Tag Archive | "Gramm-Leach-Bliley Act"

Dealership Compliance under the Gramm-Leach-Bliley Act


The Gramm-Leach-Bliley Act of 1999, or “GLB” as it is more commonly called, is the law with the biggest impact on the dealership community since the Truth in Lending Act was passed in 1968. From GLB flow at least two major rules that affect every dealership in America: the Privacy Rule and the Safeguards Rule. And because of those rules’ emphasis on protecting nonpublic personal information (“NPI”), the Red Flags Rule (authorized under the Fair and Accurate Credit Transactions Act (“FACTA”) of 2003), which treats identity theft, is often lumped together with them when considering the protection of customer data.

All three of those rules were discussed at the inaugural Compliance Summit by a panel comprised of Doug Fusco,CEO of DealerSafeGuardSolutionS, Becky Barrows, HR and compliance director for KeyRoyal Financial Services, and Michael Tuno, president of World Class Dealer Services.

It is worth noting that none of the panelists are attorneys, and none of their companies are law firms. Rather, they all serve in one way or another the dealership market, and the services of each have grown to address compliance issues dealerships face. That highlights a key take-away from the panel session, everybody who has a piece of the dealership industry can have a piece of the compliance function. If every vendor included a compliance feature that addressed its core services, dealerships would have much of their compliance needs addressed in the ordinary course of doing business. But that happy state has yet to arrive, so the panel spoke both to what can be done and what they are doing.

Becky Barrows affirmed that outside vendors are well-positioned to help with compliance issues. “Dealers are in the business of selling and repairing cars, so compliance can be a bit outside their wheelhouse. This represents a huge business opportunity for outside experts who can provide what dealers aren’t good at doing themselves.”

The first GLB area where a little knowledge and advice could be helpful to dealers is the Privacy Rule. Asked if the Privacy Rule is widely understood and followed by dealers, Michael Tuno responded, “No and no. No to all of the above!” He went on to explain that there is a disconnect between the language of a statute or rule and a dealer’s understanding of it. Using the Privacy Rule as an example, Tuno said that dealers were aware of the rule at the time it was issued, but had no idea what to do about it. Even the FTC’s online model form generator wasn’t much help – dealers were confused by the options they faced on the screen. It was as if the rule and the Government guidance were written by lawyers for lawyers, and most dealers aren’t lawyers!

What Tuno was able to do as an F&I partner for his dealerships was develop an understanding of the Privacy Rule and the FTC forms generator and walk his dealer clients through the process. You don’t need to be a lawyer to do that.

With respect to the Safeguards Rule, Tuno takes the same approach. As he put it, “The first thing I do for a dealer is ask if they’ve appointed a compliance officer, which the Safeguards Rule requires. If the answer is ‘no,’ I know we’ve got to help them understand the rule’s requirements and meet them. It isn’t hard – it’s mostly a process of education.”

Doug Fusco’s company develops compliance monitoring software and related business processes. From his perspective, GLB compliance is driven by “creating verifiable patterns and practices. Show that you have something in place and execute against it so you can defend yourself by making a greater than ‘check the box’ effort to comply.”

Fusco also endorsed the use of a compliance survey to help educate dealers about GLB and other legal requirements. A simple form that asks yes/no questions addressing all of the major requirements of GLB/FACTA creates a good road map, identifying both what is being done and what needs to be done.

“Simple” was a word Michael Tuno latched onto. “What we’ve found works the best is keeping it simple. Start there. You don’t want to get too complicated. Start with policies and procedures and then move on to training on those policies and procedures. And then audit the process to make sure it’s having the intended effect. The audit serves a huge function to keep the ship on the right path.”

The panelists agreed that GLB is all about protecting NPI. Becky Barrows explained what could constitute NPI in the dealership environment: “Anything that’s not available to the public. So we’re not talking about phone numbers. But checking account numbers and driver license numbers would be NPI. Like Michael’s company, we conduct audits to see how dealer’s actually protect NPI. And the number one offense is deal jackets lying around unprotected. Deal jackets are full of NPI, and if they’re not protected, the dealership has a real problem.”

