Tag Archive | "compliance"

Colorado Puts the Brakes on TrueCar

After hitting an impasse with auto industry skeptics, TrueCar is facing another setback. The embattled company and its dealers were notified by the Colorado Department of Revenue that they could be in violation of five of the state’s advertising rules, according to a letter released on Dec. 15.

According to the Colorado Automobile Dealers Association, TrueCar had initiated a meeting with the Department’s Motor Vehicle Dealer Board in late November to find out if its service was in compliance with Colorado state laws. “That seemed to be a discovery meeting to tell the [state’s] Auto Industry Division (AID) how the TrueCar model works,” said Tim Jackson, Colorado Automobile Dealers Association (CADA) president.

The Department of Revenue’s legislative liaison, Mark Couch, stated that the AID is currently investigating a complaint that it received last week regarding TrueCar and could not comment until the investigation was completed, reported F&I and Showroom magazine.

Jackson said that his association was not involved in the meeting, but was notified soon after by the AID about a number of issues regarding TrueCar’s business relationship with dealers. Some of the topics mentioned in the AID’s letter include concerns over access to dealer’s inventory information, possible “bait and switch” situations and concerns regarding unlicensed sales activity.

The five advertising violations identified included failure to include vehicle stock numbers, using the word “invoice” in advertisements, small font size on disclaimers, failure to disclose all costs associated with purchasing a vehicle, and not listing an expiration date or time limit for offers.

The association’s new-car dealers were notified about the situation over the weekend. “I’ve been on the phone all day,” Jackson said. “Out of those 250 or so dealers, I’ve probably fielded between 25 to 35 calls so far.”

The AID’s letter also indicated that it has been instructed to “pursue licensure by TrueCar as either a Used Motor Vehicle Dealer or to have individuals associated with TrueCar licensed as salespersons or both.”

The reason for this, Jackson adds, is that anyone who is negotiating the price of a car in Colorado needs to be licensed to do so.

Though the alleged violations originated from TrueCar’s materials, the AID states that any dealer using the company’s services to promote and list vehicles will ultimately be responsible for any violations of the state’s compliance rules.

“It’s up to the dealers who they do business with and we don’t tell them who to do business with or not to do business with,” Jackson says. “But it’s our role to help them stay in compliance.”

Group 1 Automotive was recently reported to have ended its business relationship with TrueCar, but did not immediately return F&I and Showroom’s requests for comment. Last week, Honda confirmed that it warned its dealers over the summer that marketing dollars will be withheld if dealers violate the company’s stated advertising guidelines. A company spokesman, however, denied that Honda is prohibiting its dealers from using TrueCar.

Posted in Auto Industry NewsComments (0)

Digital Compliance, Part 2

Last month in this space, we discussed the existence and usefulness of inexpensive “digital” compliance tools. For purposes of this series, we consider “digital compliance” to mean any compliance tool or solution that is:

  • Web- or computer-based
  • Automated
  • Efficient
  • Effective

Part 1 evaluated digital compliance as it applied to OFAC, the Safeguards Rule, the Red Flags Rule, and F&I menus. This month we’ll look at the Dodd-Frank Act, Environmental, Health & Safety, Human Resources, and Compliance Training. Next month (assuming reader mail doesn’t suggest additional topics) we’ll wrap up by examining digital compliance solutions for Product Training, Deceptive Trade Practices, and Audits & Review.

Dodd-Frank Act

The topics of Adverse Action Notices and Risk-based Pricing Notices have generated great angst in the dealership community of late, due in large measure to the Dodd-Frank Wall Street Reform and Consumer Protection Act. I could argue that Act neither meaningfully reforms Wall Street nor protects consumers, but it certainly got dealers’ attention.

The reason for dealer attention was the expansion of disclosures that adverse action notices must contain. Dodd-Frank amends the Fair Credit Reporting Act to require creditors to disclose in their adverse action notices:

  • A numerical credit score used in making the credit decision
  • the range of possible scores under the model used
  • Up to four key factors that adversely affected the consumer’s credit score (or up to five factors if the number of inquiries made with respect to that consumer report is a key factor)
  • The date on which the credit score was created
  • The name of the person or entity that provided the credit score

And then there’s risk-based pricing. Dodd-Frank requires risk-based pricing notices (RBPN) be given in situations where credit is offered on terms “materially less favorable” than “the most favorable terms available to a substantial portion of consumers” where the credit decision was “based in whole or in part on the consumer report.” In the alternative, dealers may provide an “exception notice” to all consumers after a credit score is obtained and before a financial contract is consummated.

Confused yet?

