top of page



Steve Levine, Chief Legal Officer, Ignite Consulting Partners


For several years I was responsible for creating the compliance learning curriculum for the AutoStar Innovate Users Conference.  I would include checklists in the learning materials because they are a convenient and effective “take away” for attendees.  I remembered this recently when I gave a speech to a local independent auto dealers association.  The facility wasn’t set up to use a power point presentation so I went “old school” and provided attendees a checklist that highlighted a dozen broad categories of compliance issues.  The feedback was great, with many dealers saying the checklist forced them to focus and identify their vulnerabilities.  As I started thinking about this month’s column, I decided to again use this tool.  What follows is a pretty thorough (though certainly not all inclusive) list of compliance issues for an independent car dealer to consider.  I encourage everyone to use this to critically evaluate their current state of compliance and seek help on the areas in which you fall short.  


General Considerations


____   Are you properly organized under the law (corporation or LLC) to insulate yourself from personal liability?

____   Have you set up a related finance company (“RFC”) for legal and accounting benefits?

____   Have you obtained all licenses for your dealership and RFC to enter into the transactions you intend to enter into, such as retail installment contracts, side notes, financing of repairs, or loans?

____   If you have an RFC, is it licensed to hold and service the accounts?

____   Have you given thought to obtaining Errors and Omissions Insurance Coverage to avoid “bet the company” risk?


Don’t Open Your Doors Unless You…


____   Have a qualified lawyer and accountant with relevant industry experience on speed dial;

____   Appoint a qualified Compliance Officer;

____   Appoint a qualified Privacy Officer;

____   Have identified qualified technology providers such as Dealer Management Software providers and other tools to efficiently run the business;

____   Know how each of the following impacts your business: GLB, TILA, ECOA, FCRA, FTC, CFPB, OFAC, and UDAP;

____   Have Confidentiality Agreements with all Vendors with access to premises and personally identifiable customer information such as cleaning crew and IT administrators;

____   Have a qualified lawyer review any advertising, including website and social media;

____   Establish a hiring process which includes a job application that offers protection, approved questions for interviews, and strategy to hire subject matter experts;

____   Develop employment contracts with confidentiality and non-solicitation provisions and accurate job descriptions with acknowledgement by employee;

____   Create an Employee Manual, which includes policies to follow, relevant laws, a policy on document and information security, and code of conduct, at a minimum;

____   Determine your “Red Flag” obligations and how you will safeguard customer information;

____   Determine how you will create a secure area for storage of both paper and computer based information and restrict access.

____   Establish a policy for accepting both cash and credit card information and know how you will report cash transactions over $ 10K (IRS form 8300).

____   If you will be reporting to credit reporting agencies, know how to safely and accurately report your account information;

____   Learn your relevant state regulator’s “do’s and don’ts”;

____   Know your record retention obligations and have a plan to comply;

____   Know how you will comply with Service Member’s Civil Relief Act requirements.


Originating the Transaction – The Preliminaries


____   Make sure your credit application is up to date with FCRA and ECOA requirements and contains permission for text, cell phone and email contact throughout the life of the account;

____   Understand the legal obligations under FCRA and ECOA regarding adverse action and make sure letters are up to date, correct reasons are provided, and employees are consistent in their logic and use;

____   Understand whether your business model triggers a “risk based pricing” notice;

____   Make sure Buyer’s Guides are located on every vehicle available for sale and obligations under Used Car Rule are understood;

____   Compliant and effective Credit Underwriting and Fair Lending policy.



Originating the Transaction – “We’ve Got a Deal”


____   Originating practices must be consistent with floor plan covenants;

____   Have each and every form that will be presented to a customer examined by a compliance lawyer;

____   Have a compliance lawyer bless each and every fee you wish to charge;

____   Make sure your RISC form (lease, loan, etc.) is up to date and DMS programming matches the form. Examples include but are not limited to rebate method, treatment of interest, payment hierarchy and application, and late fees and NSF fees;

