Historic First: OFAC Fines Brokerage Firm $11.8 Million in Landmark Sanctions Enforcement Action
- Erika Trujillo
- 10 hours ago
- 6 min read
August 11, 2025 - 5 min read

A recent OFAC enforcement action marks a significant milestone in U.S. sanctions compliance, as the Office of Foreign Assets Control (OFAC) has imposed an 11.8 million penalty on Interactive Brokers LLC (from now on IB), making it the first brokerage firm ever to be fined for violating US sanctions violations. The Connecticut−based global electronic broker−dealer agreed to pay $ 11,832,136 to settle its potential civil liability for more than 12,000 apparent violations spanning multiple U.S. sanctions programs between July 2016 and January 2024.
A Historic Enforcement Milestone
The July 15, 2025 settlement with IB represents a crucial moment in OFAC enforcement history, as never before has OFAC targeted a brokerage firm with such a substantial penalty. This establishes new precedent for how financial intermediaries must approach sanctions compliance in the digital age.
IB serves millions of customers worldwide through its online platform, operates across more than 150 electronic exchanges and market centers globally.
The settlement amount of nearly $12 million, while substantial, already reflects OFAC's recognition that the violations were non-egregious and voluntarily self-disclosed by the company. According to the enforcement release, the penalty also takes into account "the significant remedial measures IB implemented upon discovery of the apparent violations and the substantial cooperation IB provided over the course of an extensive, multi-year OFAC investigation."
This enforcement action comes at a time when OFAC is demonstrating unprecedented activity in sanctions enforcement across multiple sectors. The agency's willingness to pursue a major brokerage firm signals its intent to ensure comprehensive compliance across all segments of the financial services industry, not just traditional banking institutions.
The Scope of Violations
The IB case is particularly notable for its scale, encompassing violations across multiple OFAC sanctions programs. The 12,367 apparent violations identified by OFAC span several distinct categories, each highlighting different aspects of sanctions compliance failures in digital financial platforms.
Services to Comprehensively Sanctioned Jurisdictions
The most significant category of violations involved IB provision of brokerage and investment services to customers located in Iran, Cuba, Syria, and the Crimea region of Ukraine. From July 2016 to July 2021, the firm provided services to more than 200 accountholders in these comprehensively sanctioned jurisdictions, facilitating nearly 12,000 transactions over the five-year period.
These violations occurred despite the existence of sanctions that have been in place for decades in some cases. The Iranian sanctions, rooted in the Iranian Transactions and Sanctions Regulations (ITSR), have prohibited most commercial dealings with Iran since the 1980s. Similarly, the Cuban embargo, codified in the Cuban Assets Control Regulations (CACR), has restricted business with Cuba for over six decades.
The technical nature of these violations reveals critical gaps in IB’s geographic compliance controls. According to the OFAC enforcement release, customers were identified as being located in sanctioned jurisdictions through observance of Internet Protocol (IP) address data and specific investigation of customer information. This suggests that the firm's initial customer onboarding and ongoing monitoring systems failed to adequately screen for sanctioned jurisdictions.
Blocked Russian Banks and Post-Invasion Sanctions
A separate category of violations emerged following Russia's invasion of Ukraine in February 2022. From February 25, 2022, to October 10, 2022, IB processed 259 customer funds transfers to accounts at blocked Russian banks, constituting apparent violations of Executive Order 14024 and the Russian Harmful Foreign Activities Sanctions Regulations.
These violations are particularly significant because they occurred after the implementation of some of the most comprehensive sanctions ever imposed by the United States. IB’s failure to immediately halt transfers to newly designated Russian banks demonstrates the operational difficulties of implementing real-time sanctions compliance in high-volume, automated trading environments.
Chinese Military-Industrial Complex Sanctions
The enforcement action also addressed violations related to the Chinese Military-Industrial Complex (CMIC) sanctions program, with IB processing securities trades involving entities subject to these restrictions. The CMIC program, established through Executive Orders 13959 and 14032, prohibits U.S. persons from investing in securities of Chinese companies that support China's military-industrial complex.
These violations highlight the complexity of securities-based sanctions compliance, where firms must not only screen counterparties but also continuously monitor the securities themselves for sanctions designations. The dynamic nature of the CMIC list, with entities being added and removed based on evolving assessments of their military connections, creates ongoing compliance challenges for brokerage firms handling Chinese securities.
