The Ultimate Compliance Checklist

By Guest Blogger Steve Levine
Chief Legal Officer
Ignite Consulting Partners

For several years I was responsible for creating the compliance learning curriculum for the AutoStar Innovate Users Conference.  I would include checklists in the learning materials because they are a convenient and effective “take away” for attendees.  I remembered this recently when I gave a speech to a local independent auto dealers association.  The facility wasn't set up to use a power point presentation so I went “old school” and provided attendees a checklist that highlighted half a dozen broad categories of compliance issues.  The feedback was great, with many dealers saying the checklist forced them to focus and identify their vulnerabilities.  What follows is a pretty thorough (though certainly not all-inclusive) list of compliance issues for an independent car dealer to consider.  I encourage everyone to use this to critically evaluate their current state of compliance and seek help in the areas in which you fall short.   


General Considerations
  • Are you properly organized under the law (corporation or LLC) to insulate yourself from personal liability
  • Have you set up a related finance company (“RFC”) for legal and accounting benefits?
  • Have you obtained all licenses for your dealership and RFC to enter into the transactions you intend to enter into, such as retail installment contracts, side notes, financing of repairs, or loans?
  • If you have an RFC, is it licensed to hold and service the accounts?
  • Have you given thought to obtaining Errors and Omissions Insurance Coverage to avoid “bet the company” risk?
Don't Open Your Doors Unless You
  • Have a qualified lawyer and accountant with relevant industry experience on speed dial;
  • Appoint a qualified Compliance Officer;
  • Appoint a qualified Privacy Officer;
  • Have identified qualified technology providers such as Dealer Management Software providers and other tools to efficiently run the business;
  • Know how each of the following impacts your business: GLB, TILA, ECOA, FCRA, FTC, CFPB, OFAC, and UDAP;
  • Have Confidentiality Agreements with all Vendors with access to premises and personally identifiable customer information such as cleaning crew and IT administrators;
  • Have a qualified lawyer review any advertising, including website and social media;
  • Establish a hiring process which includes a job application that offers protection, approved questions for interviews, and strategy to hire subject matter experts;
  • Develop employment contracts with confidentiality and non-solicitation provisions and accurate job descriptions with acknowledgement by employee;
  • Create an Employee Manual, which includes policies to follow, relevant laws, a policy on document and information security, and code of conduct, at a minimum;
  • Determine your “Red Flag” obligations and how you will safeguard customer information;
  • Determine how you will create a secure area for storage of both paper and computer based information and restrict access.
  • Establish a policy for accepting both cash and credit card information and know how you will report cash transactions over $ 10K (IRS form 8300).
  • If you will be reporting to credit reporting agencies, know how to safely and accurately report your account information;L
  • earn your relevant state regulator's “do's and don'ts”;
  • Know your record retention obligations and have a plan to comply;
  • Know how you will comply with Service Member's Civil Relief Act requirements.
Originating the Transaction – The Preliminaries
  • Make sure your credit application is up to date with FCRA and ECOA requirements and contains permission for text, cell phone and email contact throughout the life of the account;
  • Understand the legal obligations under FCRA and ECOA regarding adverse action and make sure letters are up to date, correct reasons are provided, and employees are consistent in their logic and use;
  • Understand whether your business model triggers a “risk based pricing” notice;
  • Make sure Buyer's Guides are located on every vehicle available for sale and obligations under Used Car Rule are understood;
  • Compliant and effective Credit Underwriting and Fair Lending policy.
Originating the Transaction – “We've Got a Deal”
  • Originating practices must be consistent with floor plan covenants;
  • Have each and every form that will be presented to a customer examined by a compliance lawyer;
  • Have a compliance lawyer bless each and every fee you wish to charge;
  • Make sure your RISC form (lease, loan, etc.) is up to date and DMS programming matches the form. Examples include but are not limited to rebate method, treatment of interest, payment hierarchy and application, and late fees and NSF fees;
