November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Compliance Officer
Tools and Resources Presented by:
John Vecchioni
National Sales Director/Director of Education
United Car Care
800-571-6412
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Recent violations in the news • 5 Serra Nissan Employees Arrested Oct. 7, 2014
The indictment of 5 dealership employees follows federal charges levied
against 2 other Serra Nissan sales managers earlier this year. They are
facing federal charges related to a scheme to fraudulently boost loan
approvals and car sales.
• Dealer Arrested for Forgery, Fraud Oct. 28, 2014
A Georgia dealer was charged with 18 felonies and 9 misdemeanors for
allegedly committing fraud and forgery in association with the sale of
vehicles.
• Man Finds No Record of VSC Purchased at MI dealership Oct. 21, 2014
A man who bought a car at Auto Exchange last year discovered that the
VSC provider had no record of the $2566 contract he purchased. The
dealership was shut down in April.
• FTC Approves Final Consent Orders Against 10 Dealers May 7, 2014
The FTC has approved final consent orders involving the deceptive
advertising practices of 10 dealerships. These were part of Operation Steer
Clear, a nationwide sweep focusing on misleading advertising.
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
What are the responsibilities
of the Compliance Officer?
• The ability to inform & communicate what everyone is required to be aware of and comply with.
• How do you do this and be effective? That’s the real key!
• Education and alternative processes need to be implemented to ensure positive change.
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Ownership & Upper Management
• All internal business culture change starts from the top down.
• F&I Managers not only need to understand compliance, but comply with it as standard operating procedure.
• Salespeople need to understand what their obligations are to the business and industry.
• Weekly sales meetings need to include compliance reminders and recognition for a job well done.
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
What role does everyone play in a business
environment that is regulated?
• Integrity & character matter!
• Safeguarding customer’s personal information.
• Identify what constitutes Personal Information.
Specify what you wouldn’t want everyone to have.
• Contain all personal information in a secure area.
• Marked “SECURE AREA” and locked when the office
is vacant.
• How do we ensure that everyone understands this
and adheres to it?
• Designate 1 employee to coordinate the safeguarding
of customer’s personal, identifiable information
• Design a program that ensures it’s safeguarding
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Recommendations that keep dealers
out of trouble
• Senior Management needs to take a pro-active lead
• Set the example, set the importance, and appoint a Compliance Officer
• Clear & understandable written compliance policies & procedures
• If it is not understood & reviewed by all, it has no practical purpose
• Compliance needs to be monitored daily & managed by all
• Compliance is a cultural thing. It needs to be integrated as a cultural habit
• Independent & in house compliant audits
• Ensure that processes & procedures are followed every time
• Stay in contact with your state organizations/Independent and Franchise Associations
• Be aware of “grass roots” projects to draft legislation in your market
• Have all employees sign a “statement of understanding”
• Establish a written code of practices for vendors
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Where do we start? Simple 15 Step Compliance Checklist
1. Is there a lock on the door of your F&I Office to secure files?
2. Is your “Red Flag” program updated annually?
3. Are your internet prices different from your lot prices?
4. Do you secure your customers Non-Public information?
5. Do the salespeople have access to customer’s private information?
6. Do your salespeople understand FTC Regulation Z?
7. Are there consistent bank reserve practices in place in F&I?
8. Are your credit applications being filled out by the customer?
9. Do you have a secure program for discarding non-buying customer’s personal, non-public information?
10. Are you presenting payments to the customer with “bumps”/”leg”?
11.Is the F&I Dept. presenting base price and payments to the customer?
12. Do you know how Dodd-Frank affects your business?
13.What is the interest of the CFPB in our business?
14.Adverse action notices
15.Risk based lending
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
GLBA
Discussed for years, but what does it entail if FTC Regulators want to investigate?
• Dealership name, corporate structures, DBA’s, affiliated corporations, joint ventures, etc. Yes, there is more.
• A description of each transaction.
• A copy of dealer’s written information security program and all documents and programs relating to the security of non-published customer information.
• Names & titles of employees responsible for securing this information.
• What are you doing Mr./Mrs. Dealer and Mr./Mrs. Compliance Officer to prevent hiccups in your business?
• Sharing customer’s FICO scores with non-essential employees that don’t need to know?
• Posting on social networks profiles of customers in any way?
• Allowing salespeople information on interest rate or any private information?
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
GLBA Checklist (Part 1) 1. Formal Risk Assessment
• Take inventory of and document all customer-information assets & systems
• Prioritize and classify information assets
• Identify/document all threats to customer data, their likelihood & impact
• Evaluate and improve critical environment
• Develop and document policies & procedures to secure information and enforce sanctions
2. Information Security Program
• Obtain dealer management’s buy-in
• Appoint a security officer or delegate compliance responsibility
• Define & communicate compliance responsibility
• Establish and document a formal training and awareness program for F&I and sales staff
3. Vendor Relationship Assessment
• Identify and document all vendors who access, process and store your customer’s data
• Access and document how vendors are protecting customer data
• Review & monitor vendor agreements annually for compliance
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
GLBA Checklist (Part 2)
4. Technical Security Management
• Design a secure network topology
• Develop virus standards and controls
• Perform security testing (external & internal penetration tests) at
least annually
• Monitor your security environment by recording transactions and
reviewing logs
• Develop security incident response procedures
5. Annual Audit and Update
• Develop an audit strategy
• Perform audits on an annual basis
• Report audit findings to dealership management
• Revise vendor management practices as needed
• Test and revise your security compliance program as needed
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
The most common violation everyday in
America?
• How do we address the quoting of rate and payment to
salespeople once and for all?
• Quote wrong, customer gone.
• It’s not always enough to insist that they stop
quoting R&P.
• They need to address the customer’s inquiry in a
professional way which is satisfactory to them and
to their customer.
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Deal File Audits • Signed retail purchase agreement
• Signed 4 Square/Deal Maker
• Signed menu filled out properly
• Forfeiture page
• Privacy Notice
• Signed Risk based pricing
• OFAC report
• Proof of auto insurance
• Condition of financing
• Copy of Driver’s license
• Signed credit application
• Signed finance contract
• Signed FTC “As Is”
• Cash purchase 8300
• Bushing logs (notes)
• Proof of ___________, if required.
November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino
Tools & Resources Available
• www.ftc.gov/bcp/conline/pubs/buspubs/usedcarc.htm
• www.ftc.gov
• www.Afip.com
• www.spotdelivery.com
• Product Vendors and/or Professional Qualified Trainers
• Hudson Cook, LLP
• F&I and Showroom
• Plante & Moran / Raj Patel
• Pudge Donato