19 Laws, Rules and Regulations That Can Cost You More Than Money

It’s no secret (or exaggeration); the topic of compliance is ridiculously huge. Auto dealers have so many different laws, rules and regulations to contend with, it’s easy to get confused. In fact, it’s almost impossible to not get confused when dealing with the sea of compliance headaches dealers must face today.

In an effort to alleviate some of the stress caused by trying to understand the compliance issues dealers must contend with, here are 19 laws, rules and regulations summarized (along with potential penalties for breaking them and helpful links to useful information). Mind you, this list is not all-encompassing and does not cover all compliance issues dealers face, and it is NOT LEGAL ADVICE. For legal advice, dealers should seek assistance from qualified legal counsel.

1. Americans with Disabilities Act (ADA)
The purpose of the ADA, which “prohibits the exclusion of people with disabilities from everyday activities,” is to provide “a clear and comprehensive national mandate for the elimination of discrimination” and “clear, strong, consistent, enforceable standards addressing discrimination.” It states that businesses that serve the public have to remove physical barriers when such removal is “readily achievable, which means easily accomplishable without much difficulty or expense.” The “readily achievable” obligation varies based on the “size and resources of the business,” meaning “larger businesses with more resources are expected to take a more active role in removing barriers than small businesses.” Additionally, the ADA acknowledges that fluctuations in economic conditions can dictate when a business removes barriers. When the resources are available, the business is expected to remove barriers, but if the resources aren’t available (i.e., profits are down), “barrier removal may be reduced or delayed.” [1]

Penalties for non-compliance: “The Department of Justice may file lawsuits in federal court to enforce the ADA, and courts may order compensatory damages and back pay to remedy discrimination if the Department prevails. Under title III, the Department of Justice may also obtain civil penalties of up to $55,000 for the first violation and $110,000 for any subsequent violation.” [2]

Helpful link(s)/Source(s):
1. http://www.ada.gov/smbusgd.pdf
2. http://www.ada.gov/enforce.htm


2. CAN-SPAM Act (Controlling the Assault of non-Solicited Pornography and Marketing Act)
“The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations … It covers all commercial messages, which the law defines as ‘any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,’ including email that promotes content on commercial websites.”

The CAN-SPAM Act includes seven main requirements:
1. Don’t use false or misleading header information.
2. Don’t use deceptive subject lines.
3. Identify the message as an ad.
4. Include your valid physical postal address.
5. Tell recipients how to opt out of receiving future email from you.
6. Honor opt-out requests promptly (within 10 business days).
7. Monitor what others are doing on your behalf.

Penalties for non-compliance: “Each separate email in violation of the law is subject to penalties of up to $16,000, and more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message may be legally responsible.”

Helpful link(s)/Source(s): 
www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm

3. Gramm-Leach-Bliley Act
“The Financial Modernization Act of 1999, also known as the ‘Gramm-Leach-Bliley Act’ or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.” [1]

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines. [2]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
2. http://www.liveoffice.com/regulations/gramm-leach-bliley.asp

A. Financial Privacy Rule
As a principal part of the Gramm-Leach-Bliley (GLB) Act, the Financial Privacy Rule (or Privacy Rule) revolves around protecting the privacy of consumer information and sets the standards for privacy notices, opt-out notices, and how nonpublic personal information can be used or disclosed. [1]

“The Privacy Rule applies to car dealers who:

• Extend credit to someone (for example, through a retail installment contract) in connection with the purchase of a car for personal, family, or household use;
• Arrange for someone to finance or lease a car for personal, family, or household use; or
• Provide financial advice or counseling to individuals.” [2]

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines. [3]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus53.shtm
2. http://www.ftc.gov/bcp/edu/pubs/business/autos/bus64.shtm
3. http://www.liveoffice.com/regulations/gramm-leach-bliley.asp
http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus67.shtm
http://www.ftc.gov/privacy/privacyinitiatives/financial_rule_bus.html

B. Safeguards Rule
The Safeguards Rule requires dealers to have a written security plan to protect the confidentiality and integrity of customer and employee data, such as names, Social Security numbers, and credit card or bank account information. As part the written security plan, “each company must:

• designate one or more employees to coordinate its information security program;
• identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks;
• design and implement a safeguards program, and regularly monitor and test it;
• select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee their handling of customer information; and
• evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.” [1]

