- Products
- Products Overview
- Enterprise Edition
- Orientation Management
- On-Boarding
- New Hire Orientation
- Employee Handbook
- Benefit Administration
- Disability Accommodation Management
- On the Job Management
- Harassment and Discrimination
- Wage & Hour Management
- Performance Management
- Time-Off Management
- Termination Management
- Discipline
- Termination
- Exit Interviews
- Turnover Prevention
- Professional Edition
- Compli's Enterprise Edition-Automotive
- Compli's Enterprise Edition-Trucking
- Compli CSA
- Compli Recruitâ„¢
- Sales, Finance and Insurance Compliance Module
- Compliance, Safety, Accountability (CSA) and Risk
- Environmental, Health and Safety Compliance Module
- Compli Counselâ„¢
- Compli Integrations
- View a Demo
- Solutions
- Industries
- Services
- Library
- Events
- About
- Blog
- Customer Login
Risk Based Pricing Q&A with Michael Benoit of Hudson Cook, LLP
ARTICLES+ SEE ALL ARTICLES
Article: Risk Based Pricing Q&A with Michael Benoit of Hudson Cook, LLP
Article Date: Wednesday, July 14, 2010
Article Source: Compli
Risk Based Pricing Q&A with Michael Benoit of Hudson Cook, LLP
(An excerpt from Compli & CoreLogic Credco’s Risk-Based Pricing Webinar)
http://www.compli.com/event/webinar/risk-based-pricing-rule-0
Q: Can the adverse action notice and the RBP notice be merged into one form and still comply with federal regulations?
(Michael) A: That’s a really good question. Let me say a couple of things. Number one, the best practices recommendation – again, you’ll want to talk to your attorney about what’s right for you – but the best practices recommendation is that you do not provide a risk-based pricing notice; you provide instead the credit score disclosure exception notice to all of your credit customers. So, with that in mind let’s go back and talk about the risk-based pricing notice and the adverse action notice. The risk-based pricing notice only goes to those customers to whom you have offered credit, who get rates that are materially less favorable than other people in the same sort of product line – new car or used car. Those people are going to get credit, they’re going to be offered credit. Whether they take it or not, they get the risk-based pricing notice. Because they are offered credit there is no adverse action, so they would never get an adverse action notice. These two notices are designed to be complementary. Both provide the absolute right to obtain a copy of the consumer report. You get one or the other. If you aren’t offered credit, if you decline credit, they get the adverse action notice. If they are offered credit and are approved they get the risked-based pricing notice. But again, we want to avoid all of that confusion around that and focus on giving every consumer who applies for credit a copy of the credit score disclosure notice.
Q: Are dealers as creditors required to have a risk-based pricing policy in place, to train their employees, and document compliance similar to Red Flags, GLBA, OFAC, etc.?
(Michael) A: Another great question. Unlike the Red Flags Rule and the Privacy and Information Safeguarding Rule, there’s no requirement in the Rule that you have a written policy. However, there is a requirement that you actually comply with the Rule, and as part of that compliance – and good compliance generally – requires that you have some sort of policy in place so the right people know what they know what they need to do in order to make sure that you’re staying in compliance with the Rule. So while the Rule itself does not mandate a written policy, it’s a good idea to have a written policy in place about what your process is going to be and who’s responsible for making sure that it’s implemented.
Q: If we pull more than one credit bureau do we send one, two or three statements?
(Michael) A: Another excellent question. The answer to that is: you provide the credit score that you relied upon in the decision. Now, very often you pull multiple credit scores; you don’t have to do that, obviously, but you give the score that you relied upon in making the decision. If you pull multiple scores for the purpose of coming up with your own score – you know, like in the mortgage world, the bureaus, the mortgage brokers will pull all three reports and either use whatever score is in the middle or average the scores – that’s OK too. You can provide that score, but you have to be consistent across your customers. So my recommendation is use the score that you’ve relied upon in making the decision. You’re never going to know what score your finance source relied on because they’re not going to share that with you, but use the score you relied on to decide which finance source you’re going to fund with.
