2017 GNYADA Membership Directory

HOT TOPICS

A dealer’s ITPP must be appropriate to the size and complexity of the dealership and the nature of its operations. The Red Flags Rule does not apply to cash sales, although if a customer pays more than $10,000 in cash or cash equivalents, you must file an IRS/FINCEN Form 8300 within 15 days of the cash sale and send a written notice to the customer that you have filed the Form 8300 by January 31 of the following calendar year. See “Cash Sales” in Chapter 4. A robust ITPP that you consistently apply with all customers is important as the FTC indicated Red Flags would be a priority area for this year. The Red Flags Rule is designed to prevent consumers and your dealership from becoming victims of identity fraud. Auto dealers lose when they finance a vehicle to an identity thief and, typically, the vehicle is long gone by the time the identity theft is discovered. Most lender agreements require the dealer to repurchase the contract with an identity thief, even if the customer has made several payments. The Red Flags Rule goes a step further. The Rule requires lenders to monitor accounts in their portfolio (along with written-off accounts) for evidence of identity theft to attempt to detect and mitigate further identity theft. So more lenders are examining delinquencies and written-off accounts for identity theft, even accounts that may have paid for substantial periods of time. Instead of just writing these accounts off as credit losses as they did in the past, lenders are now forcing dealers to repurchase accounts they identify as identity theft accounts, even if the identity thief has made payments for a period of time. A dealer in Utah received three “repurchase” demands in one day from a national lender on accounts that had been originated and assigned by the dealer to the lender up to a year earlier. This“back end”repurchase risk presents perhaps your biggest financial risk from identity theft. A good ITPP program will protect you, the dealer, more than anyone else. The dealer’s Board of Directors (or its highest governing authority) must approve the initial ITPP, and take responsibility for it. A senior officer must be appointed to be the ITPP program manager (“Program Manager”), responsible for developing, overseeing, implementing, training, updating, and administering the ITPP, but the final responsibility will rest with the Board of Directors or the senior management team. The Red Flags Rule requires a four-step compliance process: The first step is to identify appropriate “red flags” for your ITPP. Red flags are patterns, practices, or specific activities that indicate the possible existence of identity theft. The Red Flags Rule lists 26 potential red flags that you must consider for your ITPP, but many will not apply to auto dealers. Others may. The types of covered accounts a dealer originates (and for buy-here-pay-here dealers, the covered accounts it maintains), a dealership’s individual experiences with identity theft and those of similarly situated dealerships, and appropriate regulatory and law enforcement guidance may be the best sources for determining your dealership’s red flags. For example, red flags for accounts that are opened over the Internet (like eBay Motors) may differ from those accounts originated face-to-face at your dealership. The second step of the Red Flags Rule is to employ procedures to detect the presence of any of your identified red flags in individual consumer credit transactions as well as business credit transactions you identify as posing identity theft risks. An electronic identity verification service such as Dealertrack Red Flags can help you compare the customer’s reported information to fraudulent databases and stolen Social Security numbers, among other red flags. It is also important to examine customer’s IDs (front and back) for tampering or counterfeiting, as well as to carefully review credit reports for unusual patterns of recent activity or other irregularities. These are three excellent ways to identify red flags in customer transactions for persons who come to your dealership. Internet customers who you may never meet require even more diligence. Out-of-wallet or knowledge-based authentication questions that ask information which only the real person would know (an example is listing five people and asking which one the customer knows, one being the real person’s brother-

MEMBERSHIP

DIRECTORY

2017

126

Made with FlippingBook - Online catalogs