The term “compliance management system” raced into our consciousness when the Consumer Financial Protection Bureau formalized a Compliance 101 program and required all the financial institutions it oversees to have a formal CMS in place. Many in our industry believe the Federal Trade Commission, which has oversight of the auto industry, will eventually require that auto retailers implement a CMS in all aspects of dealership operations.
The day may be coming soon when documenting will be as important as doing.
The first exposure many in the industry had to a CMS was when the Safeguards Rule was implemented by most dealerships. The steps required to properly develop a Safeguards program are like the steps required to develop and to implement a CMS.
Most of our shared dealer clients have implemented a CMS, although ironically these dealers do not necessarily recognize their compliance efforts as implementing a CMS. Eventually, your dealer client may ask for your help to implement a CMS, for product sales or menu execution.
A CMS is simply a structured approach to developing and implementing processes in each phase of dealership operations that are compliant with any state, federal, or industry-standard requirements.
Overview of a CMS
A compliance management system is the method by which a dealer manages the entire consumer compliance process. It includes both the compliance program and the compliance audit function.
The compliance program consists of the policies and procedures, which guide employees’ compliance with laws, regulations, and potential litigation defense.
The compliance audit function is an independent testing of the dealer’s transactions and processes to determine its level of compliance with consumer protection laws and internal policies and procedures.
The process to develop and implement a CMS is consistent with the required components outlined by the FTC in its guidance with the Safeguards Rule and the Red Flags Rule. These components are:
Appoint a compliance officer.
Conduct a risk assessment to gauge current practices vis-a-vis requirement.
Develop a policy and procedure to address the compliance requirements.
Provide and document employee training on the policy and procedure manual.
Perform periodic audits to confirm compliance with the policy and procedure manual.
How to Implement a CMS in the Dealership
Let’s use the Monroney Rule, a rather simple federal requirement, as an example of how the CMS compliance model would work at a dealership.
The first task is to understand the compliance requirement. The Monroney Rule requires that all new vehicles offered for sale have a Monroney label affixed to a window.
Now that the requirement is understood, a dealer must conduct an assessment to see how the dealership is complying with this requirement. The logical approach would be to do a lot walk and review the placement of the Monroney label on each vehicle.
Next, the dealer would create a written procedure that explains how the dealership will comply with the requirement to have a Monroney label on every new vehicle. Salient points would include requiring an employee to confirm each new vehicle received from the factory has a Monroney label properly affixed to the vehicle before it is offered for sale.
Another requirement would be to assign an employee to conduct periodic lot walks to ensure Monroneys are properly affixed and visible on all vehicles available for sale. Dealers may want to also include required training of all salespeople who oversee test drives to confirm the Monroney is still affixed after a test drive.
Once the procedure is written, it becomes a policy. The fourth step in implementing a CMS is to train the employees on the policy and instruction on the procedures required to implement the policy. Employees should acknowledge the training, their understanding of the topic, and agreement to adhere to the policy.
The final step to implement a CMS is to schedule periodic inspections of the vehicle available for sale to ensure that each one has a Monroney label affixed to a window. In this audit step, a separate employee should conduct periodic lot walks to verify compliance with the policy. These periodic audits should be documented and retained.
Most successful dealers intuitively use the CMS model to manage compliant processes in the dealership, they may not be documenting the approach. The day may be coming soon when documenting will be as important as doing.
Good luck and good selling.
Gil Van Over is the executive director of Automotive Compliance Education (ACE), the founder and president of gvo3 & Associates, and author of “Automotive Compliance in a Digital World.”
