The Industry's Leading Source For F&I, Sales And Technology


The Truth Behind OFAC Compliance

November 2008, F&I and Showroom - Feature

by Justina Ly

Bob Morrissey, an F&I manager for Scoville-Meno Honda in Oneonta, N.Y., had heard of others getting a hit, but he had never experienced one himself. That all changed on June 14, but as he said, the experience wasn’t all it was cracked up to be.

It happened on a Saturday. The name of the customer Morrissey was talking to on the phone partially matched a name on the Specially Designated Nationals (SDN) list, a compilation of individuals and groups sanctioned from conducting business in the United States.

Morrissey double checked the name with an online database, but couldn’t clear his customer. Since this was his first hit, he eagerly called the Office of Foreign Assets Control (OFAC), the federal agency that oversees and compiles the SDN list. Unfortunately, as he’d come to find out, the Washington, D.C.-based office was closed on weekends, which meant he’d have to leave a voicemail message with his name and contact information on the department’s automated answering machine.

Three days later Morrissey received a call back from an agency employee. He was asked for his customer’s name only, but no other information was requested. “Nothing about address, date of birth, Social Security number or anything,” recalled Morrissey. “He says, ‘No, it’s only a partial hit. You’re OK.’ That’s it, conversation over.”

The casualness and brevity of his encounter with the OFAC employee left Morrissey disenchanted by how the 58-year-old agency handled his situation. “If it was a typical handling of a hit, the process is so flawed that it will yield no results,” he said.

“I’m not asking to make a major case out of a partial hit, but at least there should be more of an effort to be certain it’s a false hit,” he added. “How about asking for additional info to see if there are any other similarities?”

Verifying a Hit

Morrissey’s question is valid for any auto dealer that comes across a partial or full OFAC hit. What are dealers suppose to do when their compliance solution indicates a positive hit? The answer is simple, but it may also confound dealers who get OFAC hits.

Officially, the OFAC office advises business owners who think they have a hit to contact the government agency’s 800-number to verify their customer’s personal information. An agency representative will ask for a customer’s first and last name. If there is not an exact match, then the dealer is free to conduct business with the customer.

However, if there is a match, then the representative will ask for more of the customer’s personal information, such as address, nationality, passport, tax ID or cedula number, date of birth, place of birth, former names and aliases, until the hit is verified.

The process is straightforward and low-tech, which is why dealers such as Morrissey question why the OFAC does not take a more rigorous approach to verifying customer information. Aside from asking a series of questions, the department does not employ any other method for validating an individual’s identity. To the agency’s credit, its staff is well versed on compliance issues involving financial institutions and other businesses, but only provides limited service to dealers with questions.

The agency takes thousands of calls each year from businesses nationwide, but has no record of how many of those businesses included automotive dealerships, said John Rankin, a former spokesperson for the OFAC. The agency also has no record of partial or full hits reported by auto dealers.

In addition, OFAC does not mandate that dealers use a specific compliance process to conform to its regulation. “We recognize that all businesses are different,” Rankin said. “What works for a huge operation might not work for a smaller outfit.”

Rankin said that hits recorded by a dealership’s compliance solution may be related to another list, such as the FBI’s Most Wanted List or the State Department’s Debarred Parties List. That’s because lists from various government and international organizations are often lumped into one database, and used by compliance solution providers. So, if a dealer runs a credit bureau report on a customer, it’s possible his or her name will be screened against all of these records.

“It’s important that businesses understand the list and think about what process they have to make sure it’s a false positive or if it’s actually a real name,” Rankin said.


  1. 1. John Kay [ October 29, 2013 @ 07:13AM ]

    I don't understand why a dealership would do OFAC. I could see if it were a cash customer but if the customer is getting a loan or using a credit card or writing a check he or she is already OFAC'd by the bank/agency who is providing the loan, issuing the credit card or honoring the checking account.

    A lot of people do not realize that FinCEN does NOT have a mandatory screening policy it is a risk based decision. I mention this because running OFAC checks regardless of the process costs money. And clearing a false positive adds cost. Now those costs may be much less for a dealership that is running a couple hundred checks a month or whatever the number is but it gets pricey for other companies that needlessly check thousands of people a day or week.

    OFAC is a risk based decision so to me it would make sense to check the cash only transactions but if a person is banked by a US bank the chances of them being an active customer is NIL. However, compliance examiners, 3rd party auditors etc want companies to think checks are mandatory.


Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email: