OFAC’s Latest Sanctions Highlight Why Modern Business Platforms Need Built-In Sanctions Screening
Last week, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) delivered another reminder that sanctions compliance remains paramount for financial institutions both domestically and abroad, and a rapidly evolving area of risk for organizations small and large. In a series of actions targeting the embattled countries of both Cuba and Iran, OFAC expanded its sanctions programs against individuals, entities, and entire networks that U.S. authorities allege support activities that remain viable threats to U.S. national security and foreign policy initiatives.
The most dramatic sanctions developments this week occurred in Cuba. On June 4th, OFAC imposed sanctions on senior Cuban government officials, including current President Miguel Díaz-Canel, members of the infamous Castro family, and organizations linked to Cuba’s military and state infrastructure, including Cuba’s Ministry of the Revolutionary Armed Forces itself.2 The new designations effectively block property and interests in property subject to U.S. jurisdiction and prohibit most transactions involving U.S. persons. The sanctions also significantly enhance American authority to sanction individuals and entities connected to the Cuban government, with the bulk measures representing one of the most significant escalations of U.S. pressure on Cuba in decades. These efforts have already prompted businesses such as hotel operators, shipping companies, and airlines, as well as financial institutions, and service providers to re-assess their exposure to Cuban counterparties at risk of potential penalties in their own right.
Meanwhile, OFAC also continued its high-pressure sanctions campaign against Iran under Operation Economic Fury with a new set of sanctions targeting the country’s digital asset sector, while expanding existing sanctions against known financial facilitators, and sanctions-evasion networks that U.S. officials claim have been used to support Iranian economic activity outside traditional banking channels. Most notably, OFAC designated Nobitex, Iran’s largest digital asset exchange, along with three other Iranian digital asset exchanges1, as crypto has emerged as the vehicle of choice for laundering funds for Tehran over the past several years to skirt existing sanctions. In a press release issued by the Treasury on these developments last week, U.S. Secretary of the Treasury Scott Bessent compounded these developments, stating that with Iran’s economy in free fall, “the regime has chosen to co-opt digital asset technologies for its own corrupt agenda, including evading sanctions and transferring wealth out of the country.”1 All told, the latest Iranian designations reflect an increasing focus on alternative financial systems for circumventing sanctions to fund illicit activity, and underscore the Treasury’s growing efforts to prevent sanctioned entities from leveraging varying avenues to infiltrate global markets.
When taken together, the actions announced last week demonstrate a broader trend in sanctions enforcement. The United States government appears to no longer be focused strictly on traditional banking and wire transfers, but instead, modern sanctions programs are increasingly targeting more complex networks of individuals, companies and digital platforms, as well as the entire infrastructure of illicit operations ranging from intermediaries to suppliers to distributors and service providers that may operate far outside traditional financial channels to better thwart destabilizing activity bred from sanctions evasion. For many financial organizations attempting to maintain their regulatory requirements however, this reality has created a critical compliance challenge.
For decades, sanctions compliance has largely been viewed as solely a banking responsibility. Financial institutions have invested heavily in sanctions screening programs to help facilitate payments and process international transactions, all while operating under intense regulatory oversight. In today’s financial environment however, that perspective is becoming increasingly outdated. Every financial institution must maintain information about the entities with which it does business. Regardless of whether this information is maintained within a customer relationship management (CRM) platform, enterprise resource planning (ERP) system, vendor management solution, partner onboarding platform, or one of the countless other business applications seen today, these records effectively represent the starting point of commercial relationships. This is also where sanctions risk often first appears. Historically, many organizations have relied on financial institutions to identify sanctions concerns when payments were initiated. However, by the time a transaction reaches a bank, a business relationship may already be well established. The question organizations must now ask is not whether a bank will adequately identify a sanctions issue, but whether the organization can identify that issue before resources are committed and compliance exposure is created.
The above-mentioned sanction on Cuban entities provides a prime example. A company may have existing customers, suppliers, distributors, consultants, etc. with ties to newly designated entities. Without ongoing screening and monitoring within a CRM platform, those relationships may remain undetected until a transaction is halted, a payment is rejected, or regulators begin asking questions. Similarly, the latest Iran-related designations demonstrate how sanctions risks continue to evolve into industries that historically paid little attention to sanctions compliance. Technology firms, software providers, logistics companies, manufacturers, professional services organizations, and digital platform operators can all encounter sanctioned parties through normal business operations.
A new prospect enters a CRM system. A supplier is onboarded through a procurement platform. A reseller is added to a partner management portal. A contractor is entered into a vendor database. In many cases across CRM systems, procurement platforms and the like, client records are created and approved without any sanctions review occurring at the point of entry. Having such a gap can create significant operational and regulatory risk for all parties involved. If a sanctioned individual or entity is identified only after services have been completed, organizations can face costly remediation efforts, reputational damage, and potential enforcement actions, this in addition to significant alterations in their day-to-day operations.
As sanctions programs continue to expand in both scope and complexity, financial organizations are increasingly recognizing that sanctions screening should occur at the beginning of the business relationship lifecycle – not solely at the point of payment. This shift is driving greater demand for sanctions screening capabilities integrated directly into the business applications where third-party relationships are established and managed. Rather than treating sanctions compliance as a downstream financial control, businesses are beginning to view it as an upstream risk-management function that should rightfully be embedded within customer onboarding, vendor approval, partner management, supplier qualification, and account creation workflows.
In today’s regulatory environment, the question becomes how equipped is your organization to handle a sanctioned customer, vendor, supplier, partner, or contractor entering your business system before developing into a major problem? For a growing number of companies, the answer to that question is reshaping how sanctions compliance is managed and where sanctions screening takes place.
Citations
1. U.S. Department of the Treasury. Economic Fury Targets Iran’s Largest Digital Asset Exchange for Terror Finance and Sanctions Evasion. Press Release SB0521. Published June 2, 2026.
2. U.S. Department of State. Sanctions on Cuban Actors Responsible for Subversive Anti-American Activities: Fact Sheet. Office of the Spokesperson. Published June 4, 2026.