- Products
- Products Overview
- Enterprise Edition
- Orientation Management
- On-Boarding
- New Hire Orientation
- Employee Handbook
- Benefit Administration
- Disability Accommodation Management
- On the Job Management
- Harassment and Discrimination
- Wage & Hour Management
- Performance Management
- Time-Off Management
- Termination Management
- Discipline
- Termination
- Exit Interviews
- Turnover Prevention
- Professional Edition
- Compli's Enterprise Edition-Automotive
- Compli's Enterprise Edition-Trucking
- Compli CSA
- Compli Recruitâ„¢
- Sales, Finance and Insurance Compliance Module
- Compliance, Safety, Accountability (CSA) and Risk
- Environmental, Health and Safety Compliance Module
- Compli Counselâ„¢
- Compli Integrations
- View a Demo
- Solutions
- Industries
- Services
- Library
- Events
- About
- Blog
- Customer Login
What Do Red Flags Mean to You
ARTICLES+ SEE ALL ARTICLES
Article: What Do Red Flags Mean to You
Article Date: Saturday, December 15, 2007
Article Source: Compli
What Do “Red Flags” Mean to You?
By: James E. Lawrence
VP and Product Manager
Compli
610 SW Broadway, Ste. #600
Portland, Oregon 97205
503-294-2020 x121
The Qualifying Race Heats Up
A memo from the folks that brought you the FACT Act and FCRA: Now come the “Red Flags” rules…
MEMORANDUM TO: The Board of Directors
FROM: Sandra L. Thompson
Director - Division of Supervision and Consumer Protection
Sara A. Kelsey - General Counsel
SUBJECT: Interagency Final Rule Regarding Identity Theft Red Flags and Address Discrepancies under sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003
RECOMMENDATION:
We recommend that the Board of Directors (Board) of the Federal Deposit Insurance Corporation authorize the Executive Secretary to publish in the Federal Register a final rule jointly with the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the National Credit Union Administration, and the Federal Trade Commission (collectively, the Agencies) to implement Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act).
The rule would establish: (1) interagency regulations requiring financial institutions and creditors to develop and implement a written identity theft prevention program; (2) interagency guidelines describing factors that financial institutions and creditors should address in their programs’ policies and procedures; (3) interagency regulations requiring credit and debit card issuers to assess the validity of a request for a change of address under certain circumstances; and (4) interagency regulations addressing reasonable policies and procedures that a user of consumer reports should employ upon receiving a notice of address discrepancy from a consumer reporting agency.
(Author’s Note:…Blah, Blah, Blah…)
DISCUSSION:
1. Background. The guidelines and regulations are required by sections 114 and 315 of the FACT Act, which amend the Fair Credit Reporting Act (FCRA). Section 114 of the FACT Act requires the Agencies to jointly issue guidelines for use by financial institutions and creditors regarding identity theft. In developing the guidelines, the Agencies must identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft, and they must consider requiring financial institutions and creditors to follow reasonable policies and procedures that provide for notice to a consumer when a transaction occurs with an inactive account. In addition to the guidelines themselves, the Agencies must issue regulations requiring financial institutions and creditors to establish reasonable policies and procedures for implementing the guidelines. The Agencies also must issue regulations requiring credit and debit card issuers to assess the validity of change of address requests.
(Author’s Note: Removed more stuff you don’t care about…)
C. Effective Date. The final rules and guidelines discussed above will be effective the first day of the calendar quarter after publication in the Federal Register. The mandatory compliance date for rules and guidelines will be November 1, 2008.
And with that, a new way of doing business in a dealership is born. Ouch.
Gentlemen…
According to Wikipedia, the Red Flag in car racing means:
“Conditions are too unsafe to continue the race or practice session. Depending on the series, the cars are directed to proceed to pit road, or to stop at a specific spot. Also depending on the series, any repair work may not be done under red flag conditions."
With the effective date for the Red Flags Rules announcing the new implementations of sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act) of 2003, most dealer counsel can begin to confer with their clients on what the new Red Flag rules mean to their business. I can’t imagine a moment more disconcerting for a dealer than when their General Counsel stops by their office and says “we need to talk.” Yikes.
From preliminary research and from watching this issue closely for nearly a year, I would say that for this new “series” of race, now is the time to get your dealership’s credit practices programs repaired and up to speed because I strongly believe Dealerships need to consider themselves under the Red Flag with the new rules coming out of DC.
…Start Your Engines
As currently written, with the new rules from the FTC that require Dealerships to “develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts,” there is little time to get your house in order to mitigate the impact of the new “Red Flag” rules on Dealership operations.
So why are these new rules coming only now from the 4 year old FACT Act you ask?…Back in October of 2006, in an email I sent to Jerry Marks, the publisher of www.autoretailstocks.com newsletter, I answered:
“It can take years for the machinations of the law to turn into specific rules that apply to the general public or business community. One of the elements to this particular law, the FACT Act, required certain agencies, the FTC and others [Author’s note: The federal agencies with oversight of financial companies are: Office of Comptroller of Currency (www.occ.treas.gov); Office of Thrift Supervision (www.ots.treas.gov); Federal Deposit Insurance Corporation (www.fdic.gov); Federal Reserve Board (www.federalreserve.gov); and the National Credit Union Administration (www.ncua.gov), to name a few...], to create new rules based on the law for everybody else to adhere.
