Understanding Regulations

All BHPH dealers are regulated businesses subject to federal and state rules and regulations. All BHPH dealers must adhere to the following federal regulations: 


15 U.S.C. § 1681

Fair Credit Reporting Act (FCRA)

The FCRA is designed to protect the privacy of credit report information and to guarantee that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible – since so much of a consumers credit worthiness, credit standing, credit capacity, character, and general reputation is dictated by the information contained in his or her credit report. 

As a dealer, if you report information about your customers to a CRA, you are considered a furnisher of information under the FCRA. Your responsibilities as an information furnisher under the FCRA include:

  1. Providing accurate information about your customers
  2. Correcting and updating information
  3. Taking appropriate steps after receiving notice of a consumer dispute
  4. Reporting voluntary account closings
  5. Properly reporting delinquencies

Penalties for noncompliance with the FCRA include paying up to $1,000.00 in damages to each affected consumer. The non-compliant dealer could also be liable for punitive damages and attorney fees as determined by a court.

Credit Score Disclosure Requirements and Notices (Dodd-Frank)/ Adverse Action Requirements and Notices

If a credit score is used in setting material terms of credit or in taking adverse action, the statute requires creditors to disclose credit scores and related information to consumers in notices under the Fair Credit Reporting Act (FCRA).

15 U.S.C. § 1691

Equal Credit Opportunity Act (ECOA)/ Adverse Action Notices

The purpose of the ECOA is to ensure that credit providers do not discriminate against consumers based on a number of enumerated factors. As a dealer, it is impermissible to refuse to sell or finance a vehicle based on the following: 

The purpose of the ECOA is to promote the availability of credit to all creditworthy applicants without regard to race, color, religion, national origin, sex, marital status, or age (provided the applicant has the capacity to contract); to the fact that all or part of the applicant's income derives from a public assistance program; or to the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The regulation prohibits creditor practices that discriminate on the basis of any of these factors. The regulation also requires creditors to notify applicants of action taken on their applications; to report credit history in the names of both spouses on an account; to retain records of credit applications; to collect information about the applicant's race and other personal characteristics in applications for certain dwelling-related loans; and to provide applicants with copies of appraisal reports used in connection with credit transactions.

As a dealer, particularly one who finances its own sales, it is illegal to discriminate against your customers based on their race, color, religion, national origin, sex, (or sexual orientation in some areas) marital status, or age. Additionally, the fact that a consumer’s income is derived from public assistance or social security may also not be used as grounds for denying financing.

Also under the ECOA, a dealer is responsible for retaining any denied credit application for 25 months.

The penalties for not complying with the ECOA is $10,000 per individual action, and the lesser of $500,00.00 or 1% of the creditor’s net worth in class actions.  

 In addition to not discriminating based on the above factors, a creditor is also required by the act to send an “adverse action notice” to any consumer who is denied credit or financing. The adverse action notice is required to contain the reason(s) that the consumer was denied credit, as well as a notice that the consumer is entitled to a free credit report (so that the consumer may review the report for errors or omissions) if a credit report or the information therein was relied on for the denial of credit or financing. 

“Adverse action is defined in the ECOA as ‘a refusal to grant credit in substantially the amount or on substantially the terms requested,’ and the FCRA incorporates that same definition when applied to a credit transaction. The difference with the application of the FCRA’s requirements is that the denial of credit is based upon information in a report from a credit reporting agency (CRA) or information obtained from a third party other than a CRA. … It’s also important to remember that adverse action includes more than just a simple denial of credit. If the creditor makes a counteroffer to extend credit under different terms or in a different amount than what was requested … that is also adverse action.” 

If adverse action is taken, notices (including the action taken, an ECOA notice, and statement of specific reasons as to why adverse action was taken) in writing must be sent within 30 days in most cases. 

The penalties for non-compliance with the Adverse Action requirements are: “Liability for punitive damages … is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the creditor's net worth in class actions. … Civil action … may be brought in the appropriate United States district court without regard to the amount in controversy or in any other court of competent jurisdiction within two years after the date of the occurrence of the violation, or within one year after the commencement of an administrative enforcement proceeding or of a civil action brought by the Attorney General of the United States within two years after the alleged violation.” 

FTC Buyer’s Guide requirements (Title 16 Part 455 of the CFR) “Used Car Rule”

The Used Car Rule promulgated by the FTC requires all used vehicle dealers to post FTC Buyer’s Guides in any vehicle they hold for sale. The purpose of the Used Car Rule is to “prevent oral misrepresentations and unfair omissions of material facts by used car dealers concerning warranty coverage.” 

