Category: F&I Compliance

The Financial Impact of Non-Compliance

Posted on

There’s a reason that compliance looms large for auto dealers – and it has everything to do with the bottom line. Failing to establish and follow consistent compliance practices can cost a dealership in two ways:

Fraud

On one hand, you have fraud risk, which is growing at an alarming rate. According to the 2023 Auto Fraud Trends Report from Point Predictive, auto loan fraud increased by $400 million between 2021 and 2022, totaling more than $8.1 billion in origination risk exposure. Fraudulent entries on those buyers’ loan applications included fake or falsified employment, income and identity information, often combined to create a synthetic identity unrelated to a single, real person.

That’s one reason identity verification is such a vital compliance step. Not only does it help the dealership comply with the OFAC checks and the FTC’s Red Flag Rule, but it lets the dealership confirm that the buyer is who they say they are before that person has the opportunity to take possession of a vehicle under false pretenses.

Fines and Penalties

OFAC is a good example of the second way non-compliance can be costly because violating it can come at a steep cost in criminal and civil penalties and fines. OFAC stands for the Office of Foreign Asset Controls and it requires car dealers to check consumers against its Specially Designated Nationals and Blocked Persons (SDN) list to make sure they aren’t tied to illegal activities. Anyone on the list is prohibited from making a purchase.

Violating OFAC SDN requirements falls under five different regulations: Trading With the Enemy Act (TWEA), International Emergency Economic Powers Act (IEEPA), Antiterrorism and Effective Death Penalty Act (AEDPA), Foreign Narcotics Kingpin Designation Act (FNKDA) and Clean Diamond Trade Act (CDTA). Each regulation carries civil penalties ranging from tens of thousands to more than $1.5 million. (31 C.F.R. § 501, App. A).

Each of the regulations includes criminal penalties for knowing violations that can lead to a decade or more in prison and additional fines for the dealership up to $10 million, depending on which rule has been violated.

Although OFAC is an extreme example, there are fines associated with all of the regulations that a dealership’s compliance program addresses. Here are some of the maximums for potential dealership violations in 2022:

  • Red Flags Rule and Risk-Based Pricing Rule Notice – up to $4,705 per knowing violation
  • Privacy Notices and Adverse Action Notices – up to $50,120 per instance

Download the Dealertrack Compliance Guide to reference the Guide to Penalties (starting on page 217) for a list of the 2024 fines. Keep the guide on hand throughout the year to serve as a useful compliance resource.

Need help making sure your dealership stays on top of compliance? Dealertrack Compliance has integrated checkpoints and monitoring from leads to contracts to help you maintain compliance on every deal. Schedule a demo to find out how.

Data Safeguards & Identity Theft Protection: F&I Compliance Tip

Posted on

Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses.

In fact, according to the U.S. Department of Justice, about 9% of U.S. residents age 16 or older were victims of identity theft in 2021 (the most recent year for which stats are available), leading to total monetary losses of $16.4 billion. That includes the misuse of credit card data, as well as personal identity information. Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets.

With the increase in remote transactions, identity verification is more important than ever. You can help protect your dealership by implementing a few commonsense steps, and by encouraging your staff to follow best practice safeguards:

Tip #1: Acceptable Use

Help control risk by adopting an “acceptable use” policy that ensures employees are not sharing their device, are adhering to strong passwords, and that any corporate-owned data is encrypted. Text messaging should also be discouraged as it is discoverable from the device in litigation and the use of acronyms or shorthand often leads to misunderstandings.

Tip #2: Have a Plan

Have a pre-established plan in place to deal with data security breaches. The FTC has said that an Information Security Program must include a detailed incident and breach response and notice plan to execute in the event of any security breach or database hack in which customer information is or may have been wrongfully accessed, whether by internal or external persons. Pre-identify a team of people to manage the breach and responses. The team should represent each department that might be affected by a breach or that has to be mobilized to interact with the public, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Part of the team’s role is to analyze risks to data, data flow, and worst-case scenarios. Test your plan periodically by doing mock drills. Consult your attorney to know your state law and the laws of your customers’ states of residence about when you give notices to customers about data breaches.

