As many dealers are aware, the Federal Trade Commission (FTC) recently issued new requirements to its Safeguards Rule that take effect Dec. 9. The rule requires auto dealerships with more than 5,000 customer records in their database to develop, implement and maintain an information security program to protect customer information.
To help with compliance, many dealers have hired third-party service providers such as a DMS vendor, law firm or information technology (IT) firm to write, implement and supervise the required information security program.
However, many dealers are not aware that they cannot rely solely upon third-party vendors in order to attain compliance. This means that the dealership must also designate a qualified employee to oversee said third-party supervision. The employee does not have to hold a particular degree or title, but they do need to be aware of, and knowledgeable about, the Safeguards Rule, to ensure that the dealership is compliant.
Section 314.4 of the new FTC rule states “Designate a senior member of your personnel responsible for direction and oversight of the Qualified Individual” (if the qualified individual is employed by a third-party service provider).
This makes it clear that ultimately, the buck stops with the business owner. If a breach happens or there is a customer problem, a dealer cannot get off the hook by pointing a finger at the third-party service provider.
Additionally, it is the dealership employee’s responsibility to complete a risk assessment of all third-party providers that the dealership uses. For example, if you hire a document shredding company, a risk assessment must be completed before that company takes any documents offsite.
Additionally, the dealership employee is responsible for enforcing the rule and training other employees on the rule. The dealership employee must also write and submit an annual written report to the governing body of the dealership.
AFIP Certification recommended
The NIADA and other F&I training companies offer some compliance resources, but for comprehensive training, consider getting certified by the Association for Finance & Insurance Professionals (AFIP). AFIP is a non-profit, non-aligned sanctioning body that offers a comprehensive certification course designed to give dealership professionals all of the knowledge necessary to maintain compliance for the FTC Safeguards Rule as well as a number of other rules and regulations.
For most independent dealerships, it makes sense for the dealer principal to become the qualified, designated employee. Many dealers have become fearful of potential fines related to this rule, but there really isn’t any reason to be afraid. Knowledge is empowerment. One of the biggest benefits that attendees take away from a training class is increased confidence in how to respond to customer complaints.
Recently in AFIP certification classes there has been a shift from primarily F&I managers and general managers in attendance, to a variety of people in different roles; including dealer principals, used car managers, accounting personnel, marketing personnel and legal personnel. In today’s world compliance is every employee’s responsibility, and is no longer just in the domain of the F&I manager.
AFIP certification covers far more than just the Safeguards Rule. Enrollees will also learn about the Truth in Lending Act, Consumer Leasing Act, Equal Credit Opportunity Act (ECOA) and more.
Becoming AFIP certified helps independent dealers to reduce the number and dollar amount of chargebacks and consumer complaints; and reduces the likelihood of agency fines and settlements.
Dealership employees can get certified either online via a learning management system, or take a live, two-day workshop offered in a variety of cities. Advantages of in-person training over online training include increased focus, fewer distractions, and a comprehensive curriculum.
In her role with the EasyCare University and GWC University training teams, Erica Cooper is responsible for new hire onboarding, internal sales training, curriculum development, in-dealership coaching, and classroom training. Before joining APCO, Cooper was a Master Instructor in the Credit and Financial Services field, developing learning solutions with a focus on federal regulations and the impact they have on underwriting processes. She has also earned the prestigious title of AFIP Certified Master Instructor.