While a notable portion of the industry was in San Diego for Used Car Week, the Federal Trade Commission made a decision involving the Safeguards Rule that likely delighted attendees mingling about the Manchester Grand Hyatt, but also at dealerships, finance companies and other service providers throughout automotive.
The FTC made a unanimous decision to extend the compliance deadline for six months, allowing financial services companies to better prepare for the Safeguards Rules. Now instead of a December mandate, companies now have until June.
The FTC reiterated through a news release that the regular approved changes to the Safeguards Rule in October 2021 that include more specific criteria for what safeguards financial institutions must implement as part of their information security programs. While many provisions of the rule went into effect 30 days after publication of the rule in the Federal Register, other sections of the rule were set to go into effect on Dec. 9.
Officials explained the provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:
—Designate a qualified individual to oversee their information security program
—Develop a written risk assessment
—Limit and monitor who can access sensitive customer information
—Encrypt all sensitive information
—Train security personnel
—Develop an incident response plan
—Periodically assess the security practices of service providers
—Implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information
In a separate statement, commissioner Christine Wilson elaborated about why it was important to make this decision, one requested by the American Financial Services Association along with ACA International, the Consumer Data Industry Association and the National Automobile Dealers Association.
“While I continue to note my concerns about the revisions to the recently amended Safeguards Rule, I support extending the effective date,” Wilson said. “Labor shortages of qualified personnel have hampered efforts by companies to implement information security programs. Some estimates place the shortage of cybersecurity professionals in the 500,000 range. Supply chain issues also have led to delays in obtaining necessary equipment for upgrading systems. These factors are outside the control of financial institutions and have complicated efforts by companies to meet the requirements of the amended rule by year end.
“The revisions finalized in December 2021 did not merely codify basic security practices of most financial institutions. Rather, the modifications imposed new onerous, misguided and complex obligations,” Wilson continued. “Safeguarding customer information is important. But it is still unclear whether these mandates will translate into a significant reduction in data security risks or offer other substantial consumer benefits. Regardless of the rule’s effects, companies should be given the time necessary to correctly implement the Final Rule’s burdensome requirements. For these reasons, I support extending the effective date until June 2023.
In another news release, AFSA pointed out that this request also was endorsed by the Small Business Administration’s Office of Advocacy, other trade groups and a bipartisan group of Congressional members led by Rep. Chrissy Houlahan (D-Pa.).
“AFSA member companies provide crucial services in our economy,” AFSA senior vice president Celia Winslow said. “Extending the implementation date of the rule means that companies will be able to make appropriate enhancements to systems and staffing, ultimately benefiting consumers.”
Perhaps dealerships and other segments of the auto finance and retail spaces can take solace in the dissenting statement from one of the former leaders of the Federal Trade Commission, which ordered a Washington, D.C.-area dealer group to pay more than $3.3 million in penalties over “junk fees” and alleged discrimination.
Last week, the FTC announced an action against Passport Automotive Group for what the regulator called in a news release as “deceiving consumers by tacking hundreds to thousands of dollars in illegal junk fees onto car prices and for discriminating against Black and Latino consumers with higher financing costs and fees.”
The FTC said Passport Automotive Group, president Everett Hellmuth and vice president Jay Klein will pay more than $3.3 million to settle the FTC’s lawsuit, which the regulator said will be used to refund consumers harmed by Passport’s conduct.
Before his pre-planned resignation from his position, FTC commissioner Noah Joshua Phillips said in his dissenting statement that he had no objections to three of the four counts against the dealer group. However, the other count in the allegations prompted Phillips to explain his opposition to the regulator’s actions.
“The Equal Credit Opportunity Act (ECOA) prohibits creditors from discriminating against an applicant with respect to any aspect of a credit transaction on the basis of race, color, religion, national origin, sex, marital status, age, or because of receipt of public assistance. Per the complaint, Passport’s discretionary markup policy imposed higher costs on Black and Latino consumers in violation of ECOA,” Phillps wrote.
“The complaint also alleges that the higher costs Passport imposed on Black and Latino consumers caused substantial injury to those consumers, were not reasonably avoidable by them, and were not outweighed by any benefits to consumers and competition, and therefore Passport’s conduct was unfair. This is the first case in which the Commission has alleged that the disparate impact of business conduct is unfair,” he continued.
“I have no quarrel with Counts I and II, nor Count IV’s allegation that Passport’s discretionary markup policy violated ECOA. I would have voted in favor of a complaint limited to those complaint counts. I cannot support Count III and its novel interpretation of unfairness,” Phillips went on to say.
