askthemercedesmechanic.com

Implementing An Effective Red Flags Program.  A Red Flag is a pattern or specific activity that indicates possible existence of identity theft in your Automotive Dealership.  Compliance is required on November 1, 2008. The program is to be implemented on October 1st to give a margin to evaluate effectiveness.Dealers are Lending Institutions. If a dealership enters into retail installment sale agreements with a customer, they are lenders under the FCRA and the FTC and subject to laws and regulations affecting lending institutions.If you have successfully implemented a Safeguards program, you can implement a successful Red Flag program. The two programs are very similar. As the first step to comply with the Safeguards rule is to develop a written Information Security Program, the first step in implementing the Red Flag Rules would be to develop a Written Identity Theft Program.Each dealership needs its own written “Identity Theft Program.” The implemented Program must:• Identify the Red Flags• Detect the Red Flags• What the responses will be if a Red Flag is found• Periodically audit the dealerships operations to insure compliance with the policies and procedures.If you have successfully implemented a Safeguards Program, you can implement a successful Red Flag Program. They are very similar.”PENALTIES for violating the Red Flag Rule could be a combination of multiple avenues of enforcement:• $2500.00 per violation for violating the FCRA Act.• $11,000.00 per violation of the FTC Act.• Possible violations of state unfair and deceptive practices laws.WHAT IS COVERED BY THE RULE?• Retail Installment Sale Contract transactions only.a. All consumer and business retail installment sale transactions whether or not you intend to hold the paper.GOOD ADVICE:• For Red Flag, just treat all info for starters as if it is subject to the Safeguards Rule.• Appoint a Joint ISP/ITD Program Coordinator. Include Patriot Act customer ID requirements.MUST CONTAIN REASONABLE POLICIES AND PROCEDURES TO:• Identify relevant Red Flags for your business and incorporate into a written program.• Detect relevant Red Flags that have been incorporated into your written program.• Respond.• Periodically update ITP program.KEY POINTS:The Initial Identity Theft Program must be approved by the dealership’s Board of Directors or appropriate committee of the Board of Directors. If no Board, an authorized Principal must approve.TRAINING - must train as necessary to effectively implement the ITP program.SERVICE PROVIDERS - must exercise appropriate & effective oversight of service provider arrangements.WHICH FLAGS TO INCLUDE? -1. The ones that the corporation has experienced.2. The ones that the FTC has included in its guidelines. All 26 of them.*** Include in your ITP program those things that you already do to control reasonably feasible risks.(You should already be doing this by complying with the Safeguards Rule).RISK FACTORS:• Types of accounts you offer or maintain.• Methods used to open accounts.• Methods through which you allow access to accounts.• Previous experiences with Identity Theft.SOURCES OF RED FLAGS:• Dealership experience.• New experiences of identity theft.• Applicable Supervisory Guidance. www.FTC.gov

This entry was posted on Thursday, January 17th, 2008 at 1:54 pm and is filed under General Information. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.