Who is in charge of compliance at your dealership? It’s likely that there is a person in overall charge, in charge of sales, in charge of service, in charge of parts…you get the idea. Given the potential costs of non-compliance with the law, someone must also be in charge of compliance.
It should not be the general manager, or a department manager, each of whom has other substantial obligations. It should be a compliance officer who has as a primary job function oversight of the company’s obligations.
What should the compliance officer oversee? There are dozens of laws applicable to dealerships, but here are the top dozen subject areas of potential liability today.
- FTC Information Safeguards Rule. We start here because this federal rule mandates that an organization have a safeguards coordinator who understands protecting the non-public personal information of customers. The coordinator must oversee proper physical and electronic measures to protect the dealership’s data; demand that suppliers and contractors respect the dealership’s obligations; and be responsible for regularly reviewing and updating the program.
- FTC Red Flags Rule. A dealership must have in place a program to detect signals of identity theft and to mitigate threats. The rule requires a review and update at least annually and a report to senior management, all of which suggest that a coordinator must be in charge. The person must know and update the red flags that indicate identity theft, must oversee the processes in place to identify those and take action in the event a red flag is detected, and is responsible to revise the red flags policy as necessary and to report on this at least annually to senior management.
- FTC Privacy Rule. A dealer must have in place a process to notify customers what will be done with their personal information. To comply, a business must deliver a privacy notice to a customer doing a finance, lease, or insurance deal. The compliance officer must make sure that a proper form is used and that the notice is delivered when required.
- Risk Based Pricing Rule. When first proposed, this was a daunting rule requiring a disclosure to any consumer paying more for credit than a “predominant” number of the dealership’s customers. Fortunately, with the work of industry advocates, a simple solution was mandated – delivery of a risk based pricing exception notice to every applicant for credit. While compliance was simplified, the compliance officer must oversee delivery of the notice to every credit applicant.
- Telephone Consumer Protection Act. This is an issue of some importance because of a recent change in the implementing regulations by the Federal Communications Commission. Violations of this Act can lead to private lawsuits. A dealership should have in place a policy limiting use of pre-recorded messages to all phones and auto dialers for cell phones calls without prior consent. The compliance officer must be responsible to see that the policy is followed.
- Advertising. The Federal Trade Commission has expanded powers and an increased budget to oversee motor vehicle dealer practices. It has recently been most active with respect to dealer advertising. The compliance officer should understand state law requirements and should know what the feds appear to be most interested in – Truth in Lending Act disclosures, Consumer Leasing Act disclosures, and avoidance of what the FTC deems to be bait and switch tactics. Compliance is critical across the entire advertising landscape – print, TV, radio, direct mail, and the internet.
- FTC Used Car Rule. The FTC is likely to use its expanded budget to increase compliance sweeps. The FTC expects that a used car buyer’s guide will be in the window of used vehicles available for sale, and that includes vehicles that may be considered new for other purposes such as demonstrators and previously delivered new vehicles that have been returned. The FTC checks to make sure that both the front and the back of a buyer’s guide are fully completed.
- Fair Lending. The Equal Credit Opportunity Act has new importance given the war on dealer participation by the Consumer Financial Protection Bureau. Does the dealership have a fair lending policy? Does it appropriately limit discretion of F&I personnel in establishing rates? Does the dealership have a policy for adverse action notices in appropriate situations (also an obligation under the Fair Credit Reporting Act)?
- Fair Credit Reporting Act. While written authorization from a consumer to run a credit report is not necessary, having written authorization is the best way to show that the dealership had a proper purpose in connection with the extension of credit to justify pulling the report. Have a written authorization from any person visiting your dealership if you want to run a credit report. Customers not in your dealership should use your secure internet portal to authorize credit report access. The key? Keep the authorizations for five years. Dealers keep them with respect to vehicles that are delivered. It is even more important to keep them for deals that are not complete, since those deals will be the targets of credit repair organizations who often advise consumers to test if dealers can prove compliance with the FCRA.
- Cash Reporting and Money Laundering Prevention. Money laundering is a felony that will land a participant in jail. The dealership must have a written policy for prevention of money laundering. A separate but related obligation is reporting the receipt of cash in excess of $10,000.00. What constitutes cash and the circumstances under which it must be reported can be tricky. Employees on the floor must be aware of the obligations, and those reviewing deals must know what to look for. IRS 8300 reports must be filed, and the consumer must be notified. The compliance officer must understand the dealership’s obligations and should be available to answer questions or seek answers from the dealership’s legal adviser.
- TILA. The federal Truth in Lending Act, as well as state lending laws, are a go-to for plaintiffs’ lawyers representing customers unhappy with their deals when other bases for legal action are not available. A dealership should have a written compliance policy overseen by the compliance officer.
- Complaint Handling. The answer to the question of the one thing a dealership can do to minimize lawsuits is to handle complaints properly. There must be a complete system, meaning that every complaint is treated as important, logged in, assigned for handling, followed, and closed with a satisfied customer or one for whom the dealership has made every attempt to satisfy. Consumers who make complaints that are ignored or not properly treated are the most likely plaintiffs.