Skip to content

How to Conduct an Risk Assessment for Dealership Advertising, Sales and F&I Practices

Adam Crowell

Navigating the complexities of automotive sales and financing requires a vigilant approach to risk management.

That’s where a thorough sales and F&I risk assessment comes into play. A risk assessment helps you gauge your dealership’s vulnerabilities and take appropriate actions. When well designed, your initial assessment will highlight critical areas of compliance, such as Truth-In-Lending Act (TILA), Regulation M, Regulation Z, OFAC, Red Flags Rule, Adverse Action Rule, Risk Based Pricing Rule, the Used Car Rule, UDAP, Equal Credit Opportunity Act (ECOA), Fair Credit Reporting Act (FCRA), IRS 8300, state and local requirements, and much more.

Conduct a thorough sales and F&I risk assessment to identify potential compliance risks within the dealership.

To conduct a thorough assessment, you will need to review several items, and cross-reference information for consistency.

Areas of focus include reviewing:

  • Exiting programs, plans, and policies (written and not-written);
  • Employee training on relevant advertising, selling, and financing requirements;
  • Online advertisements (such as website advertisements and vehicle listings, social media posts, listing sites and applications, etc.);
  • Physical advertisements (such as print ads and window stickers); and
  • Documentation (such as deal jackets, dead credit applications, and IRS Form 8300).

While not an exhaustive list, below are some important items to consider while conducting your initial Sales and F&I risk assessment.

Are you running and, where necessary, clearing an OFAC and Red Flag checks on all cash deals and credit transactions?

All businesses are prohibited from completing transactions with any person/entity on The Office of Foreign Assets Control’s (OFAC’s) Specially Designated Nationals (SDN) list. To avoid violating this law, dealership personnel must run an OFAC check on every transaction. 

When a report includes an OFAC “hit,” indicating that the consumer is listed on the SDN list, the deal file must include documentation as evidence that the customer is not the same person/entity that is listed on the SDN list.

Additionally, the federal “Red Flags Rule” requires businesses that extend credit to have a written Identity Theft Prevention Program. Evidence of Red Flags Rule compliance should be maintained in the deal jacket for every credit sale and lease transaction. 

When a credit report shows a fraud or security alert, dealers must create a record of their efforts to verify the customer’s identity before delivering the vehicle.

In a financed deal, is there a signed Privacy Notice?

Dealers must provide privacy notices to individual consumers who obtain financial products or services primarily for personal, family, or household purposes. The notice must describe what kinds of customer information are collected and how and with whom that information is shared. Dealers should obtain a customer signature on the Privacy Notice and retain a copy in the deal jacket as proof of compliance.

Are Risk-Based Pricing Notices and Credit Score Disclosures provided to all credit applicants?

A Risk-Based Pricing Notice/Credit Score Disclosure includes the consumer’s credit score, the range of possible scores, and a bar graph or percentile ranking showing how their credit score compares to others. This should be provided to all credit applicants looking to purchase a vehicle for personal, family, or household use.

Provide it after obtaining a credit score from a credit reporting agency and using it in connection with a credit application to purchase a vehicle.

Did you see Arbitration Agreements in each deal reviewed?

When permitted by state law, dealers should consider using either Arbitration Agreements or Retail Installment Sale Contracts With Arbitration Provisions to help prevent class action lawsuits. Many lenders also require the use of one of these documents.

For all credit transactions, is there a signed and completed credit application?

A signed credit application serves as proof of a customer’s consent for the dealer to run a credit report on them. The full and accurate completion of a credit application can also prevent forgery or fraud allegations. Dealers should maintain signed and completed copies of credit applications in deal jackets for all credit and lease transactions.

Are customer-signed copies of vehicle history reports included in used vehicle deal jackets?

Third-party commercial vehicle history reports (i.e., CarFax, Auto Check, etc.) should be obtained during vehicle acquisition and especially at the time of sale (in case the report was updated).  Since these reports can prevent or combat claims of non-disclosure of vehicle history, dealers should retain a customer-signed copy of the vehicle history report in the deal jacket.

In a used car deal, does the Purchase Agreement/Buyers Order/Contract indicate the vehicle is used?

Representing a used vehicle as a new vehicle is deceptive and prohibited.

Is there a signed copy of a Buyers Guide for a used car deal?

The customer must receive the original or a copy of the Buyers Guide at the time of sale. The dealer should retain a signed copy of the Buyers Guide in the deal jacket to authenticate it as an accurate copy of the Buyers Guide and acknowledge customer receipt.

Your Sales and F&I risk assessment should uncover whether one is included.

In a used car deal, is there a retained National Highway Traffic Safety Administration (NHTSA) printout regarding safety recalls?

Customers need to be informed about any known safety recalls that exist at the time of a vehicle purchase. Failure to disclose a recall can be considered a deceptive act or practice.

Are you providing an Adverse Action Notice to customers who applied for credit but didn’t take vehicle delivery?

Under the Equal Credit Opportunity Act (ECOA) and Fair Credit Reporting Act (FCRA), a dealer serving as a lender must issue an Adverse Action Notice whenever it refuses to grant credit to a customer or to grant credit based on the terms originally requested without the customer accepting a counteroffer.

Your Sales and F&I risk assessment should uncover whether one is included.

