Tag Archive | "Terry O’Loughlin"

Phil Gramm, Jim Leach, Tom Bliley, and You


Compliance Questions

  • Would you like to be subjected to a potential fine of $41,484 per day?
  • Or enter into a 20-year consent judgment where you are subject to biannual audits?
  • Would you like to be subjected to as much as a $50,000 statutory penalty per violation?
  • Or pay legal fees, costs, and damages for breaches of contract or negligence claims that could run into the millions of dollars?

Answering These Questions in the Affirmative

If any of these results seem attractive to you, then haphazardly download great quantities of data from your dealer management system, especially nonpublic personal information (NPI), place it where other people can access it, or, better yet, share it with everyone. You and the dealership will face these consequences.

The Relevant Law Guiding these Results

Today, in 2018, it is only a footnote for the automotive industry that the Financial Services Modernization Act of 1999, better known as the Gramm-Leach-Bliley Act, or GLBA — named after its progenitors, Senator Gramm and Congressmen Leach and Bliley — was enacted to eliminate the Glass Steagall Act of 1933 which, in this author’s viewpoint, was a legislative error. Banks, brokerage firms, and insurance carriers were prohibited from merging under the Glass-Steagall Act, which prevented the concentration of capital.

GLBA repealed this law so that these types of institutions can merge. But two elements of the GLBA are relevant to people in the automobile industry: the Privacy Rule and the Safeguards Rule.

The Privacy Rule: As the name implies, privacy is the issue. When a consumer relationship begins, the dealer must provide a privacy notice to that consumer. There are almost 300 variations of these notices which must tell the consumer how data is collected, shared, used, and protected. In addition, there must be an option provided to the consumer by which he can opt out of any sharing of his data with third parties. This notice must be provided annually. The model privacy form, can be found at: http://www.ftc.gov/privacy/privacyinitiatives/PrivacyModelForm.pdf.

The Safeguards Rule: The Safeguards Rule is the corollary of the Privacy Rule. As one should recognize, dealers are creditors and, as such, must develop a written security plan detailing how the dealership is protecting consumer data. A compliance officer should be appointed to oversee these safeguards. A dynamic plan should be developed which addresses the risk, with designed and tested programs redressing this risk, and reevaluations for changes in the plan as the nature of the business evolves. Encryptions, firewalls, passwords, locked vaults, and desks are examples of safeguards.

Access to Data in the Dealer Management Systems (DMS)

Reckless dealers will allow free access to the data stored in the DMS. And reckless F&I managers will access this data with abandon if given the opportunity. A sophisticated DMS will only provide data to personnel at the store commensurate with their job status and need. In other words, the general manager will have greater access to the stored data than an F&I manager.

User access to data should be reviewed and updated continuously as the Safeguards Rule requires. In DMS parlance, “PII” is being protected. PII is personally identifiable information — any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used to solve for anonymous data can be considered PII. NPI is the acronym from GLBA itself for “personally identifiable financial information” and is similar in concept to the PII. Private consumer information, which is not readily available, would be considered NPI. It is “derived using any personally identifiable financial information” that is “not publicly available.”

What Must be Done 

GLBA was passed in 2003 so it would be astounding if a dealer hadn’t already complied with its requirements and continues to do so. It is important to emphasize that the Safeguards Rule must be dynamic and continually updated. Anyone who works at the store should consult this written plan. As the organization evolves, these changes should be expressed in the written plan. This plan should include certain basic protocols for keeping consumer information secure and confidential, such as:

