Disaster recovery is a practice employed in case of a disastrous event. Many businesses count on a robust disaster recovery plan in the event their IT infrastructure fails due to cyber-attacks, natural disasters, or business disruptions.
There is a misconception by some dealers and managers that a system crash is an excuse when something goes wrong.
Most dealers rely on one or more software providers to manage and document all their transactions. Users are very adept at navigating through the various screens and inputs. These same users rely exclusively on the software to perform the different functions.
For example, dealers are required by the federales (Red Flags, OFAC) and by dealer law (desking, menus) to either vet consumers or document transparency in the process. Dealers usually rely upon a software vendor to assist in these tasks, conducting Red Flags and OFAC clearance checks and providing a pass/fail report. Menu providers have automated the voluntary protection product sales process. These softwares work a vast majority of the time, but what happens when the systems fail?
There is a misconception by some dealers and managers that a system crash is an excuse when something goes wrong. Many attorneys tell me that a vendor’s failure is still the dealer’s issue, as the dealer is expected to have oversight of the vendor. A system failure from a vendor hired by the dealer to perform these tasks does not alleviate the dealer from the requirement to conduct the tests and document results.
Possible solutions include having a backup plan, training employees to immediately notify a manager of the system issue so that corrective actions can start taking place, and training employees on the backup plan.
A dealer should document how it expects to perform any function that relies on software in the event of an outage. Backup plans can include compliance checklists, alternative methods, and storage.
- Compliance Checklist: Every deal must be reviewed by the F&I manager and a second employee, usually the billing clerk. This review is supported by a compliance checklist, which requires reviews of required processes and rely on software to perform the task.
- Alternative Methods: A dealer’s backup plan must document the alternative method an employee is to use in the event a system or software is not available.
- Storage: Many dealers are leveraging software to electronically store information, documenting compliance requirements. An effective backup plan includes instruction on how to store data or forms generated outside the standard process.
Selected Compliance Requirements and Possible Solutions
Dealers use software to complete required process such as Red Flags, OFAC, desking, and menus.
- Red Flags: A dealer is required by law to vet every consumer who is looking to purchase and finance a vehicle. The intent of the rule is to prevent potential identity theft. Most dealers use a service to perform the background check and to identify possible Red Flags that require further investigation. If the service is down, the dealer must manually vet the transaction. A Red Flags checklist helps an employee navigate the manual vetting. For example, compare the address provided in the credit bureau to the address submitted on the source credit application.
- OFAC: This law prohibits dealers from doing business with anyone designated by the federales as a potential terrorist, drug dealer, money launderer, or cyber currency dealer. When the OFAC provider’s software is down, the employee must conduct a search on the OFAC website and print the page where the customer’s name would appear — provide the OFAC URL. Another option is to use an alternative service, such as InstantOFAC. Remember to retain the search in the file.
- Menu and Desking: Most consumers absorb information better if it is presented in a visual form. Most dealers use an electronic desking and menu to create the visuals and document a customer’s agreement. When the software crashes, the dealer should have a stash of worksheets and menus for temporary use. Ensure all the standard disclosures are on the paper menu. Lock these up in the GSM’s office so they do not become an accepted alternative to the software version. This will also alert the GSM to the fact the menu system is not working and can get the repair process moving forward.
Good luck and good selling!
Gil Van Over is the executive director of Automotive Compliance Education (ACE), the founder and president of gvo3 & Associates, and author of Automotive Compliance in a Digital World.