CFPB Regulations Every Auto Dealer F&I Manager Should Know

Introduction

F&I managers operate at one of the most legally exposed positions in any dealership. Every day, they sit at the intersection of consumer lending, insurance product sales, and federal regulation — a combination that creates real compliance risk. A single misstep in credit application handling, product disclosure, or pricing consistency can trigger enforcement actions from the Federal Trade Commission (FTC), state attorneys general, or private class-action lawsuits.

Recent shifts in CFPB enforcement priorities haven't reduced that risk — they've redirected it to new channels. This post covers what every F&I manager needs to know:

  • The key regulatory bodies and federal laws governing F&I operations
  • How CFPB oversight reaches dealerships indirectly
  • Practical compliance strategies to protect your dealership

TLDR

  • CFPB rules reach F&I through lender relationships and FTC referrals, even without direct dealer authority
  • ECOA, FCRA, TILA, and GLBA apply directly to F&I transactions — violations carry serious penalties
  • Aftermarket products and dealer markup are high-risk areas that demand transparent, uniform pricing
  • State regulators are stepping up F&I oversight as federal CFPB enforcement pulls back
  • Reduced federal activity doesn't mean reduced risk — private lawsuits and FTC enforcement remain active

Does the CFPB Directly Regulate Auto Dealerships?

The Dodd-Frank Exemption

Most auto dealers are exempt from direct CFPB supervision under Section 1029(a) of the Dodd-Frank Act. This exemption covers franchise dealers and most independent dealers "predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both." Congress included this carve-out to maintain the existing regulatory framework where the FTC oversees dealer practices.

How the CFPB Reaches F&I Operations Indirectly

Even without direct authority, the CFPB significantly influences F&I operations through its oversight of the lenders dealerships partner with. All three lender types fall under CFPB supervision:

  • Banks and national financial institutions
  • Credit unions offering indirect auto financing
  • Captive finance companies tied to manufacturer brands

When the CFPB issues guidance to these lenders — particularly around dealer reserve and fair lending — those requirements flow downstream and affect how dealers structure their F&I programs.

In 2013, the CFPB issued guidance to indirect auto lenders urging them to monitor and limit dealer markup discretion to prevent fair lending violations. Many lenders responded by implementing rate cap policies that directly constrained F&I manager compensation structures.

Congress rescinded that specific guidance in 2018 under the Congressional Review Act. The underlying ECOA statute, however, remains in full force — and lenders continue to enforce their own rate caps to manage legal risk.

The BHPH Exception

Buy-here-pay-here (BHPH) dealers who regularly extend credit directly to consumers are not exempt under Section 1029(b) and fall under direct CFPB authority. For this dealer segment, compliance with CFPB regulations is mandatory and carries the same enforcement risk as any other consumer finance company.

For dealers outside CFPB jurisdiction, the FTC fills that gap. It retains parallel enforcement authority over exempt dealers and actively exercises it through consent orders, civil penalties, and public warning letters — meaning no dealer segment operates in a true regulatory blind spot.

Key Federal Regulations Every F&I Manager Must Know

Equal Credit Opportunity Act (ECOA)

ECOA (15 U.S.C. 1691 et seq.) prohibits creditors from discriminating against credit applicants based on race, color, religion, national origin, sex, marital status, or age. For F&I managers, this means:

  • Inconsistent dealer reserve or markup across demographic groups can trigger ECOA violations, even without intent to discriminate
  • Indirect auto lenders who allow dealer discretion on rate markups are legally responsible under ECOA for ensuring pricing policies don't result in disparate impact
  • Dealers must implement uniform rate cap policies and document decision-making to demonstrate compliance

Key Enforcement Actions:

Action Year Penalty Impact
CFPB/DOJ v. Ally Financial 2013 $98M ($80M restitution + $18M civil penalties) Affected 235,000+ minority borrowers who paid higher rates due to discriminatory dealer markup
DOJ/CFPB v. Toyota Motor Credit 2016 $21.9M Required Toyota to cap dealer markups at 1.25 percentage points (loans ≤60 months) and 1 percentage point (loans >60 months)

ECOA enforcement actions Ally Financial and Toyota Motor Credit penalties comparison

These landmark cases established that statistical disparities in dealer markup — even absent proof of intentional discrimination — constitute ECOA violations.