  • Locking rooms and file cabinets where records are kept;
  • Not sharing or openly posting employee passwords in work areas;
  • Encrypting sensitive consumer information when it is transmitted electronically via public networks;
  • Referring calls or other requests for consumer information to designated individuals who have been trained in how your company safeguards personal data; and
  • Reporting suspicious attempts to obtain consumer information to designated personnel.
  • Ensure that storage areas are protected against destruction or damage from physical hazards, like fire or floods.
  • When consumer information is stored on a server or other computer, ensure that the computer is accessible only with a “strong” password and is kept in a physically secure area.
  • Where possible, avoid storing sensitive consumer data on a computer with an internet connection.
  • Maintain secure backup records and keep archived data secure by storing it offline and in a physically secure area.
  • Maintain a careful inventory of your company’s computers and any other equipment on which consumer information may be stored.
  • Copiers and fax machines may keep records of all documents which have been copied and faxed. These electronic files should be completely deleted before discarding or returning this equipment.
  • When you transmit credit card information or other sensitive financial data, use a Secure Sockets Layer (SSL) or other secure connection, so that the information is protected in transit.
  • If you collect information online directly from consumers, make secure transmission automatic. If you must transmit sensitive data by email over the internet, be sure to encrypt the data.
  • Dispose of consumer information in a secure way and, where applicable, consistent with the FTC’s Disposal Rule. This means one must burn, pulverize, or shred papers containing consumer information so that the information cannot be read or reconstructed.
  • Destroy or erase data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing consumer information.
  • Check with software vendors regularly to get and install patches that resolve software vulnerabilities;
  • Use anti-virus and anti-spyware software that updates automatically;
  • Maintain up-to-date firewalls, particularly if you use a broadband internet connection or allow employees to connect to your network from home or other offsite locations;
  • Regularly ensure that ports not used for your business are closed; and
  • Promptly pass along information and instructions to employees regarding any new security risks or possible breaches.
  • Keep logs of activity on your network and monitor them for signs of unauthorized access to consumer information;
  • Use an up-to-date intrusion detection system to alert you of attacks;
  • Monitor both in- and outbound transfers of information for indications of a compromise, such as unexpectedly large amounts of data being transmitted from your system to an unknown user; and
  • Insert a dummy account into each of your consumer lists and monitor the account to detect any unauthorized contacts or charges.

Should a breach occur in spite of your best efforts the following steps should be implemented:

  • Take immediate action to secure any information that has or may have been compromised.
  • Preserve and review files or programs that may reveal how the breach occurred; and
  • If feasible and appropriate, bring in security professionals to help assess the breach as soon as possible.
  • Notify consumers if their personal information is subject to a breach that poses a significant risk of identity theft or related harm;
  • Notify law enforcement if the breach may involve criminal activity or there is evidence that the breach has resulted in identity theft or related harm;
  • Notify the credit bureaus and other businesses that may be affected by the breach.
  • Check to see if breach notification is required under applicable state law.

Compliance Questions Explained

The Federal Trade Commission (FTC) enforces the Privacy Rule and Safeguards Rule against franchise dealers. Its regulatory penalty for violations is $41,484 per day. Certain independent and BHPH dealers will be disciplined by the CFPB.

These two rules don’t specifically allow for individual claims. However, this is not a problem for plaintiffs since violating the GLBA is considered a violation of the state’s Unfair and Deceptive Trade Practices Act (UDAP) which means both state attorneys general and consumers can file lawsuits for these types of violations. In the state of Illinois, for example, the UDAP statutory damage amount is $50,000 per incident.

Furthermore, common law also provides a cause of action, should a dealership and F&I manager fail to carefully safeguard consumers’ NPI. This legal theory is the tort of negligence. A negligence claim has these elements:

  1. The defendant (dealer and/or F&I manager) has a duty to the consumer to keep the data secure;
  2. The defendant breached this data security duty;
  3. This breach was the cause of the consumer’s injury; and
  4. The consumer suffered damages because of the defendant’s breach of its data security duty.

Finally, many contracts include language which addresses the privacy and safeguards of consumer data. If such a contract is materially breached consumers can sue the dealer and you.

The privacy and safeguarding of a consumer’s data is a solemn responsibility. Dealers and all dealer employees need to be cognizant of these responsibilities.

Govern yourselves accordingly.

Posted in Featured Articles, IndustryComments (0)

O’Loughlin to Tackle ‘Rules and Regulations’ at Compliance Summit


LAS VEGAS —Terry O’Loughlin, director of compliance for Reynolds and Reynolds and a former regulator, will serve as a featured speaker at the upcoming Compliance Summit Las Vegas, organizers announced Tuesday. The conference will be held Aug. 29–30, 2016, at Paris Las Vegas, as part of Industry Summit.

