2017 Compliance Guide: What’s Next for Auto Dealers

Establishing a culture of compliance, data security, transparency, and honesty with customers is critical to protecting your dealership.

Just as it was in 2016, this year government agencies are likely to focus on auto finance – though there’s some uncertainty about the approach a Trump Administration will take. For example, the CFPB will probably continue to drill down into auto finance practices, thanks to its Larger Participant Rule, and the FTC is likely to focus on allegedly deceptive dealer advertising, FTC Safeguards Rule shortfalls, and garden-variety unfair and deceptive acts and practices. Both agencies appear to disdain writing regulations and have adopted a style of regulating by enforcement. This makes it important to learn what is and is not acceptable by the terms of consent decrees resulting from enforcement actions with other dealerships.

CFPB Focus on Policies and Procedures

The CFPB expects the financial institutions it supervises to implement and keep updated written policies and procedures, as well as maintain effective systems and controls, so that its consumer financial product programs comply with federal consumer financial laws. The CFPB has released a comprehensive Supervision and Examination Manual, and several additional guidance documents and bulletins that shed light on all of the different ways their examiners oversee the institutions subject to their supervisory and examination authority. While the CFPB does not have direct examination and supervisory authority over franchised auto dealers and other select independent dealers, the lenders the CFPB does supervise and examine are likely to continue the pattern of taking steps to assess dealer compliance as a precondition to doing business. Implementing your own compliance management policies, processes, and procedures across the business is the best way to position your dealership for the evolving lender efforts in this regard.

Data Safeguards and Security

Weak safeguards and a potential data breach may be one of your biggest financial risks. Hackers are getting more sophisticated when it comes to stealing usernames and passwords. A number of dealers were hit with keylogging malware on user PCs that enabled fraudsters to steal usernames and passwords to access dealer customer information and pull credit reports from remote IP addresses. If done on a wide-scale basis, a data breach or wrongful use of stolen dealer credentials to pull credit reports could become an expensive liability and compliance nightmare. Limiting use to trusted dealership IP addresses is a good way to help limit the ability of a criminal who has gained access to a user’s system log-in credentials. In fact, doing so should be an element of your Safeguards Program.

Create a Culture of Compliance

Establishing a culture of compliance, data security, transparency, and honesty with customers is critical to protecting your dealership. So is establishing processes to be able to document your compliance, deal by deal. An electronic system that identifies which processes were completed for each deal can be invaluable if an audit or regulatory inquiry occurs. In addition, do not forget the importance of a systematic customer complaint system. Seek   to resolve complaints using a consistent process with timelines and escalation procedures. Remember that in the long run, it may be better to resolve a dispute in favor of the customer rather than winding up on the CFPB’s online complaint database.