Oplogic will help keep your dealership in compliance with all State and Federal legal requirements, while protecting both you and your customers from identity theft. The number of legal requirements that auto dealers must be compliant with is growing rapidly. These range from terrorist watch lists, to privacy issues, state repeat offender checks, do not call registries and financing requirements. You can rest assured knowing that your business is up to date with the ever changing government regulations.

Government Regulations:

  • USA Patriot Act Compliance
  • Do Not Call Compliance
  • OFAC Compliance
  • Red Flags Rule
  • Risk Based Pricing

Data stored in compliance with:

  • Privacy Act Compliance
  • Fact Act Compliance
  • Gramm-Leach Bliley Act Compliance
  • FTC Safeguards Rule Compliance

The Oplogic system easily satisfies all of these issues and makes customer handling smoother and more efficient.

Red Flags Rule

The “Identity Theft Red Flags and Notices of Address Discrepancy” is a recent addendum to the FACT Act of 2003, responding to an Executive Order of the President of the United States to reduce Identity Theft throughout lending. All financial organizations are required to comply by January 1st, 2008, including auto dealers. An automotive dealership is considered an agent of the lender, and is specifically mentioned by name in the legislation. Furthermore, Identity Theft is very real and can occur at any point in the deal process, as early as the test drive, and at the dealership’s expense. WT’s proven sales process has pioneered identity theft prevention in the auto dealership industry long before it was mandated by federal law, saving dealers thousands of dollars in loss. By properly using the Oplogic platform, you will be compliant with the Red Flags Rule.

Dealer’s need to consider the following key elements in their Red Flags obligations:

  • A Policy outlining the program and process
  • Train all employees in the sales process
  • Detect Red Flags on all customers
  • Prevent ID Theft on all delivered customers
  • Mitigate the damage to the consumer
  • Oversight of the implemented process
  • Ensure with periodic audits and reporting

Oplogic Solution:

  • Red Flags compliance included in your sales process, not yet another add-on system.
  • Identity Theft prevention before the test drive
  • Unlimited, onsite training includes Red Flags Rule procedures for your entire sales staff
  • 24/7 Support assists dealers when real-time Red Flags are reported on a prospective customer
  • Solution allows for verification of phone or internet customers, whom must be screened for identity theft before a bureau can be pulled.

Risk Based Pricing Rule

Under the FACT Act there was a joint rule-making session between the FTC and the Federal Reserve Board implementing the Risk-Based Pricing Rule, which became effective on January 1, 2011.

In essence, the law will affect any dealer who uses a consumer report in connection with extending credit to an individual on material terms. If the terms offered are less than the most favorable terms available, the dealer must provide the individual with a risk-based pricing notice. The definition of “material terms” is related not only to the APR, but to any determination that varies according to the consumer report (such as a down payment).

Oplogic offers the risk-based pricing form at no additional charge. All customers must receive a printed copy. The form is accessible from many convenient areas within the platform, including the “F&I Reports”, the F&I Menu and the customer profile’s “Credit Reports” tab. This will help you reduce your exposure to legal and regulatory risks. Dealers who do not comply with the new Risk-based Pricing Rule are subject to potential fines of up to $16,000 per violation, as well as possible penalties at the state level.

Adverse Action Letter Compliance

If a business takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the business to notify the consumer.

The notification may be done in writing, orally, or by electronic means. It must include the following:

  • The name, address, and telephone number of the Credit Reporting Agency (including a toll-free telephone number, if it is a nationwide Credit Reporting Agency) that provided the report.
  • A statement that the Credit Reporting Agency did not make the adverse decision and is not able to explain why the decision was made.
  • A statement setting forth the consumer’s right to obtain a free disclosure of the consumer’s file from the Credit Reporting Agency if the consumer makes a request within 60 days.
  • A statement setting forth the consumer’s right to dispute directly with the Credit Reporting Agency the accuracy or completeness of any information provided by the Credit Reporting Agency.

Dealers are quickly finding that they can be sued if a potential customer gets declined for credit they helped apply for. That is, unless an official Adverse Action letter gets mailed to them within 14 days. Let Oplogic remove this liability from your store. Oplogic offers professional, reliable Adverse Action notifications to be sent according to your customer data.

