The Red Flags Rule was created by the Federal Trade Commission (FTC) to help prevent identity theft. Mandated by the Fair and Accurate Credit Transaction Act, the Red Flags Rule requires that Financial Institutions and any other company that performs a service, then receives payment once the work is complete (such as finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, medical practices, hospitals, law firms and more) establish a written Identity Theft Prevention Program with an effective mandatory compliance Program. Companies failing to create and maintain a "Good Faith" compliance effort run the risk of fines for each violation of the law and exposure to potentially disastrous public relations. The Red Flags Rule requires that companies:
- Designate a Compliance Officer/Coordinator
- Perform a Risk Assessment
- Draft and Communicate Policy and Procedures
- Conduct Employee Training
- Undertake Periodic Audits
- Obtain Board and/or Executive Management Approval
- Complete Ongoing Annual Reports.
The Compli Red Flags Toolkit was developed in consultation with Hudson Cook, LLP, a leading provider of legal services to the consumer finance and retail industries. The Red Flags Toolkit helps you ability to draft, implement, educate, monitor and report on your unique Red Flags Program.
Implementation Steps in this Guide
-
Create or identify a group for the “Red Flags Program Manager(s)” or “Compliance Officer”
-
Edit and Distribute the Red Flags Program for Automotive Dealers Policy
-
Edit and Distribute the Identity Theft Red Flags Policy for Employees
-
Edit and Distribute the Identity Theft Training Assessment for Employees (Optional)
-
Schedule the Identify Theft Annual Report Form for Distribution
-
Allow Employees to Start the Identity Theft Incident Report Form
Review the Implementing Your Red Flags Program Guideline
The guideline contains additional information and resources that are not covered in this document.
- Click on the Library tab
- Search for "Implementing Your Red Flags Program for Automotive Dealers Guideline" and then click on it to read
Create or identify a group for the “Red Flags Program Manager(s)” or “Compliance Officer”
You must appoint at least one Red Flags Program Manager, who is/are responsible for creating, monitoring, and maintaining the Identity Theft Prevention Program. You must create a group for this person if there is not one already created based on their Position.
- Click on the Admin tab
- Click on the Groups subtab
- Either locate an existing or create a new group that contains your Red FLags Program Manager. If you have multiple people program managers (e.g. one for each location) then place all of them in this group.
Distribute and complete the Red Flags Risk Assessment Form
This form will help you understand what risks your company's written Red Flags Program policy should address.
Review the Process Workflow
Set the form routing
- Click on the Admin tab
- Click on Workflow/Forms subtab
- Click on Processes
- Search for and click on Red Flags Risk Assessment
- Edit the routing rules for each stage by following these suggestions:
Stage Suggested Routing Rule Description Program Manager Section Subject Route to the "Subject" (i.e. the person to whom the system sent this form) Senior Management Section Queue or Supervisory Level Route either to a queue that contains your senior management or up the hierarchy to a senior manager for approval.
Schedule the Activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on the Red Flags Risk Assessment Form
- Click on Groups and assign to the appropriate group(s), such as your Red Flags Program Manager Group
- Click on Schedule and set the appropriate schedule. We suggest a one-time schedule with a due date in the near future. Be sure to add a number of days to distribute the form before it is due.
- Click Save
Edit and Distribute the Red Flags Program for Automotive Dealers Policy
The mandate requires you to establish a written Red Flag Program that is adopted by your Board and/or executive ownership. In Compligo, your written program takes the form of a policy entitled Red Flags Program. Compli provides a starting point for this but it is your responsibility to customize this document red text to mark areas where you should provide information specific to your company. Read the policy, fill in the red text areas, and make any other changes you think necessary.
To complete the policy you must describe the specific procedures your company will adopt. We’ve provided four sample documents to help you formulate appropriate procedures. They will help you create point-of-sale tools that should be used for each transaction that occurs through the dealership.
These tools include:
- Red Flag Detection Checklist: This document should be customized for your dealership. Use your customized Red Flag Detection Checklist to help assess each transaction and flag any potential identity theft risks. Your customized checklist can be used for all finance and lease transactions and is recommended for all Sales and F&I personnel.
- Customer Identification Checklist: This document should be customized for your dealership and used consistently to verify customer identity in finance and lease transactions. Your customized Customer Identification Checklist can be used for all finance and lease transactions and is recommended for all Sales and F&I personnel.
- Red Flags and Responses: This document should be customized for your dealership and used as a guide to equip the team with responses to various ID theft related issues. Your customized document is recommended for all Sales and F&I personnel.
- Sample Customer Identification Workflow: This document provides a sample workflow your dealership can customize and use as a standard procedure for verifying customer identity. You should create your own customer identification workflow and share it with all Sales and F&I personnel.
Because company operations vary, these tools should be reviewed and modified to fit your specific needs.
Edit the policy
- Click on the Library tab
- Search for "Red Flags Program for Automotive Dealers Policy" and click on it
- Click on the Edit button to view the list of versions
- Click Create Draft to the right of the latest published version
- Click Edit next to the Draft version that you just created
- Following the instructions in RED to edit the policy
- Click Publish when you have finished editing the policy
Schedule the activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on the Red Flags Risk Assessment Form
- Click on Groups and assign to the appropriate groups, such as your Executive, Ownership and/or Board of Directors
- Click on Schedule and set a one-time schedule with a due date in the near future. Be sure to add a number of days to distribute the form before it is due.