Dealerships operate in an increasingly complex environment of federal, state, and local oversight. We’ve gathered the 16 most important laws, rules, and regulations for your dealership's sales and F&I department.

Does the Spot Delivery Agreement define any fees to be paid or timing for vehicle return if financing is unable to be secured?

The Spot Delivery Agreement informs customers of applicable fees or conditions of vehicle purchase.

Are supplemental stickers (addendums) being signed and retained in deal jacket when used?

Supplemental stickers or addendums show what additional items dealers have added to a new vehicle that cause the asking price to exceed MSRP. It is a best practice for dealers to use addendums for new vehicles offered above MSRP and to retain a signed or initialed copy of the addendum in the deal jacket as evidence of customer review and receipt.

Is there a legible copy of the purchaser’s driver’s license on file?

Despite consumers’ misperceptions that dealers want a copy of their driver’s license for sales pressure, the real reason for having a good copy on file at the time of purchase is to help guard against identity theft.

Is there documented proof of automobile insurance?

Obtaining evidence that a dealer’s security interest in a vehicle will be covered by the acquiring customer’s insurance policy is a critical part of any sale or lease transaction. Many finance companies also require proof of insurance.

Does the customer’s name on the contract match their credit application and their government ID?

On the credit application the customer executed as part of a sale or lease transaction, the dealer should ensure that the customer’s name matches the name printed on the customer’s government-issued identification in order to verify the customer’s identity and avoid potential straw purchase allegations.

Are you compliant with the IRS Form 8300 obligations? 

Federal law requires dealers report transactions involving more than $10,000 in cash or cash equivalents. Dealers must electronically report these transactions using Internal Revenue Service (IRS) Form 8300.

Do you allow third party payments or trade-ins?

Down payments, including trade-in vehicles, from third parties (i.e., someone not on the contract) should not be allowed. Most lender agreements require dealers to promise that the down payment was received from the buyer. Issues regarding ownership of payment or a trade-in can also arise with third-party arrangements.

Are over-allowances occurring on trade-ins?

Trade-in vehicle values should not be artificially inflated as doing so can lead to misrepresentation claims. Trade-in values must have an objective basis.

Are Lemon Law Disclosures provided to customers where required?

Certain states require specific lemon law disclosures be provided to customers at the time of sale.  Failure to do so can violate that state’s law.

Your Sales and F&I risk assessment should uncover whether one is included.

Are all documents signed where applicable?

Documents missing required signatures are not considered fully executed and may not be enforceable.

Dealerships operate in an increasingly complex environment of federal, state, and local oversight. We’ve gathered the 16 most important laws, rules, and regulations for your dealership's sales and F&I department.

Is every customer presented with an optional Products Menu that contains proper disclosures?

A Products Menu provides a list of optional add-on products available to the customer. These may include extended service contracts, GAP insurance, theft deterrent devices, etc. Clearly disclose what each item costs and inform customers that they don’t have to buy these products in order to obtain financing.

Are down payments receipts retained in deal jackets?

It is a best practice to create and maintain payment receipts in the deal jacket as evidence of any payments the customer made directly to the dealership.

Is your dealer doc fee consistent on all deals?

Some states have set mandatory dealer doc fees. However, in those states that do not mandate the doc fee amount, as a best practice, dealers should have consistent doc fees on all deals in order to help prevent discrimination allegations.

Are you keeping deal files?

Recordkeeping best practices help improve a dealer’s defensibility should they find themselves in court. It is a best practice (and required by law in some states) for deal files to be stored for at least seven years. Dead deals should be stored for at least five years in a secured location.

If required, is your dealer doc fee properly posted on the sales floor?

Certain states require you to publicly post dealer doc fees so that customers won’t be surprised by them later.

Do you have your dealer’s license properly posted?

Dealers should display their current (unexpired) license in an area conspicuous to the public.

If required, are salespersons’ licenses properly posted?

Many states require dealers to display current (unexpired) licenses for all salespeople in an area conspicuous to the public.

Are vehicle key fobs in an area accessible to customers or third parties?

For the sake of theft prevention, keeping keys and key fobs locked away in a secure location, limited to authorized dealer employees is a best practice.

Are customer or dealer plates accessible to the general public?

For security purposes, dealer plates and customer plates should be kept in a secure, preferably locked location where only authorized dealer employees have access to them.

All of this for a Risk Assessment? That’s a lot to remember!
Which is where KPA can help.

KPA’s complete compliance solution for Advertising, Sales, and Finance includes a 32-point risk assessment to help you comply with regulations and protect your dealership from unnecessary risk.
Let us help you keep compliance simple.

Talk to a compliance expert today >>

 

Next week let’s look at training & certification.

Stay up to speed on the 10 steps to complete advertising sales and finance compliance. If you haven’t already, subscribe to our blog for weekly installments of the 10 steps to complete compliance.

Related Content

Explore more comprehensive articles, specialized guides, and insightful interviews selected, offering fresh insights, data-driven analysis, and expert perspectives.

Adam Crowell

Adam Crowell is a licensed practicing attorney and nationally recognized compliance expert and speaker that regularly contributes on a variety of compliance and risk mitigation subjects. He brings to KPA over 21 years of legal experience and thought leadership for the development of strategic relationships and solutions for proactively avoiding claims, fines, and lawsuits.

More from this Author >

Back To Top