OFAC regulations restrict businesses and individuals from conducting any financial transaction with entities on its sanctions list. OFAC compliance can be extremely difficult and time-consuming. Watch the video below as the team from ThreatSTOP explains the importance of automating OFAC compliance.

 

 

 

Steps Involved with OFAC Compliance

OFAC compliance is neither an easy nor intuitive venture. The process requires a great deal of research that must be updated as often as possible. Automating OFAC compliance through a company like ThreatSTOP is the easiest way to ensure you will always have safe and legal transactions.

 

Collecting Threat Intelligence

Complying with OFAC starts with collecting threat intelligence. This intelligence comes from a variety of places. This can come from proprietary feeds from vendors, government-enabled feeds, event logs, and private research from universities or other private entities.

 

Checking for Errors

There may be errors in the collection of threat intelligence. Sometimes, a CTI system turns off your most important customers. You must enable a list of customers who will not be blocked. Reviewing your intelligence collection must be done from both a human and a machine point-of-view. While some of the filtering and blocking are automatic, it also requires human intervention.

 

Keeping Up With the Department of Treasury

The Department of Treasury offers weekly updates that need to be observed and implemented. Those managing the CTI must read through these documents to inform their threat intelligence database. The database must be regularly enriched with this information, which sometimes requires translation from different languages. ThreatSTOP does this automatically.

 

Customizing Policies

Businesses and individuals should customize their CTI policy. Each business may have different constraints based on its location.

Automated OFAC through solutions like ThreatSTOP provides organizations with numerous advantages. Automated compliance ensures your business will remain safe while freeing you up to focus on other parts of your business. Are you interested in learning more? Contact ThreatSTOP today.

Get a Demo

 

Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 

 

Video Transcript
0:05 Intro
0:15 Steps to automate
1:53 Gathering data
2:33 Research & enrich
3:02 Policy customization by the user
3:45 Enforcement & Reporting
0:05 Intro
Well, let's take a look at the steps in automating because we've glossed over a lot of the details, and we're going to tell you the details.

0:15 Steps to automate
This slide shows a simplified version of what's all going on. You're collecting threat intelligence over on the left. That comes from a variety of different places; there are proprietary feeds from vendors such as Fiveby, Crowdstrike, there's government enabled feeds, so homeland security has a feed that you may be eligible for, there's the event logs feeding back from the end of this, private researchers, universities; there's a lot of that information, but that information is pretty raw. 

What you really need to do, as shown in the next two steps, is you need to make sure that there's no errors in that information. You want to make sure that perhaps if it isn't turning off the 100 most important customers that you have, so you're enabling a white list so that there's no false positives that can hurt you here, and then you need to filter that information, both from a human point of view and a machine point of view. Some of it's automatic, some of it’s judgment calls, some of it requires human intervention. You customize the policy that you want

If you're operating out of the U.S., you have one set of constraints. If you're operating out of Australia, there's a different one, there's different rules that you have to follow. Last, there's distributing the results in a timely way to all the different network enforcement devices. 

1:53 Gathering data
Gathering the data, the Department of the Treasury has weekly updates about OFAC restrictions. You can also go and look up, for example, if you were told to block Huawei. Well, there's their office in Santiago, Chile you have to worry about, not just Continental China. There's Fiveby’s threat intelligence, and there's documents that you actually have to go read in order to inform your threat intelligence database. So all of this information is pretty complicated. 

2:33 Research & enrich
Then you need to go enrich that information with online information that you get, perhaps in different languages, take a look at the autonomous systems, and basically the routing information, and who owns what networks where in order to get a comprehensive set of sanctions enforcement.

3:02 Policy customization by user
A lot of this has to do with routing and BGP and so forth, and we do that all in an automatic way. You, the customer, get to decide which sanctions you want enforced, OFAC, ITAR, geographic. Sometimes you want to have your own personal sanctions for your business. If what you do is sell peach pies in Georgia, and it's Georgia that's a state in the U.S., you might not care to take orders from outside the country. So you might want to protect your website and just say, I'm only going to talk to entities in the U.S. You get to decide. Different offices can have different rules if that's appropriate. You could have your own white list and blacklist that are added to our customized data.

3:45 Enforcement & Reporting
Lastly, you take a look at where you want the threat intelligence distributed and take a look at the results. Again, all of this is done in your near real-time way.