“Compliance is one of the more unrelenting — and daunting — responsibilities that dealers face. Implementing the right policies and tools in compliance, along with applying best practices, all are proven strategies to help dealers meet those responsibilities, especially considering the likelihood for ever-increasing regulation and scrutiny,” said O’Loughlin, who served in the Florida attorney general’s office before joining the Reynolds Document Services group in 2006 as director of compliance. “Compliance Summit promises to focus on compliance as a critical business management issue for dealers, and I’m pleased to join a number of my professional colleagues in presenting at the conference and being part of the event.”

O’Loughlin’s presentation will be followed by a panel discussion; the event will also include featured speakers and panels dedicated to Your Responsibilities and Easy-to-Implement Processes and Controls and, to conclude the educational sessions, an open forum called “Is It Compliant?”

“This is not Terry’s first rodeo, so to speak, and past attendees of Compliance Summit have singled him out as an informed and passionate speaker,” said David Gesualdo, show chair and publisher of Auto Dealer Today and F&I and Showroom. “When a former regulator and current industry advocate speaks, we are wise to listen.”

Registration for Compliance Summit Las Vegas is open at the event’s website. Attendees are welcome to take part in the rest of Industry Summit, and those who register by July 29 will enjoy a $100 discount. Attendees are also invited to sit for the Certified Automotive Compliance Specialist exam for no additional charge.

For more information about Compliance Summit, including sponsorship and exhibition opportunities, contact David Gesualdo via email  or at 727-947-4027.

Posted in Auto Industry News, Summit UpdatesComments Off on O’Loughlin to Tackle ‘Rules and Regulations’ at Compliance Summit

‘Is It Compliant?’ to Cap Midwest Compliance Summit


CHICAGO — Organizers of Compliance Summit have announced that the Midwest event, which will be held April 20–21, 2015, at the DoubleTree Chicago O’Hare in Rosemont, Ill., will conclude with “Is It Compliant?”, an open-forum discussion of the topics raised in the course of the conference.

“Is It Compliant? proved to be the perfect capstone for our inaugural event in Florida,” said David Gesualdo, show chair and publisher of Auto Dealer Monthly and F&I and Showroom magazines. “Engaging the speakers in an open, friendly environment will provide a last chance for every attendee to make their voice heard and fill in any gaps that may have appeared in the sessions that precede it.”

The discussion will be led by Bob Harkins, director of the AFG Training Academy and the event’s master of ceremonies. He will be joined by featured speakers and panel moderators from prior sessions, including attorneys James Ganther and Terry O’Loughlin of Mosaic Compliance Services and Reynolds and Reynolds, respectively, as well as AFIP’s David Robertson and World Class Dealer Services’ Michael Tuno.

More information about Compliance Summit, including registration and travel information, is available at ComplianceSummit.com. For sponsorship and exhibition opportunities, contact Eric Gesualdo via email hidden; JavaScript is required or call 727-612-8826.

Posted in Summit UpdatesComments (0)

O’Loughlin Joins Midwest Compliance Summit


CHICAGO — Organizers of Compliance Summit, a series of regional events dedicated to front-end compliance, have announced that attorney and compliance expert Terry O’Loughlin has joined the Midwest event, which will be held April 20–21, 2015, at the DoubleTree Chicago O’Hare in Rosemont, Ill.

“Terry’s reputation as a dealer advocate and thought leader in the compliance space is without parallel,” said David Gesualdo, publisher of Auto Dealer Monthly and F&I and Showroom magazines. “His strategies for dealers are rooted in battles he has fought on both sides of the industry.”

O’Loughlin, who serves as director of compliance for Reynolds and Reynolds, has stood at the front lines of front-end compliance issues for the past several decades, including a 16-year tenure with the Florida attorney general’s office, where he worked with state and federal regulators to police dealers and auto finance companies. Since joining the private sector, he has worked with dealers and auto groups to decipher new rules and respond to actions and inquiries related to unfair and deceptive practices, document fraud and false or misleading advertising.

