top of page

The Ultimate Compliance Checklist

Updated: Aug 10, 2023

by Steve Levine, Chief Legal Officer, Ignite Consulting Partners

For several years I was responsible for creating the compliance learning curriculum for the AutoStar Innovate Users Conference. I would include checklists in the learning materials because they are a convenient and effective “take away” for attendees. I remembered this recently when I gave a speech to a local independent auto dealers association. The facility wasn’t set up to use a power point presentation so I went “old school” and provided attendees a checklist that highlighted a dozen broad categories of compliance issues. The feedback was great, with many dealers saying the checklist forced them to focus and identify their vulnerabilities. As I started thinking about this month’s column, I decided to again use this tool. What follows is a pretty thorough (though certainly not all inclusive) list of compliance issues for an independent car dealer to consider. I encourage everyone to use this to critically evaluate their current state of compliance and seek help on the areas in which you fall short.

General Considerations

____ Are you properly organized under the law (corporation or LLC) to insulate yourself from personal liability?

____ Have you set up a related finance company (“RFC”) for legal and accounting benefits?

____ Have you obtained all licenses for your dealership and RFC to enter into the transactions you intend to enter into, such as retail installment contracts, side notes, financing of repairs, or loans?

____ If you have an RFC, is it licensed to hold and service the accounts?

____ Have you given thought to obtaining Errors and Omissions Insurance Coverage to avoid “bet the company” risk?

Don’t Open Your Doors Unless You…

____ Have a qualified lawyer and accountant with relevant industry experience on speed dial;

____ Appoint a qualified Compliance Officer;

____ Appoint a qualified Privacy Officer;

____ Have identified qualified technology providers such as Dealer Management Software providers and other tools to efficiently run the business;

____ Know how each of the following impacts your business: GLB, TILA, ECOA, FCRA, FTC, CFPB, OFAC, and UDAP;

____ Have Confidentiality Agreements with all Vendors with access to premises and personally identifiable customer information such as cleaning crew and IT administrators;

____ Have a qualified lawyer review any advertising, including website and social media;

____ Establish a hiring process which includes a job application that offers protection, approved questions for interviews, and strategy to hire subject matter experts;

____ Develop employment contracts with confidentiality and non-solicitation provisions and accurate job descriptions with acknowledgement by employee;

____ Create an Employee Manual, which includes policies to follow, relevant laws, a policy on document and information security, and code of conduct, at a minimum;

____ Determine your “Red Flag” obligations and how you will safeguard customer information;

____ Determine how you will create a secure area for storage of both paper and computer based information and restrict access.

____ Establish a policy for accepting both cash and credit card information and know how you will report cash transactions over $ 10K (IRS form 8300).

____ If you will be reporting to credit reporting agencies, know how to safely and accurately report your account information;

____ Learn your relevant state regulator’s “do’s and don’ts”;

____ Know your record retention obligations and have a plan to comply;

____ Know how you will comply with Service Member’s Civil Relief Act requirements.

Originating the Transaction – The Preliminaries

____ Make sure your credit application is up to date with FCRA and ECOA requirements and contains permission for text, cell phone and email contact throughout the life of the account;

____ Understand the legal obligations under FCRA and ECOA regarding adverse action and make sure letters are up to date, correct reasons are provided, and employees are consistent in their logic and use;

____ Understand whether your business model triggers a “risk based pricing” notice;

____ Make sure Buyer’s Guides are located on every vehicle available for sale and obligations under Used Car Rule are understood;

____ Compliant and effective Credit Underwriting and Fair Lending policy.

Originating the Transaction – “We’ve Got a Deal”

____ Originating practices must be consistent with floor plan covenants;

____ Have each and every form that will be presented to a customer examined by a compliance lawyer;

____ Have a compliance lawyer bless each and every fee you wish to charge;

____ Make sure your RISC form (lease, loan, etc.) is up to date and DMS programming matches the form. Examples include but are not limited to rebate method, treatment of interest, payment hierarchy and application, and late fees and NSF fees;

