The rule in plain language
Since August 2014, OFAC has applied the 50% Rule to determine whether an entity is blocked under U.S. sanctions. The rule is straightforward: if one or more persons on the SDN list own, directly or indirectly, 50% or more of an entity in aggregate, that entity is treated as if it were on the SDN list itself.
This means U.S. persons are prohibited from transacting with the entity, even though the entity's name may not appear on any published list. The obligation falls on the screener to identify the ownership relationship.
Strict liability
OFAC violations do not require intent. If you transact with a 50%-owned entity without knowing, the violation still occurred. Having a documented screening program is a mitigating factor — not having one is an aggravating factor.
How aggregate ownership is calculated
OFAC uses two types of ownership for the 50% calculation:
- Direct ownership: SDN Party A owns 55% of Company X. Company X is blocked.
- Indirect ownership: SDN Party A owns 80% of Holding Co, and Holding Co owns 65% of Company X. Effective ownership = 80% × 65% = 52%. Company X is blocked.
- Aggregate ownership: SDN Party A owns 30% and SDN Party B owns 25% of Company X. Aggregate = 55%. Company X is blocked.
All three types can be combined. A company with 20% direct ownership by one SDN entity, plus 35% indirect ownership through a holding structure by another SDN entity, totals 55% and is blocked.
Example: aggregate indirect ownership
OFAC vs. BIS: two rules, one methodology
The OFAC 50% Rule and the BIS 50% / Affiliates Rule use the same ownership threshold and similar calculation logic. The key differences:
- OFAC 50%: Applies to the SDN list. Enforced by Treasury. Violations carry civil penalties up to $356,579 per violation (2024 cap) or criminal penalties up to $1M and 20 years imprisonment.
- BIS 50%: Applies to the Entity List and MEU List. Enforced by Commerce. Violations carry civil penalties up to $364,992 per violation or criminal penalties up to $1M and 20 years.
A single screening system should cover both rules simultaneously. SecurePoint's ownership calculator classifies each hit as either OFAC_50_PERCENT or BIS_AFFILIATE based on which list the sanctioned owner appears on.
What your program needs
- Ownership data sources — ICIJ OffshoreLeaks, SEC 13D filings, Companies House, Open Ownership BODS, and manual entries.
- Multi-hop graph traversal — recursive algorithm that multiplies ownership at each layer and sums all paths from sanctioned entities.
- Aggregate calculation — sum ownership from all SDN/Entity List sources, not just the largest single owner.
- Red flag detection — opaque jurisdictions, unknown ownership percentages, shell company indicators.
- Documented evidence — the full ownership chain, calculation, and disposition decision in an immutable audit log. This is what you show OFAC in an examination.
How SecurePoint handles OFAC 50%
The SecurePoint Screening API runs ownership traversal automatically on every screening call (when enabled in shadow or enforced mode). The traversal uses a Postgres recursive CTE that walks up to 10 hops through the entity_ownership_edges table, multiplying percentages at each layer and aggregating all paths from SDN-listed entities.
In shadow mode (the default), the ownership result is included in the API response but does not affect risk level or blocking. In enforced mode, entities with aggregate sanctioned ownership ≥ 50% are automatically blocked with full audit trail.