Regulations: Federal (Part 3)
The Federal Trade Commission and the Consumer Financial Protection Bureau
Gramm-Leach-Bliley Act – Safeguards Rule
We now conclude our discussion of federal regulations. There are several portions of the Gramm-Leach-Bliley Act (or GLBA) that apply to car dealers. Here we’ll talk about the Safeguards Rule, which is overseen by the Federal Trade Commission.
The purpose of the Safeguards Rule is to protect consumer’s private information from identity theft and from fraud.
Who must comply? Well any business that collects personal NONPUBLIC information from consumers including driver’s license numbers and social security numbers. Businesses must have a written policy describing how they protect their customers information including electronic data.
You must train your employees and you must monitor compliance AND ensure that any OTHER businesses you share information with also have a written policy.
Gramm-Leach-Bliley Act – The Privacy Rule
Now let’s look at the GLBA with regard to the Privacy Rule. The purpose here is to limit how businesses can share information about consumers who finance purchases.
Any business that engages in “financial activities” including both buy-here pay-here dealerships and those that assist their customers with financing are required to comply.
You are required to provide a Privacy Notice as soon as you accept a customer’s NONPUBLIC personal information. You must provide your finance customers with a Privacy Notice at the time of the transaction or sooner and annually for buy-here pay-here dealers as long as the account is active. A model notice is available on the FTC website. Businesses are limited on how they can share a customer’s NONPUBLIC personal information.
Now keep in mind if you do not share customer information – with any kind of third party – except as allowed in the Rules exemptions, you can use the simplified Privacy Notice.
The FTC has enforcement authority.
The Red Flags Rule
Here we have another rule meant to protect consumers from financial fraud and identity theft.
Any business that regularly, and in the ordinary course of business, uses credit reports in connection with a credit transaction must comply with the Red Flags Rule. So, if you pull credit, or report credit, this applies to you.
The businesses must have a written policy assessing the risk of identity theft; and their “red flags” specifically.
The policy must also disclose how they detect red flags and how they respond to them in order to prevent identity theft.
Dealerships must verify the identity of any consumer applying for credit.
The FTC has enforcement here and more information at their website on the Red Flags Rule.
The Risk-Based Pricing Rule
Now the purpose of this rule is to provide consumers information and protection in credit transactions.
If you offer varying cost for credit based on the consumer credit score, you must provide customers who pay more for credit with a specific notice.
Any business that pulls a credit report AND varies the cost of credit according to that report, must comply, including buy-here pay-here dealerships and those that assist with financing.
Optionally, you can provide all customers who apply for credit with a Credit Score Disclosure Exception Notice. Both these forms are available from your credit reporting agency.
The Risk Based Pricing Rule is enforced by the Consumer Financial Protection Bureau.
You can get more information on this from the CFPB website under Risk Based Pricing.
Service Members Civil Relief Act
The purpose of this act is to protect service persons who are entering active duty.
Now as to who must comply. Creditors such as car dealers, dealing with persons ENTERING active duty after the contract is signed must reduce the finance rate to 6% and it prohibits repossession without a court order.
This Act does NOT apply to an active duty service person who enters into the contractual arrangement WHILE ALREADY ON active duty.
The CFPB has enforcement authority.
National Do Not Call Registry
Dealers also may be subject to the National Do Not Call Registry. The purpose of this registry is to allow consumers to opt-out of telemarketing calls.
Any seller placing a solicitation call – the definition of which includes most dealers – is required to
- register as a seller.
- scrub numbers to avoid calling anyone on the Do Not Call list.
- keep records, train and maintain your list.
This is enforced by the FTC as well as the Federal Communications Commission.
More complete information is available at the donotcall.gov website.