How to Steer Clear of 7 Common Compliance Potholes

Avoid the costly damage that hitting these compliance obstacles can cause

If you drive in a big city where road construction is like a fifth season or where winters are brutal, you know the skill required to navigate congested and furious traffic as you watch for—and dodge—road-surface potholes and hazards.

So next time you think you have smooth driving ahead in terms of your dealership operations, pull over for three minutes and review these common compliance potholes dealers often miss while running their business.

In no particular order, here are seven easy-to-miss compliance potholes to watch for and avoid:

1. Spanish-language documents

Be sure you know what your state requires. California, Texas, Nevada, and a few others require customers to be provided a copy of the contract they sign in the language in which it was negotiated. Other states, like Illinois, require a disclosure to be signed by the customer when the agreement is negotiated in a language other than English.

As precaution, provide a Spanish copy of the contract where the deal is negotiated primarily in Spanish. The Federal Trade Commission (FTC) requires the Used Car Buyers Guide to be posted on the vehicle in Spanish before you negotiate a used car transaction in Spanish.

The Spanish-speaking customer must also be provided a copy of the Spanish Buyers Guide.

2. Adverse action notices

The Equal Credit Opportunity Act (ECOA) requires creditors who take adverse action on consumer credit applications to provide a statement of reasons for the adverse action. Adverse action notices need be sent to anyone applying for credit who is denied, or when the terms differ from what was requested.

Usually the bank with which the dealership has pursued financing for the customer will produce and distribute this notice. In cases where the dealer makes the credit decision or denies credit without shopping the application to a bank or finance company, the dealer must take the action.

3. Police Book or Wash Out system

A hardbound Police Book or Wash Out software system is required by state DMVs for dealers to note vehicle bought-sold records. Recordkeeping requirements differ by state, so consult your association or DMV.

The Police Book or software-based system must track new and used vehicles, essential parts, rebuilt vehicles, and junked vehicles. Their inspection is subject to law enforcement and DMV investigators at any time.


The Office of Foreign Asset Control (OFAC) is a simple rule that requires the dealer to match the name of any purchaser, individual or corporate, against the Specially Designated Nationals (SDN) list.

The SDN is a list of known people and organizations businesses are forbidden to transact with. The people and groups on this list are considered either money launderers, drug dealers, or terrorists.

5. OSHA 300 logs

Under an Occupational Safety and Health Administration (OSHA) recordkeeping regulation, certain types of employers must prepare and maintain records of serious occupational injuries and illnesses using the OSHA 300 log.

This information is important for employers, workers, and OSHA in evaluating the safety of a workplace, understanding industry dangers, and implementing worker protections to reduce and eliminate hazards.

As of January 2015, new and used car dealers have had to maintain and keep OSHA 300 logs and post them. Should OSHA show up at your door, this log is likely the first document it will request—and your first opportunity to demonstrate your commitment to regulatory compliance and employee safety.

6. Lift maintenance

Have your dealership’s service and body shop lifts inspected annually. Inspections should include the hydraulic system, valves, hoses, cables, chains, pins, spindles, electrical system, ramps, runway stops, locks, and safety features.

Compile and properly maintain all lift maintenance records. An unbiased third party typically performs superior inspections and identifies actual and potential areas of concern. These can then be corrected as necessary, meaning lifts will be in good working order should OSHA suddenly stop by.

A good place to start is to review the lifts’ maintenance documents. The next logical step is to commission your own inspection. A qualified individual with extensive knowledge of all the various kinds of lifts and their manufacturers should conduct these inspections.

Lift operators should receive refresher maintenance and safety training. People who operate lifts must be trained on the specific lift they use. Keep records of all training, too.

7. NPI security

Managing nonpublic information (NPI) records is mandated by the FTC and the Gramm-Leach-Bliley Act (GLBA) or Privacy Rule. This information includes data you collect for customer transactions for work orders, service invoices, parts invoices, and other common dealership documents—anything upon which nonpublic customer information appears.

You must safeguard this data by securing it from public view and access. When this is not done in compliance with the GLBA, you enable anyone with a camera-equipped smartphone to capture NPI data that can put your business and its customers at risk.

By taking the time to check the route of your dealership’s business operations, you can avoid these potentially costly and damaging compliance potholes.

A former auto dealer and operator, Terry Dortch is president of Automotive Compliance Consultants, Inc., providing dealerships with complete compliance solutions. Reach him at

Terry Dortch


No comments!

There are no comments yet, but you can be first to comment this article.

Leave reply