Tip #3: Secure Transmission

Do not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points. These are not secure media. The FTC has cited the absence of data loss prevention software and an intrusion detection system in these media as inadequate practices for an Information Security Program

To get more tips and recommended compliance practices, access the free 2024 Dealertrack Compliance Guide. 

7 Features Your Compliance Software Should Have

Posted on

With the constant threat of audits, fines and lawsuits, every dealership must take compliance seriously. Fortunately, there are cost savings to be found in integrating finance and sales flow compliance functions. Here are seven features to look for when choosing compliance software:

1. Visibility and transparency
It’s important to have a compliance dashboard that monitors employee and deal activity in real-time from a single screen. Keeping a close eye on employee actions lets you step in to make corrections as needed, heading off non-compliance risk.

2. Integrated FTC and OFAC requirements
To meet FTC and OFAC requirements and reduce fraud risk, your workflow needs to include the proper checkpoints. The FTC Red Flags Rule is a requirement designed to help protect against identity theft.  The Office of Foreign Assets Control (OFAC) requires a check of names against its “Specially Designated Nationals” list (SDN) of people with whom you cannot legally do business. You should look for software that automatically pulls Red Flags, provides out-of-wallet knowledge-based authentication questions, and offers additional questions when a customer does not answer enough of the previous questions correctly.

3. Fully compliant menu selling
Consistent presentations and full disclosure should be built into the sales process to reduce your compliance risk. This is an important selling category to watch because many industry experts believe that the FTC will be zeroing in on aftermarket products in the near future with enforcement actions for possible unfair and deceptive practices.

4. Secure document management
To meet compliance regulations, you must store deal-related documents including credit applications, privacy notices, credit reports, pencils, contracts, menus and more. Secure electronic deal jackets make these documents easier to access as needed, protect them from misuse, and also reduce the need to store paper files at your dealership.

5. Ability to print risk-based pricing credit score disclosure notices and privacy notices
Every time you take a credit application, you need a Credit Score Disclosure Notice – and it’s a best practice to give each customer a privacy notice at the same time. Ideally, your software should give you the ability to print risk-based pricing credit score disclosure notices and privacy notices as part of the application submission process.

6. Adverse Action reports
Compliance technology should be able to immediately identify and give you insight into which customers might need an Adverse Action notice.

7. Integrated compliance checks and balances
Compliance should be an integral part of your software so that your employees immediately receive an on-screen notice if a step is overlooked. This information should also be displayed on a performance dashboard so that management can be aware of possible problem areas requiring intervention such as additional training.

To learn how your dealership can integrate compliance checkpoints into your workflow, visit our Compliance product page and schedule a live demo with a Dealertrack F&I sales representative. 

Don’t Play “Hot Potato” With Adverse Action Notices

Posted on

As much as your dealership would like to be able to sell to every customer, sometimes it doesn’t work out. Maybe a customer was credit-challenged, so you decided not to send their application to any financing sources – or you did send their application for financing but couldn’t get acceptable terms. Perhaps you had a spot delivery deal in place that you needed to unwind or re-contract.

In any of these instances, consumer protection laws, including the Equal Credit Opportunity Act (ECOA) and the Fair Credit Reporting Act (FCRA), require that the consumer be presented with an adverse action notice within a mandated timeframe.

This is where it gets tricky. There’s a common misconception among dealers that lenders handle sending adverse action notices. It’s true that a finance source may present their own adverse action notice to a consumer, but that’s not enough to protect a dealership from liability if the notice doesn’t contain certain dealer-specific disclosures.

According to consumer protection laws1, an adverse action notice must tell the customer:

  • What the adverse action was
  • Up to four reasons for the adverse action (or provide the dealership’s contact information so they can find out within 60 days)
  • The names of the credit reporting agencies that provided the information to the dealership
  • Their credit score and information about it
  • Four or five “key factors” that adversely affected their credit score

These are detailed requirements and the dealership is in a better position to provide this information than any given lender, which is one of the reasons the dealer bears the responsibility for compliance.

