Category: Compliance

Consumer Privacy in Retail Automotive

Post author By efgmarketing
Post date February 1, 2018

Contributing Author:
Steve Roennau
Vice President
Compliance
EFG Companies

Do you know someone who was affected by the Equifax data breach? How about the Verifone hack or, the breach within the Internal Revenue Service (IRS)? According to the Identity Theft Resource Center® (ITRC) and CyberScout®, 1,579 data breaches occurred in 2017, representing a 44.7 percent year-over-year increase.

A study of more than 10,000 consumers by Gemalto, a data security firm, stated 70 percent of consumers would stop doing business with a company if it experienced a data breach. And, 69 percent feel businesses don’t take security of consumer data very seriously.

In retail automotive, dealers have been regulated on consumer privacy ever since the Gramm Leach Bliley Act was passed in 1999. Under Gramm-Leach Bliley, dealers are required to implement, and regularly audit, a written “Information Security Program,” to protect information about its customers. This is called the Safeguard Rule. However, in 1999, digital data breaches were not even a feasible consideration for most dealers.

To date, these “Information Security Programs” detailed how to physically secure private consumer data. It’s because of these programs that most F&I offices are locked, and F&I managers pay very close attention to make sure no private consumer information can be displayed on a desk or computer screen for anyone to see.

While these procedures are important, they now need to be augmented to incorporate every possible way a consumer data breach could occur. From a physical standpoint, this includes training the sales team on how to properly manage private consumer information, and holding them to the same standards as F&I professionals. For example, let’s say a salesperson made a copy of a driver’s license for a test drive and the consumer ended up leaving the dealership without purchasing. What does the sales person do with that photocopy? Do they just put it in their desk trash bin, or do they put it in a secure shredding bin? If they just put it in their desk trash bin, that data is not secure. Anyone could come and take that photocopy out of the trash.

Tags Consumer Privacy, CuberScout, Data Security, EFG Companies, Gemalto, Gramm Leach Bliley Act, LexAlign, Safeguards Rule, Steve Roennau, Trevor Lain

Compliance

Compliance: Not Dead Yet

Post author By efgmarketing
Post date January 3, 2018

Contributing Author:
Steve Roennau
Vice President
Compliance
EFG Companies

Sighs of relief turned into sighs of frustration this past December when the Department of Defense (DOD) issued a new interpretation of the Military Lending Act (MLA), potentially resulting in severe implications for all dealers who sell or have sold vehicles to active duty members of the U.S. armed forces and/or their dependents.

It seems that even the holiday season can’t put the brakes on compliance initiatives. As of December 14, 2017, creditors providing credit-related products and services, like GAP, Credit Life, Credit Disability or cash-out financing, must now comply with a full range of duties and restrictions imposed by the MLA. While this interpretation didn’t go into effect until December, it applies to all transactions going back to October 3, 2016.

Dealers are now spending the first month of the new year consulting with their legal counsel to determine whether to continue to offer such products and services to active duty military consumers and their dependents, and if so, what actions must be implemented to comply with MLA requirements.

History of MLA

Congress passed the MLA in 2006 to help protect active duty service members and their dependents from predatory lending. Since 2015, the DOD has been slowly amending the final rule to expand the scope of the MLA to include the majority of closed and open-ended loans.

Tags Arbitration, Class Action, Department of Defense, DOD, EFG Companies, Military Lending Act, MLA, Steve Roennau

Compliance

2017 CFPB Round Up

Post author By efgmarketing
Post date December 6, 2017

Contributing Author:
Steve Roennau
Vice President
Compliance
EFG Companies

In January of this year, President Trump issued an Executive Order which required agencies like the Consumer Financial Protection Bureau (CFPB) to re-address how they issue new regulations. The order required agencies to eliminate two regulations each time they issue a new one. Because of this, we saw very little activity coming out of the bureau on issuing new regulations.

In addition, criticism of the CFPB reached a tipping point, forcing politicians to take a hard look at the powers granted the bureau. A good example of this is the Arbitration Rule that the CFPB tried to force through Congress in the third quarter. While the rule initially passed Congress, it was nullified by President Trump in November.

The latest news surrounding the bureau focuses on the change of leadership, as Richard Cordray stepped down from the position of Director. With the CFPB embroiled in internal politics, we can expect another year of limited activity. This is all great news for the automotive industry. However, it does not mean that the auto finance environment will return to the golden age of the 1980s. From an auto lender standpoint, it is no longer fiscally sound for them to undo compliance practices that are years in the making.

So what’s the plan for 2018? Essentially, stay the course! Ensure all your processes are documented. Documenting your processes does not have to cost thousands of dollars in attorney fees and man hours. In fact, it can be as simple as taking a process, like insurance verification, and writing down the steps your team takes to complete that process. You don’t need legal language. And, each process doesn’t need to be a 20-page document. It’s just writing down what you already do every day.

Tags CFPB, Donald Trump, President Trump, Richard Cordray