Zurich: Understanding the regulatory environment is key to protecting the bottom line

Auto dealers are facing a myriad of challenges as they kick off 2023. Auto theft, cyber security, supply chain / inventory shortages, talent retention and acquisition, new consumer demands including digital sales; and regulatory changes are just some of the issues that are top of mind.

Regulatory agencies such as the Federal Trade Commission (FTC) are designed to protect the interests of consumers and they often hold auto dealers’ accountable on fair trade practices. Having insight into what’s happening in Washington is an important tool for auto dealers keen on protecting their bottom lines. But unless they have their eyes on the industry’s regulatory environment, they will remain at risk of financial loss, as well as damage to their reputations.

The industry currently is watching two imminent FTC regulatory changes expected to have a direct impact on auto dealers and the way they do business.

FTC Safeguards Rule

All auto dealerships at this point should be familiar with the FTC’s Safeguards Rule, which was mandated by Congress under the 1999 Gramm-Leach-Bliley Act, and the June 9, 2023, compliance deadline on the rule’s 2021 expansions for safeguarding customer financial information.

The updates to the Rule are largely a product of the recent surge in cyber and ransomware threats as dealerships have been a target given their large inventory of consumer data and often outdated IT infrastructures. According to a 2022 dealership cybersecurity study, by CDK Global, 15 percent of dealers have experienced a cybersecurity incident in the past year, and ransomware payouts increased by eight percent in the second quarter of 2022. Meanwhile, 84 percent of consumers suggest they would not purchase a vehicle from a dealership that had experienced a data breach.

The Rule requires development and implementation of an information security program that helps ensure customer information is well protected through technical controls, physical protections, and program governance. Many of the requirements are highly technical and not easily implemented without sufficient lead time.

If they haven’t already, auto dealers need to begin taking steps immediately to prepare for compliance and ensure a manageable process including, but not limited to:

• Taking inventory and assessing capabilities of current security controls and systems;
• Implementing certain security practices (i.e., data encryption, an incident response plan, multi-factor authentication); and
• Identifying an internal or external advisor to manage the compliance process.

Many providers are offering products and services to support compliance. For example, with Zurich’s size and scope of business and our focus on identifying emerging and evolving risks, we continuously monitor the cyber threat landscape. This experience with cyber risk across multiple industries on a global level enables us to support auto dealers in understanding cyber exposures, determining gaps in controls, and developing an actionable plan if they become victims of a cyber attack.

FTC Proposes Rule Governing Car Sales

The FTC has proposed the Motor Vehicle Dealers Trade Regulation Rule, which aims to make the “the car-buying process more clear and competitive.” According to the FTC, the goal is to protect buyers from unwarranted or hidden costs and fees, and to promote competition. The FTC argues that by disclosing the full price upfront, consumers can more easily compare as they shop. They point to three key areas as the impetus behind the issuance:

• Recent spikes in auto prices;
• A 2020 FTC staff report finding that consumers were often not fully aware of key terms of sale when purchasing a car; and
• High levels of consumer complaints in the car purchasing space.

The proposal includes a host of disclosure and compliance requirements and puts limits on dealers’ advertising practices and ability to offer certain add-on products and services. If adopted, the rule change would classify certain junk/add-on fees as “unfair or deceptive” under federal regulations, providing the FTC with the authority to seek monetary penalties against violators.

Currently, the FTC is evaluating comments it has received on the proposed rule before it finalizes and implements the structure of the regulatory changes. The FTC’s operational timeline is uncertain given that it could take months to review comments, make applicable changes, and issue a final rule.

In the meantime, dealerships need to evaluate their selling practices making sure they revisit current compliance requirements related to car sales and stay informed on the status of the rule changes under consideration.

As one of the nation’s leading providers of Property & Casualty (P&C) insurance and Finance and Insurance (F&I) solutions to auto dealers, Zurich believes it is part of our added value to inform and counsel our customers on federal and industry regulations impacting the auto industry. Having dedicated representation in Washington allows us to help auto dealers navigate the changing regulatory environment and gives us a voice with regulators on behalf of our auto dealer customers and their interests.

And as complicated as new regulations can be, dealers should rest assured they can still operate successfully in a stricter regulatory environment. Proper understanding and guidance on compliance issues are key to that success.

Did you enjoy this article? Please share your thoughts, comments, or questions regarding this topic by connecting with us at newsroom@cbtnews.com.