“To paraphrase the Bible, there is really nothing much new under the sun. For the most part, this is generally true of the regulating community,” O’Loughlin said. “Old laws and new laws can be addressed with the same thoughtful approach because regulators’ motives and tools remain the same. Dealers should have an orderly protocol to stay abreast of the compliance landscape and consistently respond to it. But the response needs to be tailored to the real challenges.”

O’Loughlin’s presentation, “Regulations: Where Past is Prologue,” will begin at 9:35 a.m. on Tuesday, April 21, following a welcome address by Chicago native and agency head Randy Crisorio. The Rules and Regulations portion of the agenda will begin with O’Loughlin’s presentation and continue with a panel session dedicated to the topic. Rules and Regulations will be followed by Your Responsibilities, Easy-to-Implement Processes and Controls and Is This Compliant?

Further details, including the full agenda and information about registration and accommodations, will be available in the coming weeks. For sponsorship and exhibition opportunities, contact Eric Gesualdo via email hidden; JavaScript is required or call 727-612-8826.

Posted in Summit UpdatesComments (0)

The Bigger Compliance Puzzle


When it comes to compliance, most of the talk the last several months has centered on the Consumer Financial Protection Bureau (CFPB) and the guidance it issued. The guidance does not directly impact dealers – but it does affect the lenders dealers rely on, and it has certainly changed the way many lenders look at the contracts sent to them for approval.

However the CFPB, and the changes being slowly enacted because of it, aren’t the only regulations dealers need to be aware of. An important part of any agents’ value-added services is to make sure dealers are not neglecting all the other aspects of compliance for which they will be held accountable.

First, and most importantly in many ways, is to make sure there is someone at the dealership itself who has taken ownership of compliance in all aspects of the dealership. Before even identifying any holes in the compliance strategy, there first has to be someone who is responsible for them. “Every dealer should have its own compliance officer,” said Terry O’Loughlin, director of compliance, Integrated Document Solutions, Reynolds and Reynolds. “Agents should encourage the dealer to have someone who is appointed to that position. That person should have responsibility to oversee all compliance efforts.”

He went on to note, “There should be a business plan just for compliance – something a dealer can do cheaply if they appoint someone. It could be their controller, it could be the general manager, or it could be someone else in the office, but someone has to be charged with that responsibility.”

While it is still not a mainstream concept, many dealers are starting to take that advice to heart. “I can tell you that, at least in my experience so far, a good number of dealers are beginning to stir,” said Tom Hudson, chairman, Hudson Cook LLP. “For example, I visited with a large dealership in North Carolina recently; they had commissioned a compliance expert to compile a handbook, when in the past they had never had one. They also appointed their own compliance manager, which is something we’re seeing a little more frequently as well.”

“The dealer needs to know who should have compliance knowledge, then make sure they have it,” said Dave Robertson, executive director, AFIP. He believes, however, that the knowledge shouldn’t be concentrated in one person, but that everyone who deals with contracts needs to be educated. “If people in the dealership are required to do their job relative to regulations – such as the people who write contracts – they must be knowledgeable about them. They can’t be required to follow the rules if they don’t know them.”

While he believes it is important for everyone to be aware of the rules, he does, however, advocate a system of audits to ensure they are following through – rules aren’t any use if they are not being followed. “The dealer must have an audit program where there is a systematic, organized audit,” Robertson said. “They have to make sure the rules are actually being put into practice. There needs to be a regular audit of F&I and deal jackets to make sure everything the staff have learned is, in fact, being followed.”

Once a dealer has appointed their compliance manager, and given them the authority, they need to do audits and, most importantly, follow up with the appropriate consequences when violations are found. So, what should the audit focus on?

O’Loughlin said that the place to start and his first very strong recommendation would be to have every dealer review their Safe-Guards Rule and Red Flags Rule programs, as well as review and update privacy policies. Dealers also need to ensure they are in compliance with the updated Consumer Protection Act which, last October, changed how and when consumers can be contacted by businesses. “If dealers are contacting their customer base, they need to make sure they have an updated authorization agreement so they can send e-mails, call them on the phone, text them, send them faxes or initiate any kind of communication – electronic or otherwise,” he said. “My suspicion is that many dealers haven’t taken this step. There have been cases where dealers called a customer on their cell phones and incurred costs to that customer – and anyone who does that is liable for those costs. This is something dealers want to reevaluate if they have any ongoing reminder campaigns.”

