The Industry's Leading Source For F&I, Sales And Technology

Compliance

Game On for Red Flags

December 2008, F&I and Showroom - Feature

by Michael Benoit

Many financial institutions and creditors around the country have spent the last six or so months working diligently to implement their identity theft prevention programs as mandated by Congress and the Federal Trade Commission’s new Red Flags Rule. The rule had a mandatory compliance date of Nov. 1, 2008. However, on Oct. 22 the FTC announced that entities under its jurisdiction (i.e., auto dealers) would not be at risk of enforcement actions until after May 1, 2009. However, entities under the jurisdiction of the federal banking agencies are still subject to the Nov. 1 compliance deadline.

The net effect of the FTC’s enforcement delay is that financial institutions and creditors subject to the FTC’s jurisdiction have an additional six months to fully implement their programs without threat of FTC sanctions. The delay applies to the Red Flags Rule only. No change was made to the Nov. 1 compliance deadline for the two other rules passed in conjunction with Red Flags Rule last year, one of which requires users of consumer reports to resolve address discrepancies.

Conventional wisdom says the FTC decided to delay enforcement because there are a host of industries subject to the rule that didn’t realize it, and the FTC wanted to give these industries some additional time to achieve compliance. According to the FTC, any person or company that provides goods or services and allows the recipient to defer payment is a “creditor,” making them subject to the rule. This definition captures some unlikely suspects in its net. For example, it would include the plumber who fixes your leak and bills you later, or the doctor’s office that bills you after it determines what your insurance will pay. The merits of the FTC’s definition and the odds that making these types of industries achieve the objectives of the rule are debatable at best. However, this is a regulator many think has a history of over-reaching.

As far as we could tell, there was a significant number of dealers that would not have met the Nov. 1 compliance deadline. For dealers guilty of not doing so, now is not the time to be complacent, as the May 1 deadline will come around quickly. Dealers may have gotten a six-month breather, but the FTC has an extra six months to refine its enforcement strategies. Woe to the dealer facing an enforcement action who, after an 18-month lead time, did little or nothing to meet his compliance obligations. And fair warning to the dealer who was not on track to meet the Nov. 1 deadline and thinks he can slow down his efforts in advance of May 1.

If you decide not to comply with the rule, that’s your choice. But with fines of $2,500 for each customer you finance without a program in place, your dealership may be facing dire financial consequences. In this economy you just can’t afford that, especially when compliance won’t cost you that much. If you’re working on compliance but weren’t going to make the original deadline, now you have the opportunity to get your program up and running and fully tested well in advance of May 1.

Remember, you may have gotten a breather, but banks and credit unions didn’t. So while you may have an FTC enforcement holiday until May 1, rest assured you have contractual obligations to your finance sources to have a program in place now.

The FTC may have announced that it won’t prosecute violators for six months, but there’s an argument that the Red Flags Rule is mandatory now. Think about it like this: Your town lowers the speed limit on Main Street, but law enforcement announces it won’t hand out speeding tickets for a couple of months to allow drivers to adjust. Unfortunately, that won’t stop plaintiffs’ lawyers from suing if someone exceeds the new limit and causes injuries or damages. Look for lawyers to argue that the federal requirement is effective notwithstanding the FTC’s enforcement policy, and that a dealer’s failure to comply constitutes an unfair or deceptive act or practice under state law. You may think such a “bootstrapping” attack is far-fetched, but we’ve seen this argument used in other federal law claims.

In any identity theft scenario that results in you delivering a vehicle, you are as much a victim as the person whose identity was stolen. So do yourself a favor and get your identity theft prevention program in place as quickly as possible. Remember, this enforcement delay may seem like a gift, but there are real potential liabilities that can impact you right now.

Michael Benoit is a partner in the Washington, D.C., office of Hudson Cook LLP. He is a frequent speaker and has authored several books covering a variety of consumer credit topics, including “A Dealer’s Guide to the Red Flags Rule.” He can be reached michael.benoit@bobit.com. Nothing in this article is intended to be legal advice and should not be taken as such. All legal questions should be addressed to competent counsel.

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email: