What Exactly Is a Compliance Management System?

Essential facts every auto dealer must know

Since late 2014, the term CMS, short for Compliance Management System, has been a hot topic in auto financing. Dealers have heard the term but many aren’t certain what it means for their business.

CMS describes a process for attaining and maintaining compliance with numerous laws and regulations. It is a child of the Consumer Financial Protection Bureau (CFPB). Auto dealers may think of a CMS as a fair-lending policy or a software program that creates Risk-Based Pricing Notices and Adverse Action letters. Those definitions are too narrow and can be dangerous.



Some vendors offer a CMS that upon examination includes just one component of a complete Compliance Management System, as defined by the CFPB. Solutions that mistakenly leave dealers exposed are likewise dangerous.

A dealership CMS is not a fair-lending policy, a software program, a training course, or an audit. None of these items standing alone constitutes a CMS, yet all are necessary components of one.

Components of a CMS

A dealership CMS ensures compliance with numerous federal and state laws and regulations inherent in the operation of a retail automobile dealership. These practices and processes describe how a dealership:

  • Establishes its compliance responsibilities;
  • Communicates those responsibilities to employees;
  • Ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes;
  • Reviews operations to ensure responsibilities are carried out and legal requirements are met; and
  • Takes corrective action and updates tools, systems, and materials as necessary.

To be effective, a dealership CMS will have four interdependent control components:

  • Ownership/board and management oversight;
  • Compliance programs;
  • Tracking and responding to consumer complaints; and
  • Compliance audits, policy reviews, corrective action, and policy and procedure modifications as required.

When all components are robust and coordinated, a dealership should succeed in managing the following compliance responsibilities:

  • Privacy and protection of consumer information
  • Financial compliance with the Office of Foreign Assets Control (OFAC), Financial Crimes Enforcement Network (FINCEN), and Rule 8300 reporting
  • Identity-theft prevention and the Red Flags rule
  • Fair lending and compliance with consumer financial regulations and laws
  • Consumer complaints
  • Occupational Safety and Health (OSHA)

OSHA has nothing to do with the CFPB, but if you are implementing a CMS, there is no reason not to include these compliance obligations in you dealership CMS.

Comprehensive compliance management that addresses the CFPB’s intent is not achieved by using compliance software alone. A compliant CMS also requires people, training, and the creation of a compliance culture at the dealership. Over the next few months, I’ll be addressing each of the crucial components of a robust CMS. For more information on this subject, contact the author or visit the Automotive Compliance Consultants Inc. website.

David R. Missimer, dmissimer@dealermark.com, is General Counsel for Automotive Compliance Consultants Inc. (www.compliantnow.com). He spent 28 years in private practice as a seasoned litigator and trial lawyer representing lenders, auto dealers, and numerous other entities and individuals. He has worked with dealership compliance issues since 2003. He joined Automotive Compliance Consultants in 2003. He is a member of American Financial Services Association and National Automotive Finance Association.

David R. Missimer

1 Comment

Leave reply

<