Due diligence programs should be tailored to the particular risks encountered by exporters.
As a general matter, companies selling fee-based services, software, or hardware authorized by 31 CFR § 560.540 should undertake reasonable, risk-based measures designed to ensure that they do not export their products to persons whose property and interests in property are blocked pursuant to any sanctions program administered by OFAC, regardless of whether the Government of Iran or other end-user appears on OFAC’s Specially Designated Nationals and Blocked Persons List or any of OFAC's other sanctions lists.
See FAQ 1088 for more information regarding OFAC’s due diligence expectations for cloud-based service or software providers whose services and software support communications tools are authorized by 31 CFR § 560.540.
Date Updated: May 16, 2024