Q: Can the notices be sent via email versus postal?
(Michael) A: That’s another excellent question, and I need to double-check this, but my recollection is that the Rule says that the notice needs to be given to the customer in a form that they can keep. It does not, as I recall, expressly permit electronic notices. Having said that, you can always give an electronic notice if the consumer has given their consent in accordance with the ESIGN requirements. That is not likely to happen in this scenario, mostly because in order for the consumer to be physically able to do that they have to be sitting at their computer, and it just doesn’t happen that way in the dealership. What I would recommend, to the extent that you’re able to obtain these notices from Credco or whoever you use, while the customer is in the dealership, physically hand the notice to them and if they’ve gone, drop it in the mail to whatever address that you have.
Q: If we charge the same interest rate to every customer, do we need to send the Risk-Based Pricing notice?
(Michael) A: Well remember, the Risk-Based Pricing notice is designed to put people on notice that they received less favorable terms as result of something in their credit report. To the extent everybody gets the same rate regardless, I think the answer to that is probably no. You want to talk with your counsel about that and discuss whether it would be a good idea to comply with the credit score disclosure – something we’ve been talking about anyway. There may be a little bit of, as we say in the legal world, belts and suspenders, but it would certainly mitigate any that was there. But I would say on average, if everybody’s getting the same interest rate there is no Risk-Based Pricing.
Q: With the Risk-Based Pricing notice how will the GLB [Gramm-Leach-Bliley] Act work? Who must give the notice? Sales people are not allowed to see credit information. What are the solutions to give the Risk-Based Pricing notice legally and conform to GLBA?
(Michael) A: This is an excellent, excellent question, and one that I really, really appreciate.... All questions have been good, but this one, I think of a lawyer as asking this question. You can comply with both, and it’s not difficult to do. What the questioner is referring to is the GLBA requirement that you have an Information Safeguarding program, and as part of that program people only have access to sensitive customer information to the extent they have a “need to know it,” and very often sales people are not the people who need to know it. My thinking on this is that, with respect to either the Risk-Based Pricing notice or the credit score disclosure notice, you are going to have a customer that has applied for credit. If they’ve applied for credit, that means they’ve had some contact with the F & I [finance and insurance] office, and I know that there are many of you out there, sales people, who get the credit report or you, get an authorization to pull the bureau from the customer before you get to the application process. But once the customer has applied for credit, my recommendation here is that they should be dealing with the F & I department about that credit at that point, and this process should be housed in the F & I department. The F & I folks are going to have access to the consumer’s credit report, they are going to have access to the credit score; it’s in the ordinary course of business in most instances that that’s the place where, whether it’s the Risk-Based Pricing notice or the credit score disclosure notice, that’s where I would suggest the delivery be made, in the F & I office.
Q: What if we fax the deal to an outside credit union, where the customer would go there to do a contract and we never actually run a report because we are not actually signed up to do their contract?
(Michael) A: That’s another excellent question. That’s a situation where the customer is not applying to you for credit. Remember, in most auto finance...you the dealer are the creditor on a contract, and the contract is between you the dealer and the buyer. In this case, this scenario, we’re talking about a contract for a loan between a credit union and a customer. In that instance, where the credit union is the original creditor on the transaction, it is the credit union’s obligation to provide either the Risk-Based Pricing notice or the credit score disclosure notice, and not the dealer’s obligation to do that. For your purposes, what you should keep in mind is that for any application for credit where you would be the originating creditor, as is the case in most auto finance on the contract, the obligation is yours. If the customer is getting a loan separately from a bank, even if you sent them to the bank, if they’re getting a two-party loan with the bank, that’s a different story...the bank’s or credit union’s obligation to give them the notice at that point.
Q: Will a notice need to be printed by a manager and sealed in an envelope and have the envelope handed directly to the customer?
