Compliance Officer Tools & Resources. November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Transcription

1 Compliance Officer Tools & Resources November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

2 Compliance Officer Tools and Resources Presented by: John Vecchioni National Sales Director/Director of Education United Car Care

3 Recent violations in the news 5 Serra Nissan Employees Arrested Oct. 7, 2014 The indictment of 5 dealership employees follows federal charges levied against 2 other Serra Nissan sales managers earlier this year. They are facing federal charges related to a scheme to fraudulently boost loan approvals and car sales. Dealer Arrested for Forgery, Fraud Oct. 28, 2014 A Georgia dealer was charged with 18 felonies and 9 misdemeanors for allegedly committing fraud and forgery in association with the sale of vehicles. Man Finds No Record of VSC Purchased at MI dealership Oct. 21, 2014 A man who bought a car at Auto Exchange last year discovered that the VSC provider had no record of the $2566 contract he purchased. The dealership was shut down in April. FTC Approves Final Consent Orders Against 10 Dealers May 7, 2014 The FTC has approved final consent orders involving the deceptive advertising practices of 10 dealerships. These were part of Operation Steer Clear, a nationwide sweep focusing on misleading advertising.

4 What are the responsibilities of the Compliance Officer? The ability to inform & communicate what everyone is required to be aware of and comply with. How do you do this and be effective? That s the real key! Education and alternative processes need to be implemented to ensure positive change.

5 Ownership & Upper Management All internal business culture change starts from the top down. F&I Managers not only need to understand compliance, but comply with it as standard operating procedure. Salespeople need to understand what their obligations are to the business and industry. Weekly sales meetings need to include compliance reminders and recognition for a job well done.

6 What role does everyone play in a business environment that is regulated? Integrity & character matter! Safeguarding customer s personal information. Identify what constitutes Personal Information. Specify what you wouldn t want everyone to have. Contain all personal information in a secure area. Marked SECURE AREA and locked when the office is vacant. How do we ensure that everyone understands this and adheres to it? Designate 1 employee to coordinate the safeguarding of customer s personal, identifiable information Design a program that ensures it s safeguarding

7 Recommendations that keep dealers out of trouble Senior Management needs to take a pro-active lead Set the example, set the importance, and appoint a Compliance Officer Clear & understandable written compliance policies & procedures If it is not understood & reviewed by all, it has no practical purpose Compliance needs to be monitored daily & managed by all Compliance is a cultural thing. It needs to be integrated as a cultural habit Independent & in house compliant audits Ensure that processes & procedures are followed every time Stay in contact with your state organizations/independent and Franchise Associations Be aware of grass roots projects to draft legislation in your market Have all employees sign a statement of understanding Establish a written code of practices for vendors

8 Where do we start? Simple 15 Step Compliance Checklist 1. Is there a lock on the door of your F&I Office to secure files? 2. Is your Red Flag program updated annually? 3. Are your internet prices different from your lot prices? 4. Do you secure your customers Non-Public information? 5. Do the salespeople have access to customer s private information? 6. Do your salespeople understand FTC Regulation Z? 7. Are there consistent bank reserve practices in place in F&I? 8. Are your credit applications being filled out by the customer? 9. Do you have a secure program for discarding non-buying customer s personal, non-public information? 10. Are you presenting payments to the customer with bumps / leg? 11.Is the F&I Dept. presenting base price and payments to the customer? 12. Do you know how Dodd-Frank affects your business? 13.What is the interest of the CFPB in our business? 14.Adverse action notices 15.Risk based lending November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

9 GLBA Discussed for years, but what does it entail if FTC Regulators want to investigate? Dealership name, corporate structures, DBA s, affiliated corporations, joint ventures, etc. Yes, there is more. A description of each transaction. A copy of dealer s written information security program and all documents and programs relating to the security of non-published customer information. Names & titles of employees responsible for securing this information. What are you doing Mr./Mrs. Dealer and Mr./Mrs. Compliance Officer to prevent hiccups in your business? Sharing customer s FICO scores with non-essential employees that don t need to know? Posting on social networks profiles of customers in any way? Allowing salespeople information on interest rate or any private information?

10 GLBA Checklist (Part 1) 1. Formal Risk Assessment Take inventory of and document all customer-information assets & systems Prioritize and classify information assets Identify/document all threats to customer data, their likelihood & impact Evaluate and improve critical environment Develop and document policies & procedures to secure information and enforce sanctions 2. Information Security Program Obtain dealer management s buy-in Appoint a security officer or delegate compliance responsibility Define & communicate compliance responsibility Establish and document a formal training and awareness program for F&I and sales staff 3. Vendor Relationship Assessment Identify and document all vendors who access, process and store your customer s data Access and document how vendors are protecting customer data Review & monitor vendor agreements annually for compliance

11 GLBA Checklist (Part 2) 4. Technical Security Management Design a secure network topology Develop virus standards and controls Perform security testing (external & internal penetration tests) at least annually Monitor your security environment by recording transactions and reviewing logs Develop security incident response procedures 5. Annual Audit and Update Develop an audit strategy Perform audits on an annual basis Report audit findings to dealership management Revise vendor management practices as needed Test and revise your security compliance program as needed November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

12 The most common violation everyday in America? How do we address the quoting of rate and payment to salespeople once and for all? Quote wrong, customer gone. It s not always enough to insist that they stop quoting R&P. They need to address the customer s inquiry in a professional way which is satisfactory to them and to their customer.

13 Deal File Audits Signed retail purchase agreement Signed 4 Square/Deal Maker Signed menu filled out properly Forfeiture page Privacy Notice Signed Risk based pricing OFAC report Proof of auto insurance Condition of financing Copy of Driver s license Signed credit application Signed finance contract Signed FTC As Is Cash purchase 8300 Bushing logs (notes) Proof of, if required.

14 Tools & Resources Available Product Vendors and/or Professional Qualified Trainers Hudson Cook, LLP F&I and Showroom Plante & Moran / Raj Patel Pudge Donato