Red Flag Compliance FAQ
Frequently Asked Questions We've put together a list of common questions about Red Flag
- Q. What are the Red Flag Regulations?
- A. Proposed by federal banking agencies and the Federal Trade Commission, the Red Flag Regulations require you, as a business owner, to implement an identity theft prevention program. Dealerspan offers a suite of identity verification tools to help you minimize fraud-related losses, and maintain compliance with the Red Flag Regulations..
- Q. Is this law legit?
- A. Yes, the FTC passed this Rule to combat Identity Theft. Read about the Red Flags rule on the FTC’s website or download a PDF of the full Red Flags Federal Register Notice.
- Q. Why was the deadline changed to May 1st, 2009?
- A. There were certain business entities that were unsure if they fall under the obligations of this Rule, and it also gives financial institutions and creditors who do have their program in place time to fine tune their policies and procedures regarding Identity Theft. To learn more about this change read about the FTC’s Enforcement Policy Statement.
- Q. Why do I need to know about the Red Flag Regulations?
A. As a business that deals with covered accounts, your business is subject to these regulations. A covered account is defined as any account that a financial institution or creditor offers or maintains:
- That is primarily for personal, or household purposes that involves multiple payments or transactions (such as a credit card, mortgage, auto loan, checking account, or savings account) and
- That presents a reasonably foreseeable risk to customers (including business account customers) or to the safety and soundness of the business from identity theft.
- Q. I don't have to worry about these issues until May, right?
A. No, while dealers have an additional 6 months to get into compliance, the FTC also has an extra 6 months to refine their approach to enforcement. Dealers who have flaws in their programs post May 1st may find a less tolerant FTC. In addition to the significant time and energy that will be involved in creating Policies and Procedures, attention to the record number of identity theft issues and potential attacks is important.
The mandatory compliance date for the Red Flag Rule is now less than a year away, and it's prescriptions for preventing identity theft are a response to some of the biggest threats faced by businesses and their customers today. It is crucial to handle this situation as quickly as possible.
- Q. What are the fines for noncompliance?
- A. The fine that the FTC can levy on a business that has violated this federally mandated law is $2500 per “knowing” incident. The FTC defines a “knowing“ violation as each and every finance or lease deal which takes place after the deadline. So, if you sell 100 cars in a month after the new enforcement date and you finance 50% of them, you now have 50 “knowing“ violations. You would owe the FTC $125,000. That is just one month of noncompliance. Multiply that by 5 months and now you are looking at a fine of over a half-a-million dollars, and now you know why ignoring this mandate is such a bad risk idea.
- Q. Why do I need to be concerned with Identity Theft?
A. Identity theft is one of the biggest threats of loss to any business. For an example, a dealer that sells one of its vehicles to someone who misrepresents his or her identity puts a car on the street that it may never see again.
For a number of reasons business owners must know their customers. To protect your business and your customers, take steps now to ensure that the customers you deal with are who they say they are.
- Q. What is an Identity Theft Prevention Program?
A. A Federal Mandate explaining that any business dealing with covered accounts needs to:
- Establish and maintain guidelines regarding ID theft and to update them regularly. In developing such guidelines, the business is instructed to identify "patterns, practices, and specific forms of activity that indicate the possible existence of identity theft."
- Prescribe regulations requiring the establishment of "reasonable policies and procedures" to implement the guidelines "to identify possible risks to account holders or customers or to the safety and soundness of the institution or customers."
- Q. Does Dealerspan's Red Flag Complete package address the 7 points of concern as stated in Dealer Magazine?
Yes. Complying with the Red Flags Rule can be broken down into seven areas of concern as noted by Dealer Magazine. Our Red Flag Complete solution can help you comply to the Red Flag Rule in the following areas:
Concern Red Flag Complete's Solution Policy A policy outlining programs and processses within your dealership.
We assist in creating, storing and customizing a Red Flag identity theft prevention policy that best fits your dealership's needs. It is based on your assessment as identified from our online automated risk assessment.
Training Train your employees based on policies. Keep track of what employees were trained and when.
We provide online video training for your employees customized to your prevention policy. After taking training, your employees will be tested online. You can see when tests were taken, who has taken them and how well employees have scored to better enforce your policies.
Detection Detect potential manual and electronic red flags.
Red Flags Rule does not require that you develop a program for detection of red flags, however we can provide onsite security with assistance to help detect security red flags for your auto dealership.
Prevention Prevent identity theft from occurring in a transaction at your dealership.
By logging all employee training sessions and test scores, including policy creation and enactment dates, you can prove that you have done what you can to prevent identity theft in your auto dealership.
Mitigation What steps are taken in the event of an identity theft occurrence?
Even with perfect processes, policies, trained employees and security audits, nobody can guarantee that identity theft won't happen. We have tools that will help you gather key information about the incident to form an action plan to stop identity theft from that insecurity again. We will keep all records and information gathered about this incident online so that you can use it in future audits.
Oversight What steps are taken in the event of an identity theft occurrence?
All of our Red Flag compliance training, reporting and logging is available to you (the owner or board of directors) online. You can view which employees have taken what training and their scores. You can view your current risk level given your current policies in place. You can approve or disapprove courses or policies at your discretion. At any moment, reports, policies and dates can be pulled and printed for audit purposes.
Ensure Red Flags rule requires that dealers ensure that their program is updated, tested for sufficiency and annual reports can be provided.
We provide fully automated report generation at the push of a button for yearly reports or whenever you feel necessary. These reports show auditors your state of compliance in regards to the Red Flags Rule and shows that you have maintained up-to-date policies and procedures for identity theft prevention within your auto dealership.