(Michael) A: This is related to the GLBA question, the Information Safeguarding question. How you do that is going to be up to you in terms of your policies and procedures. Because it is sensitive customer information, if they’re standing right there you hand it to them across the desk. Once they have it in their hand, it’s their obligation to safeguard it. You’ve delivered it to the customer. I don’t think there’s a requirement to have it printed by a manager. I don’t think you need that requirement. I think it’s sufficient for whoever is working the F & I office to have the ability to do that if that’s consistent with your Information Safeguarding program. If you want to put it in an envelope, again that’s another step in Information Safeguarding and you’re free to do that as well.
Q: If the application was online, as well as some phone applications, would electronic notice suffice, or what’s the best way to make that...to provide that notice for online or phone apps?
(Michael) A: That’s a very good question, online or phone apps. I would still mail the notice to the customer. The reason that I would do that is because unless your application process requires the customer to jump through the ESIGN consumer consent hoops – and most of the dealer application sites that I’ve looked at don’t, which is fine – that being the case, I would still mail the notice to the consumer in that situation. Caveat there: You want to be careful. I get very concerned about Internet and phone applications, because it is very, very difficult in an Internet or phone application to verify the identity of the person on the other end, and while all you would be providing them is a credit score – you’re not giving them access to the credit report itself, which has a lot of information on it, all you’re providing is the credit score – but the risk there is not as great, but there still is some risk and it would certainly be an unhappy event for the consumer whose score it was. If you’re comfortable that your procedures with respect to your online and phone apps sufficiently verify the identity of the consumer, then, yes, I would go ahead and drop it in the mail. But you should definitely make sure that those policies and procedures that you have have required identity verification.
Q: Many credit report companies in their dealer agreements specifically state that the customer may not receive a credit score from the dealership. Will the credit reporting agencies have to rewrite the dealer agreement?
(Michael) A: The problem here is that we have a law, actually federal rules, that require you to give the credit score to the consumer. So I think it will be up to the bureaus to address that.... I don’t think in this instance the bureaus would necessarily be enforcing that clause in their dealer agreements.
Q: When we use an internal scorecard for credit decisions, what is the difference in disclosing this versus a credit score from a bureau?
(Michael) A: Most internal scorecards include a repository credit score. To the extent that they do you’re going to use the credit score that you received from the repository.... To the extent that you don’t do that, and you’re going to create your own credit score from information in the bureau, without having pulled the credit score from the bureau itself, I think you’re stuck with having to – well, actually, since you haven’t pulled a credit report, you haven’t pulled a credit score, then there’s no requirement to give them notice or a credit score. If you have pulled a credit report and you are going to create your own decision engine out of that, then I think you’re stuck with complying with the Risk-Based Pricing notice requirements that we discussed earlier with all their attendant issues regarding the risk that’s there. That’s something that I think you want to talk seriously with your counsel about to make sure you’re handling this the right way, because I’m not sure the answer is as easy as I just made it out to be.
Q: What documentation is required from the dealership to keep on file as proof that credit score disclosure was given to customers? Should we have a signed copy, or is a copy sufficient?
(Michael) A: This is important for dealers in terms of knowing...having evidentiary proof that the customers received the thing they’re supposed to receive, and I know it’s fairly common for you all to get signed acknowledgement through a privacy notice, so that the consumer can sign to say that they received the privacy notice. I don’t like seeing signatures on safe harbor notices like this one and like the new privacy notices, which will probably end up being spoken, we’ll talk about those in a future webinar. I don’t like seeing signatures on a safe harbor form when the safe harbor form itself doesn’t provide for it. In those instances what I would do, if you want to have evidentiary proof that you gave it, you can do one of two things. You can keep a copy of what you gave the customer in the file, and make sure that your policies and procedures very clearly state that you provide the notice to the customer, and then a copy goes in the file, so that you can point to your practices, and then it becomes a “he said, she said” sort of thing. Or you can do a separate acknowledgement for the notices where the customer basically signs another piece of paper – and I know you all hate having more pieces of paper to sign, but you decide what you want to do. But have them sign it separately – acknowledgment that they’ve received their privacy notice, that they’ve received their credit score disclosure notice in this case. So that’s two ways to handle that.
