TMCnet News

EFG Companies Fortifies Dealer and Lender Data Security Through SSAE 16 SOC 1 Certification
[October 18, 2016]

EFG Companies Fortifies Dealer and Lender Data Security Through SSAE 16 SOC 1 Certification


EFG Companies, the innovator behind the award-winning Hyundai Assurance program, announced today it has been awarded the Service Organization Control 1 (SOC 1) Certification under the Statement of Standards for Attestation Engagements 16 (SSAE 16) guidelines from the American Institute of Certified Public Accountants (AICPA). This certification represents another significant achievement in EFG's ongoing commitment to ensure industry-leading compliance for its clients and customers.

This Smart News Release features multimedia. View the full release here: http://www.businesswire.com/news/home/20161018005457/en/

EFG Companies receives SSAE 16 SOC 1 certification from the American Institute of Certified Public A ...

EFG Companies receives SSAE 16 SOC 1 certification from the American Institute of Certified Public Accountants, strengthening their auto dealer and lender data security and demonstrating continued leadership in compliance and technology. (Photo: Business Wire)

SSAE 16 is the most widely-recognized standard providing companies with a method for reporting information about the design and operation of internal systems and controls relating to privacy and security regulations. SOC 1 reports are designed to certify whether a company utilizes uniform and reliable safeguards as a processor of data belonging to their clients and customers.

For EFG to obtain the SSAE 16 SOC 1 certification, more than 70 processes that could affect data security and business flow were evaluated. Examples of the processes evaluated include:

  • The redundancy built into EFG's infrastructure to ensure all operations continue as usual in the event of a system breakdown.
  • EFG's incident response plan, including response steps and communiction plans to ensure all affected parties are made aware of the incident and given a timeline on complete restoration.
  • Employee confidentiality agreements regarding the non-disclosure of proprietary or confidential information.
  • EFG's security monitoring procedures, such as performing vulnerability scans and evaluating systems for potential breaches.



"EFG's focus on strong internal controls over financial reporting is evident in this report," says Jim Jimenez, Managing Partner at SSAE 16 Professionals, LLP. "The successful completion of this audit is a testament to EFG's integrity, accountability, and its commitment to its clients."

As both dealers and lenders continue to feel significant compliance pressures from government regulators, partnering with product administrators that are SSAE 16 SOC 1 certified will give them better footing in demonstrating data privacy and security compliance. While lenders have already undergone data security audits, it can be expected for dealers to begin receiving audit requests in the coming years.


"At EFG Companies, we always ask ourselves the question 'how are we serving the best interests of our clients?'" said John Pappanastos, the president and CEO of EFG Companies. "One of our mission-critical priorities for this year was obtaining the SSAE 16 SOC 1 certification. We invested a significant amount of time, manpower, and financial assets to ensure all operations fully comply with the SSAE 16 guidelines on data security and privacy regulations. We see it as our responsibility to set the example that all other product providers should be following."

Dealers work with a significant amount of consumer confidential information, including social security numbers, pay stubs, utility bills and more. In addition, the majority of dealers in the U.S. have migrated web-based platforms for conducting business, especially with regards to credit applications. Data security is mission critical to successfully conducting business in today's market.

"The SSAE 16 examination demonstrates to our clients and customers that we have the necessary processes in place to ensure that their personal and confidential information is more secure than almost any other product provider," said Barry Carter, chief operations officer at EFG Companies. "The examination also evaluates how in the event of some unforeseen occurrence affecting our technology, our business will continue to run in a secure and uninterrupted manner. This is extremely important to ensure our clients can continue running their businesses effectively."

In 2014, EFG became the first product provider of size to certify its entire field team with the Association of Auto Finance and Insurance Professionals (AFIP). The company later went on to be awarded the Blue Seal of Excellence by the National ASE Institute, and become the first F&I product provider to be certified as a Center of Excellence by BenchmarkPortal (News - Alert). Lastly, EFG has appointed a vice president of compliance to facilitate the highest levels of operational compliance for its dealer and lender partners.

About EFG Companies

EFG Companies drives the industry's highest-reported compliant F&I profitability through its distinct engagement model in which the company operates as an extension of the dealer's management team. EFG addresses total dealership performance, and its client satisfaction net promoter score is higher than national corporate leaders such as Southwest Airlines, USAA Banking and Finance, and Nordstrom. Learn more about EFG at: www.efgcompanies.com


[ Back To TMCnet.com's Homepage ]