Frequently Asked Questions

439. Does 31 CFR § 560.540 of the Iranian Transactions and Sanctions Regulations (ITSR) authorize the export of bundled software that includes both software authorized by § 560.540 and software that is not authorized by § 560.540?

No. To qualify for 31 CFR § 560.540 , all individual software items in a bundled package must fall within one of the 31 CFR § 560.540 authorizations. If some software in a bundled package is authorized by 31 CFR § 560.540 but other software is not, the portion of the software falling outside the… Read more

440. 31 CFR § 560.540 of the Iranian Transactions and Sanctions Regulations (ITSR) authorize the exportation to Iran of fee-based desktop publishing software and productivity software suites used to publish documents, presentations, spreadsheets, charts, music, movies, and digital images?

Yes. Fee-based desktop publishing software and productivity software suites have been determined to fall within the scope of fee-based software that enables services incident to the exchange of communications as described in 31 CFR § 560.540(a)(2) , provided that the software meets the additional… Read more

441. Does 31 CFR § 560.540 of the Iranian Transactions and Sanctions Regulations (ITSR) authorize the provision of fee-based cloud computing services to Iran?

Yes. Section 560.540(a)(1) of the ITSR authorizes the provision to Iran of fee-based cloud computing services that support the exchange of communications over the internet. In addition, paragraph (a)(2)(i) of 31 CFR § 560.540 authorizes the provision to Iran of software that is incident to, or… Read more

442. For purposes of category (5) of the 31 CFR § 560.540 List of Services, Software, and Hardware Incident to Communications, what would be considered “software required for effective consumer use” of personal computing devices, laptops, and tablets?

“Software required for effective consumer use” consists of software essential to the operation of the hardware listed in category (5) of the 31 CFR § 560.540 List of Services, Software, and Hardware Incident to Communications, including, for example, drivers and patches. Operating systems are… Read more

443. What are "residential consumer" satellite terminals and transceiver equipment for the purposes of category (4) of the 31 CFR § 560.540 List of Services, Software, and Hardware Incident to Communications?

Satellite terminals and other equipment listed in category (4) of the 31 CFR § 560.540 List of Services, Software, and Hardware Incident to Communications, shall be deemed “residential consumer” if the equipment is designated EAR99 or classified under ECCN 5A992.c, 5A991.b.2, or 5A991.b.4 or, in… Read more

61. State insurance statutes regulate an insurer's ability to withhold claim payments, cancel policies, or decline to enter into policies. In some cases, insurers must commit an ostensible violation of state insurance regulations to comply with OFAC regulations. Do OFAC regulations preempt state insurance regulations in this context?

Yes. OFAC's regulations under the Trading with the Enemy Act (TWEA) and the International Emergency Economic Powers Act (IEEPA) are based on presidential declarations of national emergency and preempt state insurance regulations. For more information on who must comply with OFAC sanctions, see FAQ… Read more

62. What should an insurer do if an applicant for a policy, or the underlying insured activity, is subject to OFAC sanctions?

Insurance industry participants, including underwriters, brokers, and agents, are responsible for compliance with OFAC sanctions throughout the lifecycle of their involvement with an insurance policy or other product or service. If a U.S. insurer receives an application for a policy from a person… Read more

63. What should an insurer do if it discovers that a policyholder or a named beneficiary is added to OFAC's Specially Designated Nationals and Blocked Persons List (SDN List) or located in a jurisdiction subject to sanctions?

If an existing policyholder or a named beneficiary is blocked by OFAC and the provision of insurance services is not authorized or exempt, then the insurer is required to block the policy or relevant portion of the policy (e.g., the individual's policy under a group health insurance plan), report… Read more

64. If an insurance policy is held by the employer on behalf of its employees, is it permissible for an insurer to maintain the policy if it covers a blocked person on OFAC's Specially Designated Nationals and Blocked Persons List (SDN List), since the insurer is transacting only with the employer and not with the blocked person?

If an insurer has knowledge that a person covered under a group policy, for example a worker's compensation policy, is blocked pursuant to OFAC sanctions, the insurer’s coverage of that person pursuant to the worker's compensation policy is blocked. If a claim is made under the blocked portion of… Read more

65. How frequently is an insurer expected to screen its databases for OFAC compliance?

OFAC may impose civil penalties for sanctions violations based on strict liability, meaning that a person subject to U.S. jurisdiction may be held civilly liable even if such person did not have knowledge that it was engaging in a transaction that was prohibited under sanctions laws and regulations… Read more

Frequently Asked Questions

Office of Terrorism and Financial Intelligence