On July 15, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced a settlement agreement with Interactive Brokers LLC (“Interactive Brokers”) violations of multiple U.S. sanctions programs. OFAC identified 12,367 apparent violations from programs including OFAC’s Russia, Venezuela, Syria, and Global Magnitsky sanctions programs, as well as the Chinese Military-Industrial Complex program. As part of this agreement, Interactive Brokers agreed to pay $11,832,136 to settle its potential civil liability, reduced from a potential liability of nearly $5 billion. Despite the significant number of violations, OFAC ultimately determined that they were non-egregious. Furthermore, Interactive Brokers voluntarily disclosed the violations and offered substantial cooperation over the course of the multi-year investigation.
In addition to the various other compliance lessons discussed below, this settlement agreement once again highlights the benefits of a voluntary self-disclosure following a quality internal investigation. By disclosing the violations and working closely with OFAC, Interactive Brokers was able to escape with a relatively limited penalty. While nearly $12,000,000 is certainly not pocket change, the company was facing a maximum penalty of nearly $5 billion dollars considering the number of violations it identified. In that vein, it’s quite a discount. Regardless, this case shows that OFAC continues to be active in prioritizing sanctions compliance during the Trump Administration.
Overview of the Interactive Brokers Enforcement Action
Interactive Brokers is a U.S.-based online brokerage firm that provides execution, clearance, and settlement of trades for both individual and institutional investors on its online platform. The company operates across the globe on over 150 exchanges and market centers, though generally clears all trades in the United States. To supplement this business, Interactive Brokers also offers a variety of financial products to its customer base, such as margin lending, foreign exchange, securities lending, algorithmic trading, access to market data feeds, and much more.
Iran, Cuba, Syria and Crimea Sanctions Violations
From July 2016 to July 2021, Interactive Brokers ultimately provided brokerage and investment services to more than 200 users located in Iran, Cuba, Syria, and the Crimean Peninsula, in violation of various sanctions programs. Due to lapses in its controls, Interactive Brokers allowed these users to execute nearly 12,000 transactions during this time frame.
Interestingly enough, these users initially passed the normal KYC-onboarding process. The users provided identification that indicated they were all residents of non-sanctioned jurisdictions, so they did not return any red flags on that initial screening. However, transactional and customer data revealed that the users were located in these prohibited jurisdictions. The users were ultimately identified as problematic following a review of IP address data, as well as subsequent customer investigations that included a business intelligence services and ordinary internet search engine results.
While Interactive Brokers maintained IP blocking technology, a technical bug ultimately allowed a limited number of users located in Iran, Cuba, and Syria to access the platform and conduct transactions. These users were able to access both the desktop and mobile applications.
Furthermore, Interactive Brokers ultimately failed to update its IP blocking software to include newly sanctioned areas. For example, failed to timely update its software to include the Crimean Peninsula for several years. Even after an update, the software failed to recognize IP addresses emanating from the Crimean city of Sevastopol for nearly three years.
Lessons Learned:
- OFAC expects companies to have effective IP geo-blocking protocols. Ensure your company has the ability to block IP addresses from prohibited regions.
- Update IP blocking protocols to include new prohibited areas immediately.
- Test and audit existing controls to ensure effectiveness.
- Maintain strong transactional monitoring tools to identify any issues that initial KYC may have missed. Compliance is a continual process; it does not end at the onboarding stage.
Russia Sanctions Violations
Interactive Brokers offers fund transfer services that allow users to transfer funds to and from their banks. From February 25, 2022 until October 10, 2022, Interactive Brokers allowed users to transfer funds to and from blocked Russian financial institutions. OFAC designated these banks under Executive Order 14024 and Interactive Brokers was under the mistaken belief that these transfers were authorized by certain wind-down general licenses. Unfortunately the licenses did not cover the transfers in question and Interactive Brokers ultimately processed 259 prohibited transactions.
Lessons Learned:
- Obtain proper legal guidance from a sanctions expert.
Chinese Military-Industrial Complex Sanctions Violations
Interactive Brokers offers margin trading to its customers, which typically involves lending funds to a user with deposited funds and investments as collateral. This allows the user to trade with those additional funds, while the company earns interest on the loan. If the user’s trade loses money, Interactive Brokers can liquidate the position and potentially the rest of the account in order to pay off the margin loan. This all happens automatically, and Interactive Brokers maintained a sophisticated system to run and manage this whole process.
Despite the sophisticated technology, Interactive Brokers did not incorporate the necessary compliance protocols into this process. Briefly, Executive Order 13959—subsequently amended by Executive Order 14032—prohibits U.S. Persons from investing in securities issued by certain companies deemed to be part of the Chinese Military-Industrial complex. Unfortunately, Interactive Brokers did not properly identify these securities and processed 29 sale orders on behalf of U.S. Persons in the securities of 13 entities prohibited under this Order.