Q: What are the penalties if you don’t comply?
(Michael) A: The nice thing is that there’s no private right of action. At the moment this will be enforced by the Federal Trade Commission. The administrative penalties are significant, so you want to be careful there. I think they’re $2,500 a pop, and if they send you a cease-and-desist and you don’t pay attention to that then it goes up to $16,000 a day. So that gets expensive really, really quickly. At the moment, the FTC has enforcement authority with respect to dealers. When we have our new consumer financial protection deal, our consumer financial protection agency, whichever one it is, we don’t know if the enforcement authority is going to be transferred to this new agency. Again, we’ll let you know as we find out.
Q : Going back to GLBA, if the credit is pulled from the sales manager and never seen by the finance manager, is there any way to comply with GLBA? This will be a massive problem in the dealership, and the related question is: Is the solution that sales managers are not allowed to pull credit?
(Michael) A: That’s a very, very good question. Keep in mind two things: first, the sales manager is very often pulling the credit to sort of get an idea of the quality of the customer and to be able to put them in the right car. And you do this not through your permissible purpose to pull a bureau in connection with a credit transaction. In most dealerships this happens with a second written authorization from the customer. The customer signs an authorization to let you pull the bureau. That’s fine. Where the notice gets implemented is when you have an application for credit. If your sales manager is taking the application for credit, and pulling the bureau, and getting approval from the finance company, and doing all the things that your F & I department is supposed to be doing, if that’s the way that you operate, then you want to make sure that you’ve trained your sales manager and sales people who are doing your F & I work to provide these notices.
My recommendation from the GLBA perspective is keep all that finance-related activity in the F & I department if you can, so that when the customer is pulling out a credit application, let the F & I department handle that. Because when they pull the bureau, when they pull the credit, and they’re going to pull it because the customer has applied for credit and you’re trying to figure out which finance source to send it to, they will receive the exception notice from Credco or whomever and can hand it to the customer there. But from a GLBA perspective, if you’re letting your sales people pull credit, and have complete access to that and you don’t have any structure around that in terms of information safeguarding and that sort of thing, then I think that you need to revisit your information safeguarding program because you have a hole.
Q: We don’t allow rate markups, but have rates set by state usury caps, which vary from 21% for Indiana and 25% for Georgia in our portfolio. So would we be considered to offer Risk-Based Pricing and be subject to these regulations?
(Michael) A: If your rates are, if your process is that your rates are whatever the state maximum usury rate is, and it’s not based on risk, not based on the credit score, the credit report of the consumer, then you’re not engaged in Risk-Based Pricing and the notice isn’t required. But to the extent that you’re pulling a credit score and using that credit score as part of your decision process, and deciding that somebody’s going to get the maximum rate but somebody else is going to get a better rate, then you want to be giving the exception notice. Keep in mind that there’s a difference between what Risk-Based Pricing is and other kinds of pricing.... And keep in mind the fact that there are a number of states that don’t have usury caps, so [that would affect] what you do in that situation. But the way I would look at it, look at your consumers – if you’re a vehicle dealer, look at consumers in a particular dealership, and look at them from that perspective, so that if your dealership is from Georgia, and everyone is paying the maximum rate of 25%, then I don’t think anybody needs to really know it. But if you have people in Georgia that are getting different rates, and that rate is based on a consumer report or a credit score, then you probably want to be giving them an exception notice.
For more information view Compli & CoreLogic Credco’s Risk-Based Pricing Webinar at: http://www.compli.com/event/webinar/risk-based-pricing-rule-0
-
more