Federal

Failure to properly monitor adverse action letters, and privacy notice records (especially on dead-on-arrival deals), is one of the biggest area of compliance improvement needed at most dealerships I visit. As part of an identity-theft-prevention-program, insuring proper signature of a privacy notice and credit application is vital, as is control of the adverse action letters.

Ask the dealer principal or GM about this, and invariably their stock answer is that it’s being taken care of. However when pressed for honesty, the finance director and desking manager usually paint a different picture. Internet sales departments, in particular, are prone to compliance mismanagement in this area.

In this FTC link, a subsidiary of Equifax settled with the FTC for $350,000 on charges that it failed to provide adequate disclosures.

Under the Fair Credit Reporting Act, the company allegedly failed to provide, “ ‘Notice to Users of Consumer Reports: Obligations of Users Under the FCRA,’ which notifies users of consumer reports of their statutory obligations, including notifying individuals if the user takes adverse action against them based on their consumer report,” as well as other related disclosures.

One scam I’ve seen involves grifters with incredibly bad scores going around to dealerships filling out apps knowing in advance that the special finance department can’t help them. Their app is a dead deal (or DOA), and a disgusted desking manager throws the signed privacy notice into a cardboard box. The frustrated sales person may likewise do something foolish with the deal jacket.

The grifter then returns in about six to eight months and claims he never authorized the dealership to pull his or her credit report. Since it was a dead deal, the dealership may or may not be able to find the signed privacy notice or application or a Xerox copy of the driver’s license- thereby being unable to provide evidence that the grifter had indeed been at the store and authorized the pull; and the store management is left with the open question as to what the grifter wants and what it will take to get rid of him or her.

First, some interesting feedback from reader Ernest Ferro about my Cash for Clunkers analysis on whether the CARS program will cause domestic automobile manufacturers to lose market share to foreign competitors:

Consider that this has nothing to do with brand (domestic or foreign). I believe that people are not being swayed one way or another. People are staying or changing loyalties based upon their prior experience in the market. Net:  this program is really a stimulus package for dealerships, which all happen to be domestic.

__________

Second, there has been a lot chatter about dealers being unable to get their deals approved.  AutoNews.com reported yesterday (link requires registration) that out of 219,000 applications for reimbursement, only 1,600 reimbursements have been made, and 14,000 have been approved.  Because I’m feeling very graphical this week, here is a pretty chart to illustrate those numbers (click on image for larger version):

Dealer Reimbursement Statistics - Cash for Clunkers

Less quantitative, but still interesting, data points can be found on F&I Magazine’s online forums. A user posted a question asking if anyone had received reimbursement yet, and all the responses were negative as of this writing.

No doubt much of the backlog is because the NHTSA is overwhelmed.  But also, the National Automobile Dealer’s Association posted a pdf document, “Cash for Clunkers Update and Tips”, which says, “NHTSA informed NADA this morning: “The vast majority of transactions we are receiving are being rejected due to obvious omissions or poor quality documents that are illegible.”  I’m not sure whether NHTSA meant to say “The vast majority of transactions that we are rejecting are due to…” instead, because what they are saying is that they’re rejecting most applications.

Either way, if you are having problems getting your employees to follow procedures and fill out documentation correctly, that is our bread and butter - we can help!  Contact us at sales@redflagsmadeeasy.com or call 512-436-0031

Update 08/18/09:  This still seems to be an issue.  Automotive News reports, “Dealers Shun Clunkers Amid Growing Ire over Slow Payments” (link requires registration).  From the article:

More than 70 dealers out of about 580 responding to an Automotive News survey today said they also had suspended clunker sales because of repayment concerns and other headaches they’ve had managing the program.

Update 08/20/09: The National Automobile Dealers Association has asked the Dept. of Transportation to suspend the program, and warned its members that they may not be reimbursed if they continue to accept CARS deals.