Lessons Learned:
- Sanctions continue to evolve, which requires adaptive compliance controls. Ensure your operations is able to implement the appropriate controls for each sanctions program.
Failing to Prevent New Investment in the Russian Federation
Following the imposition of Executive Order 14071, Interactive Brokers implemented controls that would prevent any user to trade securities issued by an entity in Russia and further prevent any Russian user from opening new positions on margin. Despite these controls, a bug allowed two users located in the Russian Federation to restore old margin permissions, which ultimately allowed these users to open new margin positions without restrictions. These accounts initiated 66 margin loans.
Lessons Learned:
- Sanctions are a strict liability offense. Ensure your technological solutions are properly tested to ensure there are no bugs or glitches that may cause violations.
Global Magnitsky Sanctions Violations
Between August 5, 2020 and November 30, 2021, Interactive Brokers processed 18 transactions involving securities issued by Xinjiang Tianye Water Saving Irrigation System Co. Ltd. (“Xinjiang Water”), a subsidiary owned more than 50-percent by sanctioned organization Xinjiang Production and Construction Corps. (“XPCC”). Approximately $28,000 in trades were processed during this time frame due to a delay in obtaining ownership information from Xinjiang Water.
Lessons Learned:
- Obtain all required information before providing goods/services to a third party. Due diligence should be mandatory before engagement.
Venezuelan and Syrian Sanctions Violations
Interactive Brokers’ violation of the Venezuelan Sanctions Program is relatively straightforward. For nearly a year, the company allowed an individual designated under Executive Order 13692 to conduct transactions on its platform. That individual made withdrawals of $16,466 and executed ten foreign exchange transactions worth $119,360.
With such a straightforward violation, one wonders how this could happen. Interactive Brokers maintained a screening process during onboarding. Believe it or not, that screening actually identified this individual as a potential match to an entry on OFAC’s Specially Designated National’s and Blocked Persons List (“SDN List”). However, on review, an employee mistakenly determined the hit to be a false positive and authorized the user’s account.
Similar to the mistake made with the Venezuelan Sanctions Program, Interactive Brokers allowed an individual designated under Executive Orders 13573 and 13582 of the Syrian Sanctions Program (though the program has since been revoked). On June 12, 2018, this SDN signed up for an account and the company’s screening function flagged this account as a potential match to an entry on the SDN List. However, Interactive Brokers failed to restrict the account while it was undergoing review, allowing the individual to make two fund transfers totaling approximately $339,000. Not only did the red flag not automatically block the account until it was actioned by compliance staff, OFAC ultimately determined that Interactive Brokers lacked a clear procedure for prioritizing and escalating sanctions queries, as well as not having enough resources to handle the review process in general.
Lessons Learned:
- Don’t ignore red flags that pop up during the onboarding process.
- Ensure you conduct the research needed to appropriately action a potential red flag.
Compliance Enhancements
OFAC noted that one of the major mitigating factors in limiting the penalty to “just” $11,832,136 (down from a potential $5 billion) was that Interactive Brokers had already begun to significantly remediate its compliance program. This included nearly $10 million in investments. I always like to review the enhancements that OFAC highlights, because these are generally the controls that they deem to be part of a best-in-class compliance program. These controls should be developed and implement on a risk-based approach, which is also considered a best practice. This also means you don’t necessarily need to go overboard. Instead, focus your efforts on the areas that have the highest risk.
First, OFAC highlighted that Interactive Brokers enhanced its screening procedures and controls. This included increasing the frequency of screening transactions, implementing a second-level escalation to review potential issues, and developing their own proprietary tools for sanctions logic/criteria. Screening and transaction monitoring are key controls for an effective compliance program and must be prioritized for virtually all industries.
Second, Interactive Brokers implemented enhanced IP geo-blocking measures. These measures included updates to the existing system to remediate the bugs that caused the violations discussed earlier. The tool further monitored access patterns relating to multiple access attempts from sanctioned jurisdictions. At this point, geo-blocking IP addresses is a critical sanctions compliance control. It’s not too difficult to implement and OFAC considers it non-negotiable.
Finally, the firm implemented annual independent audits and ongoing testing of the existing controls. This one seems relatively simple, but it’s critical to ensure that the controls are working as intended. It must have been frustrating for the compliance staff, because in many instances the company did have the controls it needed—they just didn’t work in practice. A few simple tests or audits each year could have caught these gaps before they became a public enforcement action.