So, it’s important be alert to situations that require your dealership to provide consumers with an adverse action notice.

Not sure exactly what to include? The 2024 Dealertrack Compliance Guide includes a sample of one type of adverse action notice form that’s appropriate for use in certain circumstances. Always consult your legal counsel for advice on developing an adverse action notice template for your dealership and knowing when to send an adverse action notice.

To learn more about adverse action notices and see the form sample, download the 2024 Dealertrack Compliance Guide.

1Please check with your attorney for verification and further details.

 

3 Things to Know About Risk-Based Pricing Notices

Posted on

Many of your dealership’s compliance responsibilities are designed to inform and protect consumers as they make financial decisions. That is definitely the case for the Federal Trade Commission’s Risk-Based Pricing Rule of the Fair Credit Reporting Act, which may apply to dealerships that use credit reports to help them make lending decisions.

When should you provide a Risk-Based Pricing Notice?

Under the Risk-Based Pricing Rule, a customer must be informed if they’re being offered worse credit terms than other consumers because of information in their credit report.

The threshold that determines when a consumer should receive a Risk-Based Pricing Notice is when they’re offered credit on less favorable terms than what a “substantial proportion” of other customers receive. In most cases, “less favorable terms” refers to customers being offered a higher annual percentage rate than other car buyers.

What are CSD Notices?

As an alternative to providing a Risk-Based Pricing Notice to these selected consumers, some dealerships choose to provide a credit score disclosure (CSD) exception notice to every credit applicant.

CSD Notices include an applicant’s credit score and other information such as the national distribution of credit scores among consumers under the credit scoring model used and various disclosures about credit scores in general.

Consumer reporting agencies will provide CSD Notices upon request. Your dealership should give them to each credit applicant after you get their credit score but before you complete the vehicle sale transaction.

How can I make the process easier at my dealership?

A compliance technology solution integrated with your F&I process can help your dealership provide the required notices to consumers at the appropriate time based on their credit reporting and terms.

As with any compliance issue, we recommend that you address questions you may have with your own qualified legal counsel.

To learn more about the Risk-Based Pricing Rule and other compliance topics, download the 2024 Dealertrack Compliance Guide.

Stranger Danger: Why Identity Verification is Important for Compliance

Posted on

In 2022 alone, the Federal Trade Commission received more than 1.1 million reports of identity theft and more than 2.3 million reports of fraud. Legislators and consumer protection agencies are well aware of the risks, which is why there are so many regulations that require verification of customer identity.

Making sure a customer is who they say they are is not only important for legal compliance, but it also helps protect your dealership from the financial and legal costs of fraud. One of the most proactive compliance processes your dealership should undertake is to develop and assign a Program Manager to implement a written Identity Theft Prevention Program (ITPP) to comply with the FTC Red Flags Rule1.

Saving Consumers and Your Dealership from Identity Theft

According to the FTC, your ITPP should be customized for your dealership’s size, location and activities to identify and address the “red flags” that you are most likely to encounter. The verification activities an ITPP may establish could include:

  • Closely examining photo IDs
  • Reviewing a customer’s recent credit bureau activity
  • Using an electronic identity verification service to compare customer information against databases of fraudulent activity and to assess the Social Security number that a customer has provided
  • “Out-of-wallet” questions, which are authentication questions about someone’s identity that go beyond the information that could be found in a stolen wallet

Use the ITPP with every customer and every document. In cases of problematic customers who resist requests for identity verification, you could escalate to your Program Manager and continue to seek additional information or ask more out-of-wallet questions. The Program Manager should persist until they are satisfied that they have verified the customer’s identity or that they need to decline to do business with the customer.

It’s important to document your ITPP activities for each credit customer and do ongoing training and testing to make sure your staff stays up to date on the process. Consult your legal counsel on developing and updating your ITPP as needed.

Making Sure Your Customers Are Legally Allowed to Buy in the U.S.