Fortunately for dealers, many third party vendors in the credit-approval process provide compliant adverse action notices and RBPN. In addition, CRM and DMS systems generally can print a compliant notice as well. You can check out CoreLogic Credco’s solution at www.credcoservices.com/assets/pdfs/samplereports/rbpn_sample.pdf; RouteOne’s at www.routeone.com/products/dealers/services/compliance-tools.dot; and ProCredit Express’ at www.procreditexpress.com/riskBased.html. So you’re covered, right? In the immortal words of Lee Curso, “Not so fast, my friend…”

It’s easy to provide a customer in F&I with an exception notice, but what about unsold showroom traffic? And how do you ensure a proper notice was actually provided in F&I, or emailed (after securing permission to use email), or mailed within 30 days of a credit bureau being pulled? And how do you document that your dealership complied? Remember, in the world of compliance, if it isn’t documented, it didn’t happen. So be sure to determine that the solution you choose addresses those issues.

Environmental, Health & Safety

In the EHS arena, dealerships need to comply with OSHA, DOT, EPA, State regulations, and the local press corps if things don’t always work out. Inspections are a part of this, and those generally require real people making actual site visits. But the miracle of the internet can improve and automate many processes.

For example, consider Material Safety Data Sheets (MSDS). An MSDS explains the properties of a given substance used or present at a dealership. They are intended to provide workers with procedures for handling or working with the covered substance in a safe manner, and must be available for workers and emergency personnel.

MSDS can be stored, catalogued and updated in thick black three-ring binders. Or the appropriate MSDS can be accessed online and maintained on the dealership’s behalf by a third party vendor. For my money, the latter approach is the way to go.

Similarly, DOT/Hazmat training can be had online. Online solutions for the management of documentation are also available, including inspection reports, issue logs, safety committee meeting notes, DOT and other employee certifications, and accident reports. Online dashboards make status easy to observe and track. For one such vendor, see KPA at www.kpaonline.com.

Human Resources

Much of the value of digital compliance solutions lies in their ability to create repeatable, verifiable processes. One of the areas in which this capability is tremendously important is Human Resources (HR). Treating all employees consistently and fairly is vital in order to both do right and avoid lawsuits based on discrimination or wrongful termination.

Web-based applications exist to make consistent and compliant HR actions easy. Such tools address Recruitment and applicant training, performance management, incident reporting, even online advice from employment law attorneys. Dashboards can provide a bird’s-eye view of the status of individuals and the dealership as a whole.

When employees sue employers, the value of being able to document reasonable actions cannot be overestimated. Web-based solutions create checklists and processes to be followed, and a secure archive of those actions from which reports can easily be generated. Paper employee files look archaic by comparison.

For an example of such a web-based solution, see HotlinkHR at www.hotlinkhr.com.

Compliance Training

True fact: delivering a motor vehicle in an American retail transaction is one of the most heavily-regulated activities on earth. It is only slightly less regulated (deep breath…) than building a nuclear power plant on a bald eagle eating a manatee in the wetlands behind Al Gore’s house. Seriously. A dealership’s daily business involves the Fair Credit Reporting Act, Equal Credit Opportunity Act, Regulation M, Regulation Z, the Magnuson-Moss Warranty Act, Red Flags Rule, Safeguards Rule, Used Car Rule, Holder-in-Due-Course Rule, Privacy Rule, Disposal Rule, Credit Practices Rule, Telemarketing Sales Rule, Cash Reporting Rule, CAN-SPAM, FTC Act, FACT Act, OFAC, and the Equal Employment Opportunity Act.

That was just a partial list – to tell you the truth, in all this confusion I kind of lost track myself. So you’ve got to ask yourself one question: How can a dealership’s non-attorney employees follow laws they don’t even know exist? Do you feel lucky? Well do ya, punk?

With apologies to Dirty Harry, it’s easy to cut through the confusion with a web-based legal compliance training program that educates dealership employees on the laws that govern their jobs. Coupled with a Learning Management System, records and reports are created that demonstrate who took the training, when, and how they did on the module-end test that confirms learning took place. Done right, this can even create admissible evidence in support of a dealership’s position in consumer litigation.

Curricula can be tailored for the specific job description of the learner. So, for example, every employee can take Sexual Harassment training, while only F&I personnel would take a module on the legal implications of F&I menus. Automated reporting features can be configured to give the appropriate manager regular emails concerning the progress of those in his department.

To see one such program – mine – go to www.mosaic-compliance.com.

If you’ve made it this far, good news: only one more article to wrap this up. And the finale will include a compliance checklist to keep all these obligations (and the options to address them) straight.

