Inovatec Systems is making sure its operations are secure for clients in multiple countries.
The provider of cloud-based software solutions for auto finance companies in the U.S. and Canada announced last week that it has successfully completed all SOC certification processes, including SOC1, SOC2, and SOC3 audits.
Inovatec said it is in compliance with all industry-accepted data privacy and information security mandates.
According to a news release, the certification was conducted by Schellman Compliance, an ANAB and UKAS accredited certification body based in the United States.
The company recapped that SOC (system and organizational control) reports are designed to help providers establish trust in their services and products, including service delivery processes and controls.
An independent certified public accounting (CPA) firm must perform the evaluations, which are designed to help providers demonstrate the ability to manage risk and meet contractual obligations.
SOC certification includes:
—SOC1, covering financial reporting capabilities and their impact on client financial reporting responsibilities
—SOC2, which assesses data security and privacy processes
—SOC3, a comprehensive evaluation of system requirements as they relate to service commitments
Inovatec said it successfully satisfied the requirements of the SOC1, SOC2, and SOC3 examinations.
Inovatec reiterated that its cloud-based technology can allow finance companies to streamline processing, decisioning and management with intelligent automation that can be configured to meet client’s needs.
Inovatec’s systems can allow finance companies to adjust workflows as needed, helping them to grow their business in a competitive industry, without compromising on data security, privacy and regulatory compliance.
“Maintaining comprehensive SOC compliance is of paramount importance to Inovatec, our partners and our clients who rely on us to use a combination of advanced technology and best practices to ensure data privacy and security,” Inovatec chief operating officer Danijela Kovacevic said in the news release.
“We invest heavily in hardening our platform and training our staff on appropriate measures to protect sensitive data. The SOC certification validates that our efforts to adhere to accepted industry practices are correct and appropriate,” Kovacevic continued.
For information on Inovatec’s integrated loan origination system, loan management system and customer portal solution, visit www.inovatec.com.
Complications involving leased vehicles landed GM Financial into actions taken by the Department of Justice.
On Wednesday, the Justice Department announced that GM Financial has agreed to pay more than $3.5 million to resolve allegations that the captive violated the Servicemembers Civil Relief Act (SCRA) by illegally repossessing 71 servicemembers’ vehicles and by improperly denying or mishandling more than 1,000 vehicle lease termination requests.
In a message sent to Cherokee Media Group, GM Financial said, “GM Financial has been fully cooperative and responsive throughout the investigation opened in 2018 by the Department of Justice into compliance with the Servicemember’s Civil Relief Act.
“As announced (Wednesday) by the Department of Justice, we have reached a settlement agreement regarding processing of a subset of SCRA-protected accounts. Over our 30-year history, GM Financial has maintained a strong track record of fair lending practices and compliance with all regulatory requirements. We remain committed to ensuring the customer experience is handled responsibly, ethically and exceeds the customer’s expectation,” the captive said.
According to a news release, the Justice Department began investigating GM Financial after receiving a complaint about a potential violation involving U.S. Army Chief Warrant Officer 3 (CW3) Thomas Gorgeny.
In September 2017, the Justice Department said CW3 Gorgeny received orders to deploy overseas for 10 months and requested that GM Financial allow him to terminate his vehicle lease early pursuant to the SCRA.
Although GM Financial told CW3 Gorgeny that his early termination request was approved and he returned his vehicle to the dealer, months later, while he was deployed overseas, government officials said CW3 Gorgeny received a letter from the captive demanding that he pay more than $15,000 to cover the entire remaining period of the lease, as well as costs associated with the sale of the vehicle.
In a complaint filed in the U.S. District Court for the Northern District of Texas, the Justice Department alleged that, since 2015, GM Financial has improperly denied servicemembers’ lease termination requests, charged servicemembers improper early termination fees or lease amounts after the date of termination, and failed to provide servicemembers timely refunds of lease amounts they paid in advance.
The Justice Department also alleged that GM Financial’s failure to properly handle servicemembers’ lease termination requests resulted in more than 1,000 SCRA violations.
Furthermore, the complaint also alleged that, since 2015, GM Financial has unlawfully repossessed 71 vehicles owned by SCRA-protected servicemembers.
