In response to a rise in cyberattacks and data breaches, the Federal Trade Commission decided to amend the Safeguards Rules under the Gramm-Leach-Bliley Act. These amendments are designed to safeguard customer privacy and prevent security infringements. This means financial institutions, including auto lenders, will be required to demonstrate a robust security system and close any holes.

Here’s why this matters and how auto lenders can prepare themselves to meet the new legal requirements without compromising efficiency or customer experience.

Here are some reasons it’s critical for lenders to stay up to date with the latest regulations and bring their data collection, handling and storage processes into full compliance.

  • Reputation at stake: One data breach can be enough to tarnish a lending institution’s good name. All the attractive interest rates, good marketing and sleek customer service can’t compensate customers for a lack of feeling secure. Even without data breaches, an auto lender can alienate prospective borrowers if systems don’t appear secure.
  • Stiff penalties for non-compliance: Failure to comply with the act can lead to fines of up to $100,000 per violation. Fines for officers and directors can reach up to $10,000 per violation. Auto lenders can also expect criminal penalties of up to five years in prison and the revocation of licenses.
  • Bad actors emboldened: Once bad actors discover a financial institution’s data has been breached, it increases the likelihood of them trying their own luck. This undermines the institution’s security yet again.

There is much auto lenders can do to bring themselves up-to-date with the new Gramm-Leach-Bliley Act rules. Here are some best practices.

  • Mimic the FTC: Using the official FTC privacy policy will reassure borrowers their information is safe.
  • Hire compliance leadership: A chief compliance officer or other qualified individual should be employed to oversee enforcement of the rules. This person can also lead an annual audit of the safeguard policy, oversee vendors and draw up an incident response plan.
  • Create a culture of compliance: The compliance executive should make sure all lending officers and back-office employees are up to date with the latest privacy requirements and receive training on how to spot signs of fraud and unauthorized use.
  • Embrace anti-fraud technology: Auto lenders should adopt software to monitor cybersecurity threats, encrypt customer data and use multifactor authentication for nonpublic personal information.
  • Stay vigilant: Anti-fraud procedures and technologies should be reviewed for effectiveness every year. Penetration testing and vulnerability assessments are essential.

Implementing and enforcing anti-fraud procedures doesn’t need to be overwhelming. Once the right leadership is in place and a culture of compliance is nurtured, many of these measures should become second nature. Carefully vetting and adopting technology to aid in this process can also reduce the burden of new compliance requirements.