The Rule requires clear disclosure through a window sticker, called the “Buyers Guide” of any warranty coverage and the terms and conditions of any dealer-offered warranty, including the duration of warranty coverage and the percentage of total repair costs that the dealer will pay. The Rule also requires certain additional disclosures on the Buyers Guide, including: a suggestion that consumers ask the dealer if a pre-purchase inspection is permitted; a warning against reliance on spoken promises that are not confirmed in writing; and a list of the fourteen major systems of an automobile and defects that can occur in these systems.

In addition, the Rule provides that the Buyers Guide disclosures are incorporated into the sales contract. Dealers are required to place a specific, two-sentence disclosure in the sales contract informing the purchaser that, in the event of any inconsistency between the Buyers Guide and the sales contract, the information on the Buyers Guide will govern. The Rule also requires dealers to give a copy of the Buyers Guide reflecting the final warranty terms to the purchaser.

Penalties for non-compliance can result in the imposition of up to $10,000 per violation.

15 U.S.C. § 1601

Truth in Lending Act (TILA) Reg Z Compliance

The purpose of the Truth in Lending Act is to allow consumers to make educated decisions about the cost and terms of credit that is presented to them.

The Truth in Lending Act is intended to ensure that credit terms are disclosed in a meaningful way so that consumers can compare credit terms more readily and more knowledgeably. Before its enactment, consumers were faced with a vast array of credit terms and rates. It was difficult to compare loans because the terms and rates were seldom presented in the same format. Now, all creditors must use the same credit terminology and expressions of rates.” 

Certain disclosures must be presented to consumers clearly and conspicuously in writing and in a form they can keep. Some of the disclosures include:

  • The identity of the creditor making the disclosures
  • The amount financed (using that term)
  • A separate written itemization of the amount financed
  • The finance charge (using that term)
  • The annual percentage rate (using that term)
  • A payment schedule, including the number of payments, amounts, and timing of payments scheduled 
  • The total of payments (using that term) 

Penalties for non-compliance: As a part of Truth in Lending, criminal liability for willful and knowing violation is a maximum fine of $5,000 and/or maximum imprisonment of one year.

15 U.S.C. § 1667

Truth in Leasing Act -  Reg M Compliance

Regulation M was “issued by the Board of Governors of the Federal Reserve System to implement the consumer leasing provisions of the Truth in Lending Act.” The three purposes of Regulation M are:

  • “(1) To ensure that lessees of personal property (including vehicles) receive meaningful disclosures that enable them to compare lease terms with other leases and, where appropriate, with credit transactions;
  • (2)  To limit the amount of balloon payments in consumer lease transactions; and
  • (3)  To provide for the accurate disclosure of lease terms in advertising.” 

Penalties for non-compliance: As a part of the Truth in Lending Act, criminal liability for willful and knowing violation is a maximum fine of $5,000 and/or maximum imprisonment of one year. 

Office of Foreign Assets Control (OFAC) 

The Office of Foreign Assets Control (OFAC) requires you check your customers’ names against the Specially Designated Nationals List (SDN List)—a “list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.” 

Penalties for non-compliance: “The penalties for failing to comply with OFAC’s requirements include up to 30 years in jail, fines up to $10 million against corporations, $5 million against individuals and civil penalties of up to $1 million per incident.” 

Red Flags Rules (16 CFR Part 681)

The purpose of the Red Flags Rule is to require financial institutions (including auto dealers) to have policies and procedures in place to combat identity theft and fraud.

The Red Flags Rule requires each financial institution or creditor – and the rule specifically includes automobile dealers in its definition of ‘creditor’ – to have ‘a written  Identity Theft Protection Program that is designed to detect, prevent, and mitigate identity theft’ in place.

A dealership’s program must accomplish four primary objectives: identify red flags applicable to the dealership’s accounts and incorporate them into its program, detect those identified red flags, respond appropriately to any detected red flags, and ensure the program is periodically updated to reflect changes in identity theft risks.

Penalties for non-compliance: The FTC can seek both monetary civil penalties and injunctive relief for violations of the Red Flags Rule. Currently, the law sets $3,500 as the maximum civil penalty per violation. 

12 U.S.C. § 24

Gramm Leach Bliley Act (GLB Privacy Act)

The Financial Modernization Act of 1999, also known as the Gramm-Leach Bliley Act or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines. The following subsections are important parts of complying with the GLB Act:

1) Privacy Notices

As a principal part of the Gramm-Leach-Bliley (GLB) Act, the Financial Privacy Rule (or Privacy Rule) revolves around protecting the privacy of consumer information and sets the standards for privacy notices, opt-out notices, and how nonpublic personal information can be used or disclosed. [1]

“The Privacy Rule applies to car dealers who:

    • Extend credit to someone (for example, through a retail installment contract) in connection with the purchase of a car for personal, family, or household use;
    • Arrange for someone to finance or lease a car for personal, family, or household use; or
    • Provide financial advice or counseling to individuals.” [2]

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines. 

