OFAC is defined in the NACHA Operating Rules and Guidelines Chapter 3, Section 1 pages OG15-OG21. There is a difference between OFAC procedures for ACH transactions and the verification of parties with which a financial institution does business. For ACH purposes, only the addenda information on cross border transactions (IATs) require an OFAC scan for both RDFIs (receiving depository financial institutions) and ODFIs (outgoing depository financial institutions). As far as OFAC compliance goes, all FIs must conduct appropriate OFAC due diligence for every person and company for which they open an account or other service, approve a loan, etc. This includes approving ACH origination which would include scanning all originators against OFAC.
So to answer the question, RDFI’s only have to scan the addenda information attached to incoming cross border transactions (IATs), which CU*BASE Gold is doing for you. ODFIs also have to run an OFAC scan on IATs that they are going to be originating. ODFIs will also scan new originators at the time of approval just like they would for any new service.