Officials explained the SCRA is a federal law that provides certain legal and financial protections for servicemembers and their families. The law prevents an auto finance or leasing company from repossessing a servicemember’s vehicle without first obtaining a court order, as long as the servicemember made at least one payment on the vehicle before entering military service.
The SCRA also allows servicemembers to terminate a vehicle lease early after entering military service or receiving certain qualifying military orders. If a servicemember terminates a vehicle lease under the SCRA, the leasing company may not impose any early termination charges and must refund, within 30 days, any rent or lease amounts paid in advance, according to the Justice Department.
Under the consent order, GM Financial has agreed to pay $3,534,171 to the affected servicemembers and a $65,480 civil penalty to the United States.
Officials said GM Financial will pay at least $10,000 to each of the 71 servicemembers who had their vehicles unlawfully repossessed.
For the servicemembers who were charged an improper fee when they terminated their vehicle leases, officials said GM Financial will refund the fee and will pay additional damages of three times the fee or $500, whichever is greater. Servicemembers whose requests to terminate their vehicle leases were improperly denied will receive a refund of certain payments plus up to $5,000 in additional damages, according to the Justice Department.
The order also requires GM Financial to repair the servicemembers’ credit, provide SCRA training to its employees, and implement policies and procedures that comply with the SCRA.
“Members of our Armed Forces should not have to suffer financial hardship as a result of their service to our nation,” said Assistant Attorney General Kristen Clarke of the Justice Department’s Civil Rights Division.
“The Civil Rights Division remains steadfast in its commitment to enforcing laws that safeguard the rights of our servicemembers so that they can devote their energy and attention to the defense of our country,” Clarke continued in the news release.
“The last thing servicemembers should be worried about while deployed is paying off vehicle leases they don’t want and can’t use,” added U.S. Attorney Chad Meacham for the Northern District of Texas. “As members of our armed forces put their lives on the line for our country, we are determined to protect their rights here at home.”
In an effort to help banks and credit unions, Abrigo and RouteOne announced on Tuesday how they’re now working together.
Abrigo, a provider of compliance, credit risk and lending solutions for financial institutions, is now integrated RouteOne, which helps to facilitate indirect auto financing. The companies said their integration is designed to ensure community financial institutions can create a streamlined and efficient buying experience for their customers at a dealership.
RouteOne’s indirect auto financing software can create efficiencies in data collection and credit applications by leveraging web-based technologies and electronic application processes. The result is a faster vehicle financing process.
By collaborating with Abrigo and creating an integration with the Sageworks Loan Origination Software, banks and credit unions using Abrigo’s Sageworks lending software can support their customers and members in the auto-finance process.
The companies said that having a streamlined system from the dealership and continuing through to the financial institution ensures data integrity, efficiency, and, most importantly, a faster consumer lending process.
With critical features like direct import into the application, instant decisioning and direct communication between the financial institution and the dealership, Abrigo president Jay Blandford said the Abrigo LOS system can give banks and credit unions a flexible and powerful tool for indirect auto financing.
“Community banks and credit unions are always looking for ways to support their customers and members. At Abrigo, we never lose sight of that goal, making sure every feature, every function of our products drives toward a better customer experience,” Blandford said in a news release.
Amber Haseley is director of customer relationships at RouteOne.
“RouteOne is pleased to announce the availability of Abrigo with our platform. We have a shared interest in continually streamlining the vehicle financing process and serving our dealer customers with innovation and efficiency,” Haseley said in the news release.
“In addition, this integration builds an infrastructure that will make it easy for any of Abrigo’s participating financial institutions to harness the power of RouteOne’s technology and best serve their dealer customers,” she went on to say.
A recent study commissioned by RiskScreen, a provider of onboarding, screening and in-life monitoring technology, found two-thirds of compliance professionals at banks rely on manual processes for performing know-your-customer checks.
Despite 70% of respondents agreeing that the pandemic has accelerated digital transformation in the banking sector, the study also indicated that more than half of respondents said that the number of false positives delivered by their existing solutions are too high.
The survey, which was highly targeted to the banking sector, also revealed that 65% of compliance workers are still relying on Google for manual adverse media searches. RiskScreen explained adverse media screening is a part of the anti-money laundering and know-your-customer due diligence processes that regulated entities, such as banks and insurance providers, must perform when onboarding new customers.
