Audit & Compliance Training (ACT)

Audit & Compliance Training (ACT) Overview

Management

Complying with legal and regulatory requirements in the wholesale automotive remarketing industry is an obligation of everyone. Consignors, physical auctions and online auction platforms, dealers, and vendors to the industry all are subject to legal and regulatory requirements imposed by federal, state and local laws and regulations.

Understanding the compliance requirements imposed on your business by legal authorities and customers and taking precautions to remain compliant avoids financial and reputational harm to every business that operates in the remarketing industry. Proper knowledge, policies and practices help to establish a compliant organization, and on-going training fosters an atmosphere of compliance among your organization‘s employees.

The following Industry Standards for Privacy and Customer Compliance modules will explain the various information and privacy compliance obligations in the industry and help you become familiar with them. Through an explanation of the requirements and company best practices, you will gain the knowledge necessary to avoid compliance violations.

Throughout the training, you will find a common theme: Protecting Consumers and safeguarding customer data is the focus of compliance. Awareness is key.

To comply with regulations applicable to protecting personally identifiable information (PII), it is important for companies in the auction industry to provide for the security of their physical and environmental spaces.
Records and documents that contain PII or other proprietary information stored in offices, in file cabinets, on computer servers, or on portable laptop computers need to be protected from access by unauthorized individuals. In addition, appropriate protections need to be implemented to protect computer systems from physical access and destruction.
Proper policies and procedures adopted, implemented, and well known to employees, contractors and vendors are critical to ensuring protection of a company‘s physical and environmental security. Each person working in the industry has a role in protecting PII.

Throughout the remarketing cycle, information is flowing through consignors, auctions, dealers, third-party vendors, transporters and others. Information and data is critical to the success of sellers and buyers. Unlawful disclosure of that data, however, can result in liability.
Protection of sensitive and personally identifiable information requires a compliance and security culture. Adoption of information security policies and adequate security in company IT systems will help ensure protection of the confidentiality, integrity and accessibility of information.
When business is disrupted, it costs money. Disruptions in the remarketing industry happen frequently. Whether caused by snow, floods, storms, hurricanes, tornadoes, loss of power or a world-wide pandemic, auctions, service providers, consignors and dealers understand the importance of planning to overcome disruptions.
Developing and documenting your company‘s business continuity plan provides the road map for responding to disasters. Development of a business continuity plan includes four steps:
  • Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
  • Organize a business continuity team and compile a business continuity plan to manage a business disruption.
  • Identify, document and implement a plan to recover critical business functions and processes.
  • Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
Employees also have the front-line responsibility for maintaining the confidentiality of sensitive information and for complying with customer and legal requirements. To make sure your business interests are protected, there are several best practices to use when hiring, employing and training your workforce. Undertaking these practices will help to hire the right people and will help prevent legal liability claims and claims from customers for breach of contract.
Appropriate written policies applicable to confidentiality of business and customer information, use of technology resources, social media, anti-harassment, Red Flags, conflict of interest, and maintaining a clean desk all help protect the auction and its customers from disclosure of sensitive information and legal claims.

EmployeeAnchor

This training focuses primarily on federal laws that regulate certain of commercial customers in the remarketing industry. Financial institutions are highly regulated, and while the services your company provides as a remarketing company may not fall into the lending category, it is imperative that your company provide services in a manner that enables clients to remain compliant.

Many remarketing customers are required to have programs in place to ensure their service providers are aware of legal regulations so providers can comply with any that flow down through them. Employee training on the regulations is part of the customer program and is required by many company clients.

Complying with legal and regulatory requirements in the wholesale automotive remarketing industry is an obligation of everyone. Consignors, physical auctions and online auction platforms, dealers, and vendors to the industry all are subject to legal and regulatory requirements imposed by federal, state and local laws and regulations.

This Module will cover various aspects of regulation of the remarketing industry, federal laws and customer requirements:
  1. Requirement to Protect Personally Identifiable Information (PII)
  2. Protection of Consumer Rights and Consumer Financial Information
  3. Active-Duty Military
  4. Protecting Against Unfair, Deceptive or Abusive Acts and Practices
  5. Preventing Identity Theft
Physical access to the company’s property is the most direct path to unauthorized access, theft, damage and destruction. Limiting physical access via securing the perimeter of the facility, ensuring certain areas that contain printed and/or electronic records (such as front office) are secure will minimize any such threat.
In order to promote physical security, this Module will discuss:
  • Protecting Against Physical Access
  • Perimeter Security
  • Facilities Security
  • Building Security; Restricted Areas
  • Clean Desk/Clear Screen
  • Items Left in Vehicles
You are the frontline defense against information security breaches. Following the guidelines explained in this training, as well as any other guidelines and/or policies your company has adopted, will help ensure protection of the confidentiality, integrity and accessibility of information.
This Module will explain ways to ensure protection of information and data to avoid unlawful disclosure:
  1. Passwords
  2. Appropriate Use
  3. Authorized Software
  4. Mobile Devices and Security
  5. Wireless Communication
  6. Remote Access
  7. Removable Media
  8. Social Media
  9. Records Management and Destruction
  10. Social Engineering
  11. Information Classification
  12. Incident Response

Your company’s commitment to fair dealings with all customers upholds the integrity of the remarketing process.

This Module addresses the following ethical considerations:

  1. Code of Ethics
  2. Anti-Discrimination/Harassment
  3. Improper Payments and Conflicts of Interest