Posted in Product & TechnologyComments (1)

Digital Compliance, Part 1

Research and my own experience have shown that (a drum roll, please)… dealers are cheap. And I don’t mean that in a negative way. Rather, in the past few years of tightening car sales and constipated margins, the best dealers have trimmed their expenses to the extent possible. Lazy brothers-in-law got laid off. Jets went up for sale.

Against this backdrop, dealers understand that, while they need effective and verifiable compliance solutions, they are hesitant to spend hard dollars for services that can’t prove ROI. Fortunately, effective and verifiable web-based solutions are readily available. And they can be cheap.

Compliance topics that lend themselves to digital solutions include:

  • OFAC
  • Safeguards Rule
  • Red Flags Rule
  • F&I Menus
  • Dodd Frank/Adverse Action Notices
  • Environmental, Health & Safety
  • Human Resources
  • Compliance Training
  • Product Training
  • Deceptive Trade Practices
  • Audit & Review

Let’s examine how web-based technologies can contribute to compliance in those areas, affordably. We’ll look at the first four this time, and hit the remainder in the next issue or two.


Complying with the requirements of the Office of Foreign Asset Control (OFAC) is perhaps the easiest and cheapest digital solution of all. OFAC prohibits businesses from dealing with any person or entity on its list of Specially Designated Nationals, popularly referred to as the “bad guy list.” Interestingly, there is no minimum dollar level for OFAC compliance so, technically, you should be subject to an OFAC check just before hearing “Want fries with that?”

One free way of running an online OFAC check is to go to www.treasury.gov and clicking until you get to the bad guy list, then searching for your customer’s name. But while free, this is cumbersome and only as reliable as the operator – who will only get paid if the deal goes through. And even under the best of circumstances, this free approach does not automatically create and archive a record of the effort. In the world of compliance, that is a serious deficiency – if it isn’t documented, it didn’t happen.

Most credit reporting agencies have an inexpensive online OFAC check function. For a quarter or so, you can run the customer’s name against the bad guy list and create a record of your having done so. Now that’s value!

Other popular sources of OFAC checks include RouteOne (www.routeone.com), ProCredit Express (www.procreditexpress.com), and Veratad (www.veratad.com).

Whichever solution you use, beware of one common pitfall: OFAC requires a check of every customer, not just every finance customer. This means you need a process in place to catch cash customers. All of the solutions mentioned above can be used in connection with a cash transaction. The real trick is remembering to do so.

Safeguards Rule

The Federal Trade Commission Safeguards Rule is intended to make financial institutions (as dealerships are considered under the Rule) protect consumers’ nonpublic personal information (NPI). The Rule requires dealerships to:

  1. Designate a Program Coordinator;
  2. Conduct a risk assessment;
  3. Design and implement safeguards to control the risks identified by the assessment;
  4. Oversee its service providers; and
  5. Periodically reevaluate the program and amend it as necessary.

Items 1, 2, 4, and 5 are labor-intensive and not well served by online tools. But item 3 – the nuts and bolts of the Rule – is a problem with a digital solution. Several, in fact.

The two great risks to NPI at a dealership are paper files and computer data. Consider that a deal jacket almost certainly contains enough NPI to steal an identity. Credit applications are the Holy Grail for identity thieves. And computer files – the dealership’s DMS – contain the NPI of all of their customers. Clearly, these must be protected.

To address the risk that paper files present, some dealerships electronically scan the entire deal jacket and then shred the original paper files. If there are no paper files, there are no paper files to steal. Iron Mountain has a robust document management solution (www.ironmountain.com), as does DealerTrack (www.dealertrack.com). The former is more generic; the latter tailored to the automotive market. Lazy Days RV Center, the largest RV dealership in the world, has been taking this approach for almost a decade. “In all that time,” says Harold Oehler, Lazy Days’ general counsel, “we’ve never had a problem finding a document. It was the paper documents that were more likely to go missing.”

To protect computer files, it should go without saying that strong firewalls should be in place. But don’t put an exaggerated level of trust in firewalls alone. Firewalls merely limit the number of open ports through which data may be stolen. Preventing such theft is the real job. To accomplish this, dealers should invest in up-to-date anti-virus, anti-malware, and anti-phishing programs.

Furthermore, almost every organization should have an intrusion detection system (ISP). ISPs detect unauthorized attempts to access a computer network, or internal attempts to violate network policies (such as the entire customer database being downloaded from a workstation in the service department – true story).

To learn more about ISPs, check out Intrusion, Inc. (www.intrusion.com) or, for a free solution, try Sourcefire’s Snort at www.snort.org.

