The Finding of Violation (FOV) is one of five formal administrative responses available to the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) when it concludes that a U.S. person, entity, or foreign party subject to its jurisdiction has breached a sanctions regulation. Its legal foundation rests in the Economic Sanctions Enforcement Guidelines codified at 31 C.F.R. Part 501, Appendix A, issued in final form on November 9, 2009 pursuant to authorities including the International Emergency Economic Powers Act (IEEPA, 50 U.S.C. §§ 1701–1708), the Trading with the Enemy Act (50 U.S.C. App. §§ 1–44), and program-specific statutes such as the Cuban Liberty and Democratic Solidarity Act and the Iran Threat Reduction Act. The FOV occupies the middle rung of OFAC's enforcement ladder, sitting above a "No Action Letter" and a "Cautionary Letter" but below a "Civil Monetary Penalty" (CMP) and a criminal referral to the Department of Justice.
Procedurally, an OFAC enforcement matter typically begins with a tip, a blocked-property report under 31 C.F.R. § 501.603, a voluntary self-disclosure (VSD) under § 501.604, or detection through interagency channels such as FinCEN Suspicious Activity Reports or Customs and Border Protection referrals. OFAC's Enforcement Division opens an investigation, issues an administrative subpoena under 31 C.F.R. § 501.602 (the so-called "602 letter") demanding documents, transaction records, and compliance materials, and may interview officers. After analysis under the General Factors Affecting Administrative Action set out in Section III of the Enforcement Guidelines—eleven factors including willfulness, awareness, harm to sanctions program objectives, individual characteristics, compliance program, remedial response, and cooperation—OFAC issues a Pre-Penalty Notice if it contemplates a CMP, or proceeds directly to one of the lesser responses. The FOV is issued as a written determination, signed by the Director or a delegated official, stating that a violation occurred but that the circumstances do not warrant a monetary penalty.
The FOV is significant precisely because it is a public, on-the-record agency conclusion of unlawful conduct without imposing a fine. OFAC publishes FOVs on its Recent Actions webpage, naming the violator, summarizing the apparent violations, and identifying the sanctions program implicated—Cuba (31 C.F.R. Part 515), Iran (Part 560), Russia/Ukraine-related (Part 589), Specially Designated Nationals provisions (Part 594), and others. The Guidelines specify at Section V.A that an FOV is appropriate where the conduct constitutes a violation but characteristics such as the absence of willfulness, the existence of a robust compliance program, prompt voluntary disclosure, and substantial remediation make a monetary penalty inappropriate. The notice typically describes statistical aggravating and mitigating factors and, in many cases, references commitments the company has made to enhance its sanctions compliance program in line with OFAC's May 2, 2019 "Framework for OFAC Compliance Commitments."
Recent examples illustrate the instrument's contemporary use. On January 21, 2022, OFAC issued an FOV to Airbnb Payments, Inc. for processing payments related to Cuba travel that, while authorized under General License authority for certain categories, fell outside permitted bounds for non-U.S. guests. On December 8, 2022, Payoneer Inc. received a Finding of Violation concerning apparent breaches of multiple sanctions programs—Crimea, Iran, Syria, and Sudan—where mitigating factors precluded a CMP. The Federal Reserve Bank of New York, the New York State Department of Financial Services, and OFAC have at times issued parallel actions; in OFAC matters involving major banks such as BNP Paribas (2014) or Standard Chartered (2019), the agency selected CMPs rather than FOVs, demonstrating the gradient. FOVs are signed out of OFAC's offices at the Treasury Annex on Pennsylvania Avenue in Washington, D.C., under the authority of the Director (Bradley T. Smith as of 2024).
The FOV must be distinguished from adjacent enforcement responses. A Cautionary Letter states that OFAC has reason to believe a violation may have occurred but does not make a formal finding; it carries no public naming and creates no formal record of violation. A Civil Monetary Penalty, by contrast, is assessed under the maximum penalty calculations of IEEPA (currently adjusted for inflation to approximately $377,700 per violation or twice the transaction value as of 2024 figures) and follows the Pre-Penalty Notice procedure of 31 C.F.R. § 501.706. A settlement agreement resolves a CMP matter through negotiation, often at a significant discount from the statutory maximum. A criminal referral, finally, proceeds under 18 U.S.C. § 371 conspiracy or IEEPA's criminal provisions at 50 U.S.C. § 1705(c) carrying up to 20 years' imprisonment, handled by DOJ's National Security Division Counterintelligence and Export Control Section.
Edge cases and controversies surround the FOV's role in compliance signaling. Critics within the defense bar argue that the FOV permits OFAC to publicly brand a company as a violator without affording the procedural protections that accompany a CMP—particularly the opportunity to contest factual findings in a Pre-Penalty Notice response. There is no formal administrative appeal of an FOV, and judicial review under the Administrative Procedure Act is theoretically available but practically rare. The 2019 Framework, subsequent guidance on instant payment systems (October 2023), and the post-February 2022 expansion of Russia-related enforcement have increased FOV frequency. Recipients face collateral consequences in correspondent banking relationships, government contracting under FAR 52.209-5 representations, and EU "blocking statute" interactions.
For the working practitioner, the FOV functions as both a deterrent and a diagnostic. Counsel advising clients on voluntary self-disclosures must weigh the probability that thorough cooperation, robust remediation, and a credible compliance program will steer OFAC toward an FOV rather than a CMP—a calculation that materially affects disclosure strategy. Sanctions compliance officers treat published FOVs as authoritative red-flag typologies, mining them for indicators relevant to their own screening, geolocation, and ownership-aggregation controls under the 50 Percent Rule. The FOV thus serves as the agency's principal mechanism for converting individual enforcement matters into industry-wide compliance learning without the proportionality concerns that attach to monetary penalties.
Example
On December 8, 2022, OFAC issued a Finding of Violation to Payoneer Inc. for apparent breaches of Crimea, Iran, Syria, and Sudan sanctions programs, citing mitigating compliance factors that precluded a civil monetary penalty.