Compliance Is Not a Program Du Jour

I cut my teeth in this industry with a domestic captive. At one point, I held a staff position. Staffers at this captive fell into one of three categories: really smart people and career staffers, steady Eddies and career staffers, and then me, a field operations person who needed staff experience on his career path internal resume.

Once the polices have been written and the employees and managers have been trained, they must perform. And you must verify.

While on staff, I was tasked with creating a new marketing program at the behest of a branch manager somewhere. As I started gathering information, one of the steady Eddies asked what I was working on. After sharing the details, he said, “Oh, you’re working on the latest program du jour.” 

My puzzled look obviously didn’t hide my naivety. He expounded: “Every time a branch manager gets called on performance issues, miraculously it is because there is a hole in our marketing curriculum. So, we get tasked with creating a program that will be introduced with a big splash, then sit in a desk drawer or on a shelf, never to be used.” 

Kind of sounds like the compliance initiative at some of our past clients’ stores.

Compliance Management System

We are often called in to start the process of establishing and documenting a compliance management system (CMS). It includes the compliance program and the compliance audit function. The compliance program consists of the policies and procedures which guide employees' adherence to laws, regulations, and potential litigation defense. The compliance audit function is an independent testing of the retailer’s transactions and processes to determine its level of compliance with consumer protection laws, as well as the effectiveness of,and adherence with, policies.

At some point, with some dealers, we get halfway through the process and the dealer stops. The dealer was trying to implement a legitimate defense against regulatory oversight or potential litigation but gave up. The dealer treated a CMS as a program du jour.

Continuous Monitoring Bridges the Gap

Our ongoing dealer relationships all have one thing in common. They embrace a CMS and have a documented, structured approach to conducting transactions in a compliant fashion. 

They didn’t always start that way. Most newer clients have good intentions, but they may not have all the information, have overlooked a compliance requirement, or listened to compliance advise from their caddies. The key to bridging the gap between a program du jour to a CMS that will help deflect claims is to continuously monitor the output of the system.

In other words, once the polices have been written and the employees and managers have been trained, they must perform. And you must verify.

Continuous Monitoring is the process and technology used to detect compliance and risk issues over time. It is more than auditing, in that one audit is a snapshot in time, whereas continuous monitoring tracks audits over time with the desired result of detecting weaknesses in a CMS.

The weakness can be bad policies and procedures, training-related, or staff-related. Continuous monitoring is a tool to help you understand there is a weakness.

Why Worry About CMS and Continuous Monitoring

The federal government’s landscape is likely to change in the next year or so.

• Consumer Financial Protection Bureau: This agency requires the businesses it has oversight of to have a CMS in place. Additionally, some of the Trump administration’s actions have already been rescinded, and many in the industry expect the CFPB to revisit the Fair Lending Guidance issued during the Obama administration. 
• Federal Trade Commission: New commissioners on the FTC board could move the agency to finalize the long-rumored inquiry into Voluntary Protection Products.
• Department of Justice: The DOJ remained active during the Trump administration pursuing dealers for credit application and bank fraud. I do not expect it to slow down.
• Department of Defense: George Carlin once called military intelligence an oxymoron. Even though I’m a military brat, I must confess the idea of restricting Gap sales to military personnel and dependents a bad decision, which was thankfully rescinded under the Trump administration. Don’t be surprised if it is resurrected with the current administration.

If you do not have a CMS and continuous monitoring in place now, today is a good day to start. Don’t treat compliance like a program du jour.

Gil Van Over is the executive director of Automotive Compliance Education (ACE), the founder and president of gvo3 & Associates, and author of Automotive Compliance in a Digital World.

READ: Non-Excuses for Non-Compliance