Tag: F&I Compliance Tips

Data Safeguards & Identity Theft Protection: F&I Compliance Tip

Posted on

Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses.

In fact, according to the U.S. Department of Justice, about 9% of U.S. residents age 16 or older were victims of identity theft in 2021 (the most recent year for which stats are available), leading to total monetary losses of $16.4 billion. That includes the misuse of credit card data, as well as personal identity information. Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets.

With the increase in remote transactions, identity verification is more important than ever. You can help protect your dealership by implementing a few commonsense steps, and by encouraging your staff to follow best practice safeguards:

Tip #1: Acceptable Use

Help control risk by adopting an “acceptable use” policy that ensures employees are not sharing their device, are adhering to strong passwords, and that any corporate-owned data is encrypted. Text messaging should also be discouraged as it is discoverable from the device in litigation and the use of acronyms or shorthand often leads to misunderstandings.

Tip #2: Have a Plan

Have a pre-established plan in place to deal with data security breaches. The FTC has said that an Information Security Program must include a detailed incident and breach response and notice plan to execute in the event of any security breach or database hack in which customer information is or may have been wrongfully accessed, whether by internal or external persons. Pre-identify a team of people to manage the breach and responses. The team should represent each department that might be affected by a breach or that has to be mobilized to interact with the public, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Part of the team’s role is to analyze risks to data, data flow, and worst-case scenarios. Test your plan periodically by doing mock drills. Consult your attorney to know your state law and the laws of your customers’ states of residence about when you give notices to customers about data breaches.

Tip #3: Secure Transmission

Do not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points. These are not secure media. The FTC has cited the absence of data loss prevention software and an intrusion detection system in these media as inadequate practices for an Information Security Program

To get more tips and recommended compliance practices, access the free 2024 Dealertrack Compliance Guide. 

7 Features Your Compliance Software Should Have

Posted on

With the constant threat of audits, fines and lawsuits, every dealership must take compliance seriously. Fortunately, there are cost savings to be found in integrating finance and sales flow compliance functions. Here are seven features to look for when choosing compliance software:

1. Visibility and transparency
It’s important to have a compliance dashboard that monitors employee and deal activity in real-time from a single screen. Keeping a close eye on employee actions lets you step in to make corrections as needed, heading off non-compliance risk.

2. Integrated FTC and OFAC requirements
To meet FTC and OFAC requirements and reduce fraud risk, your workflow needs to include the proper checkpoints. The FTC Red Flags Rule is a requirement designed to help protect against identity theft.  The Office of Foreign Assets Control (OFAC) requires a check of names against its “Specially Designated Nationals” list (SDN) of people with whom you cannot legally do business. You should look for software that automatically pulls Red Flags, provides out-of-wallet knowledge-based authentication questions, and offers additional questions when a customer does not answer enough of the previous questions correctly.

3. Fully compliant menu selling
Consistent presentations and full disclosure should be built into the sales process to reduce your compliance risk. This is an important selling category to watch because many industry experts believe that the FTC will be zeroing in on aftermarket products in the near future with enforcement actions for possible unfair and deceptive practices.

4. Secure document management
To meet compliance regulations, you must store deal-related documents including credit applications, privacy notices, credit reports, pencils, contracts, menus and more. Secure electronic deal jackets make these documents easier to access as needed, protect them from misuse, and also reduce the need to store paper files at your dealership.

5. Ability to print risk-based pricing credit score disclosure notices and privacy notices
Every time you take a credit application, you need a Credit Score Disclosure Notice – and it’s a best practice to give each customer a privacy notice at the same time. Ideally, your software should give you the ability to print risk-based pricing credit score disclosure notices and privacy notices as part of the application submission process.

6. Adverse Action reports
Compliance technology should be able to immediately identify and give you insight into which customers might need an Adverse Action notice.

7. Integrated compliance checks and balances
Compliance should be an integral part of your software so that your employees immediately receive an on-screen notice if a step is overlooked. This information should also be displayed on a performance dashboard so that management can be aware of possible problem areas requiring intervention such as additional training.

To learn how your dealership can integrate compliance checkpoints into your workflow, visit our Compliance product page and schedule a live demo with a Dealertrack F&I sales representative. 

