← Back to Homepage

OFAC Screening at Your Dealership: What's Changed Since 2023 (And What Myths Won't Die)

|9 min read
complianceofac-screeningftc-safeguards-ruledealer-licenseprivacy-disclosure

Back in 2001, OFAC compliance was barely on a dealership's radar. The Office of Foreign Assets Control existed, sure, but the idea that a used car lot in Iowa needed to screen customers against government watch lists felt absurd to most dealers.

Then 9/11 happened. Then more regulations followed. Then came the FTC Safeguards Rule update in 2023, and suddenly OFAC screening wasn't optional anymore—it was woven directly into the fabric of how dealerships had to handle customer data and transactions.

So what's actually changed since then, and what myths about OFAC screening are still costing dealers money and creating legal exposure? Let's untangle this.

Myth #1: OFAC Screening Is Only for Banks and Finance Companies

This is the myth that keeps dealers in trouble.

The reality: You're conducting financial transactions. OFAC doesn't care if you're Chase Bank or Midwest Auto Sales. If you're facilitating a transaction that involves payment processing, you need to screen customers against the Specially Designated Nationals (SDN) list and other OFAC databases.

Here's what changed: The FTC Safeguards Rule, which became enforceable in 2023, explicitly tied consumer financial information handling to OFAC compliance. Dealers discovered that the rule wasn't just about encryption and password policies—it was about knowing who you're doing business with. The FTC has been crystal clear in recent guidance documents that dealers handling payment methods and vehicle financing are financial institutions in the regulatory sense, whether they think of themselves that way or not.

The dealers who get this right treat OFAC screening as part of their standard intake process. It sits alongside ID verification and title checks, not as a separate, occasional task. When a customer walks in or calls to buy a vehicle, they're screened before money changes hands.

What hasn't changed: The screening list itself is still the same SDN database, the same CONS list. The tools have gotten better, but the core obligation hasn't shifted.

Myth #2: You Only Need to Screen High-Dollar Transactions

Another common pattern we see is dealers trying to be smart about OFAC by screening "selectively",maybe only vehicles over $15,000, or only financed deals, or only commercial buyers.

That's not how OFAC works.

The requirement is transaction-agnostic. A $3,200 cash sale on a 2015 Chevy Malibu needs the same screening scrutiny as a $35,000 financed transaction on a 2023 pickup. OFAC doesn't grade risk by deal size; compliance is binary. Either you screened or you didn't.

Compliance software vendors have made this worse by pricing their solutions on a per-transaction basis, which tempts dealers to find workarounds. (A typical small dealership processing 50-60 transactions a month might balk at the cost if they're thinking about it wrong.) But the legal risk of a missed screening,even on a small deal,is the same whether it's $3,000 or $30,000.

The FTC and state attorneys general have shown they'll come after dealers who have selective or inconsistent screening practices. Selective screening looks like you know about the requirement but chose not to apply it consistently, which is worse than not knowing about it in the first place.

Myth #3: Your Finance Company or Lender Handles OFAC for You

This one's seductive because it feels like a division of labor that makes sense.

Wrong. Your lender screens their own transaction. You're responsible for screening yours. Those are separate compliance obligations, and both exist simultaneously. The fact that your floor plan lender or your F&I partner runs OFAC checks doesn't absolve you of your own screening duty.

What's changed here is clarity. Five years ago, dealers could plausibly argue about where the responsibility lay. The 2023 FTC guidance removed that ambiguity. Dealerships are expected to maintain their own OFAC screening as a standard operating procedure, independent of what third parties do.

Document everything. If you use a screening service, keep records showing that you ran the check, when you ran it, and what the results were. A dealer selling a car to a customer who later turns up on a sanctions list needs to show that they did their due diligence at the time of sale.

What Actually Has Changed: Technology and Integration

The screening tools available to dealers today are faster and more automated than they were even three years ago.

Years ago, you'd manually check a name against OFAC's website. Slow. Error-prone. Easy to forget on a busy Saturday. Now, platforms designed specifically for dealership operations can screen customers automatically during the intake or payment process, flag potential matches in real time, and route them to your compliance team for review without slowing down the transaction flow.

This is exactly the kind of workflow Dealer1 Solutions was built to handle,screening that integrates into your customer intake and RO creation process so it doesn't feel like a separate compliance checkbox. When OFAC screening lives inside your dealership management system rather than in a spreadsheet or a separate portal, you're far less likely to skip it.

