Every dealer should probably take flight if he meets a government regulator who begins the conversation with the statement “I am from the government and here to help you.” Similar sounding statements, and flight responses, are also appropriate when encountering undertakers, ambulance drivers, and income tax preparers. However, dealers can help themselves by learning about what these pesky regulators want from them and, at a minimum, make efforts to comply. The Consumer Finance Protection Bureau (CFPB) has provided some direction on these issues in its 924 page publication CFPB Supervision and Examination Manual. The CFPB is trying to help you! But the truth is that the CFPB wants to help you do its bidding.
As presented in previous columns dealers should establish a compliance program which will address current issues and be flexible enough to address future ones.
Enter the Compliance Management System (CMS), which is required for some organizations by the CFPB. Representatives of the CFPB have already stated that such a program should be implemented by dealers. But, franchise dealers are not under the CFPB’s direct supervision. Nevertheless, franchise dealers should implement a CMS as it makes good business sense. The idea of a CMS relates to legal obligations dealers presently have due to the Safeguards and Red Flags Rules which necessitates that all dealers must implement these two programs and appoint a compliance officer. Dealers should build upon this concept and establish a permanent CMS. Since it is highly likely that compliance requirements will continue to increase and be demanded of dealers, creating a long-term solution for these compliance demands, is quite prudent. A CMS would be that solution. A CMS program would include the following:
- Establish a compliance program
- Establish a board with management oversight
- Appoint a permanent compliance officer who reports to that board
- Respond to consumer complaints with a protocol
- Have routine audits examining how the program is functioning and can be improved.
As with a business plan a CMS program should provide a framework for a dealer’s required legal obligations. The criteria by which a CMS program will be evaluated by the CFPB, and other regulators, includes the following:
- Well-drafted policies and procedures formalized into a written compliance plan
- Monitoring and Corrective Action
In CFPB speak, “A well planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, protect consumers from non-compliance and associated harms, and help align business strategies with outcomes.”
Drafting a Compliance Plan
If dealers need to draft an actual compliance policy what should it look like?
Once again, according the CFPB Supervision and Examination Manual, “Compliance policies and procedures should be documented and in sufficient detail to implement the board-approved policy documents.”
When examiners audit the written plan they will be seeking to determine whether compliance policies and procedures:
- Are consistent with board-approved policies.
- Address compliance with applicable federal consumer financial laws in a manner designed to prevent violations and to detect and prevent associated risks of harm to consumers.
- Cover product or service lifecycles.
- Are maintained and modified to remain current and to serve as a reference for employees in their day-to-day activities.
In other words, the actual written plan has to be carefully written, address the many laws dealers are required to follow, provide guidance to management, and remain flexible for new laws and monitoring. A good plan would contain at least fifty to one hundred pages and probably far more.
Policies and Procedures – Examination Procedures
There is much to be learned by reviewing what particular areas CFPB examiners would request and review regarding a dealer’s compliance policies and procedures. The anticipated examination process is quite sobering. There are thirteen audit items:
1. Review policies and procedures related to consumer compliance, including fair lending (i.e. the reserve) and other federal consumer financial laws as they relate to offering consumer financial products and services. The list of these federal laws is extensive.
2. Review changes management committed to make following any recent audit. If there has been a recent audit the dealer should have implemented any agreed upon change. Otherwise, the dealer may incur substantial fines.
3. Review policies as to how the organization is addressing new or amended federal consumer financial laws. Dealers must remain vigilant to new laws and adopt them with dispatch.
4. Review policies to determine whether its policies cover consumer financial products or services introduced since a previous examination by the CFPB or any examination by a state regulator. One of the great concerns dealers, and franchise dealers, should have is to what degree state attorneys general will be cooperating with the CFPB. Attorneys general have broader authority in the states and more manpower to apply in their investigations. Moreover, they have direct jurisdiction over franchise dealers whereas the CFPB does not.
5. Review policies relating to compliance with specific regulatory requirements (such as fair lending or the privacy of consumer financial information) and their implementing procedures.
6. Review for outdated content, the names of unaffiliated entities, or other indicators that policies are overly general or not tailored to the needs and actual practices of the supervised entity being examined. Unfortunately, there is no “one size fits all” compliance program. If there are multiple dealer locations and lines, such as a dealer group operating franchise stores, and Buy Here Pay Here (BHPH) stores, different compliance programs may be needed.
7. Review policies and procedures for products with features that may inhibit consumer understanding or otherwise pose heightened risks of (a) unfair, deceptive, or abusive practices, or (b) fair lending. “Unfair, deceptive, or abusive practices” (UDAP) is extremely broad and covers advertising and point of sale presentations.
8. Review policies and procedures for products containing features that may pose heightened risk of unlawful discrimination.
Such features may include:
- Particular incentives created by employee compensation structures;
- Discretion over product selection, underwriting, or pricing; or
- Distinctions related to geography or prohibited bases (such as age or marital status)
Pricing of the many products dealers sell and salesmen’s payment plans are subject to analysis.
9. Review policies designed to ensure that the entity’s service providers comply with legal obligations applicable to the product or service of the examined entity and the provider. Dealers contract with many vendors and are responsible for those vendors’ legal compliance. Dealers may wish to discuss and document their vendors’ compliance efforts.
10. Review policies maintained by different regional, business unit, or legal entities subject to the same corporate or board-level policies for consistency.
11. Review policies and procedures for record retention and destruction timeframes to ensure compliance with legal requirements.
12. If compliance procedures are embedded in automated tools or business unit procedures, determine that a qualified compliance officer or contractor reviewed these tools for consistency with policies and procedures and compliance with applicable federal consumer laws and approved them for the purpose for which they are utilized. The compliance officer must be conversant with software issues.
13. Draw preliminary conclusions regarding the strength, adequacy, or weakness of policies and procedures, and identify business units, delivery channels, or offices for transaction testing. Test to confirm that actual practices are consistent with strong or adequate written policies and procedures. Test to determine the impact of apparently weak procedures.
These thirteen audit items should help dealers draft their compliance programs. Once again, what remains to be determined is whether state agencies, such as state attorneys general, will adopt this approach should a franchise dealer be investigated. Or, will lending sources begin requesting that franchise dealers operate as though they are under the jurisdiction of the CFPB?
Nevertheless, a CMS program remains a good idea and one franchise dealers should implement. Many independent and BHPH dealers have no choice but to execute a CMS. The good news in putting into practice a CMS is that some of the work has already been done by dealers as they probably have implemented a safeguards or privacy program. All that remains to be done is to describe it in words and file it in the comprehensive written plan. This process is quite manageable if approached one step at a time and can be done, to a great extent, internally. But it must be done.
GOVERN YOURSELVES ACCORDINGLY