This article from Wards stresses the importance of documenting a dealer’s compliance. A regulatory exam as well as pretrial discovery in a lawsuit will focus on obtaining documentation of effective and up-to-date compliance programs that are applied consistently in every deal, whether completed or not. Dealers records of doing so can make the difference when it comes to fines, penalties and damage awards. It is critical that dealership policies (e.g., Safeguards, Red Flags, Anti-Discrimination) be regularly updated and deal jackets document adherence to the policies in every transaction. That means keeping copies of required consumer notices, getting them signed where required and as a best practice generally (e.g., privacy, RBP credit score disclosure, adverse action, FTC Buyer’s Guide, and co-signer notices) and documenting requirements such as OFAC, transparency in pricing and deal terms, Red Flags due diligence, and the steps taken to address Red Flags, and a signed menu for aftermarket selling. A summary document indicating each deal’s compliance documentation will be a first-day request in a compliance audit. Dealertrack’s compliance dashboard can provide such a record as well as a checkpoint to ensure that all deals are fully addressed and documented.
Dealertrack Compliance Counsel
Worst Compliance Advice Attorney Can Give
Fri, 2013-01-25 05:00
David R. Missimer
A dealership can end up in hot water by not documenting its adherence to government regulations.
It should come as no surprise that federal and state regulations require dealerships to document all financial transactions.
Properly documenting a deal demonstrates the dealership’s compliance with various regulations. The dealership’s files now contain documentary evidence.
Simple, right? Apparently not.
As an attorney involved in dealership compliance, I have taken more than 200 cases to trial. I’m stunned when I hear the following from dealers: “Our attorney said we should not document our compliance program because a plaintiff can use that against us in a lawsuit.”
The most frightening thing about this statement is that I’ve heard it too many times.
Let’s get something straight: The statement makes no sense. It is plain wrong. If a dealership follows this advice, it likely will face the prospect of higher government fines for violations and punitive damages in civil cases brought by private individuals.
Dealerships are required, yes required, to document their various compliance efforts. For example:
The Safeguards Rule requires the dealership to develop, implement and maintain a written comprehensive information security program (ISP).
The dealership must evaluate and adjust the program through testing and ongoing risk assessments.
The Red-Flags Rule requires a dealership to implement a written identity-theft prevention program (ITPP) and update it periodically based upon assessments and changes.
Given the above, a dealership is not in compliance if it is not regularly documenting and assessing its ability to protect consumer information and detect identity theft
It is simple for the Federal Trade Commission to check a dealership’s Privacy and Red-Flag Compliance. The agency simply asks for the ISP and ITPP. If these written compliance programs have not changed since the day the dealership first created or bought them, the dealership will fail the compliance audit. Read full article