Specifically, Sections 114 and 315 of The FACT Act, signed into law in 2003, required the banking agencies and FTC to make the necessary rules/guidelines. So, the legal requirement for these agencies to make the rules came in 2003, but the rules themselves from these agencies are just now coming out.”
…and Boy! Are they ever!
The FACT Act’s Section 114 requires Auto Dealers to identify the "Red Flags" defined by these agencies for use as part of an overall, Dealership-specific, identity theft discovery, avoidance, and alleviation program. During the comment period, several industry players shared their thoughts and concerns with the rules making body at the FTC. NIADA’s General Counsel stated the “burdens that would be imposed on motor vehicle Dealers in complying with the proposed Red Flag Rules as being vastly underestimated.” Yummy.
It doesn’t stop there. There is something for everyone in the FACT Act…for you BHPH Dealerships, the comments from Nissan Motor Acceptance Corporation should be of particular interest: “NMAC also believes,” as does “The Commission” (FTC), that identity theft reports “could provide a powerful tool for misuse, allowing persons to engage in illegal activities in an effort to remove or block accurate, but negative, information from their consumer reports…”. How’s that for putting a crimp in your Dealership’s due diligence efforts?
So What?
Non-compliance with these new rules means a “Black Flag” and big trouble for the Dealer. Wikipedia says the “Black Flag” in racing is “usually used to punish a driver or team for disobeying the rules... occasionally the car number of the summoned driver is displayed on the flag itself.” How embarrassing…and costly.
Dealers need to get this right, or they may find themselves under a “Black Flag” from the enforcement folks tagged by the FTC to monitor “financial institutions” like Dealerships. According to “The Commission,” the downside of NOT following the rules means negative fallout surrounding your "compliance, reputation, or litigation risks for failure to adequately protect customers from identity theft; operational and financial risks from absorbing losses to customers who are victims of identity theft; or losses to the financial institution or creditor from opening an account for a person engaged in identity theft."
Where is the Finish Line?
Oh yeah, and this is a moving target since the “Red Flag” rules require Dealers to alter their “Red Flags” programs over time, based on the changing approaches to identity theft it experiences, placing Dealers squarely in the middle of providing law enforcement services for the local constabulary, who seem happy to outsource it... who’d have thought? These programs are documented and monitored by the required annual reports on compliance with the “Red Flag” rules. In short, there is no “finish line.”
Check My Gages?
Before customers get a chance to receive free law enforcement services as part of their vehicle purchase, e.g. ID Theft Detection, Dealerships must perform an audit of its existing methods of monitoring identity theft. Since each “Red Flags” program is site specific, the audit becomes that particular Dealership’s roadmap to compliance. Happy day.
What Training?
"Red Flags", as defined by “The Commission,” may include: an inconsistent number of credit inquiries, DOBs & SS#s that are out of phase, and other transaction irregularities that suggest an ID theft crime is happening or about to happen; which means that the Dealership’s personnel must know how to review the credit report in detail and have been trained to identify these “Red Flags” anytime a credit history is run, for each and every deal. What Training? That Training… A permanent oval track for all involved.
What Do You Mean I Have to Break a Code?
Section 315 of the FACT Act amends section 605 of the FCRA. It basically requires credit reporting agencies to notify Dealers of a discrepancy in a customer’s address. The discrepancies come from the consumer reporting agency in a special code in the discrepancy report. Section 315 requires Dealers have policies, trainings, and procedures implemented when receiving a notice of address discrepancy from a consumer reporting agency and personnel must be trained to recognize those codes as a discrepancy. To avoid legal/regulatory issues Dealers need to establish a "reasonable belief" that the customer is who they say they are, before the dealer can sell them a car. This means perpetual training and qualifying heats. Turning over people in either a racecar at 150 mph as well as in a dealership is always costly.
Getting the Checkered Flag
Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT), which was signed into law in 2003, amend Sections 615 and 605, respectively, of the Fair Credit Reporting Act (FCRA). The new “Red Flags” regulations will apply to "financial institutions and creditors," including nearly every Dealership in the country. It will force Dealerships to take on new unprecedented roles and responsibilities as well as provide services heretofore deemed strictly a law enforcement issue.
No matter whether you operate a single location or multi-locations, or offer a variety of financial services and products, nor the amount of deal jackets you generate, nor the systems involved in the transaction, the race to the finish line will be challenging but with the right preparation, compliance systems and preventive maintenance there are ways for you to win this difficult race.
It ain’t easy being a Dealer. The FACT Act is designed to address a serious problem in the U.S. that affects us all, Dealer and customer alike. It is meant to assist in the “detection, prevention, and mitigation” of identity theft. It just happens that the new “Red Flags” rules will force Dealerships to change the core vehicle sales transaction process in several complex ways.
The paramount requirement is getting your written “Red Flags” Program in place and that it is based upon your Dealership’s specific risk assessment. The program must also effectively address the identity theft risks identified by the FTC as well as address changing identity theft methods as they emerge.
In this race, it is up to each dealer to decide which flag they want. Managing this effort well will mean the difference between getting the “Black Flag” and getting the winners Checkered Flag. Good luck.
Jim Lawrence is Vice President and Product Manager for Compli. Jim has extensive experience in building cutting edge dealership software in the fixed operations and front end of dealerships and is involved in managing the compliance software development at Compli. For more information or any other compliance management software needs, visit www.compli.com or e-mail Jim at jim@compli.com.
-
more