Penalties for non-compliance: Civil penalties of up to $10,000 per violation for officers and directors personally liable, and for the financial institution liable, penalties of up to $100,000 per violation. Criminal penalties include imprisonment for up to five years and fines. [2]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus54.shtm
2. http://www.liveoffice.com/regulations/gramm-leach-bliley.asp
http://www.ftc.gov/privacy/privacyinitiatives/safeguards.html

C. Pretexting Provisions
The GLB Act outlines pretexting (“the use of false pretenses, including fraudulent statements and impersonation, to obtain consumers' personal financial information” [1]) provisions and clarifies that it’s illegal to:

• “use false, fictitious or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
• use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
• ask another person to get someone else’s customer information using false, fictitious or fraudulent statements or using false, fictitious or fraudulent documents or forged, counterfeit, lost, or stolen documents.” [2]

Penalties for non-compliance: Civil penalties of up to $11,000 per violation, as well as criminal penalties. [3]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/privacy/privacyinitiatives/pretexting.html
2. http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre10.shtm
3. http://www.ftc.gov/opa/2001/01/pretexting.shtm

4. Disposal Rule
The Disposal Rule “requires the proper disposal of information in consumer reports and records to protect against ‘unauthorized access to or use of the information.’” [1]] “Reasonable measures for disposing of consumer report information could include establishing and complying with policies to: burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed; or conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule.” [2]

Penalties for non-compliance: “In some cases, consumers may be entitled to recover their actual damages sustained … which, in the case of identity theft, could be very large. In other cases, consumers may be able to recover statutory damages of up to $1,000 for each consumer affected by a violation of the rule. … Where large numbers of consumers are affected, they may be able to bring class actions seeking potentially massive statutory damages … Courts are also authorized to award punitive damages in either an individual suit or a class action. Finally, a successful plaintiff, or class of plaintiffs, may recover reasonable attorneys' fees. … In some cases, the government may bring an action in federal district court for up to $2,500 in penalties for each independent violation of the rule … The states are also authorized to bring actions on behalf of their residents and, in appropriate cases, may recover up to $1,000 for each willful or negligent violation of the rule … As with private lawsuits, moreover, the state may recover its attorneys' fees if successful in such an action.” [3]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt152.shtm
2. http://www.ftc.gov/opa/2005/06/disposal.shtm
3. http://piranhashred.com/facta.asp

5. Magnuson - Moss Warranty Act
The Magnuson - Moss Warranty Act "requires manufacturers and sellers of consumer products to provide consumers with detailed information about warranty coverage.” [1] The Act establishes “three basic requirements that may apply to you, either as a warrantor or a seller.

A. As a warrantor, you must designate, or title, your written warranty as either ‘full’ or ‘limited.’
B. As a warrantor, you must state certain specified information about the coverage of your warranty in a single, clear, and easy-to-read document.
C. As a warrantor or a seller, you must ensure that warranties are available where your warranted consumer products are sold so that consumers can read them before buying.” [1]

Penalties for non-compliance: “The Act allows warranties to include a provision that requires customers to try to resolve warranty disputes by means of the informal dispute resolution mechanism before going to court. … Most Magnuson-Moss lawsuits are brought in state court. However, major cases involving many consumers can be brought in federal court as class action suits under the Act.” [1]

“If a consumer finally prevails … he may be allowed by the court to recover as part of the judgment a sum equal to the aggregate amount of cost and expenses (including attorneys’ fees based on actual time expended).” [2]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/edu/pubs/business/adv/bus01.shtm
2. http://www.law.cornell.edu/uscode/15/usc_sec_15_00002310----000-.html

6. Used-Car Rule
The Used Car Rule “requires clear disclosure through a window sticker, called the ‘Buyers Guide,’ of any warranty coverage and the terms and conditions of any dealer-offered warranty, including the duration of warranty coverage and the percentage of total repair costs that the dealer will pay. The Rule also requires certain additional disclosures on the Buyers Guide, including: a suggestion that consumers ask the dealer if a pre-purchase inspection is permitted; a warning against reliance on spoken promises that are not confirmed in writing; and a list of the fourteen major systems of an automobile and defects that can occur in these systems.

In addition, the Rule provides that the Buyers Guide disclosures are incorporated into the sales contract. … The Rule also requires dealers to give a copy of the Buyers Guide reflecting the final warranty terms to the purchaser.