“I had one dealer come to me looking for a deal jacket review,” said Hudson. “I said happy to do it, but what about your underwriting manual, collections manual, red flags manual, etc.? He said ‘we don’t have that’. It is a federal requirement – dealers have to do that, but a lot of dealers are struggling putting together the internal compliance arrangements they need. Big dealerships have been at it for a while, but as you scale down in size, compliance efforts are more wanting. The smallest dealerships still have a long way to go.”

Robertson advised that one of the first places dealers should start when revamping their compliance policy is to seek training. The government, he said, has several comprehensive training programs on specific topics, and then there are a variety of third party programs, like his own AFIP certification for F&I managers. “That is a big component of a dealer’s program,” he stressed again. “People who need the knowledge, must have the knowledge.”

Hudson agreed, noting that if he were a small dealer, there are a few resources he would be pursuing right now. “Go to your state association and lean hard on the director,” he said. “Tell them, look you need to be developing this stuff for all of us, to spread the cost over all the smaller dealerships. They need to develop materials all the small dealers can adapt, and I haven’t seen any sign of that yet.”

Another form O’Loughlin believes dealers should re-evaluate is their arbitration agreements. He noted that the government recently convened a hearing on arbitration clauses, and part of the mandate for the panel is to look at how those clauses apply to consumers. “The expectation is that they’re going to deny the application of arbitration in the future,” he noted. “They haven’t done it yet, but in the meantime, there have been a series of cases that have changed arbitration agreements to be more balanced between the dealer and consumer. If your dealers haven’t looked at them in a while, they should do so now. And they should follow the federal Arbitration Act, rather than state law, is my recommendation.”

O’Loughlin’s final advice? “Start the new year by taking a look at all dealer documentation. Make sure everything is all marked with a current effective date, and that the most current groups of forms are in the library, so F&I managers aren’t using something out of date. It’s not a happy task, but starting on a new year, some forms do expire.”

Hudson wrapped up by quoting O’Loughlin. “Terry has an interesting concept that I agree with – we have been on panels together – and he is fond of saying that anything worth doing is worth doing poorly. That always makes everyone sit up. Dealers all have the obligation to put together privacy manuals, and things like that. The dealer who attempts to do something like that themselves, who sits down, studies the rules, and creates a policy that is homemade, and not bought from a professional – the dealer who makes a stab at doing something – is better off than the dealer who didn’t do anything at all. If the compliance police come in, and ask for a manual on privacy, the dealer who has one that’s not great because they did it themselves is way ahead of the dealer who didn’t do anything. Even a poorly done compliance system is better than none at all – effort counts, it really does.”

For Robertson, it all comes down to treating customers fairly and honestly, and then compliance just becomes a natural fit. “The dealer has to say, can I make a living treating people fairly and doing it right?” he noted. “And if they can’t, there’s a fatal flaw in the business plan. I’ve been in the business for 40 years, and I’ve had them tell me you can’t sell cars without screening, but they have done it wrong for so long, they don’t know how to do it right. For the dealer, though, it’s crucial that if there is ever an opportunity, always do the right thing. I’ve seen that in 50% of lawsuits, if dealer had handled it properly the first time, it wouldn’t have gotten to that point. I don’t want anyone to have something of mine they don’t want to have – if I sold you something you don’t want you’ll do whatever it takes to make sure you don’t keep it. But if the dealer did the right thing at the first opportunity, it wouldn’t have been a problem.”

Posted in Product & TechnologyComments (0)

The Dodd-Frank Act: The Creation of the CFPB and How it Impacts F&I


One of the sessions that garnered a lot of attendance and attention at the Industry Summit show at the Paris Hotel and Casino in Las Vegas last month was the Dodd-Frank panel, moderated by Bob Harkins, vice president/director of training, AFG Training Academy; president, RAH Consulting. It tackled subjects such as the Consumer Financial Protection Bureau (CFPB) and other regulatory bodies that impact the F&I office across the board.

