Wednesday, January 16, 2008

Implementing an Effective Red Flags Program - Webinar Pt1

By: Michael Benoit – Hudson Cook
Robert Miller – Co-founder/Attorney Principal - Compli

Webinar, Jan 16, 2008

This is what I took from the webinar. These notes will document my dealership’s compliance with both the Safeguards Rule and the Red Flag Rule.

A Red Flag is a pattern, ……, or specific activity that indicates possible existence of identity theft.

The Federal “Red Flag Rules” requires automobile dealerships to implement an “Identity Theft Program” on January 1, 2008. Compliance is required on November 1, 2008. Hudson Cook recommends the program to be implemented on October 1st to give a margin to evaluate effectiveness.

“Dealers are Lending Institutions” states Michael Benoit of Hudson Cook. If a dealership enters into retail installment sale agreements with a customer, they are lenders under the FCRA and the FTC and subject to laws and regulations affecting lending institutions.

If you have successfully implemented a Safeguards program, you can implement a successful Red Flag program, Benoit states. The two programs are very similar. As the first step to comply with the Safeguards rule is to develop a written Information Security Program, the first step in implementing the Red Flag Rules would be to develop a Written Identity Theft Program.

Each dealership needs its own written “Identity Theft Program.” The implemented Program must:

• Identify the Red Flags
• Detect the Red Flags
• What the responses will be if a Red Flag is found
• Periodically audit the dealerships operations to insure compliance with the policies and procedures.

Benoit states that a more detailed webinar explaining the 26 Red Flags that the FTC has included in its guidelines will be available on Feb 27th 2008 from Compli’s website.

Again Benoit stresses: “Take a deep breath. If you have successfully implemented a Safeguards Program, you can implement a successful Red Flag Program. They are very similar.”

PENALTIES for violating the Red Flag Rule could be a combination of multiple avenues of enforcement:

• $2500.00 per violation for violating the FCRA Act.
• $11,000.00 per violation of the FTC Act.
• Possible violations of state unfair and deceptive practices laws.

WHAT IS COVERED BY THE RULE?

• Retail Installment Sale Contract transactions only.
a. All consumer and business retail installment sale transactions whether or not you intend to hold the paper.

ADVICE FROM HUDSON COOK:

• For Red Flag, just treat all info for starters as if it is subject to the Safeguards Rule.

• Appoint a Joint ISP/ITD Program Coordinator. Include Patriot Act customer ID requirements.

MUST CONTAIN REASONABLE POLICIES AND PROCEDURES TO:

• Identify relevant Red Flags for your business and incorporate into a written program.

• Detect relevant Red Flags that have been incorporated into your written program.

• Respond.

• Periodically update ITP program.

KEY POINTS:

The Initial Identity Theft Program must be approved by the dealership’s Board of Directors or appropriate committee of the Board of Directors. If no Board, an authorized Principal must approve.

TRAINING – must train as necessary to effectively implement the ITP program.

SERVICE PROVIDERS – must exercise appropriate & effective oversight of service provider arrangements.

WHICH FLAGS TO INCLUDE? –

1. The ones that the corporation has experienced.

2. The ones that the FTC has included in its guidelines. All 26 of them.

*** Include in your ITP program those things that you already do to control reasonably feasible risks.

(You should already be doing this by complying with the Safeguards Rule).

RISK FACTORS:

• Types of accounts you offer or maintain.

• Methods used to open accounts.

• Methods through which you allow access to accounts.

• Previous experiences with Identity Theft.

SOURCES OF RED FLAGS:

• Dealership experience.

• New experiences of identity theft.

• Applicable Supervisory Guidance. See: www.FTC.gov.

DEVELOPING YOUR CORPORATE POLICY AND PROCEDURE MANUAL:

Bookmark: http://www.AutoFinanceInsider.blogspot.com. This site will become the authority on Automotive F&I policy procedure and compliance.

Back to blog homepage

3 comments:

nancil8659 said...

Good stuff!!!

Anonymous said...

Is your Red Flag Program computer based? The seminar was sponsored by Compli, who I had never heard of. Are you using their software or creating your own system? My store won't spend any money so Compli is out.

Anonymous said...

we have used michael benoit's excellent book to create our red flag car dealer school with guidelines, template, online tutorial
and annual certification

we are the only california car dealer education provider with dmv certification for dealer education to offer this red flag dealer school

this is no joke

mandatory compliance by all california car dealers offering financing
is less than 30 days away

we have 50 classes offered in california between now and november 1, 2008

http://www.gotplates.com

800-901-5950

thx

charlotte