Saturday, February 23, 2008

Red Flag Rules: The Devil is in the Details

How to implement an effective compliance program to help ensure best practices and preclude costly errors.

Take some notes from this question and answer session.

Compli - We have compiled the most commonly asked questions below, and Michael Benoit of Hudson Cook LLP has provided his comments:

Q: To what extent are these Red Flags requirements duplicated at the Finance Company (assignee) level? Thus, if the dealer does this, does the Finance Company also have to do the same things?

A: Both the dealers and finance companies will have obligations under the rule. There will be some overlap, but the different parties may focus on different things given their somewhat differing roles in the transactions. For example, dealers are probably in a better position than a finance company to verify the authenticity of identification documents because the customer is in the store.

In fact, because the finance company is not a party to the retail installment sales contract (it gets sold to the finance company after the sale closes), it is the dealer who is opening the installment sale account with the customer, and the dealer who has the correspondent obligations under the Red Flags Rule. The finance company buying the paper may still do its own verification, but it may need to rely on the dealer to do certain things for them. For example, if the dealer sells paper to banks that are subject to the "Know Your Customer" rules under the USA PATRIOT Act, the bank probably requires the dealer to follow certain identity verification protocols. Those protocols may satisfy the banks' requirements, but those are independent of the dealer's obligations to comply with the Red Flags Rule.

Q: Much of your comments referred to what the dealer has to do to comply; is it safe to assume that this also applies to finance companies that purchase the retail installment contracts from the dealers?

A: Yes. Finance companies also have obligations to comply with the Red Flags Rule. While the dealers will have primary responsibility for complying with the Rule during the account opening process, the finance companies will have additional obligations during the life of the account.

Q: Provide a full citation to the rules and regulations.

A: The rule was mandated by the FACT ACT, which amended the federal Fair Credit Reporting Act. The mandate is codified at 15 USC 1681m(e). The rule itself can be found at 16 CFR Part 681.

Q: Does the training schedule pose a problem in dealerships because of the attrition rate of sales people?

A: A good training program always includes periodic refreshers. Dealers should take into account their attrition rates when determining the appropriate period between refresher trainings.

Q: Finance companies are already using technology for id verification that the dealers don't have. How much do you feel the inconsistent address flag will affect sub-prime dealers?

A: While an inconsistent address may be a Red Flag, it may be one for which there is a legitimate reason. Special finance departments may find that they receive more notices of address discrepancy than prime finance shops, but it just means that the F&I department will need to make additional inquiries to verify the address. Many finance companies and F&I departments already require a utility bill or other supporting proof of address, so existing procedures may need only a little tweaking to comply with the rules regarding address discrepancies.

Q: Please define "covered account."

A: A "covered account" is:

(i) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and

(ii) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.

For purposes of most dealers, "covered accounts" will be installment sale and lease transactions.

Q: We purchase installment contracts from a retailer that sells restaurant machinery. Are we required to comply with those contracts, is the seller required to comply?

A: If these are commercial accounts, you have some leeway. The Red Flags Rule includes commercial accounts in its coverage to the extent you determine that there is a reasonably foreseeable risk of identity theft, or risk to the safety and soundness of your organization from the potential for identity theft relating to these accounts.

Q: Do we have to follow up after we sell customer contracts to finance companies?

A: Once you sell the contract, your obligation for ongoing monitoring of the contract transfers to the assignee. If you keep your contracts and service them yourself, you need to monitor them for evidence of identity theft. This may sound worse than it actually is -- to the extent your accounts are "closed-end" (in the sense that additional charges cannot be made to the account) there may be little opportunity for identity theft. But beware of the account you open that misses the first payment -- that could be a red flag!

Q: Do service providers need their Red Flag guidelines in writing so the dealer can file it.

A: Not necessarily. Dealers will want to contractually require service providers that handle covered accounts to meet certain obligations under the Red Flags Rule. This is because service providers may not themselves be subject to the Red Flags Rule, but the Rule requires dealers and other creditors to oversee their service providers. Your approach may be different with different service providers -- you should work with your legal counsel on how best to address specific situations.

UPCOMING: Complimentary Red Flags Webinar (Part 2):

Red Flag Rules: The Devil is in the Details

Join Michael Benoit of Hudson Cook as he drills down into the details of the 26 different Red Flags identified by the FTC.

Note: Webinar attendees will have the opportunity to have their specific questions on Red Flags answered.

Space is limited.
Reserve your Webinar seat now at:

I am promoting this webinar only to advance the cause of ethics and compliance in the F&I profession. As always, post feedback, or email as usual to: I always answer every email. Attend the webinar and run an ethical F&I department!

No, I am not receiving a check or other compensation from Compli or Hudson Cook for promoting this webinar - but the sponsors slot is still open... email to

www.Auto Industry News-with a twist

Back to blog homepage

No comments: