Tag: F&I Compliance

The Financial Impact of Non-Compliance

Posted on

There’s a reason that compliance looms large for auto dealers – and it has everything to do with the bottom line. Failing to establish and follow consistent compliance practices can cost a dealership in two ways:

Fraud

On one hand, you have fraud risk, which is growing at an alarming rate. According to the 2023 Auto Fraud Trends Report from Point Predictive, auto loan fraud increased by $400 million between 2021 and 2022, totaling more than $8.1 billion in origination risk exposure. Fraudulent entries on those buyers’ loan applications included fake or falsified employment, income and identity information, often combined to create a synthetic identity unrelated to a single, real person.

That’s one reason identity verification is such a vital compliance step. Not only does it help the dealership comply with the OFAC checks and the FTC’s Red Flag Rule, but it lets the dealership confirm that the buyer is who they say they are before that person has the opportunity to take possession of a vehicle under false pretenses.

Fines and Penalties

OFAC is a good example of the second way non-compliance can be costly because violating it can come at a steep cost in criminal and civil penalties and fines. OFAC stands for the Office of Foreign Asset Controls and it requires car dealers to check consumers against its Specially Designated Nationals and Blocked Persons (SDN) list to make sure they aren’t tied to illegal activities. Anyone on the list is prohibited from making a purchase.

Violating OFAC SDN requirements falls under five different regulations: Trading With the Enemy Act (TWEA), International Emergency Economic Powers Act (IEEPA), Antiterrorism and Effective Death Penalty Act (AEDPA), Foreign Narcotics Kingpin Designation Act (FNKDA) and Clean Diamond Trade Act (CDTA). Each regulation carries civil penalties ranging from tens of thousands to more than $1.5 million. (31 C.F.R. § 501, App. A).

Each of the regulations includes criminal penalties for knowing violations that can lead to a decade or more in prison and additional fines for the dealership up to $10 million, depending on which rule has been violated.

Although OFAC is an extreme example, there are fines associated with all of the regulations that a dealership’s compliance program addresses. Here are some of the maximums for potential dealership violations in 2022:

  • Red Flags Rule and Risk-Based Pricing Rule Notice – up to $4,705 per knowing violation
  • Privacy Notices and Adverse Action Notices – up to $50,120 per instance

Download the Dealertrack Compliance Guide to reference the Guide to Penalties (starting on page 217) for a list of the 2024 fines. Keep the guide on hand throughout the year to serve as a useful compliance resource.

Need help making sure your dealership stays on top of compliance? Dealertrack Compliance has integrated checkpoints and monitoring from leads to contracts to help you maintain compliance on every deal. Schedule a demo to find out how.

Data Safeguards & Identity Theft Protection: F&I Compliance Tip

Posted on

Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses.

In fact, according to the U.S. Department of Justice, about 9% of U.S. residents age 16 or older were victims of identity theft in 2021 (the most recent year for which stats are available), leading to total monetary losses of $16.4 billion. That includes the misuse of credit card data, as well as personal identity information. Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets.

With the increase in remote transactions, identity verification is more important than ever. You can help protect your dealership by implementing a few commonsense steps, and by encouraging your staff to follow best practice safeguards:

Tip #1: Acceptable Use

Help control risk by adopting an “acceptable use” policy that ensures employees are not sharing their device, are adhering to strong passwords, and that any corporate-owned data is encrypted. Text messaging should also be discouraged as it is discoverable from the device in litigation and the use of acronyms or shorthand often leads to misunderstandings.

Tip #2: Have a Plan

Have a pre-established plan in place to deal with data security breaches. The FTC has said that an Information Security Program must include a detailed incident and breach response and notice plan to execute in the event of any security breach or database hack in which customer information is or may have been wrongfully accessed, whether by internal or external persons. Pre-identify a team of people to manage the breach and responses. The team should represent each department that might be affected by a breach or that has to be mobilized to interact with the public, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Part of the team’s role is to analyze risks to data, data flow, and worst-case scenarios. Test your plan periodically by doing mock drills. Consult your attorney to know your state law and the laws of your customers’ states of residence about when you give notices to customers about data breaches.

