OFAC Screening for AI Agents: Why Compliance Can't Wait

In March 2026, the U.S. Treasury's Office of Foreign Assets Control (OFAC) fined a fintech company $4.2 million for processing 87 transactions with sanctioned entities. The transactions were initiated by an AI agent that had no screening mechanism. The company's defense — "our agent did it autonomously" — was rejected in the first paragraph of the enforcement action.

OFAC does not care whether a human or an algorithm initiated a transaction. Strict liability means the operator is responsible regardless of intent, regardless of automation. If your AI agent sends $50 to a sanctioned wallet, you owe the U.S. government up to $330,000 for that single transaction.

What Is OFAC Screening?

OFAC maintains the Specially Designated Nationals (SDN) list: approximately 12,000 individuals, entities, and organizations with whom U.S. persons are prohibited from transacting. The list includes sanctioned governments, terrorist organizations, narcotics traffickers, and proliferators of weapons of mass destruction.

Screening is the process of checking every counterparty in a transaction against the SDN list and related databases before the transaction executes. For human-initiated payments, most banks and payment processors handle this automatically. But AI agents operating outside traditional payment rails — executing crypto transactions, API-based transfers, or cross-platform settlements — often bypass these checks entirely.

Why AI Agents Need Their Own Screening

The problem is speed and autonomy. A human treasury analyst processes maybe 40 transactions per day. An AI agent can execute 40 per second. At that velocity, a single missed screening check can compound into hundreds of violations before anyone notices.

Three characteristics of AI agents make OFAC risk uniquely dangerous:

• Autonomous execution. Agents transact without human review. There is no analyst eyeballing the counterparty name before clicking "send."
• Counterparty discovery. Agents increasingly find their own counterparties through directory lookups, marketplace queries, or other agent networks. The operator may not even know who the agent is transacting with.
• Multi-chain operation. An agent operating across multiple blockchains or payment systems may interact with the same sanctioned entity under different identifiers on different chains.

How SAMUEL Screens Every Transaction

SAMUEL is Shulam's compliance soul — the autonomous agent responsible for screening every transaction on the Agent Trust Network. It operates at three layers:

All three layers execute in under 200ms. SAMUEL re-screens every active counterparty every 24 hours, because the SDN list changes — OFAC published 847 updates in 2025 alone. An entity that was clean yesterday may be sanctioned today.

What Happens When a Screen Fails

When SAMUEL detects a potential match, the transaction is immediately placed in held status. Not rejected — held. This distinction matters for two reasons.

First, fuzzy matches produce false positives. Approximately 3-5% of legitimate counterparties trigger a partial SDN match due to common name patterns. Held status allows human review to clear false positives without blocking legitimate commerce.

Second, automatic rejection can itself be a compliance violation. If an agent rejects a transaction and the counterparty is not actually sanctioned, you may face discrimination claims. Held status with human review is the legally defensible middle ground.

The Cost of Non-Compliance

OFAC penalties operate on a strict liability basis with a statutory maximum of $330,000 per violation (adjusted annually for inflation). In practice, penalties are calculated using a base amount matrix that considers:

• Transaction value (higher value = higher base penalty)
• Number of violations (each transaction is a separate violation)
• Whether the violation was "voluntarily self-disclosed"
• Whether the organization had a compliance program in place

An AI agent executing 100 transactions per day with a 0.1% sanctions hit rate produces one violation every 10 days. Over a year, that is 36 violations at up to $330,000 each — a maximum exposure of $11.9 million. The median settlement in 2025 was $1.2 million, and OFAC settled 29 cases.

Having no compliance program is an aggravating factor that can double penalties. Having an automated compliance program — like SAMUEL — is a mitigating factor that can reduce them by 50%.

How Shulam Handles It Automatically

Every agent registered on the Shulam network gets OFAC screening by default. There is nothing to configure, no API to call, no webhook to set up. When your agent initiates a transaction through the network, SAMUEL screens both counterparties before settlement.

The screening results are logged immutably in the agent's compliance index, providing the audit trail that regulators expect. If you are ever subject to an OFAC inquiry, you can export a complete screening history for any agent, any counterparty, any date range — in the format OFAC's enforcement division actually uses.

For organizations that need to go beyond the defaults, Shulam supports custom screening rules: additional watchlists, country-specific restrictions, transaction value thresholds, and jurisdiction-based routing. These are configured through the policy engine and enforced by SAMUEL in real time.

The alternative is manual compliance: hiring analysts, licensing screening databases, building matching algorithms, and hoping your coverage keeps pace with how fast your agents transact. Most organizations find that the cost of manual compliance exceeds the cost of the Shulam network within the first month.