The integration piece matters because a common failure point is manual processes. A dealer uses an external screening tool, gets a result, but then that information doesn't make it into their customer record or their transaction documentation. Later, if there's an audit or a complaint, they can't prove they screened.

What hasn't changed: The fundamental requirement. You still need to screen everyone, still need to document the screening, still need to know what to do if there's a match or potential match (usually involving escalation to your legal team, not immediate rejection).

The Bigger Compliance Picture: OFAC Sits Inside a Larger Framework

OFAC didn't suddenly appear in 2023. What changed was context.

The FTC Safeguards Rule now explicitly requires dealers to have written policies and procedures for handling consumer financial information. Those policies must include OFAC screening. But they also need to cover data security, employee training, third-party vendor management, and incident response.

State privacy laws are tightening too. California's consumer privacy framework, Colorado's Colorado Privacy Act, and similar regulations in other states all create disclosure requirements. Your OFAC screening process,because it involves collecting and vetting customer information,falls into that framework. Customers have a right to know what data you're collecting, why, how you're using it, and how long you're keeping it.

This is where privacy and compliance intersect. You're not just screening for OFAC,you're managing the broader customer data lifecycle. How you communicate that to customers matters. Your privacy notice should disclose that you conduct OFAC screening as part of transaction processing and customer due diligence.

Dealers who handle this well have a single, comprehensive privacy and compliance program that sits across all departments. Service doesn't collect customer data differently than sales. Fixed ops doesn't opt out of compliance requirements. Everyone's working from the same playbook.

Myth #4: If You Don't Get Flagged by OFAC, You're Compliant

This is backwards logic, and it's costing dealers.

OFAC compliance isn't about getting hits. It's about having a documented process. The goal is to never need to escalate a match to your legal team because you're screening correctly from the start. But the presence of a clean transaction history doesn't prove you screened at all.

The FTC audits dealership practices. State attorneys general conduct investigations. When they look at OFAC compliance, they're checking for documented evidence that you ran screening across all transactions. A dealer who processed 500 sales in a year and never flagged a single OFAC match might have been screening diligently (and got lucky with a clean customer base), or they might never have screened at all.

Documentation is the proof. Your system should generate audit logs showing that screening occurred, who reviewed the results, and what the outcome was.

The Risk of Non-Compliance: It's Real

Say you're looking at a hypothetical scenario: A dealer processes $8 million in used vehicle sales annually. Average transaction is $12,000. They're not screening OFAC. Statistically, over a five-year period, the odds that one of their transactions involves a customer on a sanctions list might be low. But if it happens, and the FTC investigates, the dealer is now facing a civil violation of the International Emergency Economic Powers Act, a potential fine of $250,000 or more, mandatory remediation, state attorney general involvement, and possible loss of dealer license or restrictions on lending partnerships.

That scenario plays out every couple of years for some dealer, somewhere.

The smart approach is to build OFAC screening into your standard operating procedures now. It's not hard. It's not expensive if you're using the right tools. And it eliminates a major category of regulatory risk.

What You Need to Do Right Now

If you're a dealer principal or fixed ops leader, here's your checklist:

  • Audit your current process. How are you screening now? If the answer is "we don't really" or "our lender does it," that's a gap. Fix it.
  • Document everything. Whatever process you implement, make sure it creates records,timestamps, customer names, screening results, who reviewed them, and what action was taken.
  • Train your team. Your front desk, sales team, and finance staff need to understand why OFAC screening matters and what the process is. They're your first line of defense.
  • Review your privacy disclosures. Make sure your privacy notice and customer agreements disclose that you conduct OFAC screening and how you handle the customer data you collect.
  • Integrate, don't isolate. If your screening is happening in a different system than your RO creation or customer intake, you're creating friction and opportunities to skip it. Tools that embed screening into your existing workflow are far more reliable.

The dealers who've moved through this correctly don't think of OFAC as a compliance box to check once a year. They think of it as part of how they do business,every transaction, every customer, every day.

That's the standard now. It's been the standard for a while. The question is whether your dealership is meeting it.

Stop losing vehicles in the recon process

Dealer1 is the all-in-one platform dealerships use to manage inventory, reconditioning, estimates, parts tracking, deliveries, team chat, customer messaging, and more — with AI tools built in.

Start Your Free 30-Day Trial →

All features included. No commitment for 30 days.

← Back to Blog