Tip #3: Secure Transmission

Do not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points. These are not secure media. The FTC has cited the absence of data loss prevention software and an intrusion detection system in these media as inadequate practices for an Information Security Program

To get more tips and recommended compliance practices, access the free 2024 Dealertrack Compliance Guide. 

7 Features Your Compliance Software Should Have

Posted on

With the constant threat of audits, fines and lawsuits, every dealership must take compliance seriously. Fortunately, there are cost savings to be found in integrating finance and sales flow compliance functions. Here are seven features to look for when choosing compliance software:

1. Visibility and transparency
It’s important to have a compliance dashboard that monitors employee and deal activity in real-time from a single screen. Keeping a close eye on employee actions lets you step in to make corrections as needed, heading off non-compliance risk.

2. Integrated FTC and OFAC requirements
To meet FTC and OFAC requirements and reduce fraud risk, your workflow needs to include the proper checkpoints. The FTC Red Flags Rule is a requirement designed to help protect against identity theft.  The Office of Foreign Assets Control (OFAC) requires a check of names against its “Specially Designated Nationals” list (SDN) of people with whom you cannot legally do business. You should look for software that automatically pulls Red Flags, provides out-of-wallet knowledge-based authentication questions, and offers additional questions when a customer does not answer enough of the previous questions correctly.

3. Fully compliant menu selling
Consistent presentations and full disclosure should be built into the sales process to reduce your compliance risk. This is an important selling category to watch because many industry experts believe that the FTC will be zeroing in on aftermarket products in the near future with enforcement actions for possible unfair and deceptive practices.

4. Secure document management
To meet compliance regulations, you must store deal-related documents including credit applications, privacy notices, credit reports, pencils, contracts, menus and more. Secure electronic deal jackets make these documents easier to access as needed, protect them from misuse, and also reduce the need to store paper files at your dealership.

5. Ability to print risk-based pricing credit score disclosure notices and privacy notices
Every time you take a credit application, you need a Credit Score Disclosure Notice – and it’s a best practice to give each customer a privacy notice at the same time. Ideally, your software should give you the ability to print risk-based pricing credit score disclosure notices and privacy notices as part of the application submission process.

6. Adverse Action reports
Compliance technology should be able to immediately identify and give you insight into which customers might need an Adverse Action notice.

7. Integrated compliance checks and balances
Compliance should be an integral part of your software so that your employees immediately receive an on-screen notice if a step is overlooked. This information should also be displayed on a performance dashboard so that management can be aware of possible problem areas requiring intervention such as additional training.

To learn how your dealership can integrate compliance checkpoints into your workflow, visit our Compliance product page and schedule a live demo with a Dealertrack F&I sales representative. 

Don’t Play “Hot Potato” With Adverse Action Notices

Posted on

As much as your dealership would like to be able to sell to every customer, sometimes it doesn’t work out. Maybe a customer was credit-challenged, so you decided not to send their application to any financing sources – or you did send their application for financing but couldn’t get acceptable terms. Perhaps you had a spot delivery deal in place that you needed to unwind or re-contract.

In any of these instances, consumer protection laws, including the Equal Credit Opportunity Act (ECOA) and the Fair Credit Reporting Act (FCRA), require that the consumer be presented with an adverse action notice within a mandated timeframe.

This is where it gets tricky. There’s a common misconception among dealers that lenders handle sending adverse action notices. It’s true that a finance source may present their own adverse action notice to a consumer, but that’s not enough to protect a dealership from liability if the notice doesn’t contain certain dealer-specific disclosures.

