Having been a dealer, operated dealerships, and for the last decade or so consulted dealers on OSHA, F&I, identity theft and other worker and consumer protection laws, I know that thinking about and addressing compliance is no one’s idea of a holiday.
Still, a dealer must give compliance its due respect these days. This focus is highly suggested today given the increasing reasons to do so:
- The recent intrusion of the Consumer Financial Protection Bureau into auto lending
- The increasing scrutiny by OSHA on lift safety
- The real (and costly) dangers of identity theft
- The headache and bad publicity fallout from employee harassment investigations
In today’s world, the paperwork and financial transactions an auto dealership generates are delicious honey to identity thieves and hackers. They see unprotected documents and unsecured computer data networks as bags of money left unguarded.
Repair orders, deal jackets and photocopies of driver’s licenses left in the open or in the copier will certainly yield priceless information for one bent on using it for ill gain. Some time ago while getting my vehicle serviced I spotted a stack of deal jackets next to a coffee pot in the customer lounge.
It’s a shame, isn’t it, that the routine paperwork and financial data generated as you sell cars, parts and service can be used against you and your customers and cost both of you dearly. Sure, all the effort to comply with Red Flags, OFAC, EEOC, Gramm-Leach-Bliley and others is a big pain, but comply you must.
A compliance trail
A good first step toward protecting your dealership from various noncompliance risks is the preparation of compliance policies and procedures geared specifically to your store. The practices adopted in the compliance procedures should be implemented and employees trained.
As time goes on compliance issues should be identified, and policies changed or modified to adapt to both circumstances and rapidly changing regulations. Action items identified in regular compliance audits should be corrected, and records kept. Documentation or the paper trail supporting compliance activities should go into organized manuals. It is the Compliance Manual that OSHA, FTC or other regulating agencies will ask to see and review upon auditing the business or when investigating complaints.
Dealership staff can do this work, but no staff will audit as completely or as thoroughly as will an individual not employed by your business. Here are three hot areas to focus attention:
- Employee Safety: OSHA violations, especially when they result in personal injury, can be very costly to the dealership. Fines can run as high as $90,000, which insurance does not cover. OSHA hot spots include Department of Transportation certifications; protection equipment around grinders and welders; signage for exits, electrical panel access; fire extinguishers.
- Consumer Finance: The CFPB’s use of disparate impact to find violations of the Equal Credit Opportunity Act are ushering in a new era of compliance issues and problems.
- Data Network Security: Anti-virus, malware and other anti-malicious-code add-on software programs can help protect your dealership networks against hackers. However, only managed network monitoring and security that monitors the data flows into your building and around your network in real time, 24/7, can truly protect these electronic assets.
- Harassment: Fees or settlements for discrimination and harassment suits and settlements can reach $2 million! Employee training that focuses on helping staff understand, recognize and avoid discrimination and/or harassment is a smart investment. So is employment practices liability insurance to help mitigate risk should violations occur and fines or settlements result.
Contact me if there is any question or doubt that your various compliance obligations will satisfy the various regulatory and auditing agencies. Their bite can be severe. A little preventive action can save the dealership considerable financial loss.