We are witnessing a fundamental shift in the way auto dealers address regulatory compliance. Dealers are discovering that compliance needs to be a storewide effort rather than placed solely on the shoulders of the men and women manning the F&I department. And the impetus behind this shift is threefold.

The first is the exponential increase in the number and complexity of regulations governing all phases of dealership operations. Second, employees and consumers expect to be dealt with fairly. And with the wealth of information available online, transactions are now, for the most part, transparent. Then there’s the Consumer Financial Protection Bureau, which has called for all creditors to establish a Compliance Management System (CMS).

So, just as the federal government recognized that every dealership would have to hammer out the details of their identify theft prevention programs, every CMS will be unique to the dealership it protects. So what should a CMS look like? Here are a few suggested elements your program should contain.  

1. Corporate Compliance Officer
The Red Flags and Safeguards Rules mandated the appointment of a corporate compliance officer (CCO) to manage a dealership’s programs for securing customer data and for preventing identity theft. But that role needs to expand to all facets of dealership operations, which means your CCO will have to make compliance his or her primary responsibility. In fact, those duties may be enough to make the CCO role a full-time job. Whatever you decide, the CCO must have authority to enforce the standards established by the store’s CMS.

The initial task performed by the CCO is to work in concert with the dealer principal and department managers to identify areas of risk that need to be addressed — from satisfying requirements set by the Occupational Safety and Health Administration (OSHA) in the back of the store to complying with the Equal Credit Opportunity Act (ECOA) in the front. The collaborative end result is a written CMS program that breaks down the key areas of regulatory interface into specific compliance standards and operational processes.  

2. Compliance Management System
Again, the right CMS will vary by store, but there are at least four items a CMS must include:

1. The integration of the CMS standards into every facet of the dealership operation, including the employee handbook, individual job descriptions, pay plans and standards for promotion. Bottom line, regulatory compliance must become an integral part of the corporate culture.  

2. The presence of mandated audit procedures for every compliance-related component of the program. Additionally, individuals who violate dealer or CMS policy should receive written notices of the infraction with consequences clearly defined.

3. The requirement that upper management review the store’s CMS on a timely basis — once a year at a minimum.

4. The review of the initial and all formally updated versions of the CMS by a qualified attorney or attorneys. Upon completion of the review, a letter should be sent to the board of directors affirming that areas in need of compliance oversight have been identified and that no portion of the store’s CMS is in violation of the law.

3. Service Providers
The dealership’s CMS standards also apply to the selection of lenders and vendors that support dealership operations. A prime consideration is their ability to provide regulation-specific training for any employee whose job description requires adherence to a state or federal regulation.

All regulation-based training should include a proctored, closed-book final exam that accurately measures competence. Dealership employees with compliance officer duties, for example, are completing the AFIP Certified F&I Professional program in record numbers.

No Time to Wait
Dealers who fail to establish a proper CMS leave themselves open to administrative and legal action. The true test of leadership isn’t how well a leader handles a regulatory crisis, but whether he or she took the steps necessary to avoid the crisis in the first place. Implementing an in-store CMS just might be the dealer principal’s most timely New Year’s resolution for 2014.