Buy Here Pay Here Legal
Compliance Education for Used Car Dealers
BHPH Summit logo

Operate your Buy Here Pay Here dealership with confidence using practical legal compliance education designed for used car retailers. This page explains the essential federal and state rules that shape BHPH operations, from advertising and underwriting to collections, repossession, credit reporting, data security, and privacy. You will learn how to build a compliance management system, document fair and consistent decisions, and train your team to avoid costly mistakes. We outline clear steps for disclosures, adverse action notices, TCPA compliant communication, GLBA Safeguards, Red Flags, OFAC checks, and record retention. Whether you are launching in-house financing or scaling multiple rooftops, this resource helps you reduce risk, protect customers, and improve payment performance. Explore links to deeper training, templates, and audit readiness tools tailored to real dealership workflows and technology.

Get Registered Now!
SUMMIT REGISTRATION
Use this page to register members of your dealership ASAP!
ONLY $599 for First Registered Attendee
ONLY $299 For Each Addt'l Dealership Attendee
CAESARS ROOMS DISCOUNTED TO $189 a night
(Plus Resort Fee)
Vendors interested in attending the Summit please click here, submit your information and a member of our staff will contact you.

BHPH compliance is not only about avoiding fines. Done right, it builds trust, speeds funding decisions, strengthens collections, and protects your portfolio. Use the guidance below to align your policies, train staff, and implement a right-sized compliance management system. When you are ready for deeper dives, explore related resources across policy, collections, repossession, and audit readiness linked on this page.

2023 Conference Photo
2023 Conference Photo
2023 Conference Photo
2023 Conference Photo
Sales Techniques
Advanced Marketing Strategies
Underwriting Best Practices
Collections Management
Smart Inventory Control
Service & Reconditioning
Human Resources
AI Dealership Integration
... and much, much more!

What Buy Here Pay Here legal compliance really means

Buy Here Pay Here legal compliance education equips independent and used car dealers to meet federal and state requirements while running efficient, customer focused operations. A compliant process is built on clear policies, documented procedures, consistent training, and data driven oversight. The goal is to deliver fair outcomes, accurate disclosures, secure handling of consumer information, and collections practices that meet legal standards and maintain customer goodwill.

Dealers that invest in compliance see fewer disputes, stronger payment performance, and better staff confidence. Your customers benefit from transparent terms and respectful communication. Your business benefits from reduced regulatory exposure, fewer chargebacks or complaints, and more reliable portfolio cash flow.

Key regulations and topics every BHPH dealer should know

  • ECOA and Regulation B: fair lending, consistent underwriting, adverse action notices, and credit decision documentation.
  • FCRA and FACTA: permissible purpose, accurate credit reporting, dispute handling, and Red Flags identity theft prevention.
  • GLBA Privacy and Safeguards: privacy notices, data security program, vendor oversight, access controls, and incident response.
  • UDAAP and state UDAP laws: avoid unfair, deceptive, or abusive acts in advertising, deal structure, and collections.
  • TCPA and text compliance: prior express consent for autodialed or prerecorded calls and texts, opt outs, and contact windows.
  • SCRA and MLA: protections for active duty service members, repossession restrictions, and rate caps when applicable.
  • OFAC: screen applicants and co-buyers against sanctions lists before contracting and funding.
  • E-Sign and recordkeeping: valid e-consents, audit trails, and retention schedules that match state retail installment and repossession laws.
  • State retail installment sales acts: disclosures, caps on fees, grace periods, late fees, prepayment rules, and title handling.

Build a practical Compliance Management System

A right sized compliance management system organizes how your store prevents, detects, and corrects issues. Focus on four pillars: governance, policies and procedures, training, and monitoring.

  • Governance: designate a compliance owner, define roles, and brief leadership on risk and remediation timelines.
  • Policies and procedures: write concise process checklists for marketing, deal structure, underwriting, contracting, collections, and repossession.
  • Training: recurring modules with sign offs for sales, F&I, collections, and management tailored to state rules and your DMS workflow.
  • Monitoring and response: internal audits, complaint tracking, vendor reviews, and corrective action plans with due dates.

Deal flow controls that reduce risk

Map controls to each step from first touch to final payoff. Align with your DMS and payment systems so tasks are easy to follow and easy to verify.

  • Marketing: truthful pricing, representative payment examples, clear GPS or starter interrupt disclosures if used.
  • Application: collect permissible purpose, identity verification, consent to obtain credit, and TCPA text and call consents with timestamps.
  • Underwriting: consistent criteria, documented stip verifications, exception logging with reason codes, and OFAC checks prior to approval.
  • Adverse action: timely written notices for denied or counteroffer outcomes when credit is used to make the decision, with key factors and contact details.
  • Contracting: accurate itemization of amount financed, fees compliant with state caps, clear add on product terms, and delivery of privacy notices.
  • Funding and titling: verify signatures, VIN accuracy, power of attorney usage, lien placement, and title follow up dates in your DMS.

Collections, payment processing, and repossession

Collections is where policies meet real life. Align scripts, payment options, and repossession decisions with law and with your brand values.

  • TCPA consent: record and respect opt in and opt out status for texts and calls. Honor quiet hours and do not call flags. Keep an audit trail.
  • Convenience fees: only if permitted by law and by contract, disclose amounts, and use consistent application across accounts.
  • Late fees and grace periods: follow state limits, avoid pyramiding fees, and document exceptions approved by managers.
  • Repossession: confirm cure rights, pre repo notices where required, no breach of peace, personal property handling, and accurate post sale notices with deficiency calculation.
  • Bankruptcy and SCRA: immediate account flags, stay compliance, and restricted contact rules with documented legal guidance.