“Count III accomplishes nothing in this case. The sole reason for its inclusion is to announce to the world that the FTC has expanded its unfairness jurisdiction to include antidiscrimination. But because that announcement raises myriad questions about the liability rule, it serves no useful function for businesses eager to stay on the right side of the law,” he added.
Despite Phillips’ reasons, the FTC voted 4-1 in favor of the enforcement that climaxed a matter that began four years ago.
In 2018, the FTC brought action against Passport, its president and vice president, alleging the company mailed more than 21,000 fake “urgent recall” notices to consumers in 2015 and 2017, to “lure them” to visit dealerships.
In its complaint announced, the FTC alleged that Passport regularly advertises certified, reconditioned, or inspected cars at specific prices, but then added extra certification, reconditioning, or inspection fees that it falsely claims consumers are required to pay.
The FTC also alleged that Passport charged Black and Latino consumers hundreds of dollars more in financing costs and fees, on average, than White consumers. In its complaint against Passport, the FTC alleges that the company has for years violated the FTC Act and the Equal Credit Opportunity Act by:
• Charging illegal “junk fees,” as the FTC said Passport advertised vehicles as “certified,” “inspected,” or “reconditioned” at specific prices. But the FTC alleged that when customers try to pay the amount advertised for those vehicles, Passport added hundreds or thousands of dollars in fees. These fees either increase the price over what was advertised or negate any discounts the consumers negotiated.
The complaint cited one case in which a vehicle advertised for $24,050 was in fact sold for $26,440 “due to illegal add-on fees.”
The FTC said, “Passport frequently described the extra fees it charges to customers for inspection, reconditioning, or certification as required when in many instances, auto manufacturers specifically prohibit dealers from charging separately for certification costs.
• Discriminating against Black and Latino customers, as the complaint alleged that Passport regularly charged Black and Latino customers more in financing costs and fees than they charge non-Latino white customers.
Although Passport claimed that it had a policy to prevent discrimination, the complaint alleged that Passport did not even enforce or monitor the policy.
The FTC’s complaint alleged that Black and Latino consumers paid on average about $291 and $235, respectively, more in interest than non-Latino white consumers did. It also alleged that Black and Latino consumers paid an extra fee on average of 24 percent and 42 percent more often, respectively, than non-Latino White consumers.
According to the news release, Passport, its president and its vice president have agreed to a proposed federal court order that would:
• Prohibit them from charging different groups different markups: The order would require Passport to establish a fair lending program to ensure it does not discriminate going forward, including a provision that will require each Passport dealership location to either charge no financing markup or charge the same markup rate to all consumers.
• Prohibit them from deceiving consumers about prices and fees: The order would prohibit Passport from misrepresenting the cost or terms to buy, lease, or finance a vehicle, or whether a fee or charge is optional. It would also require them to only charge consumers fees with their express, informed consent.
• Require them to pay money to refund consumers: The order would require Passport to pay the FTC $3.38 million to refund consumers harmed by Passport’s unlawful actions.
“With this action against Passport and its top executives, the Commission is continuing its crackdown on junk fees and discriminatory practices that harm Black and Latino consumers,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “As families struggle with rising prices, companies that think they can hit consumers with hidden fees should think again.”
The FTC said it files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the district court judge, according to the FTC.
The Arizona Creditors Bar Association recently offered its explanation for what Proposition 209: The Predatory Debt Collection Protection Act could do to collections within auto finance and other creditor segments if voters in the Grand Canyon State approve the proposal in November.
First, according to material shared with SubPrime Auto Finance News, the association explained what this initiative could do to Arizona residents and businesses, including:
—Creates a $51,000-per-earner threshold for garnishments. Arizona’s median income is $51,000. This means those earning below the threshold cannot be garnished. Those earning above the threshold will have to make up the difference.
—Arizona residents will suffer a significant decrease in their access to credit. They will need much larger down payments to acquire credit for necessities like vehicles and appliances.
—When available, credit will become much more expensive (via higher interest rates) to make up the difference.
—Banks and lenders will take huge losses for existing loans that will become uncollectable if this initiative becomes law. Judgment creditors that have already fought and won their legal cases will see an immediate and permanent drop in recoveries.
Next, the association explained what this initiative could do to state laws, including:
—Eliminates approximately 60-70% of active wage garnishments on civil judgments, leaving businesses, landlords, and judgment creditors without legal recourse for unpaid debts.
—Effectively eliminates bank garnishments by allowing judgment debtors to legally hide $5,000 in a bank account from creditors.
