Entity Configuration & Programme Self-Assessment
Configuration
OFAC Five Essential Components — Rate Each Dimension (0–4)
Rate your programme's implementation of each OFAC framework dimension. Scale: 0 = Not in place · 1 = Planning / drafting · 2 = Partially implemented · 3 = Implemented · 4 = Implemented, tested & documented. Regime-specific questions (OFSI / EU) appear after the core five components where applicable.
C1
Management Commitment
OFAC Framework §I · A Culture of Compliance
Senior leadership (board / C-suite) has formally approved the sanctions compliance programme and policies
OFAC Framework §I.A · OFSI Guidance Ch.2
A dedicated Sanctions Compliance Officer (or equivalent) with sufficient authority, independence, and resources is designated
OFAC Framework §I.B · OFSI Guidance Ch.2.4
Sanctions compliance is a standing agenda item at board, risk committee, or equivalent governance body
OFAC Framework §I.C
Adequate budget, technology, and staffing resources are allocated proportionate to the institution's sanctions risk profile
OFAC Framework §I.D
A zero-tolerance culture for sanctions violations is actively promoted; personnel who raise concerns are protected from retaliation
OFAC Framework §I.E
C2
Risk Assessment
OFAC Framework §II · Tailored, Risk-Based Programme
A documented sanctions risk assessment is in place covering all business lines, products, customer types, and geographies
OFAC Framework §II.A · OFSI Guidance Ch.3
The risk assessment is reviewed and updated at least annually and on material changes to the business, sanctions regimes, or regulatory guidance
OFAC Framework §II.B
Geographic risk is formally assessed — exposure to sanctioned or high-risk jurisdictions is quantified by business line and product
OFAC Framework §II.C · OFSI Guidance Ch.3.2
Customer sanctions risk is assessed at onboarding (ownership and control assessed for legal entities) and updated on material triggers
OFAC Framework §II.D · OFSI 50% Rule · EU Art.8
Products and services are assessed for inherent sanctions risk (e.g., correspondent banking, trade finance, crypto, wire transfers) and controls are proportionate
OFAC Framework §II.E
C3
Internal Controls
OFAC Framework §III · Policies, Procedures & Screening
Written sanctions policy and procedures are approved, current, and accessible to all relevant personnel
OFAC Framework §III.A · OFSI Guidance Ch.4
Automated screening systems cover all required sanctions lists for applicable regimes; list update latency is within regulatory expectation (OFAC: same business day)
OFAC Framework §III.B · OFSI Guidance Ch.4.3
Escalation, alert-triage, and decision-making procedures are documented and applied consistently; alerts reviewed by appropriately qualified personnel
OFAC Framework §III.C
New product / new market / new correspondent banking approval process includes a sanctions risk assessment gate
OFAC Framework §III.D
Blocked / rejected transaction procedures are in place; assets are blocked in accordance with regulatory requirements; regulators notified within required timeframes
OFAC Framework §III.E · OFSI Guidance Ch.5 · EU Reg Art.5
C4
Testing and Auditing
OFAC Framework §IV · Regular Programme Testing
Independent testing / internal audit of the sanctions programme is conducted at least annually by qualified personnel independent of the compliance function
OFAC Framework §IV.A · OFSI Guidance Ch.6
Transaction testing (lookback reviews, sampling of alerts and closures) is conducted to assess the effectiveness of screening and escalation controls
OFAC Framework §IV.B
Screening system effectiveness is formally tested — false positive rate measured, false negative risk assessed via name-matching tuning analysis
OFAC Framework §IV.C
Audit findings are tracked to closure with management accountability; repeat findings are escalated to senior management and board
OFAC Framework §IV.D
Any regulatory examination, external review, or enforcement findings relating to sanctions have been fully addressed with documented remediation
OFAC Framework §IV.E
C5
Training
OFAC Framework §V · Sanctions Training Programme
A comprehensive sanctions training programme exists covering all relevant staff — general awareness, and enhanced training for compliance and high-risk functions
OFAC Framework §V.A · OFSI Guidance Ch.7
Training is role-based — scenario-specific training delivered to: customer-facing staff, payments operations, correspondent banking, trade finance, and compliance teams
OFAC Framework §V.B
Training completion is tracked and mandatory; training records are maintained and available for regulatory examination
OFAC Framework §V.C
Training content is updated promptly on material changes to sanctions regimes, regulatory guidance, or company policy
OFAC Framework §V.D
Training effectiveness is assessed — knowledge tests, scenario exercises, or equivalent. Results tracked and used to improve training content
OFAC Framework §V.E
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Educational Use Only
This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.
Sanctions Programme Health Report
Programme Health Score — OFAC Five Components
Gap Analysis
Screening Coverage Audit
Regime-Specific Guidance
Voluntary Self-Disclosure (VSD) Readiness Checklist