OFAC audit and recordkeeping for schools
The retention standard
5 years required. 10 years defensible. SecurePoint retains 10.
31 CFR § 501.601 requires 5-year retention of records for transactions subject to OFAC regulations. Institutional best practice extends that to 7–10 years to align with broader record-retention policy and potential statute-of-limitations exposure. SecurePoint Education retains the screening audit log for 10 years by default, on every plan.
Six categories of record, one integrated trail
Screening events
Every screening — who was screened, when, against what lists, at what matching thresholds — captured as a timestamped event in the immutable audit log.
Match records
Every potential match and its metadata — matched SDN record, confidence score, sanctions program, country context, matched list version.
Adjudication decisions
Every clear, hold, escalate, reject, or authorize decision — with reviewer identity, timestamp, and the written rationale captured via the decision template.
Licensing workflow
On Plus and Enterprise: the licensing assessment, any Specific License drafts, submitted applications, license-tracking state, and renewal/expiration history.
Evidence packs
Self-contained PDF + CSV bundles generated per case. Durable, tenant-independent, auditor-ready. Includes matched-list snapshot and regulatory citation.
Long-term archive
Enterprise institutions can forward the audit log to a SIEM or data lake for long-term archival outside the SaaS tenant — without losing the evidence-pack format.
Audit posture
What an auditor actually asks for
An OFAC examiner or external auditor is looking for three things: did you have a program, was it documented, and can you show a decision trail? SecurePoint's evidence pack and 10-year audit log are structured to answer all three by producing artifacts, not narrative. A well-documented program changes the settlement conversation materially — including under the 'reckless disregard' standard that applied in the IMG Academy case.
Related
What to read next
Evidence Packs
The audit-ready PDF + CSV bundle per case.
Learn moreSample Evidence Pack
See the actual artifact.
Learn moreOFAC Compliance Checklist
A phased program-build guide for schools.
Learn moreHow to Clear a Screening Alert
The adjudication-and-documentation playbook.
Learn moreFlagged Payor Workflow
First-24-hours response for a sanctions hit.
Learn moreOFAC Licensing
How licensing output becomes part of the record.
Learn moreEducation Launch
Get the recordkeeping trail configured in 30 days.
Learn moreFor Compliance Leads
Program design and adjudication posture.
Learn moreFor Business Offices
The finance and audit-season lens.
Learn moreEducation White Paper
The full compliance guide for schools.
Learn moreAudit and recordkeeping — FAQ
What compliance leads, business officers, and counsel ask first.
Book a school compliance review
A working session on your recordkeeping posture. We walk the retention policy, evidence-pack format, and audit-trail structure your institution needs — and what to do with what you already have.