Don’t Play “Hot Potato” With Adverse Action Notices

Posted on

As much as your dealership would like to be able to sell to every customer, sometimes it doesn’t work out. Maybe a customer was credit-challenged, so you decided not to send their application to any financing sources – or you did send their application for financing but couldn’t get acceptable terms. Perhaps you had a spot delivery deal in place that you needed to unwind or re-contract.

In any of these instances, consumer protection laws, including the Equal Credit Opportunity Act (ECOA) and the Fair Credit Reporting Act (FCRA), require that the consumer be presented with an adverse action notice within a mandated timeframe.

This is where it gets tricky. There’s a common misconception among dealers that lenders handle sending adverse action notices. It’s true that a finance source may present their own adverse action notice to a consumer, but that’s not enough to protect a dealership from liability if the notice doesn’t contain certain dealer-specific disclosures.

According to consumer protection laws1, an adverse action notice must tell the customer:

  • What the adverse action was
  • Up to four reasons for the adverse action (or provide the dealership’s contact information so they can find out within 60 days)
  • The names of the credit reporting agencies that provided the information to the dealership
  • Their credit score and information about it
  • Four or five “key factors” that adversely affected their credit score

These are detailed requirements and the dealership is in a better position to provide this information than any given lender, which is one of the reasons the dealer bears the responsibility for compliance.

So, it’s important be alert to situations that require your dealership to provide consumers with an adverse action notice.

Not sure exactly what to include? The 2024 Dealertrack Compliance Guide includes a sample of one type of adverse action notice form that’s appropriate for use in certain circumstances. Always consult your legal counsel for advice on developing an adverse action notice template for your dealership and knowing when to send an adverse action notice.

To learn more about adverse action notices and see the form sample, download the 2024 Dealertrack Compliance Guide.

1Please check with your attorney for verification and further details.

 

The 5 Ws of Privacy Notice Compliance for Dealerships

Posted on

Your dealership’s privacy notice may seem like just another piece of paperwork, but it’s a vital part of your compliance plan. The federal and state consumer protection regulations that require privacy notices address a wide range of your dealership’s data handling and storage practices. Let’s go over the basics you need to know about them.

Why Are Privacy Notices Necessary?

Numerous laws and regulations require that dealers create and present a notice to inform consumers of their practices for collecting, using and sharing non-public personally identifiable information.

Privacy notices are generally based on the combined requirements of Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). However, dealerships should also take into account federal laws including the FTC Privacy Rule, FTC Affiliate Marketing Rule and the Driver’s Privacy Protection Act (DPPA) when creating their privacy notices.

States are stepping up to provide consumers with additional privacy protections, so it’s important for your privacy policy to address the state regulations that apply where your dealership does business.

Remember, always consult with your legal counsel to ensure compliance with all privacy policy requirements for your dealership.

What Should Privacy Notices Include?

The recommend best practice is to create your FCRA-GLB Privacy Notice using the FTC’s Model Consumer Privacy Online Form Builder. Your dealership’s privacy policy should explain what personal information you collect, how you collect and use the personal information, and what third parties (if any) can access the information. An important key is that your privacy notice should accurately describe the actual way you collect and share information every day, which means you need walk the talk!

Who Should Get A Privacy Notice?

You should give a privacy notice to every consumer who gives your dealership personal information, regardless of whether they end up purchasing a product or service.

When Should A Consumer Get Their Privacy Notice?

As the previous item implies, your dealership should be prepared to present privacy notices to potential customers before they become customers. That means consumers should receive a privacy notice before the dealer plans to collect, use or share their information. The timing can be tricky depending on how the consumer first begins interacting with your dealership, but be prepared to provide a privacy notice when someone first gives you their personal information, or as soon as possible after that. An integrated compliance software solution should provide you with a disclosure alert to ensure that you provide the privacy notice to the consumer at the proper time.

Where Have Privacy Notice Requirements Gotten Broader?

The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This law gives California consumers the right to know what personal information is collected about them, know how their personal information is being used, access a copy of their personal information, request that a business delete the personal information that was collected from them, and say no to having their personal information sold to third parties. There are also related online privacy requirements. The law applies to dealerships doing business in California that meet certain requirements, so consult with your legal counsel to determine your status and ensure that your privacy policy is compliant.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws, many of which become effective in 2024. Several other states are considering legislation to enact similar laws.

