In the wake of large natural disasters like Hurricanes Harvey, Irma and Maria, car sales typically go up in the affected areas, along with identity theft and fraud. Criminals need cars too, and a car-buying surge that has dealers scrambling to accommodate the increased traffic gives them the perfect time to slip in without anyone being the wiser. Think about it for a minute.
Your dealership has more people in it now than it has in the last three months. With so many customers ready to buy now, your sales and F&I teams are struggling to move the buying process along to capture the business of as many customers as possible. With that sense of urgency, it’s all too easy to let compliance processes slip just to keep the process moving. And, in comes a customer with a fake ID or social security card.
The good news is that most dealerships have well-trained staff when it comes to fraud prevention through their compliance processes of checking Red Flags and the Specially Designated Nationals List (SDNL) published by the Office of Foreign Asset Control (OFAC). After all, the penalty for violating the Red Flags rule is a $3,500 fine per violation along with injunctions, and the criminal penalty for failing to comply with OFAC is 30 years in prison, a $10 million fine for corporations, and a $5 million fine for individuals.
The fines alone should be incentive enough for dealership staff to keep up with those compliance procedures. But, when people get busy, it’s all too easy to just focus on getting the deal done. And, it’s during those busy times that dealerships are the most vulnerable to fraud. Here’s the other good news. The post-disaster car buying surge normally has a lag time as consumers wait to get their insurance payouts. This gives dealers the opportunity to train their staff on how to be on the lookout for fraudulent behavior and to reinforce their compliance procedures.
Let’s start with Red Flags. All dealerships are required to have an identity theft prevention process (ITPP) in place. There are four elements of a good ITPP:
1. Identify Red Flags
This is most often done using your software for pulling credit reports and submitting loan applications to lenders. For example, the software should notify you of an invalid driver’s license number or wrong address. However, your team should also be looking for behavioral Red Flags. Is the customer anxious? Are they trying to rush the process? Are they trying to use large amounts of cash? Paying attention to both behavior and the credit report will help your team members move on to the next element of an ITPP.
2. Evaluate Red Flags
As you know, not everyone updates their driver’s license after every move. And it’s not uncommon for a name change from a maiden name to a married name to take a little while. When those Red Flags pop up in your system, you don’t treat everyone like a criminal. Instead your team tries to clear them. This is where paying attention to behavior is important. Your team members will ask for further proof of identification, such as a phone or electricity bill, or even a marriage certificate. If a customer seems extremely put out and tries to rush the F&I manager past these stipulations without providing further proof, there is cause for concern.
3. Respond to Red Flags
If an F&I manager can’t clear Red Flags, the best course of action is to involve the F&I director or general manager. Upper management can notify the proper authorities, explain to the customer that they simply could not make the deal work and, if necessary, politely ask the customer to leave.
4. Update the Process
All compliance processes should be regularly updated, and Red Flags compliance is no different. People are constantly innovating new ways to commit identity fraud and dealers need to be prepared to identify, evaluate and respond to those changes. So, it’s always a good idea for your team to regularly discuss any fraud they may have detected and develop ongoing best practices.
In addition to checking Red Flags for identity theft, dealerships are also required to check all customers against the OFAC Specially Designated Nationals List (SDNL). This separate process became a requirement in 2011 as part of the U.S. Patriot Act. The purpose of checking this list is to keep certain individuals, foreign governments, financial institutions, and organizations from accessing U.S. financial systems or benefiting from services involving U.S. markets.
Now, you may think just running a Red Flag check would be enough to keep the dealership from conducting business with individuals on the SDNL. However, we’ve all known that F&I person or dealership who got one pulled over on them. The Red Flags came back clean and they moved forward with the deal. That’s why your team should always check this list in addition to checking for Red Flags.
The process for checking this list is essentially the same as Red Flags. If a name is flagged on the list, your team should work to better verify the identity of the person in front of them. John Smith is one of the most common names in the U.S. Is the John Smith in front of you the same as the one on the list? Do they have a different middle name or suffix? Are they local, or did they just move to the area? Delving deeper could clear a person from the SDNL or validate that you indeed have a specially-designated individual in front of you.
Let’s say you have a customer with several Red Flags and their name is flagged in the SDNL. What do you do? How do you respond? Once again, the process should be to involve upper management. They will contact the OFAC hotline. Most often, the hotline representative will ask if you are comfortable keeping the individual in the dealership until authorities arrive. That is always a judgement call. If you are not comfortable with that, it’s okay. Simply notifying the hotline and giving them the current location of the individual fulfills the dealership’s obligations under OFAC.
Once again, the dealership’s process for handling SDNL compliance should be updated regularly to protect the dealership from criminal activity.
Compliance processes aren’t required just to make your life more difficult. Many of them are actually meant to protect your business from fraud. By regularly updating your processes and reinforcing your training, especially during times of peak business, your team will be better able to protect your dealership while also effectively processing legitimate deals. The more you train and reinforce your processes, the more they will become second nature. And, your team will be able to work through them more diligently and efficiently, reducing business disruption while enhancing your dealership’s ability to detect fraud.
With more than 40 years of helping dealerships achieve compliant profitability, EFG Companies knows how to foster team accountability for both compliance processes and PRU. Contact us today to find out how.