According to Stephen Platt, RiskScreen chief executive officer and co-founder of the International Compliance Association, relying on manual processes is hampering financial institutions’ ability to generate revenue while simultaneously exposing them to unnecessary risk.
“Manual processes not only waste valuable employees’ time and add to the friction of a negative customer experience, they also significantly impact a bank’s time to generate revenue from new and existing business,” Platt said in a news release.
“From a financial crime perspective, they can leave banks unnecessarily exposed to human error, risk from regulatory fines and huge reputational damage,” he continued.
Interestingly, the survey found that — despite a majority of respondents admitting to relying on manual processes in part to conduct their due diligence checks — the risk of fines and serious legal consequences was their top concern in relation to compliance failures.
Although the adoption of regtech solutions in the banking sector accelerated throughout the course of the pandemic, Platt argued that banks are still struggling with onboarding and screening customers efficiently while remaining compliant.
“While the pandemic certainly accelerated digital transformation, financial institutions still seem to be struggling with overly long onboarding times as well as dealing with monitoring risk with existing customers,” Platt said.
“If the banking sector wants to truly accelerate their processes and achieve faster revenue, then they must start investing in the technology and tools that will make it easier and quicker for compliance professionals to do their job effectively,” he went on to say.
The full report can be downloaded via this website.
Inovatec passed the complex tests for the third year in a row.
The provider of cloud-based loan origination and loan management solutions announced on Tuesday that it has again completed its SOC 1 and SOC 2 Type II audits, performed by KirkpatrickPrice.
Inovatec said its security and compliance procedures have been annually audited by a recognized third party since 2018, reinforcing its ongoing commitment to providing quality solutions and services that abide by the highest security guidelines.
Inovatec explained SOC 1 and SOC 2 audits can provide independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the American Institute of Certified Public Accountants (AICPA).
During a SOC 1 audit, a service organization’s controls that are relevant to internal controls over financial reporting are tested. An SOC 2 audit tests a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality and privacy of a system.
The company said the SOC 1 and SOC 2 reports delivered by KirkpatrickPrice verify the suitability of the design and operating effectiveness of Inovatec’s controls to meet the standards for both of these sets of criteria.
“Maintaining data security and adhering to the strictest compliance guidelines is paramount for our company and our clients, and we are pleased that our technologies and methodologies have passed these rigorous auditing processes,” Inovatec chief executive officer Vlad Kovacevic said in a news release.
“Even as we achieve these certifications, Inovatec’s pledge is to continue investing in advanced technologies and new protocols to fortify our platform and give clients and consumers the utmost confidence that their personal information is truly secure.”
Inovatec’s sophisticated solutions are designed to create efficiencies for finance companies, dealers, credit analysts and underwriting teams. Its robust automation can expedite the approval process, providing a competitive advantage for finance companies in a challenging market.
The company also serves as a consultative business partner to finance companies, helping them to deliver an efficient, customizable financing experience. Inovatec conducts independent audits to validate its security compliance each year, confirming that its LOS, LMS, and direct solutions meet and exceed all industry standards.
“Inovatec’s clients rely on the company to protect consumer data throughout the loan origination process,” said Joseph Kirkpatrick, president of KirkpatrickPrice.
“As a result of this responsibility, Inovatec has implemented best practice controls to address information security and compliance risks. Our third-party opinion validates these controls and the tests we perform provide assurance that Inovatec’s practices and solutions will meet its clients’ expectations,” Kirkpatrick went on to say in the news release.
Researchers are beginning to examine the possibility of “digital discrimination” in light of a lot of commerce happening online and through mobile technologies.
Previous Used Car Week speaker Allen Denson, who is now a partner in the Washington, D.C., office of Venable, joined senior editor Nick Zulovich on the Auto Remarketing Podcast to consider what “digital discrimination” could be and how regulators might play a role.
To listen to this episode, click on the link available below, or visit the Auto Remarketing Podcast page.
Download and subscribe to the Auto Remarketing Podcast on iTunes or on Google Play.
Earlier this week, the Office of the Comptroller of the Currency assessed a $85 million civil money penalty against USAA Federal Savings Bank.
