SCHAUMBURG, Ill. — With compliance associated with mandates
issued by the Consumer Financial Protection Bureau creating quite an industry
stir nowadays, Zurich Automotive revisited regulations that are a little older
but still vital to day-to-day operations at dealerships.

Zurich reiterated that the Red Flags Rule enforced by the
Federal Trade Commission requires dealers to develop and implement a written
identity theft prevention program designed to identify, detect, and respond to
warning signs — known as red flags — that indicate that a customer or potential
customer could be using stolen information to obtain an indirect or direct loan
or lease at their dealership.

In other words, officials said dealerships are required to
create a program that allows them to be reasonably certain that the person
entering into the credit or lease transaction is who they say they are.

Enforcement of the rule began on Jan. 1, 2011, after several
delays to give Congress time to consider legislation that affected the scope of
the entities covered by the rule.

While managers may already have systems in place to verify
the identity of a dealerships' finance and lease customers, Zurich emphasized
current systems may not be in compliance with the more elaborate requirements
of the rule.

To help ensure your dealership gets and stays in compliance,
Zurich recommended the following seven steps:

1. Put the program in writing

Your program must contain reasonable policies and procedures
to address four primary responsibilities under the rule. The rule also states
that each program must be documented in writing. While potentially burdensome,
this requirement has obvious advantages to the dealer. It forms the basis for the
employee training that is required by the rule, and makes responding to
government audits and inquiries possible.

2. Make a list of patterns, practices or specific activities
that could be red flags signaling possible identity theft.

Your policies and procedures should require that you become
at least reasonably certain of your customer's buyer's identity. A supplement
to the rule on the FTC's website provides illustrations of 26 possible red
flags that fall into the following five categories:

—Receiving alerts, notifications or warnings from a
consumer-reporting agency

—The customer presents suspicious documents.

—The customer presents suspicious personal identifying information, such as a
suspect address.

—Dealership staff notices unusual use of or suspicious activity within an
existing account.

—You receive notices from customers, victims of identity theft, law enforcement
authorities or other businesses about possible identity theft in connection
with an existing account.

Note, not all 26 possible red flags will be relevant to the
way your dealership does business.

In particular, unless you have accounts to which customers
can make charges after origination, for example, house credit accounts, the
seven possible red flags in category four are not likely to apply to your
dealership.

You also need to guard against identity theft risks that
result from employee access to account information. Employee access should
already be limited as part of your overall information security program.

3. Make a list of methods used to detect and evaluate if a
red flag has occurred.

The program should describe procedures used to verify customer
information and detect when information is incorrect. Some procedures include:

—Specifying acceptable forms of identifying information
required of each finance customer

—Specifying procedures to verify identifying information,
for example, using third-party resources to confirm identification or detect
fraud

—Using a system to monitor employee compliance relative to their
access and use of customer account information

4. Describe how your dealership will respond when red flags
are detected.

The program must contain reasonable policies for responding
to red flags detected during a transaction. This should include a procedure for
escalating unresolved situations to senior management.

Some appropriate responses to unresolved red flags would be
to:

—Not continue the transaction

—Use additional resources to verify the customer's identity.

—Notify law enforcement.

—Determine that no response is warranted.

5. Document all red flag responses and keep them in the
customer file.

All red flag responses should also be kept in a dealership
file to be used to maintain and update the program.

6. Detail a plan to update the program periodically.

Update the program to reflect changes in risks to customers
or to your dealership's safety and security based upon:

—Your experience with identity theft

—New methods of identity theft

—New methods of identity theft prevention and detection

—Changes in the types of accounts offered or maintained by
your dealership

—Changes in your dealership's business or structure such as
mergers and changes in service provider arrangements

7. Follow the Red Flags Rule guidelines in managing the
program.

The rule provides for some specific administrative actions
that need to take place to adequately manage your program. These include that
your program must:

—Be approved and implemented by your dealership's board of directors
or, if no board exists, a designated member of the senior management team.

—Be periodically evaluated to determine if updates are
necessary.

—Include training for relevant staff on their obligations
under the program.

—Be able to ensure service providers have reasonable
procedures to detect, prevent and mitigate the risk of identity theft.

Penalties for Violations

Penalties for violations of these regulations are stiff. These
include the following:

—A "knowing" violation of the rule is a violation of the FTC
Act, which provides for a $3,500 civil penalty for each violation.

—Enforcement actions by the FTC can carry penalties of up to
$11,000 per violation, per day.

—Dealers may also be liable under state unfair and deceptive
acts, and practices law, which may include individual and class action claims.

Additional resources from the FTC can be found here.

Continue the conversation with SubPrime Auto Finance News on LinkedIn and Twitter.

Normal
0
false
false
false
EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}