Categories
Compliance

Flex Those Compliance Muscles

The Consumer Financial Protection Bureau (CFPB) has been busy this year bringing lawsuits against auto lenders and servicers. Just this month, the agency sued the servicing arm of U.S. Auto Sales, alleging USASF Servicing cost consumers more than $10.1 million by mishandling customer refunds, double billing for collateral protection insurance and failing to apply excess customer payments to interest. The suit also alleges that USASF Servicing wrongfully repossessed vehicles at least 82 times, erroneously triggered vehicle starter interrupter “kill switches” at least 7,500 times, and incorrectly activated a 10-second series of tones meant to signal late payments 71,000 times. Imagine the consumer’s surprise when their car won’t start or begins beeping – especially if their loan was in good standing or they weren’t informed of these archaic little features when they purchased the vehicle!

Speaking of annoying entanglements, I’m sure your dealership has been busy implementing policies and procedures designed to support the Federal Trade Commission (FTC) Safeguards Rule. While these added requirements may seem burdensome, here’s an interesting way to think about those guardrails surrounding the customer’s data.  So far this year, the FTC has received 5.7 million total fraud and identity theft reports, 1.4 million of which were identity theft cases accounting for $10.2 billion in losses. According to the National Council on Identity Theft Protection, there is an identity theft case every 22 seconds in the U.S. and 33 percent of all Americans have faced some kind of attempt in their lives, with experts predicting this number could increase significantly this year.

While the CFPB and FTC are focused on lender lawsuits and other fronts, there is an opportunity for retail automotive to take advantage of the lull. Now is a great time for your dealership to flex its compliance muscles.

Categories
Data Security

Safeguarding Your Data

The Federal Trade Commission (FTC) Safeguards Rule goes into effect June 9, 2023. Did that date sneak up on you? Will your dealership be compliant, or is your team still trying to figure out what IT upgrades are needed to secure private customer data? Let’s breakdown the Safeguards Rule, see how it impacts your dealership and outline steps to consider while working on this compliance initiative. If you’d like another source of information to share with your team, check out EFG’s latest F&I Talk Outside the Box podcast.

Originally enacted in 2003, the FTC amended the Safeguards rule in 2021, but extended the deadline for compliance to June 9th of this year, giving dealerships more time to incorporate the needed equipment and procedures. Specifically, the new requirements include:

  • Designate a qualified individual to oversee your information security program.
  • Develop a written risk assessment.
  • Limit and monitor who can access sensitive customer information.
  • Encrypt all sensitive information.
  • Implement ongoing security personnel training.
  • Develop an incident response plan.
  • Perform periodic assessments of service provider security practices.
  • Implement multi-factor authentication, or another method with equivalent protection, for any individual accessing customer information.

That’s a lot to absorb! Let’s focus on the key component of data security.

Categories
Compliance

Take Action Now!

The retail automotive industry is buzzing about the Federal Trade Commission’s recent proposed changes to regulations impacting federal advertising laws and prohibitions on unfair and deceptive dealership practices. The 37-page document outlines six key areas the agency would like to address:

  • Full up-front pricing, costs and finance disclosures
  • Sales process disclosures
  • Add-on product benefits
  • Bait & switch
  • Surprise junk fees
  • Record retention

The public commentary period closes on September 12, at which time the agency will evaluate the responses and make a final ruling. Industry associations – including NADA – requested an extension to the 60-day review period proposal, which the FTC declined.