According to a news release, the OCC took this action based on the bank’s failure to implement and maintain an effective compliance risk management program and an effective information technology risk governance program.
Officials explained these deficiencies resulted in violations of law, including but not limited to violations of the Military Lending Act and the Servicemembers Civil Relief Act.
The regulator indicated USAA is in the process of remediating these violations pursuant to the requirements of a January 2019 consent order the bank entered into with the OCC.
The consent order detailing the new penalty mentioned that the comptroller found — and the bank neither admits nor denies — the following:
— The bank has failed to implement and maintain an effective compliance risk management program and an effective IT risk governance program commensurate with the bank’s size, complexity and risk profile. The bank has deficiencies in all three lines of defense (first-line business units, independent risk management, and internal audit) in its compliance risk management program.
— As a result of the deficiencies described, the bank engaged in violations of law, including but not limited to violations of the Military Lending Act and the Servicemembers Civil Relief Act. Such violations are being remediated pursuant to Article VI of the 2019 order.
— By reason of the foregoing conduct, the bank engaged in unsafe or unsound practices and violations of law, which were part of a pattern of misconduct.
The OCC said the penalty will be paid to the U.S. Treasury.
The National Association of Federally-Insured Credit Unions (NAFCU) recently developed a new white paper that outlines six essential principles for implementing a national data privacy standard as lawmakers – at both the federal and state level – consider new legislation regarding consumers’ data privacy.
The rundown of those six principles includes:
1. A comprehensive national data security standard covering all entities that collect and store consumer information.
NAFCU believes that financial institutions and non-financial institution entities — including fintech, retailers, and others that handle personal information — should be held to the same data privacy and security standards, which currently is not the case.
2. Harmonization of existing federal laws and preemption of any state privacy law related to the privacy or security of personal information.
Without a federal standard in place, NAFCU said that states have taken solutions into their own hands. However, NAFCU is concerned that the patchwork of privacy laws has created a confusing, burdensome environment.
3. Delegation of enforcement authority to the appropriate sectoral regulator.
For credit unions, the NCUA insisted it should be the sole regulator. NAFCU is supportive of a strong, independent NCUA as the agency is well-versed in credit unions’ unique nature and is best equipped to examine credit unions for data privacy and cybersecurity compliance.
4. A safe harbor for businesses that take reasonable measures to comply with the privacy standards.
Official said a federal data privacy bill should take a principles-based approach to its requirements based on an institution’s specific operations and risk profile. Those organizations that develop and implement appropriate measures should be provided a safe harbor.
5. Notice and disclosure requirements that are easily accessible to consumers and do not unduly burden regulated entities.
NAFCU recommends incorporating requirements from the Gramm-Leach-Bliley Act (GLBA), which credit unions are already subject to, to avoid conflicting or duplicative disclosure requirements.
6. Scalable civil penalties for noncompliance imposed by the sectoral regulator that seek to prevent and remedy consumer injury.
Given the difficulty in establishing damages to consumers, which increases the likelihood of frivolous lawsuits, NAFCU suggested each regulator should have the ability to assess scalable civil penalties to remedy and prevent consumer harm.
“With data breaches on the rise, protecting consumers’ data is more important today than ever before,” NAFCU president and chief executive officer Dan Berger said. “Recent events prove that vulnerable data security standards place consumers at significant risk, and a national data privacy standard would help ensure consumers’ data is fully protected, while also continuing to foster innovation and help grow our economy.
“NAFCU looks forward to working closely with lawmakers as they look to reform our outdated policies,” Berger went on to say.
The complete 37-page white paper can be downloaded here.
Development of the California Consumer Privacy Act (CCPA) took another crucial step last week.
California attorney general Xavier Becerra released proposed regulations under the CCPA that was signed into law last June. Officials say the law provides consumers with “groundbreaking” new rights on the use of their personal information.
The law mandates that on or before July 1, the office of the attorney general circulates and adopts regulations for the CCPA.
The comment period regarding these proposed regulations has now started, according to the attorney general’s office.
“Knowledge is power, and in the internet age, knowledge is derived from data. Our personal data is what powers today’s data-driven economy and the wealth it generates. It’s time we had control over the use of our personal data. That includes keeping it private,” Becerra said in a news release.
