How to Build an OFAC Compliance Program for AI Agents

A practical framework for building a documented OFAC compliance program that covers autonomous agents and satisfies regulatory expectations.

OFAC expects every US person deploying an agent that moves money to have a compliance program. Here is the minimum viable program.

Step 1: Risk assessment

Document what your agent does, what counterparties it interacts with, what jurisdictions it touches, and the maximum transaction value. A one-page risk assessment is enough to start.

Step 2: Internal controls

Implement pre-payment screening (agentmail handles this), set transaction limits, and establish a manual review process for flagged transactions. Document every control.

Step 3: Testing and audit

Test your screening weekly with known sanctioned wallets. Review audit logs monthly. agentmail paid plans include automated audit logging with CSV export.

Step 4: Training

Ensure everyone who deploys or manages agents understands OFAC strict liability. A 30-minute training session is sufficient for most teams.

Step 5: Response plan

Document what happens when a sanctions hit occurs. Who gets notified? Who reviews the match? What evidence is preserved? OFAC considers response plans as a mitigating factor.

Start screening in 30 seconds

Free tier, 5 checks/day. No API key required.

Try the free checker  See pricing