According to consumer protection laws1, an adverse action notice must tell the customer:

  • What the adverse action was
  • Up to four reasons for the adverse action (or provide the dealership’s contact information so they can find out within 60 days)
  • The names of the credit reporting agencies that provided the information to the dealership
  • Their credit score and information about it
  • Four or five “key factors” that adversely affected their credit score

These are detailed requirements and the dealership is in a better position to provide this information than any given lender, which is one of the reasons the dealer bears the responsibility for compliance.

So, it’s important be alert to situations that require your dealership to provide consumers with an adverse action notice.

Not sure exactly what to include? The 2024 Dealertrack Compliance Guide includes a sample of one type of adverse action notice form that’s appropriate for use in certain circumstances. Always consult your legal counsel for advice on developing an adverse action notice template for your dealership and knowing when to send an adverse action notice.

To learn more about adverse action notices and see the form sample, download the 2024 Dealertrack Compliance Guide.

1Please check with your attorney for verification and further details.

 

3 Things to Know About Risk-Based Pricing Notices

Posted on

Many of your dealership’s compliance responsibilities are designed to inform and protect consumers as they make financial decisions. That is definitely the case for the Federal Trade Commission’s Risk-Based Pricing Rule of the Fair Credit Reporting Act, which may apply to dealerships that use credit reports to help them make lending decisions.

When should you provide a Risk-Based Pricing Notice?

Under the Risk-Based Pricing Rule, a customer must be informed if they’re being offered worse credit terms than other consumers because of information in their credit report.

The threshold that determines when a consumer should receive a Risk-Based Pricing Notice is when they’re offered credit on less favorable terms than what a “substantial proportion” of other customers receive. In most cases, “less favorable terms” refers to customers being offered a higher annual percentage rate than other car buyers.

What are CSD Notices?

As an alternative to providing a Risk-Based Pricing Notice to these selected consumers, some dealerships choose to provide a credit score disclosure (CSD) exception notice to every credit applicant.

CSD Notices include an applicant’s credit score and other information such as the national distribution of credit scores among consumers under the credit scoring model used and various disclosures about credit scores in general.

Consumer reporting agencies will provide CSD Notices upon request. Your dealership should give them to each credit applicant after you get their credit score but before you complete the vehicle sale transaction.

How can I make the process easier at my dealership?

A compliance technology solution integrated with your F&I process can help your dealership provide the required notices to consumers at the appropriate time based on their credit reporting and terms.

As with any compliance issue, we recommend that you address questions you may have with your own qualified legal counsel.

To learn more about the Risk-Based Pricing Rule and other compliance topics, download the 2024 Dealertrack Compliance Guide.

The 5 Ws of Privacy Notice Compliance for Dealerships

Posted on

Your dealership’s privacy notice may seem like just another piece of paperwork, but it’s a vital part of your compliance plan. The federal and state consumer protection regulations that require privacy notices address a wide range of your dealership’s data handling and storage practices. Let’s go over the basics you need to know about them.

Why Are Privacy Notices Necessary?

Numerous laws and regulations require that dealers create and present a notice to inform consumers of their practices for collecting, using and sharing non-public personally identifiable information.

Privacy notices are generally based on the combined requirements of Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). However, dealerships should also take into account federal laws including the FTC Privacy Rule, FTC Affiliate Marketing Rule and the Driver’s Privacy Protection Act (DPPA) when creating their privacy notices.

States are stepping up to provide consumers with additional privacy protections, so it’s important for your privacy policy to address the state regulations that apply where your dealership does business.

Remember, always consult with your legal counsel to ensure compliance with all privacy policy requirements for your dealership.

What Should Privacy Notices Include?

The recommend best practice is to create your FCRA-GLB Privacy Notice using the FTC’s Model Consumer Privacy Online Form Builder. Your dealership’s privacy policy should explain what personal information you collect, how you collect and use the personal information, and what third parties (if any) can access the information. An important key is that your privacy notice should accurately describe the actual way you collect and share information every day, which means you need walk the talk!

Who Should Get A Privacy Notice?

You should give a privacy notice to every consumer who gives your dealership personal information, regardless of whether they end up purchasing a product or service.

