As a whole, the auto industry faces tough scrutiny for compliance. As payment experts, we want to ensure you know of the payment-related dealership laws your dealership should be aware of.
The Gramm-Leach-Bliley Act
The Federal Trade Commision (FTC) defines the GLB Act as a requirement of “financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.”
This act applies to any auto dealership extending credit, offering financial advice, or arranging financing or leasing, and requires that the dealership shares its privacy policies and practices with its customers. This should include what information you collect from customers, who you share it with and how you protect it.
Customer credit card information is a major consideration. Failing to comply with the GLB Act can result in fines of up to $100,000 per violation for your dealership. Managing members of the dealership could face fines of up to $10,000 per violation, plus potential prison time.
Truth in Lending Act
Also referred to as “Regulation Z,” the Truth in Lending Act (TILA) was put in place to ensure that credit terms are disclosed in a way that consumers can easily compare. All creditors must use the same creditor terminology and expression of rates, as well as provide a number of disclosures.
The payment schedule disclosure must include the term of the loan, the total amount (including financing cost), the annual interest rate, the number of payments, amounts and timing of each installment. Using a recurring payment schedule can automate the process of collecting dues and provide documentation of the disclosure requirements.
Penalties for failing to comply with the TILA can vary depending on how action is taken: individual versus class action.
Red Flag Rule
The FTC requires “many businesses and organizations implement a written Identity Theft Prevention Program (ITPP) design to detect the warning signs – or red flags – of identity theft in their day-to-day operations.” Implementing a ITPP protects both consumers and your business. If you run a fraudulent transaction, you could be left with the losses, face a maximum fine of $3,500 per violation, and be forced to provide and retain paperwork to ensure compliance in the future.
Form 8300 to Report Cash Payments Over $10,000
The Internal Revenue Service (IRS) requires that “if, in a 12-month period, you receive more than $10,000 in cash from one buyer as a result of a transaction in your trade or business, you must report it to the IRS and Financial Crimes Enforcement Network (FinCEN) on Form 8300.” Why? To monitor and trace money laundering. Reporting large, cash payments provides precious information that can aid in finding and stopping criminals.
It’s important to note what constitutes as “cash,” and unfortunately this is where things get a bit confusing. A cashier’s check, traveler’s check, money order or bank draft with a value of $10,000 or less is treated as cash. If any of these payment methods are over $10,000 they are not treated as cash, so a form 8300 isn't required. Instead, the issuing financial institution will report a FinCEN 122.
Each person listed on any Form 8300 is required to receive a statement listing the name and address of your business, name and phone number of contact person, the total amount of reportable cash you received from that person during the year, and that you are reporting the information to the IRS.
There are various penalties you could face depending on how you mishandle the requirements around reporting cash payments over $10,000. Failing to file the correct form by its due date could result in a fine of $25,000 to $100,000. Willing failure to file the form could result in a $250,000 fine for individuals, while corporations could face up to $500,000, and possible prison time.
EMV and PCI Compliance
It’s good to keep EMV and PCI compliance in mind, as both will help your dealership remain secure. Implementing EMV-ready processing terminals is the only way to benefit from EMV’s proven fraud-reduction technology — swiping a chip card in an old-school terminal won’t cut it. Furthermore, your dealership could be liable for fraudulent EMV transactions and get hit with bank-initiated chargebacks even for authorized EMV transactions that are processed incorrectly.
PCI compliance ensures your data environment is secure. You can reduce your business’s liability by partnering with a PCI Level 1 provider that reduces your PCI scope and meets the most current security standards.
Tell us how you’ve conquered the task of complying with these car dealership laws. Do you have any tips for fellow dealerships? Share below!