2) Safeguards Rules

The Safeguards Rule requires dealers to have a written security plan to protect the confidentiality and integrity of customer and employee data, such as names, Social Security numbers, and credit card or bank account information. As part the written security plan, each dealer must:

    • Designate one or more employees to coordinate the dealerships information security program;
    • Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks;
    • Design and implement a safeguards program, and regularly monitor and test it;
    • Select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee their handling of customer information; and
    • Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines.

3) Disposal Rule

The purpose of the Disposal Rule in the context of BHPH or LHPH dealerships is that any 

The Disposal Rule requires the proper disposal of information in consumer reports and records to protect against ‘unauthorized access to or use of the information.’” “Reasonable measures for disposing of consumer report information could include establishing and complying with policies to: burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed; or conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. 

Penalties for non-compliance: In some cases, consumers may be entitled to recover their actual damages sustained. In other cases, consumers may be able to recover statutory damages of up to $1,000 for each consumer affected by a violation of the rule. Where large numbers of consumers are affected, they may be able to bring class actions seeking potentially large statutory damages. 

Courts are also authorized to award punitive damages in either an individual suit or a class action. Finally, a successful plaintiff, or class of plaintiffs, may recover reasonable attorneys' fees. 

In some cases, the government may bring an action in federal district court for up to $2,500 in penalties for each independent violation of the rule … The states are also authorized to bring actions on behalf of their residents and, in appropriate cases, may recover up to $1,000 for each willful or negligent violation of the rule … As with private lawsuits, moreover, the state may recover its attorneys' fees if successful in such an action.

Cash transaction over $10,000 (IRS Form 8300)

You must file Form 8300 to report cash payments of “over $10,000 received in a trade or business, if your business receives more than $10,000 in cash from one buyer as a result of a single transaction or two or more related transactions. … If you are required to file Form 8300 for a transaction, you must do so by the 15th day after the date the cash transaction occurs.”

The information in Form 8300 is considered valuable by the IRS and Financial Crimes Enforcement Network (FinCEN) “in their efforts to combat money laundering.” The IRS states “this is an important effort, since money laundering is a tool that assists many individuals who participate in various criminal activities, ranging from tax evasion to terrorist financing to drug dealing, to hide the proceeds from their illegal activities.” [1]

Penalties for non-compliance: “If you willfully fail to file Form 8300, you can be fined up to $250,000 ($500,000 for corporations) or sentenced to up to 5 years in prison, or both.” 

47 U.S.C. § 227

Telephone Consumer Protection Act (TCPA) (Auto-dialers)

The purpose of the TCPA was to reduce unwanted and or nuisance calls to land line phones and subsequently cell phones.

The TCPA makes it unlawful for any person within the United States . . . to make any call using any automatic telephone dialing system or an artificial or prerecorded voice . . .” 47 U.S.C. § 227(b)(1)(A)(iii) The TCPA defines ATDS as “equipment which has the capacity ‐ (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” 47 U.S.C § 227(a)(1).  According to the FCC, an ATDS is any telephone equipment that has the capacity to dial numbers without human intervention. This is an extremely broad standard. If the telephone equipment can potentially be configured or programmed to auto dial, then it is considered an ATDS and is regulated by the TCPA and the FCC.

The penalties for non-compliance with the TCPA can be up to $3,000 per call.

15 U.S.C. § 2301

Magnuson - Moss Warranty Act (MMWA)

The purpose of the MMWA "requires manufacturers and sellers of consumer products to provide consumers with detailed information about warranty coverage.” The Act establishes “three basic requirements that may apply to you, either as a warrantor or a seller.

  • As a warrantor, you must designate, or title, your written warranty as either ‘full’ or ‘limited.’
  • As a warrantor, you must state certain specified information about the coverage of your warranty in a single, clear, and easy-to-read document.
  • As a warrantor or a seller, you must ensure that warranties are available where your warranted consumer products are sold so that consumers can read them before buying.”

Penalties for non-compliance: “The Act allows warranties to include a provision that requires customers to try to resolve warranty disputes by means of the informal dispute resolution mechanism before going to court. If a consumer finally prevails, he or she may be allowed by the court to recover as part of the judgment a sum equal to the aggregate amount of cost and expenses (including attorneys’ fees based on actual time expended) and actual damages.

Join Now!

Become part of NIADA, the association that works to benefit all types of independent auto dealers in America.

Learn More

What is BHPH?

News & Press

NIADA News & Press Release 


Read More

NIADABuyHerePayHere.com Sponsored by
Thank you for visiting our site.