New Articles

More or Less Denied: The OFAC 50% Ownership Rule


More or Less Denied: The OFAC 50% Ownership Rule

The OFAC 50% ownership rule is a compliance requirement that, when overlooked, can lead to severe penalties and reputation damage. What exactly is the 50% rule and for which companies is it most relevant?

50% Rule: What is It?

Sorry, German soccer lovers—this 50% rule relates to Denied Party Screening. In 2014,the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) clarified 2008 guidance in relation to doing business with companies that are not on any OFAC denied parties lists (DPL), but that are in fact owned by people or companies that are on the DPL. The European Union has similar regulations and, as far as OFAC is concerned, the math is simple: if one or more people or entities that are on a DPL own in total 50% or more of an entity that is not listed, that (latter) entity is considered to be under the control of one or more denied parties and cannot be engaged for business.

That seems clear enough, but the bonus question is of course: how do you find out if the company you are planning to do business with is not controlled by actors on the DPL? And how exactly does the math work: is it direct ownership only or do other relations count as well (e.g., what if a denied person’s spouse owns 50.01%)?

Digging Deeper

The only opportunity to flag if an entity is 50% owned by a denied party is to have this information available when denied (or restricted) party screening occurs. Especially for companies with larger transaction volumes and many one-time sales, this implies a gigantic amount of research, which is practically impossible given the usual limited resources compliance departments have available.  Luckily, there are a few companies that have done the research and are also keeping it up to date. Tag their lists on to the regular DPL when screening and all bases are covered.

It’s relevant to note that the amount of research is staggering and performed in old fashion digging style. Typically, entities appearing on the DPL are well aware of that fact and bury their ownership in (at first sight) legit companies three or four layers deep, which is more research than most companies can handle, especially when large parts of it may be in a foreign language.

Obviously, some verticals are subject to both more scrutiny and fraud attempts when it comes to the 50% ownership rule. That soccer jersey sale might not raise too many flags but, for example, in the financial sector, the movement of dual-use goods or complex international agreements (oil, anyone?) calls attention to the necessity to screen all parties involved to the finest detail possible. Or not, in which case preparing for some generous penalties, revoking of business licenses and perhaps jailtime would be time well spent. Recent cases (2018-2020) have seen OFAC dish out penalties in excess of $1.3 billion with a growing part of that related to 50% ownership. In general, most (higher) penalties have been related to the financial sector (the first high profile case was the 50% penalty imposed on Barclays Bank).

As for the relationship part, it is only the actual names on the debarred lists that count towards the 50%. Ownership by their known family and (political) friends does not count toward the 50%, as long as these relations are not on the OFAC lists themselves. Practically, though, a few eyebrows or more should be raised if those relationships do come to light. Either way, if it is under the header of due diligence, reasonable care, or ‘know your customer’ (KYC), the burden is on the exporter/seller to ensure no laws are violated and goods do not end up in debarred hands.

A Closer Look

To illustrate the reach of the 50% rule, consider the following from the aforementioned Barclays case. Barclays US worked with Barclays Bank of Zimbabwe Limited on some of its customers that were not on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List). Yet, the Industrial Development Corporation of Zimbabwe was on the list (since 2008) and owns 50% or more of these customers. That means Barclays should have effectively blocked these customers and not engaged with them. When business was conducted, Barclays violated the 50% rule and was penalized.

Parting Thoughts

‘What Lies Beneath’ is not only a movie that can keep you up at night. The guidance on OFAC compliance regulations dictates that exporters must be aware of who they are conducting business with, even if that requires a look underneath the surface. That responsibility cannot be ignored.


The Importance of Supply Chain Resilience

Acknowledging potential weaknesses in your supply chain before they are exposed by elements beyond your control is of critical value. With current events in mind, managing future supply chain disruptions will be an integral component of corporate strategy. Calling it Supply Chain Resilience, Supply Chain Disruption, or Business Continuity Management (from the ISO 22301 standard) does not affect the necessity of having strategies in place that may make the difference between following or leading in a disrupted economy, and even between surviving or folding.

To identify potential soft spots, a review should not be limited to a single product flow or single supply chain element. For any company, the next big disruption does not have to be a pandemic; it can be something minuscule on a global scale, yet have the same devastating effect on the ill-prepared in particular trade lanes or in a particular industry. Unpredictable is not a reason to be unprepared. Creating supply chain resilience is a holistic exercise that involves more than just a few savvy logistics people. HR, finance, compliance/legal (to name a few) are all stakeholders in a healthy case of business continuity management.

How then to build a strategy? Like any other strategy, the process seems logical: review, assess, and mitigate. In this particular case: 1) review your tradelanes, products, and materials flow by matching them against risk categories (i.e., labor, business risk, global trade, nature, and materials), 2) assess risks for each combination, and 3) mitigate risks by either changing behavior now or planning for alternate (sourcing) options should the anticipated risks become reality.

Trade Lanes and Risk Categories

The relevant components to review within the supply chain include the importing and exporting country or countries, the manufacturing locations, the finished goods, and the (raw) materials. Ideally, for finished goods and materials, the associated Harmonized System (HS) codes are made available. Scratch what does not apply and move to the following step where each of the ‘inputs’ is categorically reviewed.

As mentioned, this should not be an exercise limited to supply chain professionals. For example, labor risks can be associated with the likelihood of strikes, wage volatility, and the availability of appropriate labor resources—not necessarily areas that keep the supply chain brain occupied every day.

In a similar fashion, other resilience elements expand across different areas of expertise. Business risks relate to cybersecurity, corruption, counterfeit products, and the chance of entering into business with bad actors that are on (any of the) denied party lists.

Global trade accounts for the compliance requirements related to the shipment of goods (i.e., licenses, documentation, permits, etc.), associates the products with the various duties and taxes, and identifies if Free Trade Agreements(FTA) apply and how to qualify for preferential treatment.

Arguably the most unpredictable, but not the least expected risk to account for, is nature. It’s important to identify the various kinds of disasters that may hit: natural hazards, pandemics or epidemics, flooding, earthquakes, hurricanes, volcanic eruptions, landslides, or drought can all play parts.

Lastly, consider materials. Understanding the market comes with insights into scarcity, sourcing locations, and price fluctuations.

Risk Assessment

Risk assessments match the input with the risk categories. For example, how vulnerable is the manufacturing location when it comes to labor regulations, corruption, or flooding? Is there an FTA in place that could potentially lower the import duty burden? Where in the supply chain can a cyberattack be most expected? In short, some homework is in order to create a thorough risk profile.

For many components, the sources are readily available, such as the Corruption Index at, labor statistics on Statista or NationMaster, or duty rate information from the various global trade content providers (or the WTO).

Building Resilience

As with cyber-security risks (PEN tests) or a regular laptop virus scan, supply chain risk assessments will point out the components that need immediate attention or, in this case, are a high priority for alternate sourcing or routing options. It’s then time to build that resilience.

Look for options by analyzing the market and tradelanes. Mine import and export data to identify alternative sources for goods and materials, even manufacturing locations. Map out alternative routes for products to get where they need to go. Document the reasonable options and share with as many people as possible—preparedness is, of course, an all-inclusive strategy.

Next and where possible: test run! Re-route shipments temporarily or source occasionally from a new supplier; in other words, make sure the alternative options are viable. In addition, communicate with external sources that would be part of continuity plans. Make them aware they are part of these plans; put people or suppliers on a retainer and try to agree on terms before disaster strikes so the projected costs can be anticipated better.

Lastly, keep those alternate plans up to date; otherwise, it may be too late to create and execute on alternate alternative plans.