As outlined by the panel, the Dodd-Frank act was signed into law in July 2010, and that set into motion the creation of the CFPB, which is the federal agency “causing the most uproar in recent memory”. It was officially created in July 2011, and currently has approximately 1,400 employees – about 700 of whom are attorneys. The problem, and the cause of much anxiety throughout the F&I industry, is that the CFPB has issued only vague, general statements, but hasn’t provided any concrete rules or guidelines that dealers, agents and providers can follow. This leaves a legal “grey area” with everyone uncertain as to what is expected of them.

“It’s been a very interesting trip for us,” said Damon Wiener, senior vice president and general counsel, Safe-Guard Products International LLC. He went on to compare it to a marriage – “They claim they have authority over me, they won’t tell me what the rules are, but they punish me when I break them,” he said, to laughs throughout the room.

Nicole Munro, partner, Hudson Cook LLP, agreed, noting that the CFPB is impacting her legal practice every day. While Wiener compared it to a marriage, she used the analogy of a two-year-old on a sugar high, noting that the agency might be young, but it’s been very, very active. “You should be very prepared for their intervention,” she noted.

Part of the reason the CFPB is so active, and something to be concerned about, is that it is extending and augmenting it’s authority by incentivizing the state Attorney Generals, noted Terry O’Loughlin, director of compliance, Reynolds and Reynolds. He explained that the Attorney General doesn’t have the same limits that are in place to constrain the CFPB, so the agency is encouraging them to adopt and prosecute its policies, extending its reach.

The key to staying out of trouble, noted Dave Robertson, executive director, Association of Finance & Insurance Professionals (AFIP), is to take a proactive approach – dealers, agents and providers should all be looking at the F&I process and asking themselves what can they be doing on a day-to-day basis to stay in compliance.

One of the key points the CFPB is targeting is the issue of dealer compensation and the ability for dealers to price credit. “The CFPB has agreed that dealers should be compensated, but the debate is how they get compensated,” said Andrew Koblenz, executive vice president, Legal and Regulatory Affairs, and general counsel, National Automobile Dealers Association (NADA). His agency has been one of the industry players looking to educate the CFPB, among others, on how dealer compensation works, and why it is important. At first, he said, they were looking at the possibility of eliminating it altogether, but once it was explained how it adds value to the consumer, and provides access to credit that many consumers would not otherwise have had, they were persuaded not to slash compensation completely. Now, however, it is trying to find the middle ground where dealers are compensated fairly, and consumers are protected from unfair practices.

The agency is also targeting “unfair or deceptive” advertising, which is where the vagueness comes in. They have not clarified what “unfair or deceptive” means, but they have issued orders noting that dealers should avoid them. When there are no clear-cut actions to avoid, what should the industry be doing? First, Munro, noted, providers and dealers need to look at each product and classify exactly what it is in each state – is it a vehicle service contract (VSC), warranty or insurance product? Then, she noted, examine whether that state’s law allows the financing of that type of product, and if so, how it needs to be disclosed. “The problem is in characterizing it,” she said. “Since if you get that wrong, everything else could be wrong too, and you might have violated state laws.” The challenge gets even harder when bundled or combo products start to come into play – she gave the example of adding an insurance product to a bundle of non-insurance products – and noted that it varies as to whether that changes the classification of the other bundled products as well. “You may only know you have an insurance product when you get a violation,” she said.

“Agencies prefer to be unclear,” said O’Loughlin. “Because it forces their targets to overreact, to overcompensate. It’s a great result, because it makes the industry more fearful of what else they might do.”

“There’s a lot of uncertainty out there,” said Wiener. “Everything right now is mostly speculation.” He did go on to note that while the orders have started to at least frame what the CFPB is looking to do, we are still in the early days of figuring out exactly what that is. He did say that the agency does not seem to be attacking the value of the products themselves – they are focused instead on how they are marketed to consumers. However, that does not change the need to make sure the product itself is compliant with all state laws where it is being sold, and that the sales practices themselves are buttoned-up. “We need to be careful, and pay attention to nitpicky details,” he said.