When Should A Consumer Get Their Privacy Notice?

As the previous item implies, your dealership should be prepared to present privacy notices to potential customers before they become customers. That means consumers should receive a privacy notice before the dealer plans to collect, use or share their information. The timing can be tricky depending on how the consumer first begins interacting with your dealership, but be prepared to provide a privacy notice when someone first gives you their personal information, or as soon as possible after that. An integrated compliance software solution should provide you with a disclosure alert to ensure that you provide the privacy notice to the consumer at the proper time.

Where Have Privacy Notice Requirements Gotten Broader?

The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This law gives California consumers the right to know what personal information is collected about them, know how their personal information is being used, access a copy of their personal information, request that a business delete the personal information that was collected from them, and say no to having their personal information sold to third parties. There are also related online privacy requirements. The law applies to dealerships doing business in California that meet certain requirements, so consult with your legal counsel to determine your status and ensure that your privacy policy is compliant.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws, many of which become effective in 2024. Several other states are considering legislation to enact similar laws.

Want to learn more about complying with privacy and customer information sharing regulations? Check out the 2024 Dealertrack Compliance Guide

Stranger Danger: Why Identity Verification is Important for Compliance

Posted on

In 2022 alone, the Federal Trade Commission received more than 1.1 million reports of identity theft and more than 2.3 million reports of fraud. Legislators and consumer protection agencies are well aware of the risks, which is why there are so many regulations that require verification of customer identity.

Making sure a customer is who they say they are is not only important for legal compliance, but it also helps protect your dealership from the financial and legal costs of fraud. One of the most proactive compliance processes your dealership should undertake is to develop and assign a Program Manager to implement a written Identity Theft Prevention Program (ITPP) to comply with the FTC Red Flags Rule1.

Saving Consumers and Your Dealership from Identity Theft

According to the FTC, your ITPP should be customized for your dealership’s size, location and activities to identify and address the “red flags” that you are most likely to encounter. The verification activities an ITPP may establish could include:

  • Closely examining photo IDs
  • Reviewing a customer’s recent credit bureau activity
  • Using an electronic identity verification service to compare customer information against databases of fraudulent activity and to assess the Social Security number that a customer has provided
  • “Out-of-wallet” questions, which are authentication questions about someone’s identity that go beyond the information that could be found in a stolen wallet

Use the ITPP with every customer and every document. In cases of problematic customers who resist requests for identity verification, you could escalate to your Program Manager and continue to seek additional information or ask more out-of-wallet questions. The Program Manager should persist until they are satisfied that they have verified the customer’s identity or that they need to decline to do business with the customer.

It’s important to document your ITPP activities for each credit customer and do ongoing training and testing to make sure your staff stays up to date on the process. Consult your legal counsel on developing and updating your ITPP as needed.

Making Sure Your Customers Are Legally Allowed to Buy in the U.S.

Another important identity check requirement centers around the OFAC SDN list. The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury maintains a list of Specially Designated Nationals (SDN) who are prohibited from doing business in the United States, which includes buying a vehicle. Dealerships are required to run each customer’s name against the list and – if they get a “hit” – follow steps to find out whether a possible match is a false positive. There are substantial civil and criminal penalties for doing business with someone on the list, so it’s vital to make sure that customers are not on the SDN list and to keep records of your OFAC checks.

To learn more about customer identity verification and compliance, sign up to download the free 2024 Dealertrack Compliance Guide.

1Please check with legal counsel for further details.

 

Best Practices for Remote Signing

Posted on

Dealerships have made impressive strides in responding to the restrictions imposed by CDC guidelines and social distancing rules by adopting tools that allow them to work with customers remotely. One vital part of that process is remote contract review and signing.

With a growing percentage of deals starting online, remote signing followed by at-home delivery are logical next steps to ensure convenient and socially distanced auto purchases for consumers.