Another important identity check requirement centers around the OFAC SDN list. The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury maintains a list of Specially Designated Nationals (SDN) who are prohibited from doing business in the United States, which includes buying a vehicle. Dealerships are required to run each customer’s name against the list and – if they get a “hit” – follow steps to find out whether a possible match is a false positive. There are substantial civil and criminal penalties for doing business with someone on the list, so it’s vital to make sure that customers are not on the SDN list and to keep records of your OFAC checks.

To learn more about customer identity verification and compliance, sign up to download the free 2024 Dealertrack Compliance Guide.

1Please check with legal counsel for further details.

 

5 Compliance Tips for F&I Selling

Posted on

As dealerships look for ways to counter shrinking profit margins, F&I product sales are one of the revenue sources they turn to. Cox Automotive 2022 Car Buyer Journey research shows that 67% of car buyers purchased an F&I product with their recent vehicle purchase, an increase of nearly 10 percentage points from 2021.

In the push to make the most of this revenue source, it’s still important to make compliance part of the process. You should consult your legal counsel to ensure that your F&I sales process is compliant. Here are five tips to keep in mind as you promote and sell F&I add-ons:

  1. Be Consistent – Never skip required steps in the F&I product presentation process. Charge each customer substantially the same price for each product or grouping of products.
  2. Make Your Presentations Transparent –Prepare your menus, sales scripts and presentations to be up-front about what each product is and how much it will cost. Consult your legal counsel for questions about how your state’s laws apply.
  3. Train Your Employees – To help ensure consistency, transparency and compliance, train and test your staff on your F&I sales processes. Observe and document their performances regularly and retrain as needed.
  4. Exercise Caution with Incentive Programs – Consult the CFPB bulletin on incentives – and your legal counsel – when you’re creating and tracking any incentive programs. Take special care when incentives relate to products and services whose sale may benefit your employees more than their purchase will benefit customers.
  5. Change Your Presentations as Needed – Pay attention to customer feedback and CSI scores related to your F&I presentations and adjust menus, presentation scripts, and F&I sales practices to address changes in the law, negative consumer feedback, and your CSI scores.

With the FTC and the CFPB actively investigating the sale of all types of F&I products for unfair and deceptive practices, active compliance efforts are vitally important for dealerships. We recommend building a culture of compliance at your dealership throughout the deal process.

Want to learn more about aftermarket compliance? Sign up for access to download the online Dealertrack 2024 Compliance Guide.

3 Questions You Should Ask About Your F&I Compliance Technology

Posted on

Advanced automotive retail technology offers streamlined dealer workflows designed to improve the customer experience and ultimately enhance your profits.​ 

These workflows can provide other crucial benefits, including regulatory compliance safeguards and protections against consumer fraud, integrated across the sales and F&I workflow.

Here are three questions to keep in mind when you’re selecting this type of technology to ensure that it meets compliance standards:

1. How does the platform address safeguards and ID verification?

There should be verification checkpoints such as red flags reports built into the workflow. You also want to make sure that you can add additional ID questions as needed. This is important for dealership security and will help you meet FTC and OFAC requirements.

2. How does the software handle adverse action notices and risk-based pricing notices?

You want adverse action notices and risk-based pricing notices to be an integral part of the technology workflow. For adverse action notices, the software should help you manage the mailing of notices and show confirmation that the notices were sent.

3. Does the compliance offering include aftermarket product sales?

To reduce the risk of non-compliance, it’s important for your F&I solution to incorporate a consistent presentation, accurate pricing, and proper aftermarket disclosures.

F&I solutions are aided by technology, but they also require training, knowledge and guidance that encompasses every customer interaction from advertising, to showroom conversations, to starting, structuring, financing and transacting the deal.

Want to learn about Dealertrack’s F&I Compliance solutions? Click to schedule a demo.

Minimize Risk and Help Ensure Compliance on Every Deal

Posted on

It’s understandable that dealers do not enjoy having to think about compliance. The myriad, ever-changing laws, rules and regulations that apply to each deal can be confusing and frustrating. But non-compliance can lead to thousands of dollars in fines, class-action penalties, and damage to the dealership’s reputation – so it’s important to do everything possible to keep up.