____   How will initial and annual privacy policy be delivered?

____   Use a robust “spot delivery” form, if allowed by state law;

____   If using a “we owe” form, make sure it is accurate and specific;

____   Use GPS/starter interrupt disclosure forms and make sure they are consistent with rest of deal package;

____   Use an arbitration clause, either in the transaction document or separately;

____   Know whether you are in a “single document” state;

____   If offering various F&I products, consider “menu” selling;

____   Use training and policy manuals to make sure that all sales and F&I personnel understand importance of transparency, disclosure, and consistency in consumer dealings;


Servicing of Accounts


____   Have a compliance attorney review every form letter or other communication;

____   Adopt and implement a Collections/Servicing Manual and consistent collections training materials;

____   Learn relevant state and federal collection laws and what dealers get sued for in your community;

____   Restrict employees’ ability to draft collection letters, texts and emails;

____   Provide customers with several different payment portals (IVR, text, ACH) to gain efficiency and cut down on conflict;

____   Adopt and implement a Complaint Management Policy and process to resolve customer complaints and document the process;

____   Have a process for accurately providing payoff quotes and consider privacy implications;

____   Be sure collectors know the rules about communicating with third parties;


____   Policies for releasing titles and possibly providing original documentation must be in compliance with state laws;

____   Be aware of consumer bankruptcy issues, such as the automatic stay, the differences between Ch. 7 and 13; “cram down” rules in your jurisdiction, reaffirmation agreements, specialized servicing issues, etc;

____   Know how your DMS identifies bankruptcy accounts and tracks trustee or reaffirmation payments;

____   Know your obligations under the Service Members Civil Relief Act (SCRA), including when it applies, who can exercise its benefits, and how the DMS handles interest rate/payment reductions;


Know the Rules of Repossession


____   Have rigorous contracts with any third-party repossession agents and make sure they are sufficiently bonded and insured to insulate you from liability;

____   Verify your own errors and omissions policy will protect you from wrongful acts of agents;

____   Have an objective criteria setting forth criteria for repossession of accounts;

____   Know local customs for notifying police, definition of “breach of peace”, storing of vehicle and charging for personal belongings;

____   Know if there is a right to cure requirement prior to repossession.

____   Make sure you haven’t waived your right to repossess by accepting late payments on a regular basis;

____   If forced to utilize judicial repossession, do a cost-benefit analysis up front, beware of counter-claims and know if local law requires you to obtain judgment;

____   Beware of wide range of Article 9 of Uniform Commercial Code and consider:

  1. Post repossession notice and notice of intent to sell letters have very specific state law requirements and must be consistent with business practices;

  2. Know difference between “public” vs. “private” auction, and are your business practices reflected in your letter (i.e. dealer only auctions are not “public” in most jurisdictions);

  3. Leaving vehicle on your lot to resell is not a public auction and even such private sale can be attacked;

  4. Should you take advantage of “strict foreclosure”, when available, and what rights are lost?

  5. Make sure surplus and deficiency letters are accurately calculated and are consistent with actual business practices.

  6. How to report to credit bureaus and hidden causes of action.


That checklist, dear reader, is COMPLIANCE GOLD! Don’t throw it away.  Use it to critically evaluate your business and look for opportunities.  Reduce your risk and protect the business you’ve worked so hard to build. Please reach out to me if you think of other items not on the list or if you encounter unfamiliar issues that you’d like to discuss.


Steve Levine is Chief Legal and Compliance Officer of Ignite Consulting Partners, which offers compliance, technology, and cyber security guidance to car dealers and finance companies. He has previously served in similar capacity with other industry participants.  These experiences allow him to develop strategy, overcome internal obstacles and implement meaningful change. Please contact to learn more.  You can follow Steve on Twitter @LawyerLevine for compliance and industry related content.

bottom of page