated entity is controlled by an SDN is apt to pose a daunting challenge for even the most conscientious business. As difficult as this task might be in the context of contract negotiations or new client acceptance, it will cause special headaches for financial institutions. Banks must find a way to comply with the guidance while reviewing large volumes of transactions and maintaining processing speeds. Nonetheless, businesses must make a good faith effort to comply with the guidance. Because errors in detecting SDN ownership are inevitable, and because OFAC effectively operates a strict liability regime, U.S. businesses will depend on the mitigation potential of good faith compliance to manage OFAC penalty and reputational risks.