—Raises the Arizona Homestead Exemption — the amount of home equity protected from unpaid businesses and creditors — to $400,000.
—Creates below-market-rate caps on interest rates related to medical debts and drastically increases a host of other personal property exemptions.
Those eight bullet points prompted association officials to ask: “How will your business model change if you cannot force people to pay their bad debt? Who will loan money to consumers if half of the state is untouchable?”
To learn more about the issue and what the Arizona Creditors Bar Association and other state organizations and business are doing, go to ProtectOurAZ.com.
As many dealers are aware, the Federal Trade Commission (FTC) recently issued new requirements to its Safeguards Rule that take effect Dec. 9. The rule requires auto dealerships with more than 5,000 customer records in their database to develop, implement and maintain an information security program to protect customer information.
To help with compliance, many dealers have hired third-party service providers such as a DMS vendor, law firm or information technology (IT) firm to write, implement and supervise the required information security program.
However, many dealers are not aware that they cannot rely solely upon third-party vendors in order to attain compliance. This means that the dealership must also designate a qualified employee to oversee said third-party supervision. The employee does not have to hold a particular degree or title, but they do need to be aware of, and knowledgeable about, the Safeguards Rule, to ensure that the dealership is compliant.
Section 314.4 of the new FTC rule states “Designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual” (if the qualified individual is employed by a third-party service provider).
This makes it clear that ultimately, the buck stops with the business owner. If a breach happens or there is a customer problem, a dealer cannot get off the hook by pointing a finger at the third-party service provider.
Additionally, it is the dealership employee’s responsibility to complete a risk assessment of all third-party providers that the dealership uses. For example, if you hire a document shredding company, a risk assessment must be completed before that company takes any documents offsite.
Additionally, the dealership employee is responsible for enforcing the rule and training other employees on the rule. The dealership employee must also write and submit an annual written report to the governing body of the dealership.
AFIP Certification recommended
The NIADA and other F&I training companies offer some compliance resources, but for comprehensive training, consider getting certified by the Association for Finance & Insurance Professionals (AFIP). AFIP is a non-profit, non-aligned sanctioning body that offers a comprehensive certification course designed to give dealership professionals all of the knowledge necessary to maintain compliance for the FTC Safeguards Rule as well as a number of other rules and regulations.
For most independent dealerships, it makes sense for the dealer principal to become the qualified, designated employee. Many dealers have become fearful of potential fines related to this rule, but there really isn’t any reason to be afraid. Knowledge is empowerment. One of the biggest benefits that attendees take away from a training class is increased confidence in how to respond to customer complaints.
Recently in AFIP certification classes there has been a shift from primarily F&I managers and general managers in attendance, to a variety of people in different roles; including dealer principals, used car managers, accounting personnel, marketing personnel and legal personnel. In today’s world compliance is every employee’s responsibility, and is no longer just in the domain of the F&I manager.
AFIP certification covers far more than just the Safeguards Rule. Enrollees will also learn about the Truth in Lending Act, Consumer Leasing Act, Equal Credit Opportunity Act (ECOA) and more.
Becoming AFIP certified helps independent dealers to reduce the number and dollar amount of chargebacks and consumer complaints; and reduces the likelihood of agency fines and settlements.
Dealership employees can get certified either online via a learning management system, or take a live, two-day workshop offered in a variety of cities. Advantages of in-person training over online training include increased focus, fewer distractions, and a comprehensive curriculum.
In her role with the EasyCare University and GWC University training teams, Erica Cooper is responsible for new hire onboarding, internal sales training, curriculum development, in-dealership coaching, and classroom training. Before joining APCO, Cooper was a Master Instructor in the Credit and Financial Services field, developing learning solutions with a focus on federal regulations and the impact they have on underwriting processes. She has also earned the prestigious title of AFIP Certified Master Instructor.
Dealer compliance expert Randy Henrick acknowledged moderate surprise that the Federal Trade Commission didn’t delay December implementation of the revamped Safeguards Rule even as industry associations and a fellow government agency recommended it.
In this episode of the Auto Remarketing Podcast, Henrick reiterated what dealers, finance companies and other service providers need to do as a result.
To listen to the conversation, click on the link available below, or visit the Auto Remarketing Podcast page.
Download and subscribe to the Auto Remarketing Podcast on iTunes or on Google Play.
F&I Sentinel might have its platform based in the cloud, the service provider is making sure it has the human resources it needs to function correctly.