Fair Credit Reporting Act (FCRA)

FCRA (15 U.S.C. 1681b) governs when F&I managers may legally pull a consumer's credit report. Permissible purposes require:

  1. The consumer has initiated a credit transaction
  2. There is a legitimate business need connected to that transaction

What this means in practice:

  • Never pull credit during a test drive or casual browsing conversation. The FTC explicitly warns dealers that pulling credit reports for window shopping or to gain negotiating advantage violates FCRA
  • Obtain written authorization before pulling credit if a formal transaction hasn't been initiated
  • Penalties reach $4,983 per violation in FTC enforcement actions, plus potential private lawsuits with statutory damages of $100–$1,000 per willful violation

Best practices:

  • Use standardized written authorization forms
  • Train all sales and F&I staff on permissible credit pull scenarios
  • Document the consumer's intent to apply for financing before running credit

Truth in Lending Act (TILA)

TILA requires clear, standardized disclosure of all loan terms in every finance transaction. F&I managers must provide accurate disclosure of:

  • Annual Percentage Rate (APR)
  • Finance charge
  • Amount financed
  • Total of payments
  • Payment schedule

Penalties for TILA violations:

Violation Type Statutory Damages
Individual action (closed-end credit, including RISCs) Twice the finance charge, minimum $200, maximum $2,000
Class action Lesser of $500,000 or 1% of creditor's net worth
All actions Plus actual damages and attorney's fees

F&I managers who bury fees or misrepresent APR face serious financial exposure. The TILA disclosure statement must be provided before consummation of the credit transaction, and all terms must be presented clearly without deceptive omissions.

Gramm-Leach-Bliley Act (GLBA)

Dealerships that finance, facilitate financing, or lease vehicles for longer than 90 days are classified as "financial institutions" under GLBA. This triggers two major compliance obligations:

Privacy Rule: Requires disclosure of what customer data is collected and how it's shared with third parties.

Safeguards Rule: Requires a written information security program covering the full lifecycle of customer data.

The FTC updated the Safeguards Rule with amendments effective June 9, 2023. Key requirements include:

  • Designated Qualified Individual to oversee information security
  • Written risk assessment identifying threats to customer information
  • Encryption of customer data at rest and in transit
  • Multi-factor authentication (MFA) for all information system access
  • Continuous monitoring, or annual penetration testing plus semi-annual vulnerability assessments
  • Personnel security awareness training and service provider oversight with contractual safeguards
  • Written incident response plan with annual reporting to the governing body
  • Breach notification to the FTC within 30 days if a breach exposes unencrypted data of 500+ consumers

FTC Safeguards Rule eight key compliance requirements for auto dealerships infographic

FTC Used Car Rule / Buyer's Guide

Any dealer selling more than five used vehicles in a 12-month period must comply with the FTC Used Car Rule. Requirements include:

  • Display the FTC Buyer's Guide prominently in each used vehicle
  • Provide a copy to the buyer at time of sale
  • Disclose whether the vehicle is sold "as is" or with warranty
  • List what percentage of repair costs the dealer will pay under warranty
  • Direct consumers to ftc.gov/usedcars for vehicle history and safety recall information
  • Provide Spanish-language Buyer's Guide if sale conducted in Spanish

Penalties: Up to $53,088 per violation (as of January 2025).

UDAP (Unfair or Deceptive Acts or Practices)

UDAP is the foundational law underlying most dealer enforcement actions — by the FTC, state attorneys general, and private plaintiffs. Section 5 of the FTC Act declares unfair or deceptive acts or practices unlawful.

Legal standard for deception:

  1. A representation, omission, or practice likely to mislead consumers acting reasonably
  2. The representation is material (likely to affect the consumer's decision)

Legal standard for unfairness: An act or practice that causes substantial injury to consumers, not reasonably avoidable, and not outweighed by benefits.

UDAP violations do not require intent to deceive. The standard is objective: whether the practice has the tendency to mislead.

Common F&I behaviors that trigger UDAP claims:

  • Payment packing: Inflating monthly payments to embed undisclosed add-on costs
  • Misrepresenting optional products as required: Falsely telling consumers that GAP, service contracts, or protective coatings are mandatory for financing approval
  • Burying add-ons in contracts: Charging for products without disclosure or consent
  • Inconsistent fee disclosure: Varying fees or product prices between customers without documented justification
  • Phantom products: Charging for add-ons never actually installed

Where the CFPB Focuses in the F&I Office

Dealer Markup and Discretionary Pricing

The CFPB historically focused on dealer reserve — the practice of marking up the lender's buy rate and retaining the difference as compensation. In March 2013, the CFPB issued Bulletin 2013-01 to indirect auto lenders, warning that discretionary markup policies posed fair lending risk because they resulted in statistically significant pricing disparities by race and national origin.

The bulletin recommended lenders either eliminate dealer markup discretion entirely or implement strong compliance systems to monitor and correct disparities. Although Congress rescinded the bulletin in May 2018, the underlying ECOA statute remains fully enforceable, and lenders continue to impose rate cap policies to protect themselves from liability.

Practical impact for F&I managers:

  • Many lenders now cap dealer markup at 1-2 percentage points
  • F&I compensation structures have shifted away from discretionary reserve toward flat fees or product-based commissions
  • Documentation of pricing decisions is critical to defend against fair lending claims

Aftermarket Product Sales and Add-On Packing

Aftermarket products — vehicle service contracts (VSCs), GAP, credit life, disability insurance, tire and wheel protection — remain a high-risk compliance area. The CFPB and FTC flag these products for deceptive sales practices.