Transactions with Blocked Persons
Finally, the settlement addressed IB’s processing of transactions involving blocked persons under various OFAC sanctions programs, including Russia, Global Magnitsky, Venezuela, and Syria sanctions. These violations demonstrate the importance of comprehensive customer screening that goes beyond geographic restrictions to include individual and entity-specific designations across multiple sanctions programs.
Root Causes: Technical Failures and System Vulnerabilities
The IB case provides valuable insights into how technical system failures can lead to significant sanctions violations, even in sophisticated financial institutions with global operations. The enforcement release details several specific technical and procedural deficiencies that enabled the violations to occur over an extended period.
IP Geo-Blocking Control Deficiencies
Central to many of the violations were deficiencies in IB’s geo-blocking controls. According to OFAC, a technical bug in the firm's geo-blocking system allowed access by a limited number of customers located in Iran, Cuba, and Syria to IB’s desktop application and mobile application. Critically, the firm failed to adequately audit or test these systems during the violation period, allowing the technical vulnerability to persist undetected.
Incomplete Geographic Coverage
The enforcement action also revealed gaps in IB’s geographic blocking coverage. Prior to May 2019, the firm failed to include Crimea in its IP Blocking List, despite the region being subject to comprehensive sanctions since 2014 following Russia's annexation. Even after adding Crimea to its blocking list in May 2019, the firm failed to include IP addresses linked to the major Crimean city of Sevastopol until June 2021.
Customer Communication Protocol Failures
IB also failed to implement adequate sanctions screening in its Customer Communication Protocol (CCP) system, which executes trades. According to the enforcement release, the CCP system did not incorporate sanctions-related securities screening prior to processing margin-related automatic liquidation orders. This technical gap allowed the firm to process transactions involving securities subject to sanctions restrictions without appropriate screening.
Industry Implications and Compliance Lessons
The IB enforcement action carries significant implications for the broader financial services industry, particularly for firms operating digital trading platforms and providing cross-border financial services. The case establishes important precedents and highlights critical areas where compliance programs must evolve to address modern sanctions enforcement expectations.
Brokerage firms, investment advisors, and other financial intermediaries should expect increased scrutiny of their sanctions compliance programs, particularly those with global customer bases or cross-border operations.
The technical nature of many violations in the IB case also highlights the critical importance of robust technology controls in modern sanctions compliance. Companies, financial and logistical intermediaries must ensure that their compliance systems are integrated into all customer-facing platforms and transaction processing systems, not just traditional account opening and wire transfer processes.
Further it shows that the importance of self-disclosure and cooperation, as OFAC's substantial penalty was after the significant reductions for voluntary self-disclosure and substantial cooperation in the investigation.
Looking Forward
The IB enforcement action provides a roadmap for organizations seeking to strengthen their sanctions compliance programs in light of OFAC's expanding enforcement focus. Organizations should consider implementing several key measures to address the vulnerabilities highlighted in this case.
First, comprehensive technology for internal monitoring and assurance, like SEIA PERCEIVE, are essential. Organizations must regularly ensure that their functional tools and processes are functioning as intended. The technical failures that enabled many of Interactive Brokers' violations could have been prevented through more rigorous and holistic risk assurance.
Second, integration of sanctions screening into all customer-facing and transaction processing systems is critical. Compliance cannot be an afterthought in system design; it must be connected to every platform and process that facilitates customer interactions or transaction processing. This includes mobile applications, desktop platforms, automated trading systems, and customer communication tools.
Finally, dynamic compliance monitoring that reflects the evolving nature of sanctions is necessary. Sanctions lists, geographic restrictions, and sectoral prohibitions change frequently, and compliance systems must be designed to incorporate these changes rapidly and comprehensively.
How SEIA Can Help
For compliance professionals, this enforcement action serves as both a warning and a guide. It illustrates the severe consequences of sanctions compliance failures while also providing a detailed roadmap of the technical and procedural vulnerabilities that must be addressed.
SEIA PERCEIVE empowers organisations with continuous internal monitoring of systems and processes to identify both regulatory and operational gaps, such as failures in other trade compliance systems. SEIA brings together a holistic oversight of business data, and then helps you connect the dots for targeted trade compliance insights and data-driven risk assessments.
To learn more about SEIA and how it can help your organization avoid circumstances like those seen in the IB case, reach out to us today at contact@seiatech.com or book a demo through our website.
The original disclosure document can be found here: https://ofac.treasury.gov/media/934501/download?inline