Dealership compliance practice helps ensure the business’s integrity to various federal and state consumer finance, identity theft, and employee health and safety laws.
Dealers are wise to give compliance its due respect. Federal and state regulators continue to ratchet up their compliance governance:
- The intrusion of the Consumer Financial Protection Bureau (CFPB) into auto lending
- The increasing scrutiny by OSHA on lift safety and worker health and safety
- The intensive focus on identity theft due to its real (and costly) consumer dangers
- The emerging legality of medical and recreational marijuana that is certain to appear in the workplace
Compliance affects dealerships in these broad categories:
- Privacy , pertaining to customer and employee information security
- OSHA, pertaining to worker safety and health
- Sales and financing, pertaining to advertising, sales, consumer financing and aftermarket sales practices
- Equal Employment Opportunity or EEEO, pertaining to employment, hiring, harassment, and discrimination practices and policies
While few dealers find compliance an enticing topic, many realize the current political, business and social environments compel them to learn about it. Prudent dealers are increasingly putting compliance processes into practice to protect their assets and customers.
What is a Compliance Management System?
Government created various compliance regulations to protect consumers, thwart terrorists or those who would support them, stop identity theft, protect worker health and safety, and protect employees’ employment rights.
The term Compliance Management System, or CMS was coined by the CFPB and is in vogue today. Today a CMS is often incorrectly promoted as a software solution to simplify and automate the compliance function. Many in the industry have been led to believe that issuing certain required notices to consumers from their DMS or CRM tool solves their compliance obligations, and constitutes a CMS. Software compliance tools are important, but used alone leaves a dealership unprotected, at risk, and far complying.
According to the CFPB, a CMS is how a dealership:
- Establishes its compliance responsibilities; communicates those responsibilities to employees; ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes;
- Reviews operations to ensure responsibilities are carried out and legal requirements are met; and
- Takes corrective action and updates tools, systems, and materials as necessary.
An effective compliance management system commonly has four interdependent control components:
- Board and management oversight;
- Compliance program;
- Response to consumer complaints; and,
- Compliance audit.
As should be clear from the above, dealership compliance demands personal oversight and involvement from ownership, management, and employees. Compliance cannot be achieved remotely, via a webinar, or by a software program. Each of the foregoing may be an essential component of a dealer’s CMS, but standing alone provides only false security.
The essential CMS app
The essential CMS app is people. And not people that never come to your store. Dealership compliance requires boots on the floor, and clipboards and pens on a regular and consistent basis.
You can train your employees online and issue some regulatory documents via operating software, but you can only audit processes, review procedures, audit deals, audit for OSHA, and create a culture of compliance at your dealership with people knowledgeable and dedicated to compliance.
A CMS that involves authoritative, knowledgeable, experienced, and adept compliance professionals is a necessity in every dealership given government intrusion into retail automotive and lending.
For some large dealership groups, an in-house option is reasonable. The resources are usually available to assign for this full-time task. Yet even where full-time compliance officers are at work, an outside compliance service can be an important checks-and-balance to ensure that all of the mundane day-to-day compliance details and training are executed and cataloged.
As I wrote here last year, a good first step toward protecting your dealership from various noncompliance risks is the preparation of compliance policies and procedures geared specifically to your store. The practices adopted in the compliance procedures should be implemented and employees trained.
As time goes on, compliance issues will continue to be identified and policies changed or modified to adapt to both circumstances and rapidly changing regulations. Action items identified in regular compliance audits will be corrected and records kept. Documentation or the paper trail supporting compliance activities should go into organized manuals. It is this compliance manual that OSHA, FTC or other regulating agencies will ask to see and review upon auditing the business or when investigating complaints.
Only a Compliance Management System using individuals walking your store, opening files, reviewing paperwork, checking information privacy standards in all areas, reviewing employee training and security measures, and meeting with ownership and management regularly will ensure a compliance environment. Short cuts and half measures lead to costly errors and violations. At this juncture, saying you didn’t know is no defense.