Red Flags Rule


By now I am sure everyone is aware the FTC has delayed enforcement of the Red Flag Rules until August 1, 2009. Delays in FTC enforcement, however, do not eliminate any of the potential civil liabilities; so there is no get of jail free card. Despite calls for Red Flag compliance for over a year now, we continue to see stories of blatant use of identity theft to make purchases. A recent example can be found in an article published in the Arizona Republic (http://www.azcentral.com/news/articles/2009/05/12/20090512abrk-dealershipcars.html)

The article discusses a 60-year-old man believed to be part of an identity theft ring who spent the last few months preying on dealers in Arizona using false ids and buying cars. The man in question allegedly went into the same dealership several times over the course of a few wks and purchased several SUVs. This is the kind of situation the Red Flag rules were created to avoid. A little investigation, and application of Red Flag procedures would probably have resulted in no sale, and avoided the headaches that are sure to follow.

We at Automotive Compliance Consultants, Inc. hear the grumblings from dealers daily about why they are required to be the identity theft police for the government. The reality is that a majority of dealers are conscience of the need to short circuit sales to people using another’s identity. Gone are the days where a transaction gone bad is a lender problem. The lender demands reimbursement from the dealer, the search for the car starts, and no one wants to receive an inquiry from the identity theft victim’s attorney. The whole idea around the Red Flag Rules is to stop theft from happening at the point of purchase. A good Red Flag program will protect your dealership from loss, bad publicity, and possible government fines and civil damages. Now that the law exists, you can be sure the Plaintiffs lawyers are trying to figure out a way to exploit it at the expense of each entity that fails to follow the guidelines.

What is required to be compliant with Red Flag, and mitigate the Identity theft that is rampant in our society and industry? Compliance with Red Flag Rules is a simple process for dealers that have embraced safeguarding customer information, and have created internal processes to ensure their customers’ protection.

Let’s first define “Red Flag”. It is a pattern, practice, or specific activity that indicates the possible risk of identity theft. We as “car people” are the most intuitive people period. We know when something isn’t right because for the most part anyone that has been in this business for any length of time probably has seen it all, and I do mean all. The reality is if something doesn’t seem right it probably is not. Here is what is required for Red Flag compliance:

1. Create a written program and implement it. The program must consist of three parts: (must be signed off by an officer of corporation)
a. detect identity theft
b. prevent identity theft
c. mitigate identity theft

2. The written program must contain “reasonable policies and procedures to:
a. identify relevant red flags;
b. detect red flags incorporated into the program;
c. respond to identity theft once detected to:
1. Prevent
2. Mitigate
3. Ensure that the program is updated periodically

4. All employees must be trained on how to implement the program

5. Exercise appropriate oversight of service providers

6. An annual report to the board of directors outlining the compliance activities.

In conclusion, the issue is not whether dealers have to be the police force for the Government, but that dealers should institute practices and procedures to make all employees more aware of what is going on and avoid questionable transactions. In today’s environment there is no reason to become involved with situations like the one in Arizona unless you are looking for the wrong kind of publicity.


Terry Dortch President/CEO Automotive Compliance Consultants, Inc. 60 B West Terra Cotta Dr #159 Crystal Lake, Il 60014 866-301-0593 www.compliantnow.com tdortch@compliantnow.com