Tuno followed up with his version of the Golden Rule as the sum and substance of GLB compliance. “Don’t leave unprotected any data you wouldn’t want other people to see. If you don’t want the world to see your credit report, don’t treat someone else’s credit report casually.”

The panel was asked to relate real-life GLB horror stories (careful to keep secret the offending dealers’ identities, of course). Doug Fusco told a common tale. “I was visiting a dealership that was a part of a fairly large dealership group. There was paperwork everywhere, and no effort made to keep it secure. I brought this to the attention of the General Manager, who shrugged and said, ‘yeah, but we lock it all up at night.’ So I conducted an audit – at 7:30 in the morning. Needless to say, there was no evidence anything had been locked up. I calculated $23 million in potential fines before I reported back to the General Manager. The big fines come from knowingly violating the law, and they knew. Needless to say, that got his attention.”

So how do you battle GLB and other compliance violations? Fusco offered his “3 E’s” – Education, Enablement, and Enforcement. Those vendors that are in the dealership are in a position to offer training, the tools that enable behavior consistent with that training, and the audits that enforce the process. This is not limited to “compliance companies.” F&I partners, HR services, income development specialists – anyone who has a dog in the fight can bring in the 3 E’s if the will is there to do it.

One valuable lesson that the panel provided was that reasonable minds can disagree about what documents actually contain NPI – but all agreed that this very uncertainty makes protecting all customer data the best possible practice. As Michael Tuno put it, “We don’t want F&I managers making decisions on a document-by-document basis, ‘protect this/don’t protect that.’ Protect everything and you’ll be good.” That’s the best practice.”

That is probably the simplest approach to GLB compliance, and the ultimate conclusion of the panel: protect everything and you’ll be OK. Vendors that serve the dealership community have a role to play in that effort. The future may well belong to those that do.

Posted in IndustryComments (0)

Top 5 Legal Musts for Agents


As we all know, in general, the motor vehicle sales business is highly regulated. This is especially true when you focus on the F&I portion of the business. In today’s business and regulatory environment it is important that F&I providers and agents have an understanding of the laws and regulations that impact the industry. While a complete discussion of all the applicable laws is beyond the scope of a single article, below are the top five laws and a brief summary of each that, in my opinion, are a must-know for agents.

Before we jump into my top five, no legal discussion would be complete without addressing the importance of using proper terminology. In general, it is of utmost importance that agents know about and understand the product itself, as well as use the proper terminology when referring to particular products and credit transactions. Unfortunately, it is common practice for key terms to be misused by industry insiders, the media, lawmakers, regulators, attorneys and the courts. As a result, this misuse has resulted in unnecessary increased risk and exposure to dealers, F&I providers and agents. It is important to know and understand the differences between a Retail Installment Sales transaction and a Loan; GAP Waiver and GAP Insurance; Warranty and Service Contract; and Insurance and Non-Insurance Terms. For example, in a Retail Installment Sales transaction the dealer is extending credit to the buyer for the purchase of the vehicle and the dealer is the “creditor.” Contrast this with the Loan scenario where the consumer, through an agreement with a “lender” such as a bank or finance company borrows money (i.e. gets a loan) and uses the proceeds to pay the dealer for vehicle.

The Dodd-Frank Act
The Dodd-Frank Act created the Consumer Financial Protection Bureau (CFPB) in 2010. The law has resulted in significant reforms in all areas of the financial services industry – including the car business. Under the law, there is an exemption for those motor vehicle dealers that have both sales and service operations. However, even though a dealer may not be subject to CFPB regulation, all of the same rules still apply, and the Federal Trade Commission (FTC) still has authority over those dealers exempt from regulation by the CFPB. In addition, as we are recently seeing, the CFPB is indirectly impacting the dealer through the regulation of those banks and financial institutions they do regulate. For example, the CFPB has issued a bulletin addressing discrimination and rate spread for indirect finance transactions through dealers. In addition, it is believed the CFPB is also looking at the pricing of F&I products sold through dealers.

