The Red Flags Rule: Compliance Reminder
To inquire about the Red Flags Program for Low-Risk Dealers compliance solution available from OIADA/ADR of Oklahoma, contact us at 800-346-4232, 405-232-2947 or lynna.kay@buyadr.com.
The regulation known as the Red Flags Rule derives from the Fair and Accurate Credit Transactions Act (FACTA). The
rule is intended to cause businesses and organizations to make conscious effort to be aware of the warning signs of identity theft. By focusing on these warning signs – or red flags – businesses should be better able to spot an imposter using someone else’s identity to obtain products or services. As implemented by the Federal Trade Commission, the Red Flags Rule became effective Jan. 1. As a practical matter, the rule applies to your business if you provide products or services and allow customers to pay after-the-fact.
Scope of the Red Flags Rule
The rule applies to financial institutions and creditors who have covered accounts, terms that have specific meaning under the rule. Whether your business or organization is a financial institution or creditor isn’t based on the line of work you’re in, but rather on whether your activities fall within the definitions in the law. As defined by the rule, financial institutions are typically banks, savings and loans, credit unions, and other institutions holding transaction accounts. Auto dealers do not commonly meet this definition. Many dealers do, however, meet the definition of creditor. Under the rule, the definition of creditor is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later, such as utilities and telecommunications companies. The definition also covers businesses or organizations that regularly grant loans, arrange for loans or the extension of credit, or make credit decisions. Examples include dealers that offer financing or collect or process credit applications for third-party lenders.
For businesses determined to be financial institutions or creditors, only covered accounts are subject to the Red Flags Rule. The rule defines covered accounts to be 1) consumer accounts designed to permit multiple payments or transactions, or 2) any other account that presents a reasonably foreseeable risk from identity theft. Dealers are required by law to identify the vehicle purchaser in all sales. Consequently, every account holds sensitive identifying information, and, because of clause 2, should be considered a covered account, whether it is a cash or finance transaction. In summary, dealers who grant loans, arrange for loans or the extension of credit, or make credit decisions in the course of vehicle sales are considered creditors and must comply with the FTC’s implementation of the Red Flags Rule. All their vehicle sale accounts are covered accounts.
Effect on Third-Party Lenders
Third-party lenders are also subject to the Red Flags Rule. They face the same legal obligation to prepare and implement effective identity theft prevention programs. Reports across the industry are third-party lenders are now successfully shifting the risk of identity theft to the originating party. In cases of loan default attributed to identity theft, third party lenders are increasingly demanding contract repurchase on the basis of the originating party’s obligations under the Red Flags Rule.
Importance of Compliance
The rule effectively places the burden of preventing identity theft on you, the dealer. By law, you are now required to have a written identity theft prevention program in place. And, for your own benefit, it should be a viable program that is integrated into your everyday procedures. If you do not have a plan in place, or if it is not a viable plan, you
The rule effectively places the burden of preventing identity theft on you, the dealer. By law, you are now required to have a written identity theft prevention program in place. can be hit squarely in the pocketbook – by loan default if you are carrying the note or by third-party lenders demanding repurchase. You may also be subject to civil liability arising from the identity theft victim arguing that failure to implement a viable Red Flags Program is negligence on your part.
Complying with the Red Flags Rule
To comply, you must develop, implement, and maintain a written identity theft prevention program. The written program should both adhere to the rule’s guidelines and should be oriented to your particular day-to-day operation. Your program should have been in place by Jan. 1. To inquire about the Red Flags Program for Low-Risk Dealers compliance solution available from OIADA/ ADR of Oklahoma, contact us at 800-3464232, 405-232-2947 or lynna.kay@buyadr. com. DISCLAIMER: This article was prepared for informational purposes only. It has been made available with the understanding that ADR of Oklahoma is not engaged in rendering legal advice. You are urged to contact legal counsel for its application to your operation.
14
DEALERS’
RECOVERED_OK_0711_1.indd 14
RESOURCE
JULY 2011
w w w. e - o i a d a . c o m
6/21/11 1:07 PM