Regulatory compliance should top every dealer’s mind, to-do list


Regulatory compliance is every dealer’s business.

That means issues such as advertising compliance, data and cybersecurity and making sure consumers know or can find out when the vehicle they purchase has an open recall, should be near the top of every dealers’ to-do list, according to dealer trade groups, attorneys, and others that represent dealer interests.

And if you think changes at the Consumer Finance Protection Bureau will give dealers a little breathing room, take a deep breath.

Then consider this:

States are stepping-up their scrutiny of financial services companies and dealers, and if the CFPB finds a violation of law make no mistake about it, the agency will do its job, said Shaun Petersen, senior vice president, legislative and government affairs at the National Independent Automobile Dealers Association.

 “The acting director (Mick Mulvaney, who is also director of the Office of Management and Budget) has said, we’re not going to push the envelope, not going to overstep boundaries or limits, creating things that aren’t there, but if there are things that need to be addressed, we are going to address them,” Petersen said.

“One other thing we’ve seen with the CFPB and the acting director is that he has come out and said ‘state attorneys general, you need to take a bigger role, a lot of this you should be doing.’  It’s not just specific to dealers.”

Patty Covington, a partner at Hudson Cook, agrees that state attorneys general have stepped-up their scrutiny of financial services which includes dealers and “in New York and New Jersey, I’ve seen several enforcement actions against dealers.” More actions against dealers

The New Jersey attorney general brought actions against dealers amid allegations that some vehicles’ advertised prices were different from their actual prices. The actions and allegations involved vehicles that had add-on products installed on them, she said.

Brad Miller, director of legal and regulatory affairs at the National Automobile Dealers Association, agrees that dealers should take advertising compliance very seriously as does the Federal Trade Commission. He too, has seen “literally dozens” of advertising enforcements brought by the FTC and other regulators.

NADA recently issued an advertising compliance guide that highlights things that raises red flags with the FTC, Miller said.

“Finance or lease advertisements that contain certain trigger terms such as monthly payment and APR must also include certain other additional disclosures required under federal rules,” Miller said.

Also helpful to dealers is NADA’s Regulatory Maze, its annual updated list of major federal regulations, Miller said.

Released in March 2018, the 12-page document contains brief descriptions and guidelines of dozens of federal laws such as IRS treatment of demonstration vehicles, employee drug testing and the Fair Credit Reporting Act.

It also addresses hot button topics such as protecting consumers’ personal information and recalls.

For a copy of NADA’s Regulatory Maze, visit

Click Advocacy / Regulatory Affairs / Regulatory Reference Materials.

(A log-in email address and password are required to download the full document.)

Regarding recalls

Regulatory Maze, under the National Highway Transportation Safety Administration recall regulation heading, notes that “new vehicles and parts held in inventory that are subject to safety recalls must be brought into compliance before delivery.”

When it comes to used vehicles, some dealer representatives suggest that dealerships disclose recall information to their customers and consider including links in their used-vehicle advertising to, a website that allows anyone to search for open recalls.

Helpful to dealers is a new tool that allows them to search for open recalls on up to 10,000 vehicles at one time, at no charge. Available at, the tool was created in partnership with the Alliance of Automobile Manufacturers, the Association of Global Automakers and Carfax.

To protect consumers’ data, the FTC Safeguards Rule states that “dealers must develop, implement and maintain — and regularly audit — a written security program to protect customers’ information and must ensure that their service providers provide similar safeguards.”

Eric Chase, a dealer attorney with Bressler, Amery & Ross, in Florham Park, N.J., said dealers need to have one or more cyber experts on hand who know how to protect personal information — such as bank account information and social security numbers collected from customers and employees — from cyber crooks and high-tech hackers.

He said cyber issues are always “hot topics” at the National Association of Dealer Counsel conferences, with which he is involved and is composed mostly of attorneys that represent dealers.

“This is a top issue for dealers, and they’d better be watching out for all the problems that can happen, because if they don’t, it’s at their peril,” said Chase.

“We’ve seen instances where people go online and purchase cars, and they’re all phony.”

Taking a low-tech approach

Keeping consumers’ personal information safe is a major compliance headache for dealers, but strong cybersecurity measures are only half the solution.

A low-tech, common sense approach can help, experts agree.

Sometimes it’s as simple as closing or locking a door or vetting third-party companies that have access to your property or data, said Max Zanan, president of Total Dealer Compliance, which is a company that provides in-store and online compliance audits for dealerships.

“I’ve seen F&I offices that don’t have doors; I’ve seen F&I offices that have doors but not locks and keys,” Zanan said.

“Let’s put credit applications and driver’s licenses into the (computer) system and limit access. If there is a company that comes in clean, there’s no paper in the F&I office for them to see,” he said.

“If a dealer uses a marketing company that have access to their customer data base, they should have safeguards in place.”

Today's top headlines