Engaging qualified legal counsel is the most effective approach to full compliance, but here are other ways that dealers and their staff can work to protect their deals and the reputation of their dealerships.

Every pencil counts 

As you know, a pencil is the proposal that a salesperson uses with customers to outline deal scenarios as the final agreement is being reached. It’s important for your desking solution to automatically save a record of pencils in each customer’s deal jacket.

This will give you the ability to show a regulator, auditor, or plaintiff’s attorney the progression of the deal, and will help head off any claims that a consumer misunderstood the deal. This is particularly important in that the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have emphasized the need for transparency in consumer financing of automobile purchases and leases. For example, The Dodd-Frank Act of 2010 has a category for “abusive” trade practices, designed to protect consumers from being taken advantage of due to their lack of understanding.

Consistency is key 

Prepare scripts, FAQs and presentations that fairly and honestly state what the aftermarket product is and how much it will cost. This helps ensure that there won’t be credit discrimination.

Create a paper trail – even if it’s digital 

Solid documentation creates an environment of transparency for the consumer and a “paper trail” for auditors and regulators.

Each customer’s deal jacket should not only contain a record of pencils, but copies of every document, including all four squares and even less formal correspondence that shows how the deal was formed. Keeping the pencils record, a signed menu, and a plain-language buyer’s order reveals the detailed steps and trade-offs made by both the customer and the dealer.

Make sure that all pertinent deal information is stored in an easily searchable and highly secure location. That will help you build a consistent and transparent sales process and also give you the ability to track pencils by deal, date, user or vehicle status for auditing purposes.

When you follow these steps, you will help protect your dealership and your customers.

For more compliance tips, download the Dealertrack 2024 Compliance Guide. It’s a handy resource for questions about sales and finance compliance all year long.  

How Operations Oversight Aids in F&I Compliance

Posted on

It seems that you can’t read the news without learning of yet another massive corporate data security breach. As much as we all hear about the importance of safeguarding customer information, studies show that a majority of data breaches are caused by employees.

In your showroom, that means your compliance is at risk from staff members leaving deal jackets, credit reports or credit applications lying around for anyone to see – or from weak passwords or “phishing” scams with untrustworthy links. Whether data is exposed through negligence, error or the deliberate acts of untrustworthy employees, it’s important to have a plan in place to protect your dealership.

Dealership management should be proactive and prepared with comprehensive data security training and real-time monitoring. It’s vital to oversee your operations via tracking of employee access to your electronic databases, including a compliance dashboard.

Protecting your dealership 

There are two key steps to keeping your dealership protected and compliant. Begin by educating your employees and giving them the tools they need to keep information secure. This includes training on data security best practices about things like strong passwords, avoiding clicking unknown links, and guarding against social engineering attempts by strangers attempting to get information.

The second step is to create a monitoring program that allows you to oversee data flow into your systems, user access, user activity, and patterns that indicate irregularities. When you closely and regularly monitor the sales process, you are better equipped to step in to head off problems and help ensure that your dealership remains compliant.

Creating your compliance process 

As you’re developing your process, make sure it includes a real-time compliance dashboard within a single screen. That will allow you to immediately identify any potential issues. You’ll also be able to observe how your employees handle and safeguard customer data they receive.

Data management is something you need to do actively, with policies in place to handle data over time as well. Beyond requiring secure passwords and authentication, consider two-factor authentication that includes a complex password and a randomly-generated number from an ID token.

Manage user permissions so that only employees with a legitimate business need can access customer information. Have a plan for purging non-public personal information once you no longer need it.

A culture of security in your dealership starts with senior management and filters through the ranks. Emphasize transparency and honesty in every customer interaction and make sure to train employees on unfair, deceptive and abusive practices to ensure that each interaction with customers complies with federal and state regulations.

If you haven’t gotten your copy of the Dealertrack 2024 Compliance Guide, download it today