Business Growth Compliance Economy

Will New Rules Hamper Growth?

Credit unions have notched the highest percentage of auto loan originations since 2007. Leveraging consumer inflationary concerns and lower interest rates, Experian’s “State of the Automotive Finance Market” report for the second quarter released Aug. 25 showed credit unions produced 25.8 percent of the loans and leases from lenders in the three months ending June 30, up from 18.3 percent a year earlier and 22.1 percent in this year’s first quarter. Pop the corks and let the confetti fly!

Inflation concerns are likely to remain for the rest of 2022. The Federal Reserve signaled earlier this month that it plans to continue its aggressive approach to raising interest rates, with a target of 4.0 percent. However, declining gas prices across the country prompted a notable increase in the Consumer Confidence Index for August. Purchasing intent and vacation intent also increased, indicating that monetary concerns have not made a noticeable impact on consumer behavior.

In fact, consumers have made overall improvements in their financial health since the pandemic. Experian’s Melinda Zabritski, Senior Director of Automotive Financial Solutions, has seen continued improvement in consumer credit scores over the last several years with a greater percentage falling in the prime category.


Data Security Compliance in 2022

According to the nonprofit Identity Theft Resource Center, more than half of all small businesses in the US experienced at least one security or data breach in 2021, a 17 percent increase from 2020, at an average expense of $250,000 to $500,000 per incident. As automotive lenders and dealers increase their use of digital sales and technology to house personal and confidential information, data breach incidents have a direct impact on both revenue and regulatory compliance.

The Safeguards Rule

The Federal Trade Commission issued a final rule that amends the Safeguards Rule (the “Rule”) that went into effect January 10, 2022. The Rule places requirements on “financial institutions” regarding information security programs and the use of customer information. The amended rule notably expands the “financial institution” definition, which is now applicable to debt collectors and certain debt buyers, among others. Many businesses are now finding themselves subject to the Rule for the first time.

Update: Prior to the revisions, the Rule required covered entities to perform a risk assessment and then develop and implement safeguards to address identified risks. Now, risk assessments must include specific criteria and be in writing.


FTC Amendments Strive To Keep Up with Technology

Steve Roennau Vice President Compliance EFG Companies
Contributing Author:
Steve Roennau
Vice President
EFG Companies

In April, the Federal Trade Commission (FTC) published in the Federal Register its proposed amendments to the 2000 Privacy Rule and 2003 Safeguards Rule. The genesis of these amendments is based on the FTC’s enforcement experience, and are intended to keep pace with technological developments within the financial industry. The proposed revisions relevant to automotive lenders fall under the Gramm Leach Bliley Act (GLBA).

Changes to the Privacy Rule

Revisions to the Privacy Rule would result in two substantive changes:

  1. The scope and definition of “financial institution” was modified to include entities that are engaged in activities that are incidental to financial activities, to bring both rules into accordance with the CFPB’s Regulation P (Privacy of Consumer Financial Information).
  2. The annual privacy notice requirements were modified to implement statutory changes to the GLBA enacted by the Fixing America’s Surface Transportation Act (the FAST Act).

The FAST Act established that a financial institution is not required to provide an annual privacy notice under the Privacy Rule if it:

  • only shares NPI with nonaffiliated third parties in a manner that does not require notice of an opt-out right to be provided to its customers; and,
  • has not changed its privacy policies and practices with respect to the disclosure of NPI since it last provided a privacy notice to its customers.

The CFPB published a final rule to implement these statutory changes in September 2018. The FTC’s proposal would amend the annual notice requirements to bring it in line with the FAST Act and the CFPB regulations.