____ How will initial and annual privacy policy be delivered?

____ Use a robust “spot delivery” form, if allowed by state law;

____ If using a “we owe” form, make sure it is accurate and specific;

____ Use GPS/starter interrupt disclosure forms and make sure they are consistent with rest of deal package;

____ Use an arbitration clause, either in the transaction document or separately;

____ Know whether you are in a “single document” state;

____ If offering various F&I products, consider “menu” selling;

____ Use training and policy manuals to make sure that all sales and F&I personnel understand importance of transparency, disclosure, and consistency in consumer dealings;

Servicing of Accounts

____ Have a compliance attorney review every form letter or other communication;

____ Adopt and implement a Collections/Servicing Manual and consistent collections training materials;

____ Learn relevant state and federal collection laws and what dealers get sued for in your community;

____ Restrict employees’ ability to draft collection letters, texts and emails;

____ Provide customers with several different payment portals (IVR, text, ACH) to gain efficiency and cut down on conflict;

____ Adopt and implement a Complaint Management Policy and process to resolve customer complaints and document the process;

____ Have a process for accurately providing payoff quotes and consider privacy implications;

____ Be sure collectors know the rules about communicating with third parties;

____ Policies for releasing titles and possibly providing original documentation must be in compliance with state laws;

____ Be aware of consumer bankruptcy issues, such as the automatic stay, the differences between Ch. 7 and 13; “cram down” rules in your jurisdiction, reaffirmation agreements, specialized servicing issues, etc;

____ Know how your DMS identifies bankruptcy accounts and tracks trustee or reaffirmation payments;

____ Know your obligations under the Service Members Civil Relief Act (SCRA), including when it applies, who can exercise its benefits, and how the DMS handles interest rate/payment reductions;

Know the Rules of Repossession

____ Have rigorous contracts with any third-party repossession agents and make sure they are sufficiently bonded and insured to insulate you from liability;

____ Verify your own errors and omissions policy will protect you from wrongful acts of agents;

____ Have an objective criteria setting forth criteria for repossession of accounts;

____ Know local customs for notifying police, definition of “breach of peace”, storing of vehicle and charging for personal belongings;

____ Know if there is a right to cure requirement prior to repossession.

____ Make sure you haven’t waived your right to repossess by accepting late payments on a regular basis;

____ If forced to utilize judicial repossession, do a cost-benefit analysis up front, beware of counter-claims and know if local law requires you to obtain judgment;

____ Beware of wide range of Article 9 of Uniform Commercial Code and consider:

  1. Post repossession notice and notice of intent to sell letters have very specific state law requirements and must be consistent with business practices;

  2. Know difference between “public” vs. “private” auction, and are your business practices reflected in your letter (i.e. dealer only auctions are not “public” in most jurisdictions);

  3. Leaving vehicle on your lot to resell is not a public auction and even such private sale can be attacked;

  4. Should you take advantage of “strict foreclosure”, when available, and what rights are lost?

  5. Make sure surplus and deficiency letters are accurately calculated and are consistent with actual business practices.

  6. How to report to credit bureaus and hidden causes of action.

That checklist, dear reader, is COMPLIANCE GOLD! Don’t throw it away. Use it to critically evaluate your business and look for opportunities. Reduce your risk and protect the business you’ve worked so hard to build. Please reach out to me if you think of other items not on the list or if you encounter unfamiliar issues that you’d like to discuss.

Steve Levine is Chief Legal and Compliance Officer of Ignite Consulting Partners, which offers compliance, technology, and cyber security guidance to car dealers and finance companies. He has previously served in similar capacity with other industry participants. These experiences allow him to develop strategy, overcome internal obstacles and implement meaningful change. Please contact to learn more. You can follow Steve on Twitter @LawyerLevine for compliance and industry related content.

437 views0 comments


Rated 0 out of 5 stars.
No ratings yet

Commenting has been turned off.
bottom of page