Want to learn more about complying with privacy and customer information sharing regulations? Check out the 2024 Dealertrack Compliance Guide

Stranger Danger: Why Identity Verification is Important for Compliance

Posted on

In 2022 alone, the Federal Trade Commission received more than 1.1 million reports of identity theft and more than 2.3 million reports of fraud. Legislators and consumer protection agencies are well aware of the risks, which is why there are so many regulations that require verification of customer identity.

Making sure a customer is who they say they are is not only important for legal compliance, but it also helps protect your dealership from the financial and legal costs of fraud. One of the most proactive compliance processes your dealership should undertake is to develop and assign a Program Manager to implement a written Identity Theft Prevention Program (ITPP) to comply with the FTC Red Flags Rule1.

Saving Consumers and Your Dealership from Identity Theft

According to the FTC, your ITPP should be customized for your dealership’s size, location and activities to identify and address the “red flags” that you are most likely to encounter. The verification activities an ITPP may establish could include:

  • Closely examining photo IDs
  • Reviewing a customer’s recent credit bureau activity
  • Using an electronic identity verification service to compare customer information against databases of fraudulent activity and to assess the Social Security number that a customer has provided
  • “Out-of-wallet” questions, which are authentication questions about someone’s identity that go beyond the information that could be found in a stolen wallet

Use the ITPP with every customer and every document. In cases of problematic customers who resist requests for identity verification, you could escalate to your Program Manager and continue to seek additional information or ask more out-of-wallet questions. The Program Manager should persist until they are satisfied that they have verified the customer’s identity or that they need to decline to do business with the customer.

It’s important to document your ITPP activities for each credit customer and do ongoing training and testing to make sure your staff stays up to date on the process. Consult your legal counsel on developing and updating your ITPP as needed.

Making Sure Your Customers Are Legally Allowed to Buy in the U.S.

Another important identity check requirement centers around the OFAC SDN list. The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury maintains a list of Specially Designated Nationals (SDN) who are prohibited from doing business in the United States, which includes buying a vehicle. Dealerships are required to run each customer’s name against the list and – if they get a “hit” – follow steps to find out whether a possible match is a false positive. There are substantial civil and criminal penalties for doing business with someone on the list, so it’s vital to make sure that customers are not on the SDN list and to keep records of your OFAC checks.

To learn more about customer identity verification and compliance, sign up to download the free 2024 Dealertrack Compliance Guide.

1Please check with legal counsel for further details.

 

3 Questions You Should Ask About Your F&I Compliance Technology

Posted on

Advanced automotive retail technology offers streamlined dealer workflows designed to improve the customer experience and ultimately enhance your profits.​ 

These workflows can provide other crucial benefits, including regulatory compliance safeguards and protections against consumer fraud, integrated across the sales and F&I workflow.

Here are three questions to keep in mind when you’re selecting this type of technology to ensure that it meets compliance standards:

1. How does the platform address safeguards and ID verification?

There should be verification checkpoints such as red flags reports built into the workflow. You also want to make sure that you can add additional ID questions as needed. This is important for dealership security and will help you meet FTC and OFAC requirements.

2. How does the software handle adverse action notices and risk-based pricing notices?

You want adverse action notices and risk-based pricing notices to be an integral part of the technology workflow. For adverse action notices, the software should help you manage the mailing of notices and show confirmation that the notices were sent.

3. Does the compliance offering include aftermarket product sales?

To reduce the risk of non-compliance, it’s important for your F&I solution to incorporate a consistent presentation, accurate pricing, and proper aftermarket disclosures.

F&I solutions are aided by technology, but they also require training, knowledge and guidance that encompasses every customer interaction from advertising, to showroom conversations, to starting, structuring, financing and transacting the deal.

Want to learn about Dealertrack’s F&I Compliance solutions? Click to schedule a demo.

Minimize Risk and Help Ensure Compliance on Every Deal

Posted on

It’s understandable that dealers do not enjoy having to think about compliance. The myriad, ever-changing laws, rules and regulations that apply to each deal can be confusing and frustrating. But non-compliance can lead to thousands of dollars in fines, class-action penalties, and damage to the dealership’s reputation – so it’s important to do everything possible to keep up.

Engaging qualified legal counsel is the most effective approach to full compliance, but here are other ways that dealers and their staff can work to protect their deals and the reputation of their dealerships.

