Why Most Dealers Get OFAC Wrong (And What It Costs You)

Why Most Dealers Get OFAC Wrong (And What It Costs You)

In 1966, the U.S. Treasury Department established the Office of Foreign Assets Control to enforce economic sanctions. Most dealership owners have heard of OFAC screening exactly once—usually during a compliance audit or after a regulator's warning letter arrives. And that's where the education stops.

The mistake isn't hard to understand. OFAC screening feels like a checkbox task, something you bolt onto your sales process and forget about. But the reality is messier. Dealers who treat OFAC as a one-time compliance box rather than an integrated business practice end up exposing themselves to legal risk, regulatory penalties, and operational chaos when things go sideways.

Mistake #1: Screening Only at the Time of Sale

Here's the most common pitfall: you run an OFAC check when the customer walks in to sign paperwork, mark it done, and move on. Problem is, OFAC designations change. Treasury updates the Specially Designated Nationals (SDN) list dozens of times per month. A customer who was clear two weeks ago when you ran the initial screen might be flagged today.

The FTC and FinCEN expect dealers to understand that screening is not a one-time event. Especially if you're holding a vehicle in inventory or in a lease program, you need a process for re-screening at key transaction points. Think about this scenario: you sell a used 2019 Toyota Camry to a customer in December. The customer finances it through your captive lender. By January, something changes in Treasury's database and that customer's name matches an SDN entry. You didn't re-screen, so you never knew.

Smart dealerships build OFAC re-screening into their financing workflow and their delivery process. Some even set calendar reminders for high-value transactions.

Mistake #2: Relying Entirely on Consumer Names Without Proper Identity Verification

OFAC matching depends on accurate customer identification. This is where dealers stumble—hard. You ask a customer for their name, they give it to you, and you plug it into an OFAC screening tool. But did you actually verify it? Do you have a copy of their driver's license in the file?

The issue compounds when you have common names. Say your customer is "Michael Johnson" from Columbus, Ohio. An OFAC match pops up for a Michael Johnson who is a sanctioned entity. Now what? You need supporting documentation to prove it's not the same person. If you don't have date of birth, address history, or a government ID copy in your deal file, you're stuck making judgment calls that expose you to liability.

The FTC's Safeguards Rule and the newer Standards for Safeguarding Customer Information require dealers to maintain proper records of identity verification. OFAC screening depends on the same foundation. Without it, your screen results are basically guesses.

Here's the practical step: require government-issued ID verification for every customer transaction. Get the document in your customer database. Match the name, date of birth, and address from the ID against your OFAC screening tool. This single practice eliminates most false positives and gives you a defensible record if a regulator asks why you screened a particular customer the way you did.

Mistake #3: Not Documenting Your OFAC Process in Writing

Compliance doesn't exist unless it's documented. But most dealerships have no written OFAC policy at all. They just... do it. Or they think they do it.

When an FTC examiner or state regulator shows up asking for your compliance procedures, "we check OFAC" isn't an answer. They want to see your written policy, your screening tool or vendor selection, your frequency of screening, your escalation process for matches, and your retention of records. No documentation means no defense.

A proper OFAC policy should spell out when screening happens (at sale, at lease signing, at delivery, at financing approval), who runs it, what tool or vendor you're using, how you handle a positive match, and how long you keep records. This isn't bureaucratic make-work. It's the difference between "we tried" and "we complied."

And here's the kicker: your written policy protects your dealer license. If a compliance complaint lands and you can demonstrate a documented, reasonable process, you've got ground to stand on. Without it, you're vulnerable.

Mistake #4: Choosing the Wrong Screening Tool or Vendor

Not all OFAC screening tools are created equal. Some update quarterly. Others update monthly or even more frequently. If you're using a tool that lags behind Treasury's database by weeks, you're not really screening,you're creating a false sense of security.

Also, some tools handle name variations and phonetic matching better than others. A customer named "Ahmed Al-Rashid" might be missed by a tool that doesn't account for transliteration variations. Another tool might generate excessive false positives for common names, burning time on manual reviews that don't pan out.

Dealerships that operate in multiple states or regions should verify their tool covers the geographic and name-variation challenges they face. And they should verify their vendor is actually Treasury-compliant and updates on a schedule that makes sense for dealership operations.

Mistake #5: Mishandling a Positive Match

A positive OFAC match is rare, but when it happens, panic often follows. Dealers freeze the deal, the customer gets angry, and nobody knows the next step. That's a problem.

A match doesn't automatically mean you can't do business with the customer. It means you need to investigate. You compare the match details (full name, date of birth, address, nationality) against the customer's actual identity information. Most matches resolve as false positives after a quick comparison.

But if the match looks legitimate and you can't rule it out, you escalate to your legal counsel or your compliance officer. You do not complete the transaction. You document the match, the investigation steps, and the resolution. And you never discuss this with the customer in a way that breaches their privacy or causes unnecessary reputational harm.

Having a written escalation process saves you from making a costly mistake in the heat of the moment. Platforms like Dealer1 Solutions can help manage this workflow by flagging matches and creating an audit trail of your investigation, but the core process,verify, investigate, document, escalate,is non-negotiable.

Mistake #6: Treating OFAC as Separate From Your Broader Compliance Program

OFAC screening is one piece of a larger compliance picture. It touches privacy (you're collecting personal data), disclosure (you're managing customer information), and dealer license protection (you're demonstrating reasonable compliance practices). Dealers who silo OFAC as someone else's job,"that's the F&I manager's thing",miss the bigger picture.

The FTC's Safeguards Rule requires you to have a comprehensive information security program. OFAC data retention is part of that. Your disclosure practices need to align with state and federal privacy laws. Your dealer license application and renewal depend on your compliance posture overall.

The strongest dealerships integrate OFAC screening into their sales, F&I, and compliance workflows and communicate expectations across the team. It's not a side task. It's a core operating principle.

The Bottom Line

OFAC compliance isn't complicated, but it does require intention. Screen consistently, verify identity properly, document everything, use a credible tool, and handle matches carefully. Do those five things, and you've eliminated most of the risk that trips up dealers every year.