We visited a Volkswagen dealership on Saturday.  I’ve always loved Audi - a dealer friend of ours once tried to sell us a used Mercedes by saying, “Think of Mercedes as Audi with ONE circle instead of four” - and we wondered what their bigger but more affordable brother was offering.  Besides moving the Volkswagen CC VR6 to the top of my Want list, a couple of things came out of that visit:

First, business:  the sales rep was professional, personable, and very knowledgeable; the kind of  guy that you would feel good about buying a car from.  Likewise the dealership was new, clean, and all the employees from the receptionist on up were professional and responsive even on on a busy weekend day.

And yet, the dealership process for securing the customer driver’s license during the test drive was, “make a copy, and leave the copy face up on an otherwise empty desk right next to the showroom floor”.    When my husband commented on it, the sales rep moved the copy to a less visible area but it was clear that protecting customer data was not a big priority; I doubt the sales rep had ever heard of the Red Flags Rule.  Under the Rule, car dealerships have a responsibility to protect themselves and their customers from “reasonably foreseeable risks of identity theft” and safeguarding customer non-public information is certainly part of that.  We’ve said it before: treat customer data like cash.  If you wouldn’t leave cash lying around, don’t leave a driver’s license or credit app lying around.  The solution can be as simple as having the receptionist or tower guard those documents so long as they lock them up when they leave their desk.

Second:  in conversing with the sales rep, he mentioned that business was good; the start of a new model year is usually busy for dealers, but this year he was seeing “a lot of people we don’t usually see” because of the CARS (car allowance rebate system).  This started me thinking about “Cash for Clunkers” and its long term impact on domestic auto manufacturers.

US manufacturers have dominated the large car/truck/SUV market for years, whereas non-US manufacturers have dominated the small/fuel efficient market.  Since CARS encourages customers to buy fuel efficient vehicles, does it essentially encourage exising GM, Ford, and Chrysler customers to become Toyota and Honda customers?  I decided to do some research.  Stay Tuned for Part II.

American Bar Association President Thomas Wells Jr. plans to file suit against the FTC by the end of the week if the FTC does not drop its plan to enforce the Red Flags Rule starting August 1st. The ABA contends that the FTC has no right to regulate the legal profession (and in fact the ABA won a lawsuit to that effect in 2005) and that lawyers should not be subject to the Red Flags Rule:

The ABA’s current beef with the FTC is defining lawyers as creditors.

In June, Wells issued a statement urging the FTC to exclude lawyers from the regulations, known as the “Red Flags Rule,” which require businesses and organizations that act as creditors to establish programs for preventing identity theft.

“The FTC has taken the position that professionals like lawyers, who regularly bill their clients for services after those services are rendered, are creditors under the ECOA,” Wells says.

That is almost identical to the AMA’s main argument - that doctors who bill after services rendered are not creditors - which we covered here. It will be interesting to see how this plays out.

For car dealers, there is no question as to whether they are subject to the Red Flags Rule since they are specifically mentioned in FACTA. There may be another delay in enforcement, though, as the FTC sorts out requests from Congress, which, predictably, is under pressure from lobbyists such as the ABA and AMA.

Wired Magazine reports on the Security Breach Notification seminar in Berkely.  I’m glad somebody is asking this question.  From the article:

It’s clear that the laws have made the public more aware of breaches and the vulnerability of their data, and have exposed poor security practices at many businesses. A 2005 study by the FBI showed that in the absence of a legal requirement to report breaches, only 20 percent of firms would report serious breaches to law enforcement.

…

As notifications have become more ubiquitous — 55 percent of respondents in a survey by the Ponemon Institute last year said they’d received two or more notices within 24 months — many consumers have become inured to them, simply tossing them in the trash rather than acting on them to protect their identity.

The article also links to a study by Alessandro Acquisti of Carnegie Mellon University.  From the summary:

We find no statistically significant effect that [breach notification] laws reduce identity theft, even after considering income, urbanization, strictness of law and interstate commerce.

The study goes on to state that there may be various data quality or quantity reasons for that finding (and ultimately recommends a federal breach notification law to aid in research efforts and reduce conflict among state laws).  The study also cites Javelin Research’s finding that 90% of the cost of identity theft and fraud falls on businesses - merchants, credit card companies, banks - and therefore consumers may not be harmed as much as thought.