Every pencil counts 

As you know, a pencil is the proposal that a salesperson uses with customers to outline deal scenarios as the final agreement is being reached. It’s important for your desking solution to automatically save a record of pencils in each customer’s deal jacket.

This will give you the ability to show a regulator, auditor, or plaintiff’s attorney the progression of the deal, and will help head off any claims that a consumer misunderstood the deal. This is particularly important in that the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have emphasized the need for transparency in consumer financing of automobile purchases and leases. For example, The Dodd-Frank Act of 2010 has a category for “abusive” trade practices, designed to protect consumers from being taken advantage of due to their lack of understanding.

Consistency is key 

Prepare scripts, FAQs and presentations that fairly and honestly state what the aftermarket product is and how much it will cost. This helps ensure that there won’t be credit discrimination.

Create a paper trail – even if it’s digital 

Solid documentation creates an environment of transparency for the consumer and a “paper trail” for auditors and regulators.

Each customer’s deal jacket should not only contain a record of pencils, but copies of every document, including all four squares and even less formal correspondence that shows how the deal was formed. Keeping the pencils record, a signed menu, and a plain-language buyer’s order reveals the detailed steps and trade-offs made by both the customer and the dealer.

Make sure that all pertinent deal information is stored in an easily searchable and highly secure location. That will help you build a consistent and transparent sales process and also give you the ability to track pencils by deal, date, user or vehicle status for auditing purposes.

When you follow these steps, you will help protect your dealership and your customers.

For more compliance tips, download the Dealertrack 2024 Compliance Guide. It’s a handy resource for questions about sales and finance compliance all year long.  

How Operations Oversight Aids in F&I Compliance

Posted on

It seems that you can’t read the news without learning of yet another massive corporate data security breach. As much as we all hear about the importance of safeguarding customer information, studies show that a majority of data breaches are caused by employees.

In your showroom, that means your compliance is at risk from staff members leaving deal jackets, credit reports or credit applications lying around for anyone to see – or from weak passwords or “phishing” scams with untrustworthy links. Whether data is exposed through negligence, error or the deliberate acts of untrustworthy employees, it’s important to have a plan in place to protect your dealership.

Dealership management should be proactive and prepared with comprehensive data security training and real-time monitoring. It’s vital to oversee your operations via tracking of employee access to your electronic databases, including a compliance dashboard.

Protecting your dealership 

There are two key steps to keeping your dealership protected and compliant. Begin by educating your employees and giving them the tools they need to keep information secure. This includes training on data security best practices about things like strong passwords, avoiding clicking unknown links, and guarding against social engineering attempts by strangers attempting to get information.

The second step is to create a monitoring program that allows you to oversee data flow into your systems, user access, user activity, and patterns that indicate irregularities. When you closely and regularly monitor the sales process, you are better equipped to step in to head off problems and help ensure that your dealership remains compliant.

Creating your compliance process 

As you’re developing your process, make sure it includes a real-time compliance dashboard within a single screen. That will allow you to immediately identify any potential issues. You’ll also be able to observe how your employees handle and safeguard customer data they receive.

Data management is something you need to do actively, with policies in place to handle data over time as well. Beyond requiring secure passwords and authentication, consider two-factor authentication that includes a complex password and a randomly-generated number from an ID token.

Manage user permissions so that only employees with a legitimate business need can access customer information. Have a plan for purging non-public personal information once you no longer need it.

A culture of security in your dealership starts with senior management and filters through the ranks. Emphasize transparency and honesty in every customer interaction and make sure to train employees on unfair, deceptive and abusive practices to ensure that each interaction with customers complies with federal and state regulations.

If you haven’t gotten your copy of the Dealertrack 2024 Compliance Guide, download it today

5 Ways to Make Sure Your Compliance Program Is Effective

Posted on

Compliance can be a costly part of doing business as a dealership. A 2022 article in Auto Dealer Today estimated that the average dealership spends between $162,385 and $276,925 per year to address regulatory compliance.

Fortunately, dealers can address F&I compliance more affordably by integrating a robust program throughout the sales and F&I workflow. This starts with effective document storage and includes the ability to monitor deal activity.

Here are five questions to ask to make sure your compliance program is operating at full efficiency and effectiveness:

1. Have you created a culture of compliance and security?
It’s important to train employees on spotting unfair, deceptive, and abusive acts and practices. Training should also emphasize honesty and transparency in all customer interactions. And make sure you have a compliance dashboard that allows you to monitor activity from a single screen.

