Author Archive

After several delays, the Red Flags Rule has finally come into effect and dealerships are being held responsible for having the compliance piece in place. January 1, 2011 was the implementation date.

During the delays several groups successfully argued to Congress for exemption from the rule, most notably physicians, CPAs and attorneys. Auto dealerships, however, have not been exempt and can now be held responsible.

A key requirement of the Red Flags Rule is that the compliance program must be tailored to the entity’s size, complexity and nature of its operations. If you have delayed compliance, or feel uncertainty about how complete your compliance approach is, please contact Red Flags Made Easy for information on how we can help.

For more information, send a request for a phone consultation to sales@redflagsmadeeasy.com

Failure to properly monitor adverse action letters, and privacy notice records (especially on dead-on-arrival deals), is one of the biggest area of compliance improvement needed at most dealerships I visit. As part of an identity-theft-prevention-program, insuring proper signature of a privacy notice and credit application is vital, as is control of the adverse action letters.

Ask the dealer principal or GM about this, and invariably their stock answer is that it’s being taken care of. However when pressed for honesty, the finance director and desking manager usually paint a different picture. Internet sales departments, in particular, are prone to compliance mismanagement in this area.

In this FTC link, a subsidiary of Equifax settled with the FTC for $350,000 on charges that it failed to provide adequate disclosures.

Under the Fair Credit Reporting Act, the company allegedly failed to provide, “ ‘Notice to Users of Consumer Reports: Obligations of Users Under the FCRA,’ which notifies users of consumer reports of their statutory obligations, including notifying individuals if the user takes adverse action against them based on their consumer report,” as well as other related disclosures.

One scam I’ve seen involves grifters with incredibly bad scores going around to dealerships filling out apps knowing in advance that the special finance department can’t help them. Their app is a dead deal (or DOA), and a disgusted desking manager throws the signed privacy notice into a cardboard box. The frustrated sales person may likewise do something foolish with the deal jacket.

The grifter then returns in about six to eight months and claims he never authorized the dealership to pull his or her credit report. Since it was a dead deal, the dealership may or may not be able to find the signed privacy notice or application or a Xerox copy of the driver’s license- thereby being unable to provide evidence that the grifter had indeed been at the store and authorized the pull; and the store management is left with the open question as to what the grifter wants and what it will take to get rid of him or her.

An increasingly common, and depressing, form of identity theft facing car dealerships is for a customer to assume the identity of an older relative in order to obtain a vehicle.

For example, say a young college student is named John Doe, and his father is John Doe Sr. Junior’s driver’s license reflects his permanent home address, which is also his father’s address. Junior has bad or no credit history, so he uses his father’s social security on the credit application.

Junior would pass most of the standard Red Flags checks. His appearance would match his photo ID. His name would match the name associated with his father’s SSN on the credit report. The address on his license and credit application would match the address on the credit report, so there would be no “address discrepancy” flag on the credit report.

Even if Junior fully intends to pay for the vehicle himself, using someone else’s social security number turns his questionable scruples into identity theft. Remember, using even one piece of someone else’s identifying information to commit fraud constitutes identity theft.

Also, an automated Red Flags check in a lender-portal, OFAC, or bureau-portal may not turn up any significant alerts either. (They’re really spider software modules.) If the date of birth is flagged, in most instances the fraudulent applicant would be familiar enough with the “real” social security person to answer any security questions posed by the software; and F&I would jot the discrepancy down to either a software glitch or credit report error.

I have found this compliance misstep often in dealerships that Red Flags Made Easy has consulted with, especially in markets where common Hispanic surnames exist. That is why we advise that F&I or the Desk check that the birth date on the credit report matches the birth date on the driver’s license, and also that the credit report history is consistent with the age and demographic appearance of the applicant. (For example, the customer’s drivers license lists his birth date as 1985, yet the credit report shows he bought a house in 1990.)

An examination of the complete credit history is crucial to determine where the desking or F&I manager is going to “shop” the deal anyway (especially as lender banks announce changes almost monthly on their paper), so adding this scrutiny to the store’s Red Flags Check List does not really encumber or delay the sales process.

Failure to catch this common misrepresentation can lead the dealership having to buy the vehicle back from the bank, and or civil litigation from an unappreciative “Uncle” or similar relation. Either way, it’s a costly mistake that could have been avoided through appropriate compliance.

One of the greatest problems facing any dealership in enforcing and maintaining compliance is employee turnover.

I can think of no other business entities, aside from automotive dealerships, which combine absentee ownership with high employee turnover in both management and line employees.

Add the stress of moving units in a slowed down market environment, and a limited attention span to compliance can be damming. Any MBA student is familiar with the term “Bounded Rationality,” which is defined as “cognitive limitations that constrain one’s ability to interpret, process, and act on information.” In short all business decisions are imperfect as businesses cannot endlessly analyze, and must move forward with imperfect information and limiting time & resource constraints. However, bounded rationality must meet minimal fiduciary and due diligence.

Sadly, in the automotive industry that is often not the case, and “check-the-box” approach is used. It is not uncommon for a compliance plan to be haphazardly pieced together, usually by an hourly employee with no subject matter premise, and then be put on a shelf and forgotten.

However it doesn’t have to be that way.

I recently revisited a store for which RedFlagsMadeEasy had done a turnkey plan within the past six months and was pleased to note that our integrated training had worked. Some key personnel, as well as a number of line employees had turned over; but because of our comprehensive plan and integrated checklists, human resources had been able to document that terminated employees had been removed from key systems, and that they had not taken any sensitive data (such as credit applications) to their new dealerships. The store had also documented the transfer of some key compliance responsibilities to the new desking managers. In short, proof that compliance can live on despite turnover.

Given the current market challenges, forced closing of stores by the manufacturers, and civil litigation environment, dealer principals can no longer afford a detached overview management style and must work towards both continuity and integrated compliance controls.