Compliance Issues and the Dealership
O ften, life can be summed up in one word “priorities.” If compliance has not been one of your priorities it should be. Here is why—we are living in a very litigious society and people are looking for ways to get out of contracts and ways to profit from the over sights of other people.
One area of compliance that is often overlooked is identity theft protection. The federal government has a few regulations that are focused upon curtailing identity theft and holds businesses accountable if the source is tracked to your business.
Safeguard Rule—(May 23, 2003) Dealerships must do a risk assessment focused upon the non-public information gathered on customers and employees. Non-public information is social security numbers, driver’s license numbers, credit card numbers, and insurance policy numbers, credit application, and credit bureaus, employment applications. Who has access to the information? Where is it vulnerable to theft? What should be done to make the information more secure? How about your archived files? Who has access to them?
Have you written a set of policies and procedures concerning the handling of secure information and documentation? Have you educated your employees on your policies and procedures? Have you appointed a team of managers to implement your policies and procedures? If not, there is no time like the present to get this task done.
RED FLAG Rule—Yes, the deadline for compliance on this issue has been delayed a few times. The current implementation deadline is November 01, 2009. I have been asked if I think the government will extend it again. The answer is unknown.
Again, if you are not ready for an audit, there simply is no better time than now to get prepared.
The regulation focus is upon “new accounts.” That can be defined as retail installment contracts, credit cards purchases, and buy here, pay here operations. Your written policies and procedures are essential if your lenders are going to be compliant. Yes, your lenders may ask for a copy of your policies, they have to oversee their providers.
As we all know the Red Flag Rule is a regulation that is focused on detecting, preventing, and responding to, identity theft and establishing a process in your business that is designed to mitigate the effects of identity theft. This also requires written policy and procedures.
Here is a short list of what the RED Flag Rule says that must be done.1) Do a risk assessment.2) Write policies and procedures.3) Educate your employees on verifying the identity of the customers.4) The Red Flag Policies must be given to and approved by the board of directors of your corporation.5) An annual written report on the self audits must be submitted to the board of directors.
The fines for non-compliance with these two issues are hefty and I doubt if any business will be able to survive it. The federal government is geared up to do sweeps. It is my sincere hope that the dealerships will be prepared and will pass the federal audits with flying colors.
The fine for non-compliance is $16,000 per violation and a $3,500 administrative fine per violation. Making a profit is primary; retaining it should be a close second.
Dealer Marketing Magazine, November 2009