Dealership Compliance Shouldn’t Be a Case of “File It and Forget It”
When a dealers take a cavalier attitude toward compliance, simple mistakes can escalate into so much more
Dealers often tell our consultants that their dealership has written policies and is compliant, or that its DMS provides federal notices and reminders, so compliance-wise it’s covered.
Many businesses truly believe that having a written policy and a DMS that spits out privacy, credit score disclosure, and adverse action notices is all that is required for front-end compliance with most federal regulations: Put the policy in writing, distribute it to everyone once, and compliance at a dealership is accomplished.
Moreover, if you put your written policies in a binder on a shelf where you can find them later, you are golden . . . right?
In most instances where this occurs, the answer is no, and good luck when the proverbial stuff hits the fan.
We are in the age of compliance when it comes to consumer transactions at the dealership. Yes, I am acutely aware that President Trump has vowed to render the Consumer Financial Protection Bureau (CFPB) a paper tiger, and that all those pesky regulations are “going away.”
To date, however, D.C. has not changed much, the administration is unable to get its agenda through both Congress and the Senate and is being blocked by the courts, and Richard Cordray is still at the head of the CFPB.
In addition to the lack of change in Washington, the FTC continues to be the regulator for franchised auto dealers. State attorneys general—the ones who are closest to your dealership and customers—have not been, and in most cases will not be, deterred from protecting consumers.
Therefore, from a regulatory standpoint, nothing has changed. All laws and regulations in place before the election are still in full force and effect. And in many instances, state legislatures have also added to your regulatory pile as of late.
Despite this lack of change in D.C., a significant shift occurred over the past five years. Like it or hate it, the CFPB created a culture of consumer financial compliance, with a certain minimal expectation for businesses that provide consumer financial services.
The expectation is that financial service companies—and dealerships—have a robust compliance program in place to comply with federal and state laws and regulations, that employees be trained and made aware of these policies, and that management checks its compliance program on a regular and consistent basis.
These expectations have been adopted by the FTC and state regulators, and might I add, the private attorneys suing dealerships for unfair and deceptive practices, as well as regulatory violations.
When an issue arises, these entities and attorneys want to see if the issue at hand was simply a mistake that was not caught, or indicates a common practice at the dealership of not following its own policies and lacking the ability to demonstrate compliance with the minimal expectations set forth to it.
Written policies with no follow-through and no training for your employees are misguided, and dangerous.
For example, the Equal Employment Opportunity Commission (EEOC) found an auto repair company violated federal law when one of its managers harassed an employee. The company had written policies, but little or no training to implement them.
“Although the company had a written policy against harassment, clearly there was a failure to implement it,” said an EEOC district director. “Our investigation revealed that some managers did not quite understand what conduct was prohibited by the policy, while others did not seem to be aware there was one to begin with.”
Likewise, purchasing online training for your employees and doing nothing else in your compliance program does not make you compliant. Nor does simply handing out adverse action notices, credit score disclosure notices, and privacy notices.
Inquiring minds these days want to see the following in your documented compliance program.
- When was the employee involved last trained?
- When were the employee’s transactions last reviewed/audited?
- What documented changes has the dealership made over the last year to address like problems?
- What policy or training has been modified based on complaint data?
The entire purpose of a complete compliance program is to keep a mistake just that—a mistake. Your dealership is never going to be 100% compliant, and as hard as you try, there will always be times when errors occur.
The goal of your dealership compliance program is to keep mistakes from turning into something bigger, and not letting them become willful violations resulting in significantly more cost.
An incomplete compliance program is one where:
- Written policies are not followed.
- Documented evidence does not exist of policy changes or amendments since policies were put in the binder.
- Training occurs, but nothing else.
- There is no documented follow-through, review, and audit on a regular basis.
- There is a lack of documentation indicating that management has reviewed or taken part in compliance since the date policies were approved.
A dealership lacking a compliance program that meets even minimal expectations tells regulators and attorneys one thing: Compliance is not a priority.
In some instances, one may deem such a cavalier attitude toward compliance to be a conscious decision to ignore responsibilities.
In such a situation, a simple mistake escalates to so much more. None of which is good.
David R. Missimer, email@example.com, is general counsel for Automotive Compliance Consultants Inc. He spent 28 years in private practice as a litigator representing lenders, auto dealers, and numerous other entities and individuals. He has worked with dealership compliance issues since 2003 as co-founder of Automotive Compliance Consultants. He is a member of the National Association of Dealer Counsel, American Financial Services Association, and National Automotive Finance Association.