by Leonard A. Bellavia, Esq.

Many companies are well aware that the law imposes certain obligations on your businesses pertaining to their transactions with vendors and consumers. The mantra “Know Your Customer” best sums up your responsibilities to maintain appropriate records and monitor transactions for possible fraud and criminal activity. These responsibilities include requirements under the Safeguards Rule of the Gramm-Leach-Bliley Act and the Red Flags Rule to protect nonpublic personal information and detect possible fraud and identity theft at the time of sale, respectively. Your duty to “Know Your Customer” extends well beyond the Safeguards and Red Flags Rules. Other regulatory agencies have imposed similar duties, which, if ignored, can lead to significant civil and criminal penalties.

The Office of Foreign Assets Control (or “OFAC”) is a department within the United States Treasury. OFAC administers and enforces economic sanctions against drug dealers, money launderers and suspected terrorists. Congress and regulatory agencies write laws and rules that instruct OFAC on what criteria to use to determine whether someone is a Specially Designated National (“SDN”).

OFAC forbids all United States persons (including businesses) from dealing with SDNs in any kind of transaction, including selling vehicles and vessels, selling parts, and servicing vehicles and vessels. Penalties for dealing with SDNs include fines up to $10,000,000, up to thirty years in federal prison, and forfeiture of all business and personal assets. Clearly, you do not want to deal with someone identified as a SDN.

Unfortunately, OFAC does not provide the tools necessary to realistically allow your business the opportunity to comply with the law. The list of SDNs OFAC publishes is virtually impossible to use on a day-to-day basis. It is very difficult to read and lacks any kind of cross-referencing functionality that allows users to look up an individual electronically and see if he or she is a SDN. To make matters worse, OFAC regularly updates this list, and if you rely on an outdated list to determine whether someone is a SDN, you are liable for breach of the law and accompanying penalties if a more recent list existed at the time you referenced it. This means your staff would have to print OFAC lists and replace outdated ones with current lists as soon as updates are published.

What should you do? First, make sure your employee handbook and hiring processes address determining whether a potential hire is a SDN. This is the easiest of your steps for OFAC compliance. Next is to implement processes to screen potential customers and make sure they are not SDNs. Several DMS, CRM and credit reporting services offer OFAC screening services in addition to their primary services. Using one of these services to flag potential SDNs is incredibly easier than trying to manually reconcile consumers’ information on the published OFAC list. You would wish to screen all customers, regardless of method of finance, and screening should occur earlier in the transaction. All OFAC documents should be retained in your deal or “dead deal” paperwork depending on how far along the sales process the customer progressed. You should also train your employees on how to handle customers that are flagged as SDNs and develop ways to timely alert local and federal law enforcement if you encounter a potential SDN.

If you have any questions about how to ensure that your business is compliant with OFAC and SDN regulations, please call us at 631-224-7000.