Magnuson-Moss Warranty Act
Warranties are regulated on both the federal and state level; on the federal level, they are governed by the Magnuson-Moss Warranty Act (MMWA). Under the MMWA, manufacturers and sellers are required to provide consumers with detailed information about the warranty coverage on the product purchased, and the rights and obligations of the consumer and warrantor. The MMWA does not apply to oral warranties and does not require the provision of a written warranty, however, if a written warranty is offered it must comply with the MMWA. For example, the warranty must indicate whether it is “full” or “limited,” must be in a single, easy to read document and must be available to the consumer before buying the product. It is important to note that the requirements of the MMWA and the FTC’s Used Car Rule regarding the Buyers Guide on used vehicles are interrelated as they both address import warranty disclosure requirements. As such, the Buyers Guide cannot serve as the written warranty to comply with the MMWA. In addition, understanding the difference between a Warranty and a Service Contract and using the terms properly is crucial. Basically, a Warranty is included in the purchase price of a product, not sold separately, and comes from either the manufacturer or seller. On the other hand, a Service Contract is purchased separately from the product itself, is often administered by a third-party, only covers those items outlined in the contract and is in addition to any warranty.

Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLB) is the federal law that governs a motor vehicle dealer’s responsibility as it pertains to the non-public personal information that a dealer obtains, possesses and shares. Within the GLB are the Privacy Rule and the Safeguards Rule. The Privacy Rule covers the non-public personal information from customers who apply for, or obtain credit from, the dealer. The Privacy Rule is the source of the dealer requirement to provide the customer with the initial and annual privacy notices that outlines what the dealer will or will not do with the information it obtains. The Safeguards Rule deals with how the dealer protects the non-public personal information provided by the customer. The Safeguards Rule requires a dealer to have a written information security plan to address the various safeguards in place to collect, store and dispose of the non-public personal information it has. Depending upon the dealer’s specific operation, enforcement of the GLB can come from either the CFPB or the FTC. It is also important to know that various states have their own privacy laws too.

Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA) is the primary law that addresses consumer credit and the gathering, use and sharing of consumer credit information by creditors, consumer reporting agencies and others. The FCRA requires that users of consumer reports have a permissible purpose to obtain a consumer report. The list of permissible purposes is specific in the FCRA, and the best practice to comply with the requirement is to have the written authorization of the consumer to pull their credit.In addition, the FCRA is the law behind the Red Flag Rule, the Risked Based Pricing Rule, the Disposal Rule (requiring the dealer to properly dispose of consumer information) and is also one source of the Adverse Action Notice requirement.

Truth In Lending Act
The Truth in Lending Act (TILA) and its implementing regulations (Reg. Z) requires creditors (i.e. dealers) to provide disclosures regarding the cost and terms of credit to consumers. TILA is not concerned with interest rates, late charges and related fees – that is all governed by state law. However, TILA does specify what fees and charges in a credit sale are considered finance charges. Unless properly disclosed, the cost of F&I products may have to be included in the finance charge calculation. Note that the Dodd-Frank Act increased the threshold for TILA coverage from $25,000 to $50,000, and provides that the threshold be adjusted for inflation every year. For 2013, the threshold amount is $53,000, which means that TILA does not apply when the “amount financed” exceeds this amount. As a result of this threshold increase, more finance transactions will be covered by TILA and Reg. Z

It is impossible to cover every detail of each of these in a single article, but hopefully now you have a better idea of where to start, and why it is important that you educate yourself on these acts and how they effect both your and your dealers’ businesses. For more information on any of these, you can visit the CFPB (consumerfinance.gov) or FTC (ftc.gov) Web sites, or feel free to e-mail me directly with any questions.

Posted in F&I, Top ArticleComments (0)