When the used car transaction is conducted in Spanish, the Rule requires that the dealer display a Spanish-language version of the Buyers Guide on the vehicle prior to offering the vehicle for sale.” [1]

Penalties for non-compliance: “Dealers who violate the Used Car Rule may be subject to penalties of up to $16,000 per violation in FTC enforcement actions.” [2]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/guides/usedcar-comply.shtm
2. http://www.ftc.gov/bcp/edu/pubs/business/autos/bus13.shtm

7. Regulation M
Regulation M was “issued by the Board of Governors of the Federal Reserve System to implement the consumer leasing provisions of the Truth in Lending Act.” The three purposes of Regulation M are:

“(1) To ensure that lessees of personal property receive meaningful disclosures that enable them to compare lease terms with other leases and, where appropriate, with credit transactions;
(2)  To limit the amount of balloon payments in consumer lease transactions; and
(3)  To provide for the accurate disclosure of lease terms in advertising.” [1]

Penalties for non-compliance: As a part of the Truth in Lending Act, criminal liability for willful and knowing violation is a maximum fine of $5,000 and/or maximum imprisonment of one year. [2]

Helpful link(s)/Source(s):
1. http://www.fdic.gov/regulations/laws/rules/6500-2000.html#fdic65002132
2. http://www.fdic.gov/regulations/laws/rules/6500-200.html
http://ftc.gov/bcp/edu/pubs/business/adv/bus18.shtm

8. Regulation Z
“The Truth in Lending Act is intended to ensure that credit terms are disclosed in a meaningful way so that consumers can compare credit terms more readily and more knowledgeably. Before its enactment, consumers were faced with a vast array of credit terms and rates. It was difficult to compare loans because the terms and rates were seldom presented in the same format. Now, all creditors must use the same credit terminology and expressions of rates.” [1]

Certain disclosures must be presented to consumers clearly and conspicuously in writing and in a form they can keep. Some of the disclosures include:

• The identity of the creditor making the disclosures
• The amount financed (using that term)
• A separate written itemization of the amount financed
• The finance charge (using that term)
• The annual percentage rate (using that term)
• A payment schedule, including the number of payments, amounts, and timing of payments scheduled
• The total of payments (using that term) [2]

Penalties for non-compliance:
As a part of Truth in Lending, criminal liability for willful and knowing violation is a maximum fine of $5,000 and/or maximum imprisonment of one year. [3]

Helpful link(s)/Source(s):
1. http://www.federalreserve.gov/boarddocs/supmanual/cch/200601/til.pdf
2. http://www.fdic.gov/regulations/laws/rules/6500-1700.html#fdic650022618
3. http://www.fdic.gov/regulations/laws/rules/6500-200.html#fdic6500105

9. Equal Credit Opportunity Act
“The purpose of this regulation is to promote the availability of credit to all creditworthy applicants without regard to race, color, religion, national origin, sex, marital status, or age (provided the applicant has the capacity to contract); to the fact that all or part of the applicant's income derives from a public assistance program; or to the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The regulation prohibits creditor practices that discriminate on the basis of any of these factors. The regulation also requires creditors to notify applicants of action taken on their applications; to report credit history in the names of both spouses on an account; to retain records of credit applications; to collect information about the applicant's race and other personal characteristics in applications for certain dwelling-related loans; and to provide applicants with copies of appraisal reports used in connection with credit transactions.”

Penalties for non-compliance: “Any creditor that fails to comply with a requirement imposed by the Act or this regulation is subject to civil liability for actual and punitive damages in individual or class actions … Liability for punitive damages can apply only to nongovernmental entities and is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the creditor's net worth in class actions … provides for equitable and declaratory relief and … authorizes the awarding of costs and reasonable attorney's fees.”

Helpful link(s)/Source(s):
http://www.fdic.gov/regulations/laws/rules/6500-2900.html#fdic6500part202regb

10. Fair Credit Reporting Act
“The Fair Credit Reporting Act (FCRA) is designed to protect the privacy of credit report information and to guarantee that information supplied by consumer reporting agencies (CRAs) is as accurate as possible. … If you report information about consumers to a CRA, you are considered a "furnisher" of information under the FCRA. … The responsibilities of information providers” include:

• Providing accurate information
• Correcting and updating information
• Taking the appropriate steps after receiving a notice of a consumer dispute from a consumer
• Taking the appropriate steps after receiving notice of a consumer dispute from a CRA
• Reporting voluntary account closings
• Properly reporting delinquencies [1]

Penalties for non-compliance: The civil penalties for noncompliance include paying up to $1,000 in damages to the consumer. If the consumer incurred actual damages as a result of non-compliance, the non-compliant party is liable for the amount of the actual damages. The non-compliant party is also liable for any punitive damages and attorney fees as determined by the court. If the FTC takes civil action, the fine is a maximum of $2,500 per violation.