Red Flags Rule

The gist of the Red Flags Rule can be summed up in just seven words:

  1. Policy
  2. Training
  3. Detect
  4. Prevent
  5. Mitigate
  6. Oversee
  7. Ensure

To string those words together, the Rule requires financial institutions (again, including dealerships) to have an identity theft prevention program (ITPP) that is, the policy, train its employees on that policy, to detect, prevent and mitigate the effects of identity theft at or through the dealership. The dealership must oversee its service providers so that they comply with the Rule to the extent applicable to their operations, and ensure that the ITPP continues to work over time.

To a greater or lesser degree, all seven of those requirements have an electronic solution. The most significant involve the requirements of detection, prevention, and mitigation.

Many vendors have tools to detect attempts of identity thieves to steal cars by using another person’s identity. For example, ADP Dealer Services (www.adpdealerservices.com) offers a Red Flags solution that goes a long way towards detecting attempts at identity theft and, as important, documenting those efforts. So does DealerTrack, ProCredit Express, and others. These solutions focus on elements of the transaction to determine the likelihood of fraud. If that likelihood is strong enough, knowledge-based authentication (out-of-wallet challenge questions) can be applied. This is both simple and effective. And best of all, cheap.

Mitigation is a bit more tricky. The only meaningful form of mitigation I can think of is identity theft recovery and monitoring service. This service scans the internet (both the legitimate and “Black” internet) 24/7, looking for misuse or sale of a customer’s NPI. If identity theft occurs, trained recovery specialists restore the victim’s identity to its pre-event status. Some dealers give away a year of this service with every car delivered, then upsell additional years in F&I to create a profit center. For more information, contact… me. My company provides this service, and I’ve got three kids in college!

One word of warning: many companies provide Red Flags compliance tools and almost all of them claim to be “complete” or “turnkey” solutions. But given that there are seven significant requirements, and most solutions address two or three at best, these claims should be taken with a grain of salt.

F&I Menus

When F&I menus first came on the scene, they were novel, clever, and paper. Then along came PC-based menus – a great improvement. Now they come in web-enabled versions, and I am a big fan. Properly used, these selling tools are compliance tools as well.

By consistently presenting all products to all customers, F&I menus can reduce the risk of discrimination claims. Archived menus provide proof, if ever needed, of the pricing put in front of a customer. Written disclaimers can be clearly presented. A clear paper trail connecting the desking tool, buyer’s order, and installment sale contract is created. In short, a properly used electronic F&I menu can be a dealership’s (and its counsel’s) best friend.

Such menus are easy to find. Check out IAS, LP (www.iasdirect.com), The Impact Group, Inc. (www.theimpactgroup.com), or MaximTrak (www.maximtrak.com).

That’s just a sampling of the digital solutions available to enhance dealerships’ compliance efforts on the cheap. We’ll discuss more in the coming issues, and conclude with a checklist dealers can consult to evaluate how they’re doing in these important areas.

Posted in Product & TechnologyComments (0)

Obama Nominates Former Ohio AG to Lead New Bureau

WASHINGTON — President Obama has named former Ohio Attorney General Richard Cordray as his nomination for director of the new Consumer Financial Protection Bureau (CFPB), which was created by the passage of the Dodd Frank Act last year. The nomination will require Senate confirmation, which, by all account, will be a problem.

Cordray previously served as Ohio’s treasurer and as head of the CFPB’s enforcement division for the last six months under current interim director and agency architect Elizabeth Warren.

During the announcement, President Obama discussed Dodd-Frank’s provisions, which included making taxpayer-funded bailouts illegal, Wall Street reforms and stronger consumer protection rules.

“Already, the agency is starting to do a whole bunch of things that are going to be important for consumers — making sure loan contracts and credit card terms are simpler and written in plain English,” the president said. “Already, thanks to the leadership of the bureau, we’re seeing men and women in uniform who are getting more protections against fraud and deception when it comes to financial practices.”

In her White House blog post announcing the nomination, Warren described Cordray as someone that would be a “strong leader” for the CFPB. She added that he is someone with “a proven track record of fighting for families during his time as head of the CFPB enforcement division, as attorney general of Ohio and throughout his career.”

“He was one of the first senior executives I recruited for the agency, and his hard work and deep commitment make it clear he can make many important contributions in leading it,” Warren continued in her blog post. “Rich is smart, he is tough and he will make a stellar director. I am very pleased for him and very pleased for the CFPB.”

In this month’s Legal column, Tom Hudson, partner at the law firm of Hudson Cook LLP, talked about the many challenges the CFPB is facing as it gets set to assume regulatory authority on July 21. The Republican-controlled Senate has already said it will block President Obama’s nomination. Republican lawmakers also have introduced several proposals to reduce the bureau’s power and independence.

