Regulatory compliance for dealerships, and more specifically F&I managers, will get a bit more burdensome this year when a new federal policy takes effect.
Starting Nov. 1, dealerships and other retail outlets that provide consumer credit will have to develop and implement an Identify Theft Prevention Program, according to a news release from the Federal Trade Commission (FTC).
The new policy is an attempt to curtail identity theft, which results in billions of dollars in losses each year to individuals and businesses, according to a report from the President’s Identity Theft Task Force. According to the FTC, the new theft prevention program must:
In simpler terms, the FTC wants “the dealers to be able to exhibit a program in place so that they have some mechanism in their staff to catch identify theft red flags,” said Brian McSweeney, executive vice president and general counsel of Pacific Specialty Insurance Co., an affiliate of the McGraw Group. McGraw is one of three sponsors of a F&I certification program for the powersports industry.
Identity theft red flags could be issues that come up during a credit report, like seeing a discrepancy with a consumer’s address or Social Security Number. McSweeney said any such discrepancies must be reported to the consumer under the new program.
The program also requires credit and debit card issuers to develop policies to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card, according to the FTC.
McSweeney notes the new program is just one example of the “different levels of regulatory overlap” that frequently occur with F&I compliance matters.
“There are several areas where you walk through a regulatory minefield,” he said. “My philosophy is if you stick to the general concept of what each of these acts are trying to accomplish, which is protecting the consumer, safeguarding private information, maintaining records so you can cover yourself in respect to what you did or did not do and you take reasonable business steps, you’re going to have substantive compliance no matter.
“That’s the bottom line because as a practical matter, there’s no way for these regulatory bodies to come and audit you with respect to all of your plans and operations absent there being a problem. Because they’re not going to find out about this until there’s a lawsuit.
“The sage advice is to work with your information systems people, make sure you have the privacy statement as part of your credit application, make sure that your operational people have a general plan of program identify theft and safeguarding financial and private information that is reasonable and consistent with how you do business, meaning it gets put in a file, it gets in a file cabinet for some period of time and goes to storage in a box and you can always trace where it is. If you take minimal but substantive steps to protect the consumer’s information, then you shouldn’t have a problem.”