USA Patriot Act/OFAC

USA PATRIOT is an acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. This law (now called Public Law # 107-56) was signed into effect by President George W. Bush on October 26, 2001. It is intended to strike at the terrorists and their ability to conduct business within the United States of America. Compliance was required by October 25, 2003. The Oplogic SRR2100TM offers instant compliance, with no requirement for integration into your IT infrastructure.

What are the requirements of this law? Under a key element of the law, all institutions are required to implement reasonable and practical procedures for:

  • Verifying the identity of a person seeking to open an account, place a deposit or obtain a loan/credit.
  • Maintaining records of the information used to verify the person's identity.
  • Determing whether the person appears on any list of known or suspected terrorists or terrorist organizations. (OFAC List)

SRR2100TM offers instant compliance via:

  • Authenticating the information on a piece of government identification.
  • Capturing the image of the identification used and archiving the data for future instantaneous access
  • Querying lists of known and suspected terrorists, terrorist organizations and money launderers.

Who must be compliant? The list of what constitutes an institution that must be compliant includes the following:

  • Financial institutions such as banks and credit unions
  • Lending and credit institutions
  • Automobile, Boat and RV dealerships
  • Financial brokerages
  • Any institution where accounts are opened and money is handled.

What are the penalties for non-compliance? Failure to comply with the USA Patriot Act regulations may result in individual and/or corporate penalties. As with any law, lack of knowledge about the requirements of the USA Patriot Act is not a defense for failure to comply. Penalties could include:

  • Fines of up to $10 million per count against corporations and $5 million against individuals.
  • 30 Years Imprisonment.
  • Civil penalties up to $1 million per incident

How do I affordably achieve instant compliance?

Oplogic and the SRR2100TM offers instant compliance with a simple, easy to use system that does not require integration into your existing systems. The SRR2100TM can stand alone and offer you the peace of mind of compliance with the USA Patriot Act, as well as significantly reducing the opportunity for identity theft and fraud to threaten your profits. Oplogic simply "secures your future".

Do Not Call Registry

We ensure that you know which of your customers have registered with the Do Not Call Registry and help you work within the bounds of your "established business relationship." Do not initiate a telephone call or message to a consumer who has registered his or her phone number on the National Do-Not-Call Registry.

Such do-not-call registrations must be honored for a period of 5 years. This applies to phone calls that are made "for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services." Calls that are placed to conduct surveys, market research or for other non-solicitation reasons can be brought within this definition if they serve as a pretext to an otherwise prohibited advertisement or as a means of establishing a business relationship. Do not call somebody who is on the Do-Not-Call list except:

  • If the client has given a prior express permission to receive such calls: The express permission must be evidenced by a signed, written agreement between you and the customer which states that the consumer agrees to be contacted by you and includes the telephone number to which the calls may be placed. The consumer's consent must be "clear and conspicuous" and not buried "in the fine print of a document where the consumer might not notice it."
  • If the dealership has an established business relationship: An established relationship exists when a consumer has purchased, leased, rented or entered into a transaction with the seller within the eighteen (18) months immediately preceding the date of a call. To the extent that the purchase, lease, rental or financial transaction involved multiple payments or transactions, the 18-month time limit "runs from the date of the last payment or transaction, not from the first payment." You likely can only treat multiple finance payments as extending the 18-month extended relationship period if you hold the note with, and receive the payment from, the customer. An established relationship also applies to a consumer inquiry or application regarding a product or service offered by the seller within the three (3) months immediately preceding the telemarketing call. The nature of an inquiry must be such as to "create an expectation on the part of the consumer that a particular company will call them." Although the FCC does not define inquiry, it does state that an inquiry regarding a business's hours or location would not fall within the exemption. To the extent that you rely on an inquiry as the basis for an established relationship, you should ensure that it is properly documented (e.g., the name of the consumer, the date of the inquiry, the dealership product or service the consumer inquired about, etc.).
  • The caller has a personal relationship: The National Do-Not-Call rules do not apply to telephone solicitations to persons with whom the telemarketer has a personal relationship. The term personal relationship refers to an individual personally known to the person making the call. This includes family members, friends and acquaintances of the caller. It does not include the name of referrals that have been provided by family members, friends or acquaintances.

