OFAC sanctions enforcement against Interactive Brokers: Important compliance lessons (also) for Swiss financial institutions

1. Main findings set out in the OFAC enforcement release

In its official enforcement release of 15 July 2025, OFAC concluded that IB had committed 12'367 apparent violations of multiple U.S. sanctions programmes between 2016 and 2024.

These included, notably:

• Provision of brokerage services to customers in comprehensively sanctioned jurisdictions (e.g., Iran, Cuba, Syria and Crimea);
• Processing of fund transfers to blocked Russian banks;
• Dealings in securities issued by sanctioned entities under the Chinese Military-Industrial Complex, Global Magnitsky and Venezuela sanctions regimes;

These breaches were the consequence of compliance failures, including:

• Insufficient IP-based geo-blocking controls, which failed to prevent access to IB's platform from sanctioned territories;
• Uncritical reliance on third-party introducing brokers, in particular in relation to clients from Crimea, without reconciling their representations against objective technical evidence such as IP address data;
• Deficiencies in sanctions screening, margin-related automatic systems and alert escalation procedures, which led to delayed identification of blocked persons and unauthorised trading activity.

The full text of the OFAC's enforcement release is available here.

2. What concrete lessons for Swiss financial institutions?

• ​​​​Geo-blocking and IP controls

OFAC finding: A core failure in the IB case was the prolonged inability to prevent users from accessing its trading platform from sanctioned jurisdictions (Iran, Cuba, Syria, Crimea) due to gaps in IP geo-blocking systems.

Lesson for Swiss financial institutions: For Swiss institutions operating globally accessible digital services or e-banking (in particular those allowing the users to input payment or transaction instructions), this underlines the importance of maintaining technically robust and dynamically updated geo-blocking systems, capable of identifying and excluding high-risk jurisdictions based on IP data and access patterns. These measures should be subject to periodic internal testing and review.

• Oversight of client introducers

OFAC finding: IB relied on representations from third-party introducing brokers to avoid onboarding clients from sanctioned jurisdictions, but failed to verify those representations. This contributed to violations and was part of OFAC's assessment of inadequate internal controls.

Lesson for Swiss financial institutions: Similarly to the U.S. approach, in Switzerland, primary accountability always remains with the financial institution. This means that where client onboarding is delegated to third-party introducers (e.g., an external asset manager), Swiss financial institutions must implement substantive oversight and verification procedures. Even in the absence of delegation, any representations provided by such third-party introducers should be challenged and verified on a risk-based approach by requesting underlying evidence or cross-checking with internal or technical data.

• Extension of sanctions screening to instruments and operational systems

OFAC finding: IB's automatic trade execution systems processed trades involving securities of sanctioned issuers due to lack of sanctions screening and analysis in the trading engine. OFAC treated this as a compliance design failure.

Lesson for Swiss financial institutions: Swiss financial institutions should ensure that sanctions controls are embedded not only in client-level screening, but also in (a) instrument-level controls, including screening of issuers, ownership structures and real-time list updates, as well as (b) counterparty or intermediary screening.

• Escalation delays and resource constraints

OFAC finding: At IB, it appeared that multiple alerts involving blocked persons were missed or delayed due to insufficient staffing and lack of escalation procedures. OFAC expressly considered this as an aggravating factor, especially given IB's global scale and sophistication.

Lesson for Swiss financial institutions: Swiss supervisory practice similarly places emphasis on the availability and responsiveness of the relevant compliance or specialist function responsible for sanctions screening. Swiss institutions should ensure that sanctions alerts are reviewed and escalated in a timely manner, supported by sufficient staffing and internal procedures adapted to the complexity of their business model. Institutions cannot rely on the absence of intent to mitigate the consequences of unresolved red flags.

3. Conclusion

This enforcement action is, in our view, noteworthy for the following reasons:

Firstly, it provides some clarity on OFAC's compliance expectations, setting standards that shape regulatory approaches for U.S. institutions, but also beyond. In our experience, regulatory authorities in other countries sometimes look to OFAC's interpretation and enforcement of U.S. sanctions laws when developing and applying their own frameworks.

Secondly, this enforcement action shows the importance of an adequately designed sanctions compliance program that is tailored to mitigate the risks of violations of sanctions laws. In a nutshell, the following are some of the key aspects to be taken into account:

• Each financial institution should assess the sanctions risk presented by particular service offerings and business lines. Controls should address the particular sanctions risk presented by the business, which may include appropriate, risk-based calibration of sanctions screening protocols and geo-blocking controls.
• This enforcement action highlights the importance of both technical measures and robust governance practices, including third-party risk management, resource allocation, and clearly defined escalation procedures.
• Financial institutions utilizing real-time, automated systems to manage large volumes of transactional activity should ensure that their compliance framework takes into account the specificities of this activity. As regards more specifically Switzerland, this is particularly the case as regards the "instant payment" functionality which is gradually being deployed within the Swiss financial sector.

Thirdly, this enforcement action should be read in light of the risks faced by Swiss financial institutions regarding U.S. sanction compliance, even for those that operate entirely outside the U.S. jurisdiction. Connection to the U.S. (whether through USD currency, U.S. financial institutions, custodians, or the involvement of individuals on the OFAC SDN List) could create exposure to U.S. enforcement under the primary and the recently expanded secondary sanctions regime. In this context, recent regulatory developments have shown that U.S. authorities seem to place a special emphasis on the prosecution of breaches of U.S. regulations by non-U.S. institutions.

Finally, this enforcement action highlights the importance of proactively initiating internal sanctions compliance reviews to identify and remedy potential compliance deficiencies. In this case, IB implemented a number of remedial measures, including an extensive (and expensive) ex post audit. These efforts were ultimately considered a mitigating factor in the determination of the fine.

A regular preemptive review and assessment would likely have been significantly more cost-effective. In addition, in our experience, the conduct of such a review can be a critically important element in discussions with regulators, in order to demonstrate that isolated incidents are not indicia of systemic compliance failures.

Please do not hesitate to contact us in case of any questions.

You may reach out to your usual contact at our firm or direct any sanction-specific queries to our dedicated task force at sanctions@clutterlenzstaehelin.com.

You will find a summary of some of the recent work conducted by our sanctions task force – including advice on sanctions compliance, assistance with the review and implementation of internal policies and procedures, support with monitoring regulatory developments and guidance across sectors such as trading, shipping, industrial and luxury goods, as well as our involvement in internal audits and reviews aimed at helping clients assess and strengthen their sanctions compliance frameworks – in a two-page document available here.

Legal Note: The information contained in this Smart Insight newsletter is of general nature and does not constitute legal advice.