Three months ago in this space, I discussed significant changes at the Federal Trade Commission and the Consumer Financial Protection Bureau, as well as likely increased scrutiny and enforcement actions against vehicle dealers.
The next question, then, is: Now what?
Well, think about spring. Yes, I know it’s fall. Indulge me.
Spring is associated with spring cleaning – taking inventory of what you have, what you need and what you don’t, organizing and cleaning house. It’s a time to clean up and clear out, get things in order and get ready for what’s to come.
With reinvigorated regulators and enforcement agencies and their renewed focus on dealers, it’s a good time to take an honest and hard look at your operations.
What’s working? What’s not? What needs more attention? What can be improved?
It’s Time to Refocus on Compliance.
So what should you be considering? Where should you begin?
First, conduct an inventory of what laws apply to your operations. I’m going to give you a little help here – a “starter list”.
But don’t rely wholly on this list. It’s not completely comprehensive, nor do I know the specifics of your business. So make sure to talk to an attorney well-versed in laws that apply to dealers.
- OFAC (bad guys list)
- FCRA (credit reports, adverse action notices, prescreened firm offers of credit, credit reporting)
- ECOA (nondiscrimination, adverse action, credit applications)
- TILA (retail installment sale contract disclosures)
- CLA (lease disclosures)
- GLBA (privacy notices, safeguarding consumer information)
- DPPA (driver’s license information)
- Disposal Rule (disposal of credit reports)
- Red Flags Rule (identity theft prevention)
- Risk-Based Pricing Rule(required disclosure)
- CFPB enforcement of unfair, deceptive or abusive actions and practices
- Section 5(a) of the FTC Act (UDAP)
- FTC Telemarketing Sales Rule and Telephone Consumer Protection Act (Do Not Call rules, use of autodialers and prerecorded messages)
- Magnuson-Moss Warranty Act
- FTC Used Car Rule (Buyer’s Guide, sales contract disclosures)
- FTC Preservation of Consumers Claims and Defenses Rule (retail installment contract disclosures)
- FTC Home Solicitation Sales Rule
- FTC Credit Practices Rule
- Electronic Funds Transfer Act (automatic recurring payments and one-time payments)
- Federal Odometer Rule
- CAN-SPAM Act
- Junk Fax Prevention Act
- ESIGN and UETA (electronic contracts and transactions)
- USA PATRIOT Act (still awaiting regulations)
- Americans with Disabilities Act
- State security breach notification laws
- State security freeze laws
- State Social Security number limitation laws
- State disposal laws (similar to the FACTA Disposal Rule, but applies to all consumer information)
- State safeguarding of customer information (mini-GLBA protections, expanded privacy rights under California, Colorado and Virginia laws and more coming)
- Dealer documentary or processing fee limitations
- State mini-UDAPs
- Federal and state record retention requirements
- FTC enforcement actions (Bronx Honda, Lightyear Dealer Technologies, LLC, Tate’s Auto Center, Traffic Jam Events, LLC, etc.)
- State attorneys general enforcement actions
Yep, it’s a long list.
After an inventory, you’ll need to do a GAP analysis. What policies and procedures do you have in place and what laws do they address? Are all laws covered? Do they cover all aspects of your operation?
As part of that process, you’ll also need to inventory your actual business practices.
For example, do you take credit applications online or over the phone, or do consumers have to come into the store to apply for credit?
If you take applications over the phone, are the ECOA and Regulation B mandatory disclosures read to consumers?
You get the picture.
This seems self-evident, but your policies and procedures should be written – many laws require that.
For example, the Red Flags Rule, enforced by the FTC, requires dealers to develop and implement a written identity theft prevention program designed to identify, detect and respond to red flags that indicate a customer could be using stolen information to purchase a vehicle on credit.
There are also training considerations. Some laws, including the Red Flags Rule, require specific training.
Legislators are very active these days. Virginia and Colorado passed new comprehensive privacy laws. Wyoming is changing its law on GAP refunds.
Dealers must periodically review and update their policies and procedures. And periodic doesn’t mean every five years. The Red Flags Rule requires it annually.
You should also consider how you publish your policies and procedures. I recommend a full-blown internal marketing program.
Think about how you market your vehicles to customers. Employees, like customers, are people who respond to marketing campaigns, which have the additional benefit of building awareness if done right.
And make sure you publish your policies and procedures somewhere easily accessible to your employees. Employees can’t comply with what they don’t know.
Finally, practice what you preach. In an enforcement setting or lawsuit, there’s nothing worse than being found to have a policy and not complying with it. That could turn a negligent harm into a willful one.
Yeah, I know. Spring cleaning isn’t fun … and it’s tough. But it’s one of those things we’ve just got to do.