As for the potential of jail time, “Any person who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses [or] any officer or employee of a consumer reporting agency who knowingly and willfully provides information concerning an individual from the agency's files to a person not authorized to receive that information shall be fined under title 18, United States Code, imprisoned for not more than 2 years, or both.”[2]

Helpful link(s)/Source(s):
1. http://www.ftc.gov/bcp/edu/pubs/business/credit/bus33.shtm
2. http://www.ftc.gov/os/statutes/fcradoc.pdf

11. Adverse Action Notices
“Adverse action is defined in the ECOA as ‘a refusal to grant credit in substantially the amount or on substantially the terms requested,’ and the FCRA incorporates that same definition when applied to a credit transaction. The difference with the application of the FCRA’s requirements is that the denial of credit is based upon information in a report from a credit reporting agency (CRA) or information obtained from a third party other than a CRA. … It’s also important to remember that adverse action includes more than just a simple denial of credit. If the creditor makes a counteroffer to extend credit under different terms or in a different amount than what was requested … that is also adverse action.” [1]

If adverse action is taken, notices (including the action taken, an ECOA notice, and statement of specific reasons as to why adverse action was taken) in writing must be sent within 30 days in most cases. [2]

Penalties for non-compliance: “Liability for punitive damages … is limited to $10,000 in individual actions and the lesser of $500,000 or 1 percent of the creditor's net worth in class actions. … Civil action … may be brought in the appropriate United States district court without regard to the amount in controversy or in any other court of competent jurisdiction within two years after the date of the occurrence of the violation, or within one year after the commencement of an administrative enforcement proceeding or of a civil action brought by the Attorney General of the United States within two years after the alleged violation.” [2]

Helpful link(s)/Source(s):
1.
2. http://www.fdic.gov/regulations/laws/rules/6500-2900.html#fdic6500part202regb

12. Credit Practices Rule
The Credit Practices Rule includes “three major provisions. First, it prohibits creditors from using certain contract provisions that the Federal Trade Commission found to be unfair to consumers. … Second, the Rule requires creditors to advise consumers who cosign obligations about their potential liability if the other person fails to pay. Third, the Rule prohibits late charges in some situations.”

Penalties for non-compliance: “The Federal Trade Commission can sue violators of the Credit Practices Rule in federal court. The court can impose civil penalties of up to $10,000 for each violation and can issue an order prohibiting further violations.”

Helpful link(s)/Source(s):
http://www.ftc.gov/bcp/edu/pubs/business/credit/bus04.shtm#WhattheRuleRequires

13. Federal Advertising Laws/Truth-in-Advertising
The FTC cites three major rules in truth-in-advertising:

1. Advertising must be truthful and non-deceptive. Advertisements must tell the “whole truth, not a half-truth or a slighted version to make an ad look more appealing.” When trigger terms are used in ads about leasing and financing, certain disclaimers must be made.
2. Advertisers must have evidence to back up their claims. For both express and implied claims, the burden of proof of those claims lies on the dealer.
3. Advertisements cannot be unfair. For an advertisement to be considered unfair, it must substantially injure customers, violate established public policy, and be unethical or unscrupulous.

Penalties for non-compliance: Civil penalties can range from thousands of dollars to millions of dollars, depending on the nature of the violation. The FTC can also impose cease-and-desist orders for the deceptive ads and require corrective advertising to correct the deceit communicated in the original ad. [1]

Helpful link(s)/Source(s):
1.
http://www.ftc.gov/bcp/edu/pubs/business/adv/bus35.pdf

14. Red Flags Rule
“The new regulation requires each financial institution or creditor – and the rule specifically includes automobile dealers in its definition of ‘creditor’ – to have ‘a written Identity Theft Prevention Program (ITPP) that is designed to detect, prevent, and mitigate identity theft’ in place. … A dealership’s program must accomplish four primary objectives: identify red flags applicable to the dealership’s accounts and incorporate them into its program, detect those identified red flags, respond appropriately to any detected red flags, and ensure the program is periodically updated to reflect changes in identity theft risks.” [1]

Penalties for non-compliance: “The FTC can seek both monetary civil penalties and injunctive relief for violations of the Red Flags Rule. … Currently, the law sets $3,500 as the maximum civil penalty per violation. … Injunctive relief in cases like this often requires the parties being sued to comply with the law in the future, as well as provide reports, retain documents, and take other steps to ensure compliance with both the Rule and the court order.” [2]

Helpful link(s)/Source(s):
1.
2. http://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm

15. Telemarketing Sales Rule
The Telemarketing Sales Rule (TSR) regulates telemarketing, which is defined as “a plan, program, or campaign . . . to induce the purchase of goods or services or a charitable contribution.”

