November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Compliance Officer Tools & Resources

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Compliance Officer

Tools and Resources Presented by:

John Vecchioni

National Sales Director/Director of Education

United Car Care

jvecchioni@unitedcarcare.com

800-571-6412

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Recent violations in the news • 5 Serra Nissan Employees Arrested Oct. 7, 2014

The indictment of 5 dealership employees follows federal charges levied

against 2 other Serra Nissan sales managers earlier this year. They are

facing federal charges related to a scheme to fraudulently boost loan

approvals and car sales.

• Dealer Arrested for Forgery, Fraud Oct. 28, 2014

A Georgia dealer was charged with 18 felonies and 9 misdemeanors for

allegedly committing fraud and forgery in association with the sale of

vehicles.

• Man Finds No Record of VSC Purchased at MI dealership Oct. 21, 2014

A man who bought a car at Auto Exchange last year discovered that the

VSC provider had no record of the $2566 contract he purchased. The

dealership was shut down in April.

• FTC Approves Final Consent Orders Against 10 Dealers May 7, 2014

The FTC has approved final consent orders involving the deceptive

advertising practices of 10 dealerships. These were part of Operation Steer

Clear, a nationwide sweep focusing on misleading advertising.

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

What are the responsibilities

of the Compliance Officer?

• The ability to inform & communicate what everyone is required to be aware of and comply with.

• How do you do this and be effective? That’s the real key!

• Education and alternative processes need to be implemented to ensure positive change.

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Ownership & Upper Management

• All internal business culture change starts from the top down.

• F&I Managers not only need to understand compliance, but comply with it as standard operating procedure.

• Salespeople need to understand what their obligations are to the business and industry.

• Weekly sales meetings need to include compliance reminders and recognition for a job well done.

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

What role does everyone play in a business

environment that is regulated?

• Integrity & character matter!

• Safeguarding customer’s personal information.

• Identify what constitutes Personal Information.

Specify what you wouldn’t want everyone to have.

• Contain all personal information in a secure area.

• Marked “SECURE AREA” and locked when the office

is vacant.

• How do we ensure that everyone understands this

and adheres to it?

• Designate 1 employee to coordinate the safeguarding

of customer’s personal, identifiable information

• Design a program that ensures it’s safeguarding

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Recommendations that keep dealers

out of trouble

• Senior Management needs to take a pro-active lead

• Set the example, set the importance, and appoint a Compliance Officer

• Clear & understandable written compliance policies & procedures

• If it is not understood & reviewed by all, it has no practical purpose

• Compliance needs to be monitored daily & managed by all

• Compliance is a cultural thing. It needs to be integrated as a cultural habit

• Independent & in house compliant audits

• Ensure that processes & procedures are followed every time

• Stay in contact with your state organizations/Independent and Franchise Associations

• Be aware of “grass roots” projects to draft legislation in your market

• Have all employees sign a “statement of understanding”

• Establish a written code of practices for vendors

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Where do we start? Simple 15 Step Compliance Checklist

1. Is there a lock on the door of your F&I Office to secure files?

2. Is your “Red Flag” program updated annually?

3. Are your internet prices different from your lot prices?

4. Do you secure your customers Non-Public information?

5. Do the salespeople have access to customer’s private information?

6. Do your salespeople understand FTC Regulation Z?

7. Are there consistent bank reserve practices in place in F&I?

8. Are your credit applications being filled out by the customer?

9. Do you have a secure program for discarding non-buying customer’s personal, non-public information?

10. Are you presenting payments to the customer with “bumps”/”leg”?

11.Is the F&I Dept. presenting base price and payments to the customer?

12. Do you know how Dodd-Frank affects your business?

13.What is the interest of the CFPB in our business?

14.Adverse action notices

15.Risk based lending

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

GLBA

Discussed for years, but what does it entail if FTC Regulators want to investigate?

• Dealership name, corporate structures, DBA’s, affiliated corporations, joint ventures, etc. Yes, there is more.

• A description of each transaction.

• A copy of dealer’s written information security program and all documents and programs relating to the security of non-published customer information.

• Names & titles of employees responsible for securing this information.

• What are you doing Mr./Mrs. Dealer and Mr./Mrs. Compliance Officer to prevent hiccups in your business?

• Sharing customer’s FICO scores with non-essential employees that don’t need to know?

• Posting on social networks profiles of customers in any way?

• Allowing salespeople information on interest rate or any private information?

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

GLBA Checklist (Part 1) 1. Formal Risk Assessment

• Take inventory of and document all customer-information assets & systems

• Prioritize and classify information assets

• Identify/document all threats to customer data, their likelihood & impact

• Evaluate and improve critical environment

• Develop and document policies & procedures to secure information and enforce sanctions

2. Information Security Program

• Obtain dealer management’s buy-in

• Appoint a security officer or delegate compliance responsibility

• Define & communicate compliance responsibility

• Establish and document a formal training and awareness program for F&I and sales staff

3. Vendor Relationship Assessment

• Identify and document all vendors who access, process and store your customer’s data

• Access and document how vendors are protecting customer data

• Review & monitor vendor agreements annually for compliance

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

GLBA Checklist (Part 2)

4. Technical Security Management

• Design a secure network topology

• Develop virus standards and controls

• Perform security testing (external & internal penetration tests) at

least annually

• Monitor your security environment by recording transactions and

reviewing logs

• Develop security incident response procedures

5. Annual Audit and Update

• Develop an audit strategy

• Perform audits on an annual basis

• Report audit findings to dealership management

• Revise vendor management practices as needed

• Test and revise your security compliance program as needed

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

The most common violation everyday in

America?

• How do we address the quoting of rate and payment to

salespeople once and for all?

• Quote wrong, customer gone.

• It’s not always enough to insist that they stop

quoting R&P.

• They need to address the customer’s inquiry in a

professional way which is satisfactory to them and

to their customer.

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Deal File Audits • Signed retail purchase agreement

• Signed 4 Square/Deal Maker

• Signed menu filled out properly

• Forfeiture page

• Privacy Notice

• Signed Risk based pricing

• OFAC report

• Proof of auto insurance

• Condition of financing

• Copy of Driver’s license

• Signed credit application

• Signed finance contract

• Signed FTC “As Is”

• Cash purchase 8300

• Bushing logs (notes)

• Proof of ___________, if required.

November 10-11, 2014 at the Seminole Hard Rock Hotel & Casino

Tools & Resources Available

• www.ftc.gov/bcp/conline/pubs/buspubs/usedcarc.htm

• www.ftc.gov

• www.Afip.com

• www.spotdelivery.com

• Product Vendors and/or Professional Qualified Trainers

• Hudson Cook, LLP

• F&I and Showroom

• Plante & Moran / Raj Patel

• Pudge Donato