Extension gives dealers more time to comply with Red Flags Rule
September 8, 2009
Filed under Features
By Karin Gelschus
The Federal Trade Commission (FTC) delayed the deadline to give companies more time to comply with the new “Red Flags Rule,” a program geared at identifying and responding to identity theft.
The FTC extended the deadline to Nov. 1.
A main reason for the holdup is because financial institutions and creditors are saying they’re not ready for the new regulations, says Steve Cline of Zurich.
“A lot of the business groups keep asking for more time to get ready,” he said. “The businesses that have always done a good job with the customers’ paperwork probably don’t have to change very much, but the ones that haven’t been as careful are going to have to change their ways and put a plan in writing where they train their employees to ask questions when something doesn’t look right. Those are the red flags.
“Sometimes when you’re eager to make a sale and get the customer out the door, you might overlook certain things. But now the law is going to require you to stop and ask more questions or get back-up documentation.”
While there is no one specific contract for dealers to prove they’re in compliance with the Red Flags Rule, they still must have documentation showing they are in fact complying.
“(The Red Flags Rule) was written so businesses will come up with their own game plans to address these issues as it applies to their business practices,” Cline said, “because not everything in the Red Flag rules applies to their dealerships.”
The Federal Trade Commission is offering a number of resources to assist financial institutions in implementing and customizing their plans.
The FTC’s Red Flags Web site, ww.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to comply with the federal mandate. The Web site includes a compliance template that enables companies to design their own Identity Theft Prevention Program.
One specific section to look at is the “How To” site, www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm, says Jeffrey Kenny, regulatory affairs director for Western Service Contract Corp., which is part of the McGraw Group.
“It notes how businesses can comply and provides information on potential penalties for non-compliance,” he said. “Everything I have read on the rules has stressed that the 26 sample red flags (pages 54-55 of the rule; see sidebar page 19) are not a checklist but just examples. However, they are a good guide for developing a dealership’s own rules.”
Kenny, who is not an attorney but tracks statutory/regulatory issues, advises dealerships:
Read and take the rules very seriously, but do the minimum to protect identity theft and to achieve compliance. Otherwise, a dealership might overspend on complying with something it already handles well. “This is not an option in this economy,”?Kenny said. Existing identity theft procedures may just need to be documented and certified by the dealership’s board.
Read the 26 sample red flags (see sidebar, pg. 19) and then create your own specific to your dealership’s operations.
Develop a written plan that is specific to the dealership. Do not just implement a template that is not specific to your dealership, but do check with companies that offer templates for dealerships because most allow you to customize.
Large dealerships with lots of identity theft exposure may want to hire an attorney to review their written plan, even if a template was customized. Here, you will want someone already familiar with these rules (Kenny said, “Don’t pay them to learn a new field,”) and who can recommend specific modifications.
Have the dealership’s board certify the final written plan.
Implement the plan and always be consistent in executing it. Train employees.
Log/Track any issues consistent with your plan.