loader image

What are Red Flag Rules and Do I Need to be Compliant?

By Deal Pack - July 6, 2012

Annually, about 9 million Americans have their identity stolen. These victims are subject to bank accounts being drained, damaged credit, or potentially having an arrest warrant on them because someone robbed a store with their identity. As much damage as identity theft does to Americans every year, the same is done to businesses due to scam artists racking up unpaid bills. The cost of identity theft alone results in billions of dollars in losses each year.


The Red Flag Rules are enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration. A Red Flag would be a pattern or specific activity that may indicate possibility of identity theft. The agencies are requiring all financial institutions and creditors to really examine the procedures they have in place to protect the customer’s identity as susceptible information is handled on a daily basis. A credit check is no longer as foolproof as it was in the past.


What if you’re not compliant? Well, you get charged a hefty fine (up to $3500) for the first violation, and any violations thereafter can be a whopping $16,000. Fees aren’t your only concern when in violation of the rule; you also need to be concerned about potential law suits filed against your financial institution or dealership on behalf of someone whose identity was stolen. These lawsuits are typically for all incurred damages due to their identity being used to buy a car at your dealership or secure a loan at your bank.


Your dealership or finance company will want to start by implementing a process to create an Identity Theft Prevention Program (ITPP). ITPP outlines procedures based on a business’ own circumstances in a formal written program, and should be implemented ASAP. Start by identifying “red flags” – suspicious behaviors or patterns – that occur and would be linked to potential identity theft (i.e. fake ID’s, Social Security Numbers, signatures on documents provided for your stips presale that do not match up, or Credit Applications that may look altered). Once you have identified the red flags of identity theft in your business, you will want to set up procedures to detect those red flags in your daily operation. Use this program consistently to prevent multiple happenings in your companies and avoid the costly repercussions that can take place if you are negligent.


Simple things can be done, such as shredding unused documents with sensitive personal information or filing sensitive documents in a locked cabinet so it is not accessible to anyone in the dealership or bank except the representative or salesperson working with the customer at that time. DMS software can be compliant by taking precaution with people’s information, such as sending credit reports as encrypted files to the bureaus or coding all but the last 4 digits of a person’s SSN. Constantly update your program/procedures for Red Flags as the risk for identity theft changes all the time. Identity thieves will always exist; it is critical to protect your business with a thorough Identity Theft Prevention Program.

Subscribe to Deal Pack Blog