Data security and GLBA Safeguards in the dealership

Modern BHPH operations run on data. Your GLBA Safeguards program should include risk assessment, written policies, encryption at rest and in transit, multi factor authentication, least privilege access, disposal procedures, vendor contracts with security clauses, employee training, and incident response testing. Integrate privacy and security controls with your DMS, CRM, e-sign, text platform, and payment processor. Keep a data map so you know where customer information lives and how long it is retained.

Recordkeeping and audit readiness

Create a retention schedule that aligns to state retail installment, credit reporting, and repossession rules. Maintain logs for adverse actions, exceptions, complaints, and vendor reviews. Archive text and call consent records, payment histories, GPS disclosures, and repo notices. Use checklists and e-files so you can retrieve proof fast. Conduct periodic audits and document remediation plans with dates and owners. These habits reduce risk and speed responses to regulator or attorney inquiries.

Training your team for consistent outcomes

Match training to the roles in your store. Sales and F&I focus on disclosures, fair deal structure, and privacy notices. Underwriting focuses on verification, exceptions, and adverse action. Collections focuses on TCPA consent, complaint de-escalation, SCRA flags, and fee rules. Management oversees monitoring, vendor controls, and corrective actions. Keep training short, recurring, and integrated with your actual systems.

Explore targeted modules and playbooks to go deeper: buy-here-pay-here-compliance-best-practices, buy-here-pay-here-federal-compliance-education, buy-here-pay-here-state-compliance-training, used-car-dealer-regulatory-compliance-training, and dealer-compliance-best-practices.

Improve payment performance while staying compliant

Compliance and performance reinforce each other. Clear disclosures, respectful contact, and consistent policies build trust that encourages customers to engage when times are tough. Offer flexible, compliant payment channels such as portal, IVR, authorized text to pay with consent, and in person. Use reminders with proper TCPA consent and easy opt outs. Confirm that your payment processor and text vendor support audit exports and PCI aligned controls.

Strengthen your processes with resources like buy-here-pay-here-payment-processing-training, buy-here-pay-here-customer-communication-education, and buy-here-pay-here-collections-training.

Repossession and recovery the right way

When repossession becomes necessary, follow your state timeline and documentation rules to the letter. Verify right to cure, send any required notices, and avoid breach of peace or unfair practices. After the sale, provide a timely and accurate deficiency notice that includes sale details and calculation method. Maintain a chain of custody for personal property and document storage, notice attempts, and retrieval. Consider reinstatement or extension policies that are written and applied evenly to avoid fair lending risk. Training and checklists help keep every step consistent. Deepen your bench strength with buy-here-pay-here-repo-process-education and buy-here-pay-here-portfolio-recovery-education.

Vendor management and technology integration

Your DMS, CRM, credit bureaus, payment processors, and GPS providers extend your compliance footprint. Evaluate vendors for data security, uptime, exportability of audit trails, and support for consumer rights requests. Make sure contracts include security requirements, breach notification timelines, and roles for consumer dispute handling. Align technical settings with policy, such as text consent capture fields, dialer controls, and automated adverse action generation. For structured guidance, explore buy-here-pay-here-technology-integration-education.

Where to go next

Use the linked resources to strengthen one area at a time. Start with written policies and checklists, train your team, and audit quarterly. If you operate across multiple states, standardize a core process and bolt on state specific rules. For broader dealer education and updates, visit blog, dealer-education-resources, about-us, or connect via contact-us.

Helpful links

Frequently asked questions

ECOA and Reg B for fair lending and adverse action, FCRA for credit pulls and reporting, GLBA for privacy and Safeguards, TCPA for text and call consent, state retail installment rules for fees and disclosures, UDAP for marketing, and state repossession laws. OFAC screening also applies before contracting and funding.

Provide onboarding training for every role, then refresh at least annually. Add targeted refreshers when laws change, new products launch, vendors change, or audits reveal gaps. Keep sign in sheets or LMS completion logs and link modules to your written policies for easy audit proof.

The notice should include the creditor name, statement of action taken, the ECOA notice, contact details for the credit bureau if used, the key factors that adversely affected the decision, and the consumer reporting agency disclosure. Send within required timelines and keep proof of delivery and content.

Many states permit GPS or starter interrupt with clear, written disclosure and customer acknowledgment. Some states restrict use or require specific notices. Never use devices to create a breach of peace. Apply policies consistently, disclose any location monitoring, and follow all repossession and privacy rules.

Calling or texting without proper consent, charging prohibited convenience fees, inconsistent late fee application, ignoring SCRA or bankruptcy flags, missing required pre and post sale repo notices, and poor documentation. Strong scripts, consent tracking, and checklists prevent most issues.

Keep your written risk assessment, Safeguards program, vendor risk reviews, encryption and MFA controls, employee training logs, incident response plan and testing records, and board or owner oversight documentation. Show how you monitor and remediate security gaps on a defined schedule.
LATEST NEWS   |   Read More

BHPH United Summit logo
BHPH United was formed for the sole purpose of providing education and resources to Buy Here Pay Here dealers. BHPH United and its partners are excited and passionate about the Buy Here Pay Here industry and believe the best way to support it is through current, relevant, and comprehensive education.
2026 All Rights Reserved by
BHPH United
Login