9 Regulations Dealers Need to Know

No one likes them, but they are part of life and they are not going anywhere. 

Regulations, whether on the federal level or the state level, can feel like a burdensome and painful ordeal for dealers, but not meeting those requirements and undergoing a compliance audit is far more painful. That is especially true if compliance violations result in fines, which can add up quickly and reach millions with just one repeated failure.

The only thing worse than the fines is the complete loss of trust you will have with many of your customers, and that is a lot more difficult to fix than the issues you may need to address in your handling of customer data and personal information.

So to help dealers, we have compiled nine important regulations that dealers need to know and be prepared to take action on to protect their dealership and their customers.  This is not an exhaustive list and there are other regulations you need to consider, especially at the state level. However, it is a good place to start.


1. Gramm-Leach-Bliley Act Privacy Rule

Known simply at the GLBA, this act set forth several regulations that need the attention of dealerships. The privacy rule requires dealers to ensure the privacy of their customers and protect the security and confidentiality of their personal data. The GBLA privacy rule set the standards for how dealers collect, store, and share a client’s personal and financial information. With the collection and transfer of financial information part of more than 90 percent of dealer transactions, dealers must be vigilant and take steps to ensure to develop secure data collection and management processes and ensure that customers understand how their data is being shared.


2. Gramm-Leach-Bliley Act Safeguards Rule

Under another GLBA regulation, the Federal Trade Commission (FTC) issues Standards for Safeguarding Customer Information. Under the latest rule revision, dealers are fully required to comply with the more stringent and specific Safeguards Rule by December 9, 2022. This applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services. There are many steps to comply with the GLBA Safeguards Rule like designating an Information Security Officer, developing customer data security program, conducting periodic risk assessments, vetting vendors for minimum security credentials and practices, and more. Read our guide for dealers to comply with the new Safeguards Rule.


3. California Consumer Protection Act (CCPA)

The CCPA is a state statute intended to enhance privacy rights and consumer protection for residents of California, but the impact goes far beyond state borders. A dealer who uses consumer lenders based in California – Sheffield, Synchrony, and many others – need to be aware of this regulation and its impacts. Additionally, the states across the country are considering regulations modeled after the CCPA. 


4. Disposal Rule 

Another regulation enforced by the FTC, the disposal rule requires companies that collect consumer financial and personal data to dispose of them in a secure format that ensures customer privacy. Proper disposal includes shredding papers, securely erasing digital records, and other methods depending on format. Because dealerships must also meet the GLBA Safeguards Rule, practices and processes for disposal of consumer information should be part of any information security program.


5. Equal Credit Opportunity Act 

The ECOA was enacted to help limit and combat discrimination in the lending industry. The regulations mandates that lenders and dealers cannot discriminate on the basis of race, color, gender, religion, national origin, age or because one’s income is derived from public assistance. This law also requires that dealers notify applicants of action taken on their applications, report credit history in the names of both spouses on an account, retain records of credit applications, and more.


6. Red Flags Rule 

Another regulation enforced by the FTC, this rule requires that dealers have a written Identity Theft Protection Plan (ITPP) designed to detect and protect against the common warning signs of identity theft. This includes checking for suspicious documents, reviewing unusual changes in a customer’s credit report or account activity, and more. Dealers must be proactive in protecting against identity fraud to comply with the Red Flags Rule. 


7. Form 8300

Dealers may deal with large cash payments when selling cars, and as such must comply with these federal reporting requirements. Your dealership must file a Form 8300 whenever a cash payment of over $10,000 is received. This form is used by the IRS and Financial Crimes Enforcement Network (FinCEN) in protecting against money laundering.


8. Office of Foreign Assets Control (OFAC)

The OFAC administers and enforces economic and trade sanctions against targeted countries and groups, especially groups involved with terrorism, drug trafficking, and other crimes. Dealers are expected to check customers’ names against the Specially Designated Nationals List, a list of people and groups targeted by the OFAC.


9. Occupational Safety and Health Administration (OSHA) 29 CFR 1910.38

Almost every business, including dealers, is required to have an Emergency Action Plan to “facilitate and organize employer and employee actions during workplace emergencies.” Your dealership must have a written document meeting the specified requirements to protect employees and comply with OSHA standards.


As noted before, this is not the entirety of the regulations that dealers need to consider. Specifically, there are also more regulations at the state level, and new ones being proposed pretty much every legislative cycle. To monitor rules and regulations, connect with your dealers’ association and track updates from dealer publications.


The Role of Technology in Compliance

In today’s world, technology is an integral and necessary part of modern compliance. While dealerships can create compliant processes without technology, it is an increasingly unsustainable approach. Besides, your clients and lender partners want processes that use innovation to make transactions faster and more efficient.

Moreover, when the right vendors and solutions are used, technology will create more repeatable processes that are more likely to be compliant. These more secure operations include:

  • Automating processes and workflows to minimize human error and the need for interaction.
  • Organizing data in line with the relevant regulatory frameworks.
  • Storing and managing data.
  • Streamlining reporting processes
  • Making systems more controllable and easier to monitor.

The reality is that it is increasingly difficult to meet compliance requirements and protect consumer information without the use of technology in your dealership’s operations.


How Trnsact Can Help

Trnsact provides the most secure and compliant credit application and financing platform available to the equipment and commercial trucking industries. Specifically designed for dealers, the Trnsact platform provides bank-grade security, certified data storage, consumer options to control data access, and robust reporting on application activity. 

Additionally, we can help you implement a single system that can address many of the compliance requirements and provide your team with a single platform and a single process to manage customer information.

Want to assess the state of your compliance? Schedule a time to meet with one of our experts.



Register for the  Webinar: Complying with Privacy & Financial Protection Regulations for Equipment Dealers


Topic: The regulatory landscape related to the management of customers’ personal and financial information is ever-changing at the federal and state levels. Heavy equipment and truck dealers must comply with mandates that could result in costly audits and hefty fines, including under new revisions to the Gramm-Leach-Bliley Act (GLBA) Privacy and Safeguards Rules and key state regulations. This webinar will explore these issues and address what dealers need to do to stay updated on regulatory and compliance issues.

When: October 20, 2022, 1 p.m. ET / 10 a.m. PT


  1. Michael Benoit, chairman, Hudson Cook LLP
  2. Panel of Subject Matter Experts (SMEs) from Hudson Cook
  3. Vijay Patil, COO, Trnsact

Trnsact is proud to organize and sponsor this live and interactive educational webinar featuring Hudson Cook and hosted by AED.

Register Now


Still, have questions about the DCR and compliance?  Call Chris Martin at  (714) 689-9562 or use his calendar to schedule a meeting.