The government has shifted its gaze and is currently squarely centered on the automotive retail space. Government agencies, including the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC), are now paying close attention to the practices and marketing efforts of dealers — and they’re doing so with the aid of consumers. In fact, the CFPB is almost entirely consumer-driven, with an open forum for complaints.
All it takes is a certain volume of complaints before the eye shifts to a specific dealership. Compliance in all areas, including data security, personal consumer information and marketing regulations, is extremely important to the health of a dealership. Just last month, several dealers were fined $2 million for certain F&I practices. In September of 2015, another dealership was fined almost $700,000 for lack of disclosure in a sale. These stories are in fact becoming more commonplace. The CFPB and FTC, along with State regulatory agencies, are stepping up their scrutiny and are becoming more vigilant about enforcing compliance laws.
Where do dangers of non-compliance reside in dealerships? Well, just about everywhere.
First and foremost, every single vehicle sale – and even “almost” sale (i.e. the customer tried to buy but didn’t) – typically involves a customer releasing sensitive personal information to the dealership so that the dealer can pull credit and transmit that information to various banks for approvals. The transfer of that information is typically done in the form of a credit application.
But what then happens to that information now it is in the dealership’s hands?
That typically depends on the final outcome. If the customer completed the purchase, that original credit application probably gets packaged up by the F&I manager and sent off to the lender with the rest of the paperwork. If the customer did not, there are many different scenarios that I’ve witnessed. In some cases, those deal folders will reside at the sales desk. In other cases, the salesperson retains them, hoping they can follow up and finalize a deal. Perhaps the person has borderline credit and the F&I manager plans to talk to some of the dealership’s subprime lenders. In that case it could be on the F&I manager’s desk. And, at some dealerships, all of the above happens at the same time. That’s a lot of personal information lying around, unprotected, which can open a dealership up to a huge liability should anything happen with that data. It was only last November when a car salesman used personal information obtained through dealership credit applications to open credit card accounts in multiple customers’ names.
This type of data theft isn’t just limited to physical documents either. Unprotected, shared, and easily guessed passwords for dealership systems such as the DMS or CRM can be a cause of data leaks, which may be difficult to trace back to the perpetrator. It wouldn’t take much effort for an unauthorized person to gain access to a manager’s password and then download entire databases and/or cause mischief.
There is an ever increasing number of data breaches and a huge number or large companies are constantly hacked. Hackers are now starting to zero in on dealerships, recognizing that they hold much more valuable in-depth personal profile information for individual consumers than most other retail organizations. Dealerships are therefore a prime target. Believe me – these hackers will take advantage FULL advantage of that.
I truly believe that, as an industry, more attention should be placed on this issue than is currently happening. In a recent survey reported by Automotive News, while 65 percent of dealers believe they are under scrutiny by these aggressive regulators, only 37 percent actually mandate compliance training within their dealerships. According to the article, this lack of compliance can cost dealerships upwards of $792,000 annually in lost profits. And, apparently not all of the lost profits come from fines, but also from lost sales. The article additionally states that consumers want transparency and compliance contributes to that. The survey found that 73 percent of consumers feel more comfortable buying their vehicle from a dealership where the employees have completed compliance training.
Another point to keep in mind is that compliance training can also provide some protection from the actions of a rogue employee, should they misuse customer information.
A focus on the importance of compliance should be part of the management culture in any dealership. Staff training in all the aspects of compliance, along with implementing safeguards and processes help to reinforce the importance of compliance, which will help shield any dealership from liability – whether that liability is from a state or federal audit, wrongdoing by a dealership staff member or data breach that leads to damage.
Another big benefit, as pointed out by the recent article in Automotive News, is that it can also help customers feel more comfortable transacting with the dealership. And consumer trust can be a huge barrier these days in the vehicle purchase process.
Being compliant isn’t something dealerships SHOULD do. It’s something that a dealer MUST do. Otherwise you could find yourself writing hefty checks for fines — or become the subject of a rather inflammatory news story – and, in many cases, both.