This week, F&I Sentinel announced the addition of experienced software engineers Ryan McCauley and Kevin Ye, who will join the company in key roles to support the cloud-based CITADEL SaaS platform.
F&I Sentinel’s CITADEL SaaS platform is designed to be an efficient turn-key compliance solution that can protect finance companies, dealers and consumers by lessening reputation, financial, litigation and regulatory risks in connection with the sale and financing of vehicles and insurance products.
McCauley is a former USA Computing Olympics competitor, a globally recognized competitor in the Carnegie Mellon Informatics and Mathematics Competition and a first-place winner of the Florida State University Association for Computing Machinery (ACM) Programming Contest.
Before joining F&I Sentinel as a software engineer, McCauley worked with Mission Mentor, a branch of the Harvard Innovation Labs Venture Program, the Harvard Computer Society Builder Incubation Program, and MIT Spark, working with a team of developers to create and maintain a student-based mentor startup and implementing front-end software logic.
Prior to joining F&I Sentinel, Ye worked with Echo Global Logistics as a software engineer, where he designed and implemented back-end systems to support quoting, tendering, and load tracking functionalities. He also built CI/CD pipelines using Microsoft Azure Pipelines to automate testing and deployments to develop and stage environments and implemented data orchestration and streaming pipelines for analytics. Ye is certified in CompTIA Security+ and is an expert in technical support.
“F&I Sentinel offers cutting-edge solutions, and the addition of these three exceptional talents will help push us even further ahead,” said Stephen McDaniel, founder and CEO of F&I Sentinel.
“Ryan’s extensive accomplishments in computer science so early in his career enable him to lead F&I Sentinel’s platforms, while Kevin’s well-established professional experience in software engineering aligns with our innovative technology products and solutions,” McDaniel added.
Massachusetts attorney general Maura Healey made another move involving the automotive space last week, alleging more misdeeds involving how vehicles are financed.
Healey’s office is suing a Haverhill, Mass., franchised dealership for engaging in what the AG called unfair, deceptive, and discriminatory pricing practices against Black and Hispanic customers by illegally charging them hundreds of dollars more for “add-on” products when purchasing a vehicle.
According to a news release, the AG’s complaint, filed in Essex Superior Court, alleges that Jaffarian’s Service Inc., which does business as Jaffarian Volvo Toyota of Haverhill charged Black and Hispanic customers on average hundreds of dollars more than white customers for “add-on” products such as paint protection, GAP insurance and remote starters.
The AG’s complaint alleges that the dealership gave staff full discretion to markup the prices of add-on products, and its sales history shows that Jaffarian appeared to charge Black and Hispanic customers, on average, approximately $500 more and $400 more, respectively, for add-on products than similarly situated white customers.
Healey said this alleged discriminatory sales practice resulted in more than $170,000 in improper profits for the dealership in a two-year period.
The complaint also alleges that the dealership provided no training or supervision of its pricing policies and practices to prevent pricing discrimination.
The AG’s Office alleges that Jaffarian’s practices violate the state’s Consumer Protection Act and the Public Accommodations Law, which prohibits discrimination on account of race, color, and national origin in public places.
“Purchasing a vehicle is already a significant financial decision for many families and individuals — the last thing they should be worried about is unfairly paying more for a product because of their race or national origin,” Healey said in the news release.
Since 2017, Healey has handed out a wide array of actions against operators in the automotive space, including independent dealers as well as Byrider, Exeter Finance, Santander Consumer USA, Westlake Financial, and Credit Acceptance.
Last week, RISC collaborated with MBSi Corp. to deploy VendorConnect, what they called a “revolutionary” compliance management solution that can allow access to a comprehensive list of compliant, vetted third-party vendors in the repossession industry.
This week, RISC announced free RISC Pro membership for new members through the end of the year.
The third-party repossession compliance management company highlighted RISC Pro membership can provide many benefits to repossession agencies.
Additionally, the company said CARS education has been reduced for both RISC Pro members and non-members.
RISC Pro members will pay $25 per CARS and continuing education courses. Non-members will pay $75 for CARS and continuing education courses.
“The financial incentives of discounts off education and $1 off RecoveryConnect recovery fees make becoming a RISC Pro member an easy financial decision. These discounts will pay for membership almost immediately,” RISC chief executive officer Stamatis Ferarolis said in a news release.
In addition, the Drivers Safety course, which the company said is a $99 value, also is free to members.
Furthermore, members have a built-in marketing platform for their business by being featured in the RISCPro.com directory and within the RDN and MBSi platforms.