Here are some important considerations for successful remote signing:

  • Make sure your internet connection is secure – An important aspect of compliance is protecting customer and deal data. Especially if you’re working somewhere other than the dealership, be sure your wi-fi signal is password protected.
  • Begin with some show-and-tell – Start by having a conversation with the buyer to make sure they have access to the proper technology required for the contract review and signing: a desktop computer, laptop or tablet with an up-to-date browser that’s connected to the internet. Then explain the eSign process, including the need for their consent, and talk through how the signature capture process works.
  • Verify the customer’s identity – When you’re dealing with customers remotely, it’s more important than ever to make sure every customer is who they say they are. Using a compliance solution like Dealertrack Compliance during the deal process for vital Red Flag alerts and OFAC checks can help – and can also provide out-of-wallet questions if needed.
  • The next best thing to face-to-face – We recommend using video conferencing, Facetime or another video chat app to help make sure you’re dealing with the right person before you connect to their device for contract review and signing. Video is also helpful for walking the customer through the review and signing process so you can see their screen and provide direction as needed.
  • Record the signing ceremony – Choose a video conference platform that allows you to record the signing session for the purposes of ID verification and fraud risk mitigation. Tell the customer you’ll be recording and get their permission before you begin.
  • Give the customer time to read the fine print – Before the customer signs, make sure they review the contract. They can do it on the screen, but you should recommend that they use the print or download functionality to create their own copy.
  • Follow delivery protocols and best practices1 – The vehicle should be delivered as soon as possible after contract signing. When you arrive at the customer’s location,2 start by validating the buyer’s identity by matching their driver’s license to the information on the contract.
  • Don’t renegotiate upon delivery – Do not negotiate terms and conditions of the deal at the consumer’s home, as this could invoke a three-day rescission period that allows the customer to cancel their transaction.
  • Disinfect high-touch areas of the vehicle – Relieve any customer concerns by cleaning the vehicle in accordance with CDC guidelines and telling the customer about your sanitizing procedures.
  • Finalize all documentation – If there are any remaining DMV or dealer documents, have the customer complete them now. Use a tablet to photograph and upload any remaining stips and trailing documents. Be sure to have the customer sign the delivery receipt and keep it for your records. And don’t forget to deliver the final signed copy of the contract to your customer.

If a customer will be at the dealership to sign their contract and take delivery of their vehicle, you can still give them the option of bringing in their own device for signing. That can help to ensure social distancing and alleviate any concern the customer may have about handling shared devices.

Dealertrack assisted Remote Signing is available for dealerships with Digital Contracting on Dealertrack F&I. Click to learn more about getting started with assisted Remote Signing at your dealership.

The 2022 Dealertrack Compliance Guide includes a new chapter on automotive eCommerce sales. Download the Compliance Guide here.

.In locations where permitted by federal, state and local COVID-19 ordinances, consider offering at-home delivery and observe CDC protocols during vehicle delivery.
Customer must take delivery in the state they are in as out-of-state deliveries are not available at this time.

What Dealerships Need to Know About Electronic Signatures

Posted on

In the year 2000, Tiger Woods became the youngest golfer to win a career Grand Slam, the original Mini ceased production, and the U.S. passed the E-Sign Act (Electronic Signatures in Global and National Commerce) ensuring that electronic signatures can be valid and legally binding.

Even though more than 20 years have passed since then, confusion about the legality of eSignatures remains. In this post, we’re going to work on clearing up some of the common misconceptions around electronic signatures.

Federal Laws Regarding eSignatures

The E-Sign Act states that a contract or signature, “may not be denied legal effect, validity, or enforceability solely because it is in electronic form”. Basically, the E-Sign Act gives eContracts and eSignatures the same legal standing as paper records. It also says that electronic records count as information “provided in writing,” as long as a consumer agrees to conduct their transaction using electronic means.

The E-Sign Act also requires lenders to keep accurate and complete electronic records that can be accessed and reproduced as needed by people who are authorized to access them.

You can click here to read the E-Sign Act if you want to know exactly how it’s stated.

