Cars in a circle


Indirect automotive finance

Growth outlook and risks associated with indirect auto lending

With increasing automotive sales and leasing volumes, the indirect auto finance industry has come under greater scrutiny from the Consumer Financial Protection Bureau (CFPB). Given this heightened oversight, financial institutions should prepare to demonstrate their compliance with consumer protection-related laws, rules, regulations, and compliance management expectations.

CFPB supervision overview

In June 2015, the CFPB finalized a rule that exercised the authority given to the agency by the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) to supervise “larger participants” of certain markets for consumer financial products or services, as the CFPB defines by rule.

The rule governs larger participant (defined as non-bank institutions that provide, acquire, or refinance 10,000 or more loans or leases per year) regulation in the market for consumer auto finance. It also introduced the “automobile finance examination procedures” that CFPB examiners use to assess potential risks to consumers and determine whether the institutions subject to CFPB supervision are complying with applicable laws and regulations. These regulations include but are not limited to the Equal Credit Opportunity Act (ECOA), Truth in Lending Act, Consumer Leasing Act, and the Dodd-Frank Act, which includes prohibitions of unfair, deceptive, or abusive acts or practices (UDAAP).

In recent years, the burden of responsibility has shifted. Indirect auto finance institutions are no longer responsible only for the financing actions in-house. They are also held accountable for what dealers and other vendors do on their behalf.

Back to top

Potential areas of CFPB examination focus

CFPB examinations can vary between being fairly broad or narrowly focused in the sense that financial institutions are evaluated against overall compliance management standards as well as specific consumer protection laws, rules, and regulations. With regard to indirect auto lending, in particular, financial institutions should be prepared to illustrate both a working compliance management system (CMS) and individual law/regulation compliance.

Some examples regarding where indirect auto finance institutions should consider focusing their time and efforts in advance of a formal examination by the CFPB are provided below.

  • Rate practices, such as communication of rate markup policies to dealerships
  • Credit underwritings, such as requirements and consistency of decisions
  • Lease-end practices and policies, such as residual negotiations for customers purchasing their vehicle at lease end
  • Collection practices, such as rate of disclosure of certain consumer debts to unauthorized parties
  • Consumer complaints handling, such as response time

Back to top

Compliance management system—How a supervised entity:

  • Establishes compliance responsibilities
  • Communicates those responsibilities
  • Ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes
  • Reviews operations to ensure responsibilities are carried out and legal requirements are met
  • Takes corrective action and updates tools, systems, and materials as necessary

Meeting CFPB expectations

Given the CFPB’s current position, it’s clear that there will be heightened scrutiny and expectations of the automotive finance industry, including a more robust examination and enforcement agenda. Regulators want to see that organizations have proper governance and oversight in place and that policies are being followed. In addition, regulators want to know if organizations understand inherent risks/gaps present in their compliance management programs and if they have a defined plan and timeline to remediate these identified risks.

One way this can be achieved is through a broad framework that can drive consistency, transparency, and accountability.

Compliance program framework
A CFPB baseline expectation is for institutions under its supervision to develop and maintain a CMS that’s integrated into the product and service lifecycle. Each CMS element, when properly constructed, facilitates and reinforces the others and will help indirect auto finance institutions manage compliance risks.

The following risk management framework components are part of CFPB expectations for an adequate CMS:

  • Board of directors and management oversight
  • Compliance program
  • Consumer complaint response
  • Compliance audit

Specific actions to consider in the near term
Financial institutions should establish a CMS rooted in the CFPB’s expectations and consider assessing the compliance organization’s CFPB examination readiness. Some strategic questions to ask during the assessment phase include:

  • What’s the size and composition of the compliance infrastructure (e.g., people, process, and technology) needed to remain compliant? And to avoid the major fines and reputational risks that come with enforcement?
  • Is the entire organization on solid ground when it comes to compliance?
  • How will compliance support core business goals while maintaining oversight, acceptable risk management, and third-party supervision?

Answers to these questions can help an organization understand the current state of the key components for a compliance framework.

Back to top

Calendar tick mark

A call to action on CMS

The CFPB has left little doubt that the indirect auto lending industry will be a priority moving forward. CFPB supervision works to ensure that banks and nonbanks play by the same rules, which in theory provides consumers with the benefits of federal consumer financial laws on a consistent basis. To meet the CFPB’s expectation, consumer auto finance institutions must work diligently to establish or enhance their organizations’ CMS, including monitoring the actions of their dealer networks.

For more details, read the full report, "Indirect automotive finance: Current outlook, considerations, and potential risks." To see how Deloitte Risk and Finacial Advisory can help, learn more about our Deloitte risk and financial Advisory Services.

Back to top

Alarm clock
Did you find this useful?