  • How will initial and annual privacy policy be delivered?
  • Use a robust “spot delivery” form, if allowed by state law;
  • If using a “we owe” form, make sure it is accurate and specific;
  • Use GPS/starter interrupt disclosure forms and make sure they are consistent with rest of deal package;
  • Use an arbitration clause, either in the transaction document or separately;
  • Know whether you are in a “single document” state;
  • If offering various F&I products, consider “menu” selling;
  • Use training and policy manuals to make sure that all sales and F&I personnel understand importance of transparency, disclosure, and consistency in consumer dealings;
Servicing of Accounts
  • Have a compliance attorney review every form letter or other communication;
  • Adopt and implement a Collections/Servicing Manual and consistent collections training materials;
  • Learn relevant state and federal collection laws and what dealers get sued for in your community;
  • Restrict employees' ability to draft collection letters, texts and emails;
  • Provide customers with several different payment portals (IVR, text, ACH) to gain efficiency and cut down on conflict;
  • Adopt and implement a Complaint Management Policy and process to resolve customer complaints and document the process;
  • Have a process for accurately providing payoff quotes and consider privacy implications;
  • Be sure collectors know the rules about communicating with third parties;
  • Policies for releasing titles and possibly providing original documentation must be in compliance with state laws;
  • Be aware of consumer bankruptcy issues, such as the automatic stay, the differences between Ch. 7 and 13; “cram down” rules in your jurisdiction, reaffirmation agreements, specialized servicing issues, etc;
  • Know how your DMS identifies bankruptcy accounts and tracks trustee or reaffirmation payments;
  • Know your obligations under the Service Members Civil Relief Act (SCRA), including when it applies, who can exercise its benefits, and how the DMS handles interest rate/payment reductions;
Know the Rules of Repossession
  • Have rigorous contracts with any third-party repossession agents and make sure they are sufficiently bonded and insured to insulate you from liability;
  • Verify your own errors and omissions policy will protect you from wrongful acts of agents;
  • Have an objective criteria setting forth criteria for repossession of accounts;
  • Know local customs for notifying police, definition of “breach of peace”, storing of vehicle and charging for personal belongings;
  • Know if there is a right to cure requirement prior to repossession.
  • Make sure you haven't waived your right to repossess by accepting late payments on a regular basis;
  • If forced to utilize judicial repossession, do a cost-benefit analysis up front, beware of counter-claims and know if local law requires you to obtain judgment;
  • Beware of wide range of Article 9 of Uniform Commercial Code and consider:
  1. Post repossession notice and notice of intent to sell letters have very specific state law requirements and must be consistent with business practices;
  2. Know difference between “public” vs. “private” auction, and are your business practices reflected in your letter (i.e. dealer only auctions are not “public” in most jurisdictions);
  3. Leaving vehicle on your lot to resell is not a public auction and even such private sale can be attacked;
  4. Should you take advantage of “strict foreclosure”, when available, and what rights are lost?
  5. Make sure surplus and deficiency letters are accurately calculated and are consistent with actual business practices.
  6. How to report to credit bureaus and hidden causes of action. 
This checklist, dear reader, is COMPLIANCE GOLD! Don't throw it away.  Use it to critically evaluate your business and look for opportunities.  Reduce your risk and protect the business you've worked so hard to build. Please reach out to me if you think of other items not on the list or if you encounter unfamiliar issues that you'd like to discuss.
Steve Levine is Chief Legal and Compliance Officer of Ignite Consulting Partners, which offers compliance, technology, and cybersecurity guidance to car dealers and finance companies. He has previously served in a similar capacity with other industry participants.  These experiences allow him to develop strategy, overcome internal obstacles and implement meaningful change. Please contact to learn more.  You can follow Steve on Twitter @LawyerLevine for compliance and industry related content.


There have been no comments made on this article. Why not be the first and add your own comment using the form below.

Leave a comment

Commenting is restricted to members only. Please login now to submit a comment.