- Click Save
Edit and Distribute the Identity Theft Red Flags Policy for Employees
The mandate requires you to create a policy for employees to understand and follow the procedures established in your Red Flag Program. Compli provides a starting point for this policy. Find the Identity Theft Red Flag Policy for Employees and follow the instructions inside. Much of the information you need to put in this policy can be taken directly from the Red Flag Program.
Edit the policy
- Click on the Library tab
- Search for "Identity Theft Red Flags Policy for Employees" and click on it
- Click on the Edit button to view the list of versions
- Click Create Draft to the right of the latest published version
- Click Edit next to the Draft version that you just created
- Following the instructions in RED to edit the policy
- Click Publish when you have finished editing the policy
Schedule the activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on Identity Theft Red Flags Policy for Employees
- Click on Groups and assign to the appropriate groups, such as Executive, Ownership, Sales, Finance and Insurance, Cashiers and anyone else who participates in a credit transaction.
- Click on Schedule and set an annual schedule based on the Hire Date. We recommend that you set the Immediate Distribution option to Yes.
- Click Save
Distribute the Red Flags Program Overview Training
Title | Duration (Minutes) | Type | Description |
Red Flags Program Overview | 15 | Course | This course provides supervisors with a general overview of the Red Flags Rule created by the Federal Trade Commission (FTC) to help prevent identity theft. Upon completion of this course, you will be able to implement reasonable policies and procedures for detecting red flags and comply with the Red Flags Rule. |
Schedule the activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on Red Flags Program Overview Training
- Click on Groups and assign to the appropriate groups, such as Executive, Ownership, Sales, Finance and Insurance, Cashiers and anyone else who participates in a credit transaction.
- Click on Schedule and set an annual schedule based on the Hire Date. We recommend that you set the Immediate Distribution option to Yes.
- Click Save
Edit and Distribute the Identity Theft Training Assessment for Employees (Optional)
We recommend that you create a multiple-choice assessment in Compli to quiz employees on the procedures that you expect them to follow. Edit it and add questions to quiz employees about your red flags policy. Use elements from your Identity Theft Red Flags Policy for Employees to craft your additional company-specific questions. We’ve provided a starting point for this assessment that you can customize.
Edit the assessment
- Click on the Library tab
- Search for "Identity Theft Red Flags Assessment for Employees Assessment" and click on it
- Click on the Edit button to view the list of versions
- Click Create Draft to the right of the latest published version
- Click Edit next to the Draft version that you just created
- Add or Edit the training assessment as desired
- Click Publish when you have finished editing the assessment
Schedule the activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on Identity Theft Red Flags Assessment for Employees Assessment
- Click on Groups and assign to the appropriate groups, such as Executive, Ownership, Sales, Finance and Insurance, Cashiers and anyone else who participates in a credit transaction.
- Click on Schedule and set an annual schedule based on the Hire Date. We recommend that you set the Immediate Distribution option to Yes.
- Click Save
Schedule the Identify Theft Annual Report Form for Distribution
Your Red Flag Program must be reviewed at least annually. Compli provides a form to reassess your risks and determine whether you may need to update your program and policies.
Review the Process Workflow
Set the form routing
- Click on the Admin tab
- Click on Workflow/Forms subtab
- Click on Processes
- Search for and click on Identity Theft Annual Report Form
- Edit the routing rules for each stage by following these suggestions:
Stage Suggested Routing Rule Description Program Manager Section Subject Route to the "Subject" (i.e. the person to whom the system sent this form) Board/Designated Senior Management Section Queue or Supervisory Level Route either to a queue that contains your senior management or up the hierarchy to a senior manager for approval. CFO Section Queue or Supervisory Level Route either to a queue that contains your CFO or up the hierarchy to the CFO if that person is in the management hierarchy.
Schedule the Activity for distribution
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on the Identity Theft Annual Report Form
- Click on Groups and assign to the appropriate group(s), such as your Red Flags Program Manager Group
- Click on Schedule and set the appropriate schedule. We suggest an annual schedule with an initial due date about one year from now.
- Click Save
Allow Employees to Start the Identity Theft Incident Report Form
This form is used to report and document incidents of suspected identity theft.
Review the Process Workflow
Set the form routing:
- Click on the Admin tab
- Click on Workflow/Forms subtab
- Click on Processes
- Search for and click on Identity Theft Incident Report Form
- Edit the routing rules for each stage by following these suggestions:
Stage Suggested Routing Rule Description Employee Section Subject Route to the "Subject" (i.e. the person who started the form) Board/Designated Senior Management Section Queue or Supervisory Level Route either to a queue that contains your senior management or up the hierarchy to a senior manager for approval. CFO Section Queue or Supervisory Level Route either to a queue that contains your CFO or up the hierarchy to the CFO if that person is in the management hierarchy.
Set the Activity to be startable by All Employees
- Click on the Workspaces tab
- Click on the Consumer Finance workspace
- Click on the Red Flags initiative
- Click on the Identity Theft Incident Report Form
- Click Edit and set the Start Menu Folder to "Report an Incident" or something similar
- Click Groups and assign "All Employees" (or another set of group as appropriate) within the "In Start Menu" for section.
- Click Save
Comments
0 comments
Please sign in to leave a comment.