Compliance is no longer something you can ignore. I know you have heard this over and over for a couple of years now.  You may believe you are a small operation and they won’t pay attention to you.

Keep telling yourself that, and you could have a rude awakening one day.

The website hosted by the Consumer Financial Protection Bureau is open for anyone to file a complaint against your operation. The site can be found at  

The site contains pages specific for auto loans and debt collection. They are very simple to fill out and submit. Two or three complaints, and you’re on the CFPB’s radar. The CFPB will give you the opportunity to respond to the complaint, similar to the Better Business Bureau. But if multiple complaints come through, you do not respond in a timely manner,  or if the issue seems worthy of additional investigation, then here they come.

First-Hand Observations

I have been around a CPFB investigation in action. There were 10 to 12 agents in the offices for about two weeks, looking at everything. The agents would move about as if in their own office, call everybody from the operation into meetings when they had questions, and then request more files or access to additional data until every possible scenario was scrutinized.

If the CFPB doesn’t “get you,” there are your state’s attorney general offices, police and other officials tasked with looking out for consumers to protect them from unscrupulous businesses.

In the grind of achieving that task, these agencies will leave no stone unaudited. In the case of the CFPB, they can even write a new regulation while they are investigating, and then enforce those upon a business for past misdeeds if the CFPB deems a practice unfair, deceptive or abusive (UDAAP).

Over the last two years, many of the experts in the automotive industry have attempted to find guidance from these agencies to help dealers learn where the boundaries are.  As of publishing time, the CFPB’s promised white paper on these guidelines had not been released (due out this summer). Consequently,  industry experts continue giving best practice advice, based on enforcement activities, with no real solid rules that must be followed.

First Steps

So what should you do as a buy-here, pay-here dealer?

Let’s say you sell 20 to 50 cars a month from one location. You have eight to 10 employees, and everyone already works plenty of hours taking care of your customers and business. There is little time and plenty of confusion to weed through and figure out exactly what to do.

You can hire consultants that will help you create a plan, and follow up with training and monitoring to help you stay compliant as possible. Send me an email, and I will provide you a list of available consultants who can help.

There are webinars, conferences and dealer associations that can help you.

You can protect yourself fairly easily by creating policies and a routine that has each of your associates practicing compliant measures every day. An important thing for you to do is create procedures for each task in your operation.

Each of these tasks should include currently known compliance measures that would apply, written in and practiced by your employees.

Putting Plans Into Motion

Here a few examples of practices BHPH dealers of any size can immediately utilize.

  • When a vehicle is put into inventory, you must immediately have a buyer’s guide displayed.
  • All documents containing any customer information are to be kept in a lockable drawer if not being used.
  • Never leave computers on where information can be seen even from a distance. And all of your computers should not be accessible by anyone but those authorized to use them.

These are a few examples of practices that can be built into a procedure manual. Your procedures do not have to be professionally written, but they do need to be detailed and follow the actual daily activities utilized by your people.

You should have a Red Flags and Privacy Policy that are also written and kept in a binder in your facility. I hope you know that Red Flags pertains to Identity Theft, regulated by the SEC and your Privacy Policy falls under the Safeguards Rule from Graham Leach Bliley (GLB).

Chores for a Compliance Officer

Both your Red Flags and Privacy Policies need to be spelled out in writing and kept in a binder in your office (examples are available online). These two provisions need to be managed by a compliance officer on your staff (can be you or someone you designate).

You should send your compliance officer to available certification training, which helps keep them up to speed and helps you if you are audited by a regulatory agency. Your compliance officer should hold regular (at least once a year) training meetings with all of your employees concerning these rules. Each of your employees should sign off once they have read these policies and completed a training program for them.

When new employees are hired, they should immediately be trained on these policies and sign their acknowledgement of such.

As you review all of the procedures for your operation, be sure to think of compliance as you go.

  • Is there potential for any discrimination in your underwriting process?
  • What are your salespeople allowed to say or not say when discussing a car deal with a customer?
  • Do you have a policy for risked base pricing?
  • Do you have a menu type close at delivery or are you “loading” your payments with ancillary products?
  • What do you do to handle customer complaints?

Where More Resources Can Be Found

Creating procedures that include compliant policies is what has become known as a CMS or compliance management system. Your state dealer association or industry group can provide you a list of regulations to follow.

Here are a few other places to look:

  • The National Independent Automobile Dealers Association has a series of videos from NIADA covering all aspects of compliance with information you need to know to help you create your own CMS. It’s available at
  • BHPH Report’s sister publication within Cherokee Media Group — SubPrime Auto Finance News — also highlights a variety of compliance-related topics.
  • The National Automotive Finance Association and Hudson Cook offer a wide array of resources and training opportunities.
  • ACA International gathers regular updates on compliance activities and guidelines to follow associated with collections

Whatever you build into your processes to insure compliance, make sure it is what is practiced in your business. You do not want a regulator coming in and talking with your employees about your business and when questioned about how things are done, your employee describes a different process than what you have outlined in your process manual.

Oh and the “I am too small to matter” line doesn’t work these days. There are so many regulators and lawyers out there — all with an ear open for violations or opportunity.

Any bank or other loan provider you have dealings with is now responsible for understanding who you do business with and why, thanks to Operation Choke Point.

Please do not think your customers never talk in public about what upsets them. There could be a lawyer sitting next to them that would love filing a class action suit.

Gene Daughtry is an experienced trainer and consultant specializing in BHPH/LHPH dealership operations. Daughtry now is director of BHPH operations for PLS Financial and has begun a multistate project of building new BHPH dealerships in several states. He has 17 years of BHPH experience. Follow Gene Daughtry on LinkedIn, go to his website, email him at or call (479) 970-4049 if you have questions.