2. Is the FTC Red Flags Rule fully integrated into your workflow?
Your sales workflow should include checkpoints throughout the deal process to verify that you’re meeting FTC and OFAC requirements and mitigating fraud. Always stay audit-ready by documenting everything you do and keeping copies of all documents related to identify in the deal jacket. Finally, be sure that you follow your identity theft policies and procedures (ITPP) process with every customer.

3. Does your compliance workflow include your menu selling?
Cox Automotive research has found that customers who are aware of F&I product options before they go to the dealership are more likely to buy. As these product introductions become more prevalent online, it’s vital to make sure they are fully consistent with the in-store presentations and include the same full disclosure. Your electronic menu product should help ensure consistency and legal compliance with your state laws and regulations.

4. Do you have full visibility to all deal activity?
Your compliance program should give you the power to track, report, and audit activity as needed, and from a single screen. Today’s dealership management must be prepared and proactive, with comprehensive training and real-time monitoring. For example, electronic databases should give you the ability to track employee access, and oversight of operations should include a compliance dashboard.

5. Are you consistently managing all documentation?
Regulations demand that you store a wide range of documents, including credit applications, privacy notices, credit reports, contracts, and menus, in secure electronic deal jackets. It’s about more than just convenience. Being consistent in storage and security provides peace of mind and creates efficiencies just in case auditors do come calling.

For more compliance tips, download the Dealertrack 2024 Compliance Guide. It’s a useful resource for safeguarding your dealership. 

Keeping Aftermarket Products In Line: F&I Compliance Tip

Posted on

Aftermarket products are important to dealerships’ bottom line. Recent NADA research has shown that 50 percent of profits for the average dealership come from the sale of aftermarket products.

A majority of these profits come from vehicle service contracts but, but other products driving profits also include guaranteed auto protection, credit life, and disability insurance, among others.

When selling aftermarket products, a dealership must disclose the products separately from the vehicle, indicating that the purchase is voluntary and that it is not required to obtain financing. Several states even have detailed regulations about how items need to be disclosed to the customer.

This is important to keep in mind as the FTC and CFPB continue to actively investigate and look for any unfair and deceptive practices in the sale of aftermarket products. The CFPB has made aftermarket products a priority since its inception and have the authority to bring actions against certain independent and buy-here-pay-here dealers while also referring other dealer violations to the FTC or a State Attorney General.

Best Practices

So, when selling these aftermarket products, how can dealerships protect themselves? We recommend the following to keep the FTC and CFPB away:

  1. Eliminate Excluded Customers from Your Target Direct Marketing Lists – There are consumers that opt out of all types of solicitations. If you have customers that do opt out, remove them from your lists. You can take it a step further and obtain the customer’s written consent to receive auto-dialed or prerecorded calls or texts. Cross-checking numbers with the FTC’s National Do Not Call Registry will save you headaches and potential issues.
  2. Understand Warranty Disclaimers for Each State – Service and insurance contracts can be structured in many different ways, all of which have different tax and liability issues. Dealers need to make it clear as to whether or not they have “entered into” a service contract. Both retro and reinsurance policies are subject to state insurance laws and customer claims. Dealers need to run the structure of service contracts with their lawyers and accountants.
  3. Charge the Same Price for Everything – Each product needs to be priced the same. If you surcharge a customer, that is considered part of the “finance charge” under TILA (Truth in Lending Act). As a result, that then must be calculated into the APR and disclosed in the RISC (Retail Installment Sales Contract).
  4. Be Consistent – The way you sell aftermarket products in the F&I office needs to be consistent. As a dealer, you are responsible for what is legally required in your state in terms of scripts, FAQs, and presentations that outline products and what they will cost.
  5. Adjust Your Practices to Address Customer Feedback – As laws change and consumers have positive and negative reactions, you need to adapt your selling of aftermarket products. Your employees need to be on board with this as well.
  6. Review and understand the CFPB Bulletin Incentives – When incentives concern products or services that could cause harm to consumers or not benefit them as strongly, they need to be reined in. Always have consumer interests in mind.

Start protecting your dealership from federal fines and audits: download your 2024 Compliance Guide todayLearn more about the Dealertrack Compliance solution here.