In 2010, provisions of the Uniform Electronic Transactions Act (UETA) helped ensure that each state aligned on recognizing the legality of electronic contracts for business and commercial transactions. As of August 2021, New York State has not adopted UETA, but they have other laws recognizing electronic signatures for lenders.

But What About California?

When California adopted UETA, it made an exception for auto signing. However, California later adopted E-Sign, which supersedes UETA. Currently, every major provider and lender includes California in their eContracting platform.

Please consult your lawyer if you have doubts or questions about the legality of eSigning in your state.

What Are the Advantages of eSigning?

Giving electronic contracts and signatures the same legal status as their paper counterparts offers significant benefits for dealers, customers and lenders:

  • Accuracy – eContracting helps ensure that contracts are complete and more accurate before the customer signs and the dealer submits them to the lender. It also helps eliminate missing signatures, which is one of the top reasons that funding packages are returned as incomplete and subject to re-contracting.
  • Compliance – With the system flagging any potential issues, a dealership can be more confident that each contract is compliant with state and federal consumer protection regulations. Customers are protected by a documented process that ensures they know what they’re signing before they sign and that they’ve provided affirmative consent to complete their transaction electronically.
  • Customer Satisfaction – The ability to review and sign documents electronically greatly enhances the customer experience. Rather than flipping through dozens of pages one-at-a-time, eSigning offers customers the ability to seamlessly and efficiently move through the car buying process. 2021 Cox Automotive Car Buyer Journey research shows that heavy digital buyers who completed more than half of their purchase activities online, saved nearly 30 minutes by handling negotiations, contract review and signing digitally. These buyers had more overall satisifaction with the shopping experience, which can help to preserve the dealership’s CSI score and improve customer loyalty.
  • Faster Funding – The lender receives data that has already been checked for accuracy directly into their loan origination system (LOS), which not only maximizes data security but allows for loans to be processed and funded more quickly.

How Widespread is eSigning?

Industry-wide, lenders have purchased, securitized and funded billions of dollars in eSigned retail and lease contracts to date in all 50 states.

Are All eSignatures the Same?

Dealertrack eSignatures are accepted by all major lenders participating in eContracting on our platform in every state. In addition, there are aspects of our technology and signing process that help ensure eSignature authenticity and provide the authoritative copy of each contract in ways that some other providers do not. We can also offer a better customer experience with “tap and sign” functionality that allows buyers to sign one time per signing session and have all subsequent signatures pre-fill with just a tap.

If you’d like to learn more about the advantages of Dealertrack Digital Contracting, please click to request a demo.

3 Questions You Should Ask About Your F&I Compliance Technology

Posted on

Advanced automotive retail technology offers streamlined dealer workflows designed to improve the customer experience and ultimately enhance your profits.​ 

These workflows can provide other crucial benefits, including regulatory compliance safeguards and protections against consumer fraud, integrated across the sales and F&I workflow.

Here are three questions to keep in mind when you’re selecting this type of technology to ensure that it meets compliance standards:

1. How does the platform address safeguards and ID verification?

There should be verification checkpoints such as red flags reports built into the workflow. You also want to make sure that you can add additional ID questions as needed. This is important for dealership security and will help you meet FTC and OFAC requirements.

2. How does the software handle adverse action notices and risk-based pricing notices?

You want adverse action notices and risk-based pricing notices to be an integral part of the technology workflow. For adverse action notices, the software should help you manage the mailing of notices and show confirmation that the notices were sent.

3. Does the compliance offering include aftermarket product sales?

To reduce the risk of non-compliance, it’s important for your F&I solution to incorporate a consistent presentation, accurate pricing, and proper aftermarket disclosures.

F&I solutions are aided by technology, but they also require training, knowledge and guidance that encompasses every customer interaction from advertising, to showroom conversations, to starting, structuring, financing and transacting the deal.

Want to learn about Dealertrack’s F&I Compliance solutions? Click to schedule a demo.