"The caller has a personal relationship," be careful in relying on this exemption. The FCC States:

  • In determining whether the caller is considered a friend or acquaintance of the caller, we will look at, among other things,whether a reasonable consumer would expect calls from such a person because they have a close or, at least, firsthand relationship. If a complaining consumer were to have expected a call from the marketer, we would be much less likely to find that the personal relationship exemption is applicable.
  • To the extent that you rely on this exemption to make a telephone solicitation to someone who has registered his or her phone number on the National Do-Not-Call registry, it is important that you maintain contemporaneous records that enable you to demonstrate the nature of the relationship between the caller and the consumer at the time the call was placed.

Callers are Required to Institute Procedures to Honor Do-Not-Call Requests that Persons Make Specifically to their Business.

  • In addition to not placing calls to persons who have registered their phone numbers on the National Do-Not-Call Registry (unless an exemption applies), you also are prohibited from placing calls to consumers who have asked you not to call them.
  • You must develop a Company-Specific Do-Not-Call list that records the customer's name (if provided) and telephone number at the time the request is made. You must honor such requests "within a reasonable time" from the date the request is made. This must occur within 30 days of the date of the request or sooner if you have the capability to honor the request in less than 30 days. You must honor and maintain records of a customer's request not to receive further calls for a period of 5 years. A customer's do-not-call request terminates an established business relationship for purposes of telemarketing calls even if the consumer continues to do business with you.
  • Fines of up to $11,000 per violation may result.

FTC Safeguard Rule

The Federal Trade Commission (FTC) has issued a Safeguard Rule for automotive dealers. It is meant to ensure the security and confidentiality of customer records and information; protect against any anticipated threats or hazards to the security or integrity of such records; and protect against unauthorized access to such records or information that could result in substantial harm or inconvenience to any customer. Following are a select list of suggestions from the Safeguard Rule on how to maintain security throughout the life cycle of customer information and an explanation of how Oplogic ensures that your dealership complies with these particular Safeguard Rules.

Only authorized employees [should] have access to the data and records should be stored in a secure area. Our solution:

A password or biometric fingerprint is required to access customer data in the Oplogic system. In addition, the Oplogic system only allows access to certain data for different managers and salespeople. Salespeople only have access to their customer’s data, and never have access to extremely sensitive information, such as credit report results and scores. Data is kept secure through an off-site server and 128bit encrypted in transfer. All data is stored and accessed in compliance with the GLB Act. Oplogic's system never stores information on other computers and no information is required to be printed on paper.

Additional Recommendations:

  • If paper records are printed and kept, they must be stored in a room, cabinet, or other locked container where only authorized employees have access.
  • Do not store sensitive customer data on a machine without passwords or with an insecure Internet connection.

Secure data transmission must be provided with clear and simple security tools when collecting or transmitting customer information.

A Secure Sockets Layer (SSL) is used in the Oplogic system so that information is encrypted in transit. All encryption and security is integrated directly into all Oplogic tools.

Dispose of customer information in a secure manner. Our solution:

All data is stored indefinitely, and in full compliance with the law. Credit applications are maintained securely for the minimum five years designated by the FACT ACT. However, in the event that data is requested for deletion, all data is securely purged from the system.

Additional Recommendations:

  • If customer records are kept on paper, the information must be shredded under the supervision of a designated manager; promptly dispose of outdated customer information.
  • Erase all data when disposing of computers, diskettes, magnetic tapes, hard drives or any other electronic media that contain customer information
  • Maintain close inventory of all computers, and dispose of any outdated customer information

Maintain secure backup media and keep archive data secure. Our solution:

All data is securely and redundantly archived for disaster recovery. Databases are stored on RAID striped storage servers and tape backups are performed regularly on off-site locations.

Additional Recommendations:

  • Any data not stored inherently by Oplogic should be forced into strict and secure backup procedures as recommended by the Safeguard Rule.

Additional Information can be found at these online resources:

State Repeat Offender

Oplogic provides state specific queries for license bureau issues. Some states have statutes that restrict the registration of vehicles based on a person’s driving record. The findings on those queries are displayed on the Oplogic license scan.

©Oplogic 2016
851 West Maple Rd, Clawson, MI 48017
(888) 865-4640