“We take a historic step forward today to protect Californians’ inalienable right to privacy. Once again, California leads the way putting people first in the age of the internet,” Becerra continued.
The CCPA includes the following key requirements:
— Businesses must disclose data collection and sharing practices to consumers.
— Consumers have a right to request that their data be deleted.
— Consumers have a right to opt out of the sale or sharing of their personal information.
— Businesses are prohibited from selling personal information of consumers under the age of 16 without explicit consent.
The California attorney general explained the proposed regulations are intended to operationalize the CCPA and provide practical guidance to consumers and businesses subject to the law. The office added the regulations would address some of the open issues raised by the CCPA and would be subject to enforcement by the Department of Justice with remedies provided under the law.
Officials also mentioned the proposed regulations were drafted after a broad and inclusive preliminary rulemaking process, which included seven public forums held throughout the state and a public comment period during which the office received more than 300 written comments.
A copy of the California Consumer Privacy Act Proposed Regulations and other related documents can be found at www.oag.ca.gov/ccpa.
This complicated regulation also was addressed during the Automotive Intelligence Summit this past July. The CCPA’s author and other experts participated in a panel discussion that can be heard via the episode of the Auto Remarketing Podcast available below.
Franchised dealerships in the Golden State now have another resource to foster compliance with privacy regulation set to be implemented in less than a year.
According to a news release distributed on Tuesday, Helion Technologies has partnered with the California New Car Dealers Association (CNCDA) to educate dealers on how to comply with the California Consumer Privacy Act (CCPA). Officials explained the sweeping new privacy law takes effect in January, imposing new data security standards on dealerships located in California as well as third-party vendors that access and/or store customer data from these dealerships.
In a nutshell, Helion Technologies indicated the CCPA requires businesses to implement “reasonable measures” to protect consumers’ personal data. The California attorney general defined “reasonable measures” as compliance with 20 controls established by the Center for Internet Security.
“For most dealers, compliance will require significant upgrades to their software, hardware and data security equipment,” said Erik Nachbahr, president and founder of Helion Technologies. “Additionally, dealerships will need to implement internal processes designed to keep data safe, and provide their employees with security awareness training.”
Helion Technologies indicated the CCPA applies to any business that meets one of these requirements:
1. Grosses $25 million or more in revenue
2. Buys, sells or shares personal information for 50,000 or more consumers
3. Derives 50% or more of its revenues from selling consumers’ personal information
The firm pointed out that many dealerships meet the first two requirements. In addition to dealers, the CCPA applies to third parties located outside of California. This situation means that auto manufacturers, dealership management software (DMS) vendors, CRM vendors, marketing vendors and any other entity that dealers share their customers’ personal information with, must also comply with the new law.
Helion Technologies went on to note the CCPA gives more rights to consumers related to how dealerships may collect and use their information. Once the laws take effect, upon a request from a consumer, the firm said dealers will be required to:
• Correct inaccurate consumer data
• Delete the consumer’s personal data unless it’s necessary to do business, as well as delete all of their data from the databases of third parties with which you’ve shared such information
• Restrict processing or sharing of information if the consumer objects to its usage for reasons not related to the purpose for which it was collected; such as usage in direct marketing
• Allow customers to easily opt-out of having their personal information sold to a third party
Dealerships are also required to proactively provide full disclosure to consumers about what their data is used for, who it gets shared with and for what purpose, at the time said data is collected, according to Helion Technologies.
The firm added non-compliance may result in fines and a flood of litigation from consumers.
“CNCDA is excited about our new partnership with Helion and the technical expertise they will bring to our members. We are committed to supporting the necessary outreach and critical education so that California dealers better understand the legal requirements of the CCPA, as well as the most cost-effective ways to keep their dealerships in compliance,” CNCDA president Brian Maas said.
“Helion’s knowledge in data security and technology will be enormously helpful to our dealer members as they navigate bringing their networks up to CCPA standards,” Maas added.
The pending regulation will be discussed in even more detail during the Automotive Intelligence Summit. Mary Ross, president of Californians for Consumer Privacy, and former CIA Counterintelligence Officer and counsel on the House Intelligence Committee, will explore the intersection of data privacy and big data during the event, which runs July 23-25 in Raleigh, N.C. Early bird registration discounts are already available.
