The arrival of 2011 brought some of the biggest regulatory updates dealers have seen in a while.
With the Red Flags Rule, risk-based pricing rule and the new model privacy notice all becoming effective or enforceable on Jan. 1, dealers around the country spent the last weeks of 2010 preparing for the changes. Experts from the National Automobile Dealers Association and state and metro dealer associations held workshops and webinars to explain the steps dealers must take to be compliant.
It's no small task, said Paul Metrey, NADA's chief regulatory counsel for financial services, privacy and tax.
"In terms of employee time and resource, in terms of training that has to be conducted, in terms of making sure that reports are submitted, there's a lot to those requirements," Metrey said. "There's a definite cost to business. This just puts additional strains on businesses that have had several challenging years in the current economic environment."
NADA has no estimate of how much it might cost the typical dealership to comply with the regulatory changes. But the costs of not complying also are steep: For instance, in certain circumstances, dealerships can be fined up to $2,500 for each violation of the Red Flags Rule.
Dealerships also are vulnerable to state-level lawsuits, including class-action cases, that permit actual and punitive damages.
Compliance sweeps by regulators are expected, Metrey said.
Here's a recap of the three major updates:
1. Red Flags Rule. After five delays, the Federal Trade Commission finally begins enforcement of the rule. It has been in effect since 2008, but enforcement was on hold first to better educate businesses about the changes and then as members of Congress worked to narrow the scope of business covered by the rule.
The most complex of the three changes, the Red Flags Rule aims to prevent identity theft by first requiring businesses to identify likely indicators or "red flags" of identity theft. They then must come up with reasonable detection procedures and finally reasonable response procedures should a red flag be detected. A written program and employee training must be in place.
2. Risk-based pricing rule. This rule is designed to help consumers with below-average credit scores shop for the best available credit terms. It requires dealerships either to distribute a special notice to that subset of credit customers or to issue a credit score disclosure exception notice to all credit applicants. The notice reports the customer's credit score, how it compares with others and how to obtain a credit report and correct any errors.
Because the subset of credit-challenged customers can be hard to define, NADA is advising dealers to use the latter form, Metrey said.
While the regulation is complicated, compliance has been eased by technology vendors that have updated their software to fill out the form with the customer's information. The dealership employee can then print the notice for a credit applicant before a deal is signed.
3. Model privacy notice. The FTC has revised the model privacy notice that dates to its 2001 privacy rule. The notice explains the way dealerships and other entities collect and share customer information. The aim was to come up with a uniform notice recognizable to the customer and using the same terminology regardless of the issuing entity -- bank, dealership or mortgage company.
Donna Harris contributed to this report