OFAC General Licences GL T and GL U: What Australian Businesses Must Know Before 31 March 2026

Two New OFAC General Licences Change the Calculus

In March 2026, the US Treasury's Office of Foreign Assets Control (OFAC) issued two new general licences that directly affect any Australian business with a US nexus — meaning USD-denominated accounts, US-based payment processors, or reliance on SWIFT messaging.​‌‌​‌​​‌‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​‌‌​​​‌‌‍​‌‌‌​‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​​‌‌​‍​‌‌​​​​‌‍​‌‌​​​‌‌‍​​‌​‌‌​‌‍​‌‌​​‌‌‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​‌‌‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​‌‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

GL T (effective 23 Janu

ary 2026) authorises limited safety- and environmental-related transactions involving persons or vessels that were blocked on that date. This is narrowly scoped: it covers cargo off-loading and environmental remediation activities, not general trade.

GL U (effective 20 March 2026) permits the delivery and sale of Iranian petroleum and petrochemical products under tightly defined conditions. This marks the first time since the 2018 comprehensive restrictions that such transactions have been explicitly licenced for commercial purposes. However, both licences carry a critical "no-new-business" clause — Australian firms can only rely on them if they held pre-existing authorisation or if the activity falls within the narrowly defined scope.​‌‌​‌​​‌‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​‌‌​​​‌‌‍​‌‌‌​‌​​‍​‌‌​‌​​‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​​‌‌​‍​‌‌​​​​‌‍​‌‌​​​‌‌‍​​‌​‌‌​‌‍​‌‌​​‌‌‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​‌‌‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​‌‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​​‌​‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

For Australian businesses in logistics, energy, mining, or professional services, this means a practical reassessment. If you have any supply chain touchpoint with Iranian parties, you need to determine whether your activities fall within GL T or GL U scope, and whether you need a separate DFAT permit on top.

DFAT's Guidance Overhaul Creates a Compliance Grey Area

The Australian Department of Foreign Affairs and Trade released revised sanctions guidance in March 2026 that introduces several material changes:

10-year record retention. All sanctions-related documentation must now be retained for 10 years. This supersedes the previous 5-year standard and applies to exporters, banks, payment processors, and any entity handling Iran-related transactions. If you are not already archiving sanctions screening logs, transaction records, and due diligence documentation with a 10-year horizon, you are non-compliant.

Expanded entity scope. DFAT has broadened the range of entities subject to sanctions compliance obligations. Fintech firms, payment-service providers, and cryptocurrency businesses are now explicitly included in the guidance.

Stricter red-flag typologies. The revised guidance introduces new red-flag indicators that trigger enhanced due diligence requirements. These are particularly relevant for businesses that process international payments or facilitate cross-border trade.

The tension with OFAC. Here is where it gets complicated. OFAC's GL T and GL U suggest a limited, case-by-case approach to permitted transactions. DFAT's revised guidance adopts a more precautionary posture, warning that any indirect involvement with Iranian entities may trigger penalties. Civil penalties can reach up to USD $1 million per breach. Australian businesses operating across both jurisdictions must reconcile these conflicting standards — and when in doubt, the more restrictive interpretation applies.

AUSTRAC Enforcement Powers: 31 March 2026

From 31 March 2026, the Australian Transaction Reports and Analysis Centre (AUSTRAC) assumes limited enforcement powers over sanctions-related financial activity. This is a structural change in the Australian sanctions enforcement landscape.

Previously, sanctions compliance enforcement was primarily the domain of DFAT's Australian Sanctions Office (ASO) and the Australian Federal Police. AUSTRAC's new role enables it to directly monitor supply-chain financing that involves Iranian counterparts and to impose penalties for non-compliance.

For Australian fintech firms facilitating cross-border payments — including cryptocurrency transactions — this creates a dual reporting and compliance obligation. Businesses should anticipate AUSTRAC audits and implement automated screening against the OFAC Specially Designated Nationals (SDN) list.

The practical implication: if you process payments that could involve Iranian parties at any point in the chain, you need sanctions screening infrastructure in place before 31 March 2026.

What Australian Businesses Should Do This Week

1. Assess GL T and GL U applicability. Determine whether any of your Iran-related activities fall within the scope of the new OFAC general licences. If they do, verify that you meet the "no-new-business" clause requirements.

2. Update record-retention policies. Extend sanctions-related documentation retention to 10 years. This applies to screening logs, transaction records, due diligence files, and compliance certifications.

3. Review DFAT permit requirements. If your activities exceed the GL T/GL U thresholds, you need a specific DFAT permit. The penalty for proceeding without one can reach USD $1 million per breach.

4. Implement or upgrade sanctions screening. Automated screening against the OFAC SDN list and DFAT Consolidated List should be in place before AUSTRAC's enforcement powers commence on 31 March.

5. Brief your board. The regulatory landscape has materially changed. Directors need to understand the dual-jurisdiction compliance obligations and the heightened enforcement environment.

FAQ