> Probably not to GitHub or the courts. If in a few years it is discovered that GitHub missed something they can tell the courts "We did our best to comply, look at all the accounts we killed [and other evidence], so go easy on us for an honest mistake." In general the courts look kindly on someone who tried their best to obey the spirit of the law but missing one hidden detail.
This matters a great deal when it comes to OFAC sanctions. The value of sanctions isn't "OFAC chasing down people on the SDN list", it comes from companies following federal law and blocking transactions that legally need to be blocked. And OFAC recognizes this – just look at their enforcement actions[0] and you can see examples where companies that build internal compliance programs and self-disclose violations come out with limited to no penalty[1], whereas companies that skirt compliance regimes place themselves at much more risk[2].
This matters a great deal when it comes to OFAC sanctions. The value of sanctions isn't "OFAC chasing down people on the SDN list", it comes from companies following federal law and blocking transactions that legally need to be blocked. And OFAC recognizes this – just look at their enforcement actions[0] and you can see examples where companies that build internal compliance programs and self-disclose violations come out with limited to no penalty[1], whereas companies that skirt compliance regimes place themselves at much more risk[2].
[0]: https://home.treasury.gov/policy-issues/financial-sanctions/...
[1]: https://home.treasury.gov/system/files/126/20220721_midfirst...
[2]: https://home.treasury.gov/system/files/126/20201020_berkshir...