A sadly, not uncommon comment is some variation of, "We need to make sure our store meets compliance standards, we need a Red Flags Manual." Well, unfortunately, having a Red Flags Manual does NOT make a store compliant. It doesn't even, by itself, demonstrate a "good-faith" effort to address compliance issues.Why does any of this matter? 33% of Americans are victims of Identity Theft. 25% of those found out when they were notified of unpaid bills. 30% saw money missing from accounts or unknown credit card charges.
Some Identity Theft is actually related to terrorism. Some Identity Theft is simply a crime of greed or convenience. Your store can be involved on the "receiving" side – someone used Identity Theft to buy a boat, RV or other Powersport or recreational vehicle. It could be involved on the enabling side by allowing an identity to be stolen through inappropriate handling of personally identifiable non-public information. There could be money laundering activities associated with any of these – or independent of these.
Let's start at the beginning. The Red Flags Manual does discuss Identity Theft, its recognition and prevention, but there is more. The Disposal Manual and the Safeguards Manual discuss the appropriate protection, storage, and disposal of personally identifiable non-public information in the form of credit applications, pictures of social security cards and driver's licenses, etc. There are needed as well. The OFAC Manual addresses prevention of selling to or engaging with terrorists, terrorist organizations and their affiliates. Finally, the USA Patriot Act Manual lays out issues around money laundering. All of these are required.
Simply having the full set of manuals doesn't even come close to demonstrating "good-faith". These all must be read, understood, and signed by the dealership's designated Compliance Officer. The Compliance Officer bears the responsibility for training and enforcing compliance policies and practices. Every employee who handles or has access to personally identifiable non-public information must be trained and that training must be demonstrable and regularly reinforced.
With all of that, demonstrating a "good-faith" effort at meeting good compliance practices is closer – but still not complete.
There is the issue of physical equipment placement, protection, and control. It is easy to leave copies of documents that need to be protected on copiers, fax machines and scanners. Is all this equipment in controlled locations accessible ONLY by trained personnel who require access to personally identifiable non-public information? Are these documents, when destroyed, destroyed with a cross-cut shredder? Straight-line shredders are not acceptable for compliance purposes.
Are documents stored in locked filing cabinets? Is the Finance office locked/lockable?
Finally, does the Compliance Officer and/or other management do regular "walk-arounds"? On at least a weekly basis, but at unpredictable time, the Compliance Officer, or someone designated by the Compliance Officer should just do a "casual" office walk-around. They need to be checking on the following:
• Are locked cabinets locked if there is no one around?
• Are there personally identifiable non-public documents unattended on copiers, fax machines, or scanners?
• Are there personally identifiable non-public documents lying unattended on desks or in unlocked desk drawers?
• Is the Finance Office locked if vacant?
All of this should be documented showing the date and time of the walk-around and the compliance or non-compliance in each area. If there is non-compliance, there should be notes showing the action taken. This documentation should be included with the compliance documents.
When everything mentioned above is being doe, you are demonstrating a "good faith" effort to meet good compliance standards. To be clear, doing all of this and everything cannot and does not ensure that you still won't run into a compliance issue or lawsuit. Mistakes do happen. In this case, when things do happen, having this evidence of a "good faith" effort will help as evidence that anything that has happened is not a result of negligence and will aid in the argument for lenience in any penalties.
Compliance is not a manual. Compliance is a totality of manuals, processes, practices, and training – and even then, bad things may happen – but at least, the "good faith" effort argument will probably help! (And it is just reassuring for both you and your customer, no matter what!)
Dealer Profit Services - Driving Profit Through Fun and Inspiration
Dealer Profit Services, LLC can help you achieve F&I excellence - no matter where you are in the development and/or maturity of your store or stores F&I success model. As the industry's best Finance Solutions Provider and the only one to take your customer to Fun and Inspiration with a Free and Idyllic lifestyle through F&I, thus driving industry-leading levels of F&I profit, Dealer Profit Services can and will equip you with what you need to take that next step in your F&I success - regardless of what that next step might be. Whether you want someone to help you take over take over your F&I and with our experienced personnel just help you drive profit to your store, provide help to you some of the time, need some quick advice, or just provide F&I Training/Consulting, we are here to help you. If you are not fully equipped with all of your Compliance Manuals and Training, Dealer Profit Services can do that too. Contact us anytime at info@dealerprofit.com or give us a call at (470) 326-0966.