Because of efforts put forth by the National Automobile Dealers Association, dealers were largely excluded from the CFPB’s oversight. However, the Dodd-Frank Act granted the FTC new rulemaking powers as it pertains to dealers. The agency is now hosting a series of roundtables to determine where it should focus its attention when it assumes its new powers. The next roundtable is scheduled for Aug. 2-3 at St. Mary’s University School of Law.

Posted in Auto Industry NewsComments (0)

Zurich to Help Dealers Navigate Expected New Regs

SCHAUMBURG – Zurich has launched an awareness campaign for automobile dealers to help them navigate the maze of new laws and regulations expected to affect their businesses in 2011 and beyond. The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), Truth in Lending Act, and the laws of Title X are just a few of the rules and regulations automobile dealers need to understand and follow in order to be in compliance with the law, reported F&I and Showroom.

“Many auto dealers don’t know that the passage of Dodd-Frank will have a substantial impact on the way franchised auto dealers conduct financial transactions beginning July 21, 2011,” said Glenn Roberts, national training and business development manager for Zurich North America Commercial. “Zurich is looking out for auto dealers by helping them know that Dodd-Frank is not just for big banks and Wall Street.”

In order for Zurich to help educate its customers on rules and regulations affecting auto dealers, Zurich collaborated with Hudson Cook LLP, a law firm specializing in legal issues that face auto dealers, to develop a comprehensive legal guide that will be used to train and educate Zurich’s employees. That information will now be share with the company’s customers.

Zurich is encouraging its customers to raise these issues with their respective attorneys to develop a compliant F&I office. Some of the information Zurich is ready to help auto dealers understand is detailed below:

• The Dodd-Frank Act amended the Truth in Lending Act (TILA) to increase the scope of credit and leases covered by TILA. In addition, the range of damages available under TILA and the class action cap have been raised. The federal agencies responsible for drafting and maintaining regulations dealing with these coverage amounts will revise those regulations to reflect the changes, which become effective July 21, 2011.

• The Dodd-Frank Act amended the Fair Credit Reporting Act to require creditors, which includes dealers, to provide the actual credit score used to help make the credit decision to consumers in an adverse action notice.

• Congress gave the Federal Trade Commission (FTC) more authority and a mandate to regulate dealers for unfair and deceptive acts and practices. Count on the FTC to increase its regulation and enforcement of dealers.

• State attorneys general may enforce the laws of Title X, which are federal consumer financial laws and rules issued by the Bureau of Consumer Financial Protection. Attorneys general have historically been aggressive in pursuing dealers. They will now be armed with new enforcement tools and remedies.

Posted in Auto Industry NewsComments (0)

CoreLogic Credco Introduces Online Dashboard for Red Flags Compliance

POWAY, Calif. – CoreLogic Credco, a provider of automotive specialty credit reporting solutions and a division of CoreLogic has introduced Red Flag Viewpoint, an integrated online reporting dashboard that combines, summarizes and delivers easy-to-read reporting on Red Flags Rule compliance efforts for automotive dealers.

Developed in collaboration with Compli and part of Credco’s comprehensive Red Flag compliance suite, Red Flag Viewpoint is designed to help dealers meet the Red Flags Rule’s requirement of regularly monitoring and updating their Identity Theft Prevention Program.

The Red Flags Rule went into effect January 1, 2008, and is scheduled for mandatory enforcement by the Federal Trade Commission beginning January 1, 2011.

“Without sufficient data and the latest technological advances, deterring identity theft and maintaining compliance with the Red Flags Rule can be a complex, time-consuming task,” said Kevin Clements, senior vice president of corporate development for CoreLogic Credco. “Red Flag Viewpoint is specifically designed to simplify the monitoring and reporting requirement of the Rule, easily and effectively, allowing dealers to stay focused on sales objectives and other critical operations.”

Red Flag Viewpoint’s proprietary algorithms and reporting capabilities enable dealers to conveniently analyze their applicant portfolio on multiple levels to monitor for potential Red Flag risk. Available on Compli’s intuitive web-based platform, the easy-to-use interface lets users report directly off key identity verification alert statuses; access dynamic views of their entire applicant pool and associated risks; and export data for auditing and reporting.

Using Red Flag Viewpoint means dealers can easily monitor, analyze and report on a wide range of customer data provided exclusively by Credco. They can drill down on metrics and audit reports for detailed analytics, or view customer data as broadly as needed. Reporting analytics can also be viewed either on entire dealers groups or individual dealers. For more information, automotive dealers can call (866) 348-2404 or visit www.credcoservices.com/RFM.

Posted in Auto Industry NewsComments (0)

Page 15 of 16« First...1213141516