The Federal Trade Commission estimates that approximately 9 million U.S. consumers have their identities stolen each year. Since 1999, federal law has limited the collection and use of personal customer information and required disclosures to consumers of how a dealership collects, shares, and uses their personal information. Similarly, the US Treasury Department's Office of Foreign Asset Control (OFAC) requires a dealership to check every customer against OFAC's SDN list.
California BMW Triumph is proud to announce that effective summer 2008 we are one of the first dealerships in California to be fully compliant with the FTC's Red Flag Rule and OFAC compliant. Simply put, we go to great lengths to protect your personal information.
Compliance Corner Definitions:
Adverse Action - A refusal to grant credit in substantially the amount or on substantially the terms requested in a credit application unless the creditor makes a counteroffer and the consumer uses or expressly accepts the credit offered in the counteroffer. Also, the termination of, or unfavorable change to, an existing credit account or an action taken in connection with an application or an account that is adverse to the interests of the consumer.
Adverse Action Notice - Under the ECOA, any creditor "who in the ordinary course of business regularly participates in a credit decision, including setting the terms of credit," needs to notify a consumer of taking adverse action on a credit application within 30 days after receiving the completed application. This includes an auto dealer that participates in the credit process such as by seeking lenders, rehashing, or marking up buy rates. Under the FCRA, an adverse action notice must be provided if the adverse action was based in whole or in part on information contained in a consumer report and must identify the credit bureau whose report was used. These two notices can be combined in one adverse action notice form.
ECOA - (Equal Credit Opportunity Act) - Along with the Federal Reserve Board's Regulation B, prohibits discrimination in lending terms. ECOA also requires creditors to send decisions, adverse action notices and other communications to consumers within 30 days after receiving a completed credit application and notices of information needed to make an application complete within 30 days as well.
FACT Act of 2003 - (Fair and Accurate Credit Transactions Act) - A federal law that amended the FCRA (see below) and provided consumers with identity theft protections. Through the FACT Act amendments, the FCRA now restricts information sharing, provides new identity theft protections, gives consumer rights to access their credit reports once per year for free, expands consumer rights to dispute items in credit files, and requires detailed consumer notices on credit reports and applications, among other things.
FTC Safeguards Rule - The Federal Trade Commission's rule pursuant to GLB that requires dealers to develop and implement formal Information Security Programs. The rule requires a dealer to designate a named individual as responsible for implementing the Program.
Red Flags Rule - Regulations issued pursuant to the FACT Act requiring auto dealers to adopt a written Identity Theft Protection Program. The Program must identify specific red flags, these being patterns, practices or activity that indicates the possibility of identity theft. The program must also state processes to detect and evaluate these red flags in connection with individual customer transactions, and it must provide for procedures to respond to red flags you detect in an appropriate way to prevent identity theft. You must update the program periodically to reflect changes in customer ID theft risks from your experiences and other sources of relevant information about identity theft practices. The Red Flag Rule identifies 26 specific red flags to consider. You should consider any others from your experiences, or those of other dealers, with identity thieves. The initial program must be approved by the Board of Directors, and a senior management officer must be placed in charge of the Program. Persons performing functions under the program must submit annual reports of their experiences that the program coordinator must evaluate to refine the program. Compliance with the Red Flags rule is mandatory by November 1, 2008.
SDN List - (Specially Designated Nationals and Blocked Persons) - OFAC's list, containing persons, countries and organizations such as known terrorists with which U.S. entities are prohibited from doing business. Every customer - cash and credit - must be checked against the SDN List at the time the customer relationship is established. If there is a match, the institution must call OFAC and cannot do business with the individual or entity. OFAC updates the SDN List several times a month and publishes it on its website.
The USA PATRIOT Act - A post-9/11 law requiring, among other things, that creditors verify the identity of every customer at the time of establishing an account