Excerpt from new article: "The Essentials of a Compliance Process"

hot off the presses from Gil Van Over:

Dealers have seen two federal rules promulgated on them in the last five years along with an update to another federal guideline.

The Safeguards Rule (2003) and the Red Flags Rule (2008) both require that dealers adapt processes that most did not have in place prior to the requirements.

The Safeguards Rule, of course, requires that dealers protect consumers’ personal, non-public information from being fleeced by identity thieves.

The Red Flags Rule mandates that dealers escalate their responsibilities to help detect and prevent identity theft.

The Federal Sentencing Guidelines (2004) are a set of rules that judges must follow when imposing sentences on guilty parties. With a good compliance and ethics program in place, a judge can reduce potential fines and penalties by up to 95 percent.

All three (Safeguards Rule, Red Flags Rule, and Federal Sentencing Guidelines) provide a dealer with insight of what the federal government considers to be an effective compliance process.

Safeguards Rule
The Safeguards Rule contains five elements a dealer must follow to be in compliance:
• Name a compliance officer
• Conduct a risk assessment
• Develop a policy and procedure
• Provide employee training
• Conduct periodic audits

Red Flags Rule
Compliance with the Red Flags Rule requires six elements.
• Name a compliance officer
• Conduct a risk assessment
• Develop a policy and procedure
• Provide employee training
• Conduct periodic audits
• Write an annual report on program’s effectiveness

Federal Sentencing Guidelines
The sentencing commission has outlined the elements it considers necessary for an effective compliance and ethics program:
• Standards and procedures to prevent and detect criminal conduct
• Peonnrsel screening related to program goals
• Training
• Auditing, monitoring and evaluating program effectiveness
• Non-retaliatory internal reporting systems
• Incentives and discipline to promote compliance
• Reasonable steps to prevent further offenses upon detection of a violation

The elements of a compliance program
Not surprisingly, a dealer looking to establish a compliance process in sales and F&I should follow the model the government provides.

Name a compliance officer – Put someone in charge. Depending on your size, it can become the additional responsibility of the person responsible for your risk management functions, or it can be a newly created position. Either way, make it someone’s responsibility to develop the processes, the procedures, and the policies and report to you.

Conduct a risk assessment – Figure out where your compliance shortcomings are. It could be an inconsistent payment quoting methodology, or the inconsistent use of a menu, or the inconsistent completion of forms. It could be a lack of safeguarding consumer information, or the lack of a crosschecking process to detect employee fraud or the lack of buyer’s guides on used cars. The compliance officer is to conduct a thorough risk assessment to determine where your risk is.

Develop a policy and procedure manual – Once the compliance officer has determined where the risks are and how the processes are supposed to work, he or she should develop policy and procedure manuals for both sales and F&I. These manuals must define and describe the organization’s expectations on how an employee is to complete certain tasks.

Provide employee training – Now that you have a manual on how the employees are expected to perform their jobs, let them know. Give them a copy of the manual a week before starting the training so that they have ample time to review the material. Then provide the training and have the employees sign an acknowledgement form certifying that they have read the material and agree to abide.

Conduct periodic audits – Ah…the trust but verify stage. This is why I call this a compliance process, not a program. A process must be continually monitored and refined as new information becomes available. A program is like a manufacturer’s incentive, it comes and goes and no one remembers it a year later. You must conduct periodic audits and document any shortcomings and corrective actions you took, including disciplinary. You must also refine your policy and procedure manuals to reflect your actual process if the employees find a better way to do something.

Back to blog homepage