Among other things, the TSR:
• prohibits calling consumers on the National Do Not Call Registry
• requires disclosures of specific information
• prohibits misrepresentations
• limits when telemarketers may call consumers
• requires transmission of Caller ID information
• prohibits abandoned outbound calls (“Abandoned calls often result from the telemarketers’ use of predictive dialers … An outbound telephone call is ‘abandoned’” if a sales representative isn’t connected to the call “within two seconds of the person’s completed greeting.”), subject to a safe harbor
• prohibits unauthorized billing
• sets payment restrictions for the sale of certain goods and services
• requires that specific business records be kept for two years
• prohibits making outbound telemarketing calls outside the hours of 8 a.m. and 9 p.m.
• prohibits the use of prerecorded messages unless the customers has given written consent

Penalties for non-compliance: Violating the TSR can lead to civil penalties of $16,000 per violation.

Helpful link(s)/Source(s):
http://www.ftc.gov/bcp/edu/pubs/business/marketing/bus27.shtm

16. Do Not Call Rule
“The National Do Not Call Registry is a list of phone numbers from consumers who have indicated their preference to limit the telemarketing calls they receive … The FTC’s decision to create the National Do Not Call Registry was the culmination of a comprehensive, three-year review of the Telemarketing Sales Rule, as well as the FTC’s extensive experience enforcing the Rule in the previous seven years.”

Penalties for non-compliance: Telemarketers that violate the Do-Not-Call Rule may be subject to a fine of up to $16,000 per violation.

Helpful link(s)/Source(s):
http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt129.shtm#compliance

17. Fuel Economy Advertising for New Automobiles
When advertising the fuel economy of new vehicles, if the advertisement lists both city and highway fuel economies, they must be labeled with “estimated city mpg” and “estimated highway mpg.” If only the city or highway estimate is included in the ad, it must have the corresponding “estimated city mpg” and “estimated highway mpg” label, meaning you can’t list the highway mileage in a way that might make customers believe it’s the vehicle’s city mileage. Also, the estimates provided must match the exact make/model advertised. For example, you can’t advertise a Toyota Camry with the estimates of a Toyota Camry Hybrid. [1]

Penalties for non-compliance:
Civil penalties can range from thousands of dollars to millions of dollars, depending on the nature of the violation. The FTC can also impose cease-and-desist orders for the deceptive ads and require advertising to correct the deceit communicated in the original ad. [2]

Helpful link(s)/Source(s):
1. http://edocket.access.gpo.gov/cfr_2003/16cfr259.2.htm
2.

18. Form 8300 and Reporting Cash Payments of Over $10,000
You must file Form 8300 to report cash payments of “over $10,000 received in a trade or business, if your business receives more than $10,000 in cash from one buyer as a result of a single transaction or two or more related transactions. … If you are required to file Form 8300 for a transaction, you must do so by the 15th day after the date the cash transaction occurs.”

The information in Form 8300 is considered valuable by the IRS and Financial Crimes Enforcement Network (FinCEN) “in their efforts to combat money laundering.” The IRS states that “this is an important effort, since money laundering is a tool that assists many individuals who participate in various criminal activities, ranging from tax evasion to terrorist financing to drug dealing, to hide the proceeds from their illegal activities.” [1]

Penalties for non-compliance: “If you willfully fail to file Form 8300, you can be fined up to $250,000 ($500,000 for corporations) or sentenced to up to 5 years in prison, or both.” [2]

Helpful link(s)/Source(s):
1. http://www.irs.gov/businesses/small/article/0,,id=148857,00.html
2. http://www.irs.gov/pub/irs-pdf/p1544.pdf

19. Office of Foreign Assets Control (OFAC)
The Office of Foreign Assets Control (OFAC) requires you check your customers’ names against the Specially Designated Nationals List (SDN List)—a “list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.” [1]

Penalties for non-compliance: “The penalties for failing to comply with OFAC’s requirements are very, very harsh, indeed – including 30 years in jail, fines up to $10 million against corporations, $5 million against individuals and civil penalties of up to $1 million per incident.” [2]

Helpful link(s)/Source(s):
1. http://www.treas.gov/offices/enforcement/ofac/faq/
2.