It also goes back to that jurisdictional issue that O’Loughlin pointed out – at the end of the day, what authority does the CFPB actually have, and what actions do they have available to enforce them? Munro does not believe that, legally, the agency has the jurisdiction to regulate product or service providers directly – but she believes it will be a fight to prove that and keep the agency out of this area. “I believe anything offered equally in cash or finance should be outside their jurisdiction,” she said.

“They will try to overreach, and we will have to push back,” agreed Koblenz.

Words Matter
While the CFPB orders might be vague, the panel agreed that they matter, and they will have an impact going forward on the ancillary products offered in the F&I office. O’Loughlin believes the impact will be more far ranging than just products, however. “They will issue very harsh demands, and will conduct audits where they collect tremendous amounts of data. The CFPB is going to share sensitive information [with state Attorney Generals] to identify patterns and practices – and that is a menacing prospect.” The problem is that the CFPB can gain access to sensitive information that the Attorney General could not have otherwise obtained without a subpoena. That worries him; right now, not all of the Attorney Generals are signing on to work with the CFPB, but he believes it is only a matter of time – there is too much money to be made for the state, he noted. The CFPB allows them to enact much higher penalties than the Attorney General could alone, and he does not see them refusing to go that route for long.

Munro noted that while the agency does not have direct access to dealers today, she agrees that the access to data is the most concerning. “They cannot go into a dealership [and collect information],” she noted. “But they can find information about the dealership through the sales of finance products, and pass that along to the Attorney General.”

However, cautioned Koblenz, there are limits. He noted that, like Munro, he sees jurisdiction issues coming into play, as to what the CFPB can and cannot do, and where their authority extends, and that could limit the effectiveness of their strategy in the future.

Disparate Impact – Where Does That Come Into Play?
One of the ways the CFPB is targeting dealers and providers is to claim disparate impact – which is when they go back and look at deals already made, and use an algorithm to determine if they believe discrimination happened. The problem is that it is illegal to collect information such as race when filling out loan or credit documents. So agencies like the CFPB use information such as the U.S. Census, or surnames, to try and assign race or gender. But, agreed the panel, that process is flawed. It can be misleading at best, and plain wrong at worst, leading the agency to make policies to prevent unintentional discrimination that, the panel noted, might not even exist in the first place.

“They have to look at other factors,” said Koblenz. “Things like credit risk – it costs more to place a subprime loan, regardless of race. And there are other variables such as inventory, the amount financed or the term of the loan.” A better metric for determining if everyone was treated fairly, he said, is to look at the dollars – if the goal is to have every deal generate approximately the same dollar amount, then the rates will be all over the place, based on all those credit and financing factors – race doesn’t play into it. Everyone is treated equally, based on their financial standing.

The frustration over disparate impact, Wiener noted, is that the CFPB is preaching transparency in all transactions to ensure every customer is treated equally and fairly – but at the same time, they are refusing to release the metrics they used to determine that there was discrimination in the first place. It is a double standard that leaves dealers, agents and providers to develop compliant policies, only to have to constantly keep adjusting them as the CFPB releases new bits of information.

“They’ve given us little information on how to code these loans,” said Munro. She pointed out that there is currently a case before the Supreme Court that might make it a moot point – the case is seeking, among other points, to have the court rule on whether disparate impact is a valid legal theory. She believes the case will eventually do away with disparate impact completely, which will change the entire conversation around the CFPB completely, yet again.

At the end of the day, the CFPB is impacting F&I today, and will continue to have an impact in the future. But exactly what that impact will be long term, not even the panel could say for sure. There are still too many variables in play, and not enough information to go on – the best policy for anyone in the industry is to stay vigilant and create clear, understandable policies that apply to every loan and every product that is sold through the dealership – so even if a violation is cited, there is a clear paper trail showing the intent to be compliant and stay within the law.

Posted in IndustryComments (0)

Page 1 of 212