Image of Maze - Compliance Checklist

Navigating the Compliance Maze With a Compliance Checklist

If you work in the BHPH auto industry, you’ve been hearing a lot about compliance recently. It’s a big issue, and it’s getting bigger. Along with recent crackdowns on repossession compliance and an increase in lawsuits concerning ADA digital accessibility compliance, 2019 has also seen the first FTC action specifically related to the Consumer Review Fairness Act. The problem, of course, is that understanding compliance regulations is not as easy as it seems. There are various sets of rules ranging from lending standards like the Truth in Lending Act (TILA) and the Equal Credit Opportunity Act (ECOA) to various state regulations and bills dealing with repossession, and then there are more general requirements related to the Americans with Disabilities Act (ADA) In short, keeping up with compliance can feel a little like a juggling act. Utilizing a compliance checklist can help BHPH dealerships keep up while making the process easier.

In fact, having a compliance checklist may well be the single most beneficial thing dealership owners and general managers can do for their businesses this year. If you don’t already have a compliance checklist, it’s time for that to change. Of course the reason is obvious; it’s easier to see what you’ve done and still need to accomplish on a tidy list. However, that only helps if your list contains all of the right items. So what should you include on your compliance checklist? The NIADA has some excellent suggestions for BHPH dealerships relating to privacy policies, data destruction, managing compliance, and more.

One item that should certainly be on any BHPH dealer’s compliance checklist is a strong policy regarding important data. BHPH dealerships handle a lot of sensitive information, from social security numbers to credit scores to financial information. Do you have a compliant privacy policy in place to handle all of this safely? What about a data destruction policy? Do you know when and to whom you are required to give a privacy notice, and how long you are required to keep records? Regulations concerning all of the above should be clearly understood and followed in your compliance checklist.

According to the FTC, privacy rules in the Gramm-Leach-Bliley Act requires dealerships, including those in the BHPH industry, to give a copy of their privacy notice to anyone who provides personal information in connection to potentially purchasing a vehicle, even if that person chooses not to purchase from that dealer at that time. Privacy regulations distinguish between customers and consumers, and a person legally moves from being the former to the latter as soon as they provide sensitive personal information. This remains true even if a loan is quickly sold to a third-party lender, and although the dealership is not responsible for providing yearly privacy policies after that point, they are still legally bound by their initial privacy policy agreement with the consumer. However, thanks to an exception in the Gramm-Leach-Bliley Act privacy rules, dealerships are not required to provide an opt-out option to consumers when a loan is reassigned or sold. Dealerships who send fliers or holiday greetings to customers through a third-party marketing company are allowed to share customers’ contact information with that company without providing a copy of their privacy policy first so long as they don’t differentiate between consumers (those who have leased or bought a vehicle) and customers who have simply provided contact information while visiting the dealership. If, however, the dealer wishes to send correspondence only to consumers, providing a copy of their privacy policy is required. The same privacy rules apply to LHPH dealers who offer leases 90 days or more in length.

Where record retention and data destruction are concerned, there is a whole new set of rules to deal with. Document retention regulation is another important point to include on any compliance checklist. The law firm Clifton Larson Allen released an incredibly helpful checklist spelling out how long different documents must be retained. Sales invoices and purchase orders must be kept for at least 6 years, while accounts receivable and payable ledgers must be kept for at least 7 years. If a customer (or anyone else for that matter) provides a canceled check, the law requires it to be kept for a minimum of 7 years unless it relates to taxes or a special contract, in which case it must be retained permanently. Tax Form 8300 is required any time that a consumer buys a vehicle costing $10,000 or more, and that record must be kept for 5 years. Denied credit applications must be retained at least 2 years, but interestingly there is not regulation concerning how long accepted credit applications should be kept by the dealer. A smart dealer, of course, will naturally hold onto that paperwork until after the loan is paid off, however.

A compliance checklist, as already mentioned, should also include a data destruction policy. When sensitive documents are no longer needed, data destruction rules in the Gramm-Leach-Bliley Act apply. One or more employees should be tasked with overseeing privacy and data destruction, and while a third-party company can certainly be used to dispose of old documents and information, dealerships should ensure that their contract includes specific requirements for handling and destroying data in a compliant fashion. Paper documents should be shredded to prevent a security breach, of course, but it’s vital not to forget about digital security as well. Employee computers are required to have up-to-date malware protection as well as password-protected login screens and automatic lock screens that are engaged when the screensaver is used. When old computer equipment is thrown out, hard drives should be completely wiped or better yet, destroyed.

Of all of the items on a BHPH dealership’s compliance checklist, however, perhaps the most important one is this: hire a compliance officer. As readers can likely agree, there are enormous numbers of compliance regulations that dealers must adhere to, and that makes having someone who is specifically responsible for compliance a boon. After all, if a dealership hires specialists for payroll and vehicle repairs, shouldn’t they also hire one for compliance? It’s a great investment, when one considers the risks that can be avoided. A compliance officer understands various rules and regulations, oversees their company’s compliance, and spearheads any changes that need to be made. The result is that dealerships employing a compliance officer can have peace of mind knowing they are safe from costly lawsuits, fines, etc.

Many readers may be wondering how to go about finding a compliance officer. There are some hiring firms that can help find the right employee, and some compliance officers work as consultants. However, it is also quite possible to hire one directly if a dealer understands what to look for. A good candidate should understand both state and federal regulations regarding financing, car sales, data retention, and such. They should also have a keen analytical mind, and a working knowledge of accountancy as they will have to review all financial records. Lastly, the candidate chosen should be well-organized and, above all, reliably honest.

Finding the right person to act as a compliance officer and creating a compliance checklist will help keep BHPH dealerships on the right track and out of the courts. Although compliance rules are becoming increasingly complex, BHPH dealerships can still keep up if they have the right information and the right assistance. Consider creating your own compliance checklist, familiarize yourself with regulations, and take a look at the BHPH Marketplace directory for firms or businesses that can help you find a compliance manager. You’ll be rewarded by knowing that your dealership is compliant and safe from legal trouble as more and more pressure is exerted by federal and state organizations to enforce current regulations.

Clifton Larson Allen
FTC – Data Destruction
Robert Half

Related Posts

Customer retention strategies depend on relationships - image of two men's hands being shaken in front of grey car
Customer Retention Strategies for BHPH Auto Sales
PPC for auto dealerships - image of laptop with revenue information
Pay Per Click for Auto Dealerships on a Budget
Subprime Auto Lending Companies - Image of man in black suit holding piggy bank
Subprime Auto Lending Companies and Your Dealership

Leave a Comment or Review. All reviews will be verified.