I'm not sure if this is good or not, but it does represent a valid usage of OFAC (Office of Foreign Asset Control) regulations.
I've designed international life insurance admin systems that involved OFAC checks. Resolution requires manual verification.
OFAC provides a list of people that you cannot do business with if you are a US company (possibly if you have a US presence, I'm not sure though, I worked for a US company). It is basically a list of terrorists or otherwise sanctioned individuals that the US blocks financial transaction with.(Osama is still there as far as I know, he was our test case).
I've always considered OFAC to be a Federally mandated job program. Same for Sarbanes-Oxley (worked with that a lot as well). Just extra regulation requiring more bodies at every financial company.
I coined the never heard phrase "OFAC is to preventing terrorism as Sarbanes-Oxley is to preventing fraud" (I have an actuarial and IT background, so it's funny to me).
But in this case, initial appearances would suggest that the fine is justified. If the person on the OFAC list is justifiably on the list.
And that justification is my problem with the system. The rules are pretty secret, anyone could end up on the list and not be able to fight it. It's like the no-fly list which even impacted a Kennedy:
Interesting for sure.