Dealing With Compliance
The information contained in this article is not intended as legal advice. Readers should consult their own legal counsel before taking a course of action.
If you are a dealer just back from the NADA Convention, the need to comply may be buzzing in your head. If a compliance checkup is on your “to do” list, start with sales and F&I.
Make an Entrance
Invite your compliance officer (You do have a designated compliance officer for the dealership, don’t you?) to enter the building with you through a door you may have rarely used before. A different entrance can present a new view.
Now look around the dealership. What paperwork was left on desks overnight? Do you see papers that contain customer or employee non-published information (NPI)? If you do, collect the documents, note where you found them, and have a meeting with the person(s) who left the paper in public view. If your sales and F&I staff do not know which documents must be secured, make it your business to inform them. If you do not have a policy about safeguarding non-published information, you need to write one, explain it, and then enforce it.
Deal with the Rules
Here is how to comply with the Safeguards Rule: Conduct a risk assessment meeting. Keep a record of the meeting, as well as a record of the recommendations and actions that result from the meeting.
Document your company’s policies and procedures to safeguard customer and employee non-published information. Designate a compliance officer to implement your policies and procedures. You may need to appoint more than one person.
Oversee your vendors. Make sure they support your compliance efforts and also take action to safeguard your customer and/or employee information. If there is a breach of security, each of you must notify the affected customer(s) as soon as you are aware of the situation.
Conduct self-audits. Test your policies and procedures. Make another entrance.
Play it Straight
There is no alternative to the compliance paper mill. Strive to keep your documents organized. Make sure you separate “Do Not Call” procedures from Safeguarding procedures.
Remember to orient new hires to your Safeguards policy. You will have a better opportunity to imprint its importance if you review the Safeguards Rule on a day that is not mixed with job applications and interviews, drug testing, dress codes, and group insurance forms.
Review your Safeguarding rules quarterly. To prepare for these sessions, consider who has been hired during the quarter, or who needs a reminder to keep non-published information out of public view, and who has forgotten to lock desks, file cabinets, or office doors.
I think it is safe to assume that we will not see a time when we need not comply with NPI Safeguards for making deals. Bearing in mind when it’s our turn to buy we want the seller to comply may make it easier to let safeguards rule.
Dealer Marketing Magazine, March 2007