A practical framework for building a documented OFAC compliance program that covers autonomous agents and satisfies regulatory expectations.
OFAC expects every US person deploying an agent that moves money to have a compliance program. Here is the minimum viable program.
Document what your agent does, what counterparties it interacts with, what jurisdictions it touches, and the maximum transaction value. A one-page risk assessment is enough to start.
Implement pre-payment screening (agentmail handles this), set transaction limits, and establish a manual review process for flagged transactions. Document every control.
Test your screening weekly with known sanctioned wallets. Review audit logs monthly. agentmail paid plans include automated audit logging with CSV export.
Ensure everyone who deploys or manages agents understands OFAC strict liability. A 30-minute training session is sufficient for most teams.
Document what happens when a sanctions hit occurs. Who gets notified? Who reviews the match? What evidence is preserved? OFAC considers response plans as a mitigating factor.
Free tier, 5 checks/day. No API key required.
Try the free checker See pricing