OFAC Settles Violations Of Sanctions Involving Prohibited Securities Trading

On March 17, 2026, the Office of Foreign Assets Control (“OFAC”) settled a claim against TradeStation Securities, Inc. (“TradeStation”), a Florida-headquartered brokerage firm that operates online securities trading platforms, for $1,110,661.

The civil liability claim was for 481 apparent violations of multiple sanctions programs that occurred from June 21, 2021, to June 15, 2022. The claims resulted from the company’s provision of investment services to customers located in Iran, Syria, and the Crimea region of Ukraine following a series of compliance control failures, enabling those customers to execute prohibited securities-related transactions. The processing of the trades resulted in apparent violation of § 560.204 of the Iranian Transaction and Sanctions Regulations, 31 C.F.R. part 560, § 542.207 of the Syrian Sanctions Regulations, 31 C.F.R. part 542, and § 589.207 of the Ukraine-/Russia-Related Sanctions Regulations, 31 C.F.R. part 589.

What Happened

TradeStation had a robust onboarding process that screened against OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”) and it rescreens its existing customers against the SDN List on a daily basis. as well as ensuring that each prospective customer’s primary residence is not in a sanctioned jurisdiction.

It also uses geo-blocking technology to verify the location of its users to prevent access to TradeStation’s platforms from sanctioned jurisdictions. A key element of this system was a firewall designed to deny users with IP addresses associated with sanctioned jurisdictions. TradeStation also ran a separate third-party IP address verification tool that acted as a second layer of defense by authenticating a user’s IP address upon login to TradeStation’s web-based and mobile platforms; this tool denied access based on location.

To improve its compliance program, TradeStation implemented new software, but this effort inadvertently made its second-tier software ineffective. Compounding the problem, one of its employees failed to reenable the initial geo-blocking software after disabling it to install a software update from TradeStation’s cloud service provider. Worsening the situation, TradeStation’s automated testing tool failed, resulting in there being no effective testing mechanism in place to ensure that its IP geo-blocking controls were functioning as intended at the time the 481 apparent violations occurred.

Self-Disclosure and Prompt Remediation Pays Off

The total value of the trades was $4,442,645, but under OFAC’s Economic Sanctions Enforcement Guidelines (“Guidelines”) OFAC determined that the base penalty applicable in this case was $2,221,322. However, the final penalty of $1,110,661 reflects OFAC’s consideration under the Guidelines that TradeStation discovered and reported the violations and took significant remedial steps after discovering the apparent violations, including by implementing numerous new technical controls and solutions to ensure that any future failures of its IP geo-blocking mechanisms or OFAC-related alert functions could be quickly identified. OFAC also found that TradeStation received less than $2,000 in revenue from the transactions.

Takeaway

OFAC emphasizes the importance of regular testing and auditing to ensure sanctions compliance controls are effectively mitigating risk and preventing sanctions violations. The most well-designed sanctions compliance program can be rendered wholly ineffectual by human and technical errors. The clear takeaway is that comprehensive, independent, and objective testing and auditing can help catch problems early and provide opportunities for remediation, thereby limiting risks of violating sanctions and avoiding significant financial penalties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.