It’s anyone’s guess whether or not the June 1 enforcement deadline for the Red Flags Rule will stick. Well, since I’m sure many of you waited anxiously to find out if the Federal Trade Commission (FTC) would delay it for a fifth time, I thought it might be helpful to address a key phrase used by the agency to describe the effort it’s looking for from those who must comply: “bona fide.”
A bona-fide (or “good-faith”) effort means doing your best to meet the mandate at hand. That applies to the Red Flags Rule as well as the hundreds of other rules, regulations and requirements your dealership operates under today. The definition might seem simple enough, but achieving that type of effort is the single most important aspect of any compliance program.
The legal establishments for most of the Western world are able to determine whether companies have put forth a bona-fide or good-faith compliance effort when it comes time to dole out fines, claims and judgments. So, there is both a rhyme and reason to making a good-faith effort.
Bona Fide’s Link to Harrassment Rules
For those of you who know what the terms Safe Harbor Provisions or Affirmative Defense are, well, they represent the same general legal concepts as good faith and bona fide. It’s a pretty straightforward, common sense approach to compliance: Adopt compliant policies, give every employee a copy, train managers and employees, investigate promptly and enforce consistently. So, where did this standard come from?
Well, the bona-fide approach was born out of two 1998 U.S. Supreme Court rulings involving sexual harassment in the workplace. The cases are known in legal circles as the Faragher and Ellerth cases. In both cases, two female staffers accused their supervisors of sexual harassment.
Not only did the rulings bring about changes in how employers prevent harassment and avoid liability, they also set a compliance precedent for other rules and regulations. The rulings told employers that they could avoid or reduce their automatic liability if they exercised reasonable care to prevent and promptly correct the harassing behavior. Liability would also be reduced if an employee unreasonably failed to take advantage of any compliant procedure provided by the employer.
The two cases also established one additional item: Employers are required to include a test or an assessment after employees are trained on a compliance policy. The additional item basically requires that employers document their employees’ understanding of the policies and procedures once they’ve been trained on the organization’s policies and procedures. This is especially important in a moment of litigation. The test serves to prove that an offending employee knew and understood a given policy but chose to ignore it.
The simple beauty of this methodology is that dealerships do not need to demonstrate perfection. They merely have to document and demonstrate an understanding of what is required, and that they can consistently work toward effective business processes that address the regulatory mandate. Once the process is established, legal precedent indicates that your dealership can expect fewer liabilities and a concomitant reduction in your risk profile (i.e., your chances of paying out punitive fines or judgments are greatly reduced).
Complying With the Red Flags
Now, let’s take this same bona-fide compliance process and see how it fits with something you’ve been dealing with since November 2008 — the Red Flags Rule. The core of your dealership’s bona-fide compliance shield for this regulation is a legally compliant policy, which should be reviewed and updated on a regular basis. That’s because it’s difficult to convince plaintiff’s lawyers, district attorneys or judges that you have acted in a bona-fide manner if you haven’t taken the initial step of having a legally accurate Red Flags policy. If you don’t have a policy or would like to update an existing policy, there are companies that work with subject matter experts to develop the core policies and related content you need for your dealership.
Additionally, a bona-fide compliance system should target and distribute the relevant legal content. Basically, you must make sure your employees get what they need to properly adhere to the compliance requirements. But it doesn’t stop there. Your compliance process must provide a way to document when the content is delivered to the employees. It must also provide a central filing system — electronic or paper-based — where these documents can be accessed. Your dealership must also be able to track who has and hasn’t reviewed your organization’s policies.
Next is training, which goes hand in glove with the relevant policies and procedures used to comply with a specific regulation. Because the goal of your compliance process is to protect your dealership, you must also document your employees’ understanding of the policy once they’ve been trained. Doing so provides verification that your employees did in fact review the training in an engaged fashion.
A bona-fide compliance system also requires consistent incident responses, as well as triggers that alert management to noncompliance. Management also needs an easy-to-access reporting system so they can identify and spend time with those who don’t follow your dealership’s policies. Remember, it’s the people who don’t comply that will get you litigation every time.
Any compliance management system, manual or electronic, should also be able to remind employees of their required tasks. Red Flags is a dynamic process of review and evaluation, as tactics for preventing identity theft will change over time. And according to the mandate’s audit scheduling requirement, employees must be notified when policies and procedures are updated or changed.
Management also should be alerted when employees fail to take any required action relating to your policy, such as documenting that they have read and understand an updated policy. Having this type of system allows management to address problem stores, departments and personnel, as documentation is required when action is taken (e.g., terminations). And remember that inconsistency is the greatest source of legal claims and payouts at a dealership.
Lastly, your compliance management system must be able to document compliance for any operational or regulatory requirement. It also should provide guidance and direction during the Red Flags implementation process, as well as during the ongoing audit process.
Technology’s Role in a Bona-Fide Approach
You definitely have a whopper of a regulation to contend with in the Red Flags Rule, but not for the reason you think. See, all regulations are manageable. The challenge lies in effectively managing procedures and processes for every staffer in every department. To achieve that, you need a consistent, step-by-step process; something that today’s compliance technology solutions can offer. Filing cabinets stuffed with every document related to your compliance programs just won’t cut it in today’s regulatory environment. There’s simply no way to consistently compile and report in a moment of litigation with that type of system.
Today’s electronic compliance management systems were designed to provide dealers with the type of reporting system they need to quickly identify potential problems. These solutions can also allow supervisors and managers to identify those who are creating Red Flags liabilities. By automating content distribution, monitoring and reporting, a bona-fide compliance management system takes the effort out of compliance and provides executive management with clear visibility into areas of liability and compliance concerns.
Even a truly bona-fide compliance management system cannot change the compliance rules, regulations and requirements. But having one certainly can make compliance easier and less costly to manage. It also offers the highest level of protection against liabilities.
James Lawrence serves as the president of SelfServiceHR LLC, a company specializing in human resources and operational solutions. Since the mid-1990s, he has designed and built dealership software for fixed operations, front-end departments and human capital management. E-mail him at [email protected]