“As the leading compliance services company in the industry, RISC is continually asked by clients to provide agents who work in various locations around the country,” RISC president Holly Balogh in the news release.
“RISC supports those clients by providing them names and numbers of their RISC Pro agents. In the last four months, six major lenders have reached out to RISC for assistance to find the most compliant agents in the RISC network,” Balogh went on to say.
The company closed by noting RISC Pro members also have access to business templates, an online 24/7/365 document management platform to store their compliance information and discounted encrypted email security service from Paubox, which can allow a company to send and receive encrypted emails securely to protect them and their financial clients.
For more information about RISC Pro or to sign up, go to riscus.com/riscpro.com.
Repossessions are complicated, so MBSi Corp. and RISC are working together to help finance companies find the compliant resources they need.
This week, the SaaS provider of repossession assignment software and third-party compliance management company for the auto finance industry announced the launch of VendorConnect, what they called a “revolutionary” compliance management solution that can allow access to a comprehensive list of compliant, vetted third-party vendors in the repossession industry.
MBSi and RISC highlighted that VendorConnect can provide immediate access to compliant agents that are fully vetted and available to work for creditors and national forwarders.
VendorConnect is designed to provide full transparency of the third-party vendor and includes client propriety documents, insurance ACORDs, licenses, background checks, onsite inspections, and CARS certification.
“With VendorConnect, a client can be sure that the third-party vendors they use to handle sensitive borrower data are 100% compliant to their unique standards,” MBSi and RISC said in a news release.
MBSi and RISC reiterated that the Consumer Financial Protection Bureau’s supervisory guidance was recently updated to stress the importance of real-time data transfers to prevent the risk of wrongful repossessions and to require the monitoring of service providers.
With recovery assignment volume on the rise, MBSi and RISC pointed out that it’s more important than ever to have an audit-proof process in place and a platform that helps manage both recovery performance and compliance oversight.
Finance companies now can monitor performance down to the agent in the field, according to MBSi and RISC.
VendorConnect is where RISC will continue to provide compliance monitoring for third-party and fourth-party vendors. RISC’s compliance service offerings include:
• Vendor Vetting: insurance, business licenses, policy and procedure documents, OFAC and more
• Background checks
• Onsite inspection of the storage and office locations
• RISC’s CARS Education
“Nothing like this exists in the collateral recovery industry,” RISC founder and chief executive officer Stamatis Ferarolis said in the news release. “VendorConnect was years of collaboration between RISC and MBSi to be the next evolution of compliance management. This system provides complete transparency on who is working and recovering a client’s collateral.”
MBSi president Cort DeHart added, “This an exciting opportunity for MBSi as the software provider and our partner RISC, who provides compliance services and oversight, to be able to merge the assignment management and compliance management systems together in one efficient platform.
“We continue to work hard to ensure that we are providing the best tools we can for our customers,” DeHart went on to say.
To receive a 30-minute demo and to hear about trial offers, go to this website.
This week, new American Recovery Association executive director Joel Kennedy shared a development meant to benefit not just organization members, but potentially any repossession agent, too.
In an industry letter, Kennedy said “several” of the largest auto finance companies in the industry have agreed to allow the agents to choose what compliance training program works best for their company's business model.
To help agents make an informed decision, ARA is hosting a free webinar because, “It is time to discuss how this affects you and what steps are necessary to take advantage of this freedom of choice,” Kennedy said.
The webinar is scheduled for 2 p.m. (ET) on Wednesday. Registration for it can be completed via this website.
“All agents, regardless of ARA membership, will have the choice to participate in the CCRS compliance platform or stay with their current platform. Both options are available for all and the decision will be completely yours to make,” Kennedy said in the industry letter.
“We couldn’t be happier about the outcome and look forward to a seamless solution that benefits everyone in our industry,” he continued.
If an agent chooses to utilize the CCRS platform, Kennedy said they have to complete a form available online that authorizes CCRS to provide the required data to the vendor connect database. Kennedy indicated this is the database MBSi uses to confirm current certification.
“Once this form is completed and the database uploaded, you will have no other tasks to complete and it will be business as usual for you. You will be able to utilize the RC mobile platform to access the assignments and mark recoveries just like you always have,” Kennedy said.
“If your RISC or CCRS certificate is about to expire, now is the time to choose your preferred compliance platform. Already caught up on compliance? Awesome, now you can decide which compliance platform for you to utilize,” he went on to say.
Kennedy added that the ARA also is in the process of collecting interest forms and are currently testing with some agents.
“So, the sooner you complete the forms, the sooner we can act,” Kennedy said.