Compliance requirements:

  • Disclose each product separately from the vehicle sale
  • Make clear that purchase is voluntary
  • Confirm products are not required for financing approval
  • Obtain express, informed consent before charging
  • Price products uniformly across all customers

What "packing" looks like: An F&I manager quotes a monthly payment that includes undisclosed add-ons, then presents the payment as if it reflects only the vehicle price and financing. When the customer agrees to the payment, the manager has already embedded GAP, VSC, and other products without separate disclosure or consent.

This practice triggers both CFPB referrals and FTC enforcement action. Consistent, uniform pricing for each product type across all customers is a key defense against discriminatory packing claims.

Fair Lending Monitoring

The CFPB and Department of Justice continue to scrutinize auto lending for fair lending violations. They focus on whether similarly situated buyers of different demographic groups receive materially different financing terms.

What F&I managers should know:

  • Lender partners are monitored for dealer-level lending patterns
  • Disparate impact — even without intent — can result in enforcement action against the lender that flows back to the dealer
  • Statistical analysis of pricing by protected class is a standard enforcement tool
  • Documentation of legitimate, non-discriminatory reasons for pricing differences is essential

Consumer Complaint Data

The CFPB collects consumer complaints about auto loans and F&I products in its public Consumer Complaint Database. According to the CFPB's Consumer Response Annual Report (January-December 2025):

  • Approximately 28,500 vehicle loan or lease complaints were logged in 2025
  • Vehicle loan complaints increased 56% year-over-year
  • Vehicle lease complaints increased 62%
  • Repossession complaints surged 124% — the most common category

Most common complaint issues:

  1. Repossession without notice despite payment arrangements
  2. Managing the loan or lease
  3. Credit reporting errors
  4. Delayed title/lien releases after payoff
  5. Rushed closing with undisclosed terms
  6. Forced purchase of add-ons

Complaint patterns can trigger regulatory examination of lenders and, by referral, the dealerships involved.

CFPB Referrals to the FTC

Because the CFPB lacks direct authority over most dealers, those complaint referrals go to the FTC or state attorneys general. That handoff doesn't reduce risk — FTC enforcement actions have resulted in multi-million-dollar penalties against dealership groups.

Notable FTC enforcement actions:

Action Date Penalty/Relief Key Violations
FTC + Illinois v. Leader Automotive Group December 2024 $20M consumer refunds Unauthorized add-ons, mandatory add-on misrepresentation, phantom products, bogus reconditioning fees (80%+ of customers affected)
FTC + Maryland AG v. Lindsay Auto Group April 2026 $3.1M civil penalty + $75M+ consumer refunds Bait-and-switch pricing, forced dealer financing, unauthorized add-ons, rebate deception, undisclosed total price
FTC Warning Letters to 97 Auto Groups March 2026 Warning letters (enforcement pending) Hidden fees, hidden down payments, financing contingencies, forced add-ons, bait-and-switch

Notable FTC auto dealership enforcement actions penalties and key violations timeline

These actions demonstrate that FTC enforcement remains aggressive and targets the same F&I practices the CFPB would address if it had direct authority.

Why the CFPB Pullback Doesn't Mean Less Risk

State Regulators Are Intensifying Oversight

While the current administration has reduced CFPB enforcement activity, state regulators are actively filling the gap with their own F&I compliance requirements.

States with new or proposed auto dealer F&I regulations (2024-2026):

State Action Status/Effective Date
California SB 766 (California CARS Act) — Bans misrepresentations, requires clear F&I disclosures, prohibits "valueless" add-ons, 3-day right to cancel for used vehicles, 2-year record retention Effective October 1, 2026
New York A5225 / S6543 — Requires dealers to disclose financing markups at time of sale; penalties include DMV registration suspension/revocation Introduced February 2025
Pennsylvania Automotive Industry Trade Practices amendments — Updates definition of "advertisement" to include online, requires written disclosure of vehicle conditions Effective August 2024
Massachusetts 940 CMR 38.04 — Declares failure to disclose "total price" (including all mandatory fees and ancillary products) an unfair practice Issued March 2025

State auto dealer F&I regulations map showing California New York Pennsylvania Massachusetts actions

At least 19 states and the District of Columbia are now active in auto dealer consumer protection oversight, using state UDAP authority to target the same practices the vacated FTC CARS Rule was intended to address.

The FTC Remains Fully Active

The FTC is not subject to the same political changes affecting the CFPB. FTC enforcement against auto dealers has not slowed.

FTC CARS Rule status:

The FTC published the final Combating Auto Retail Scams (CARS) Rule on January 4, 2024, with an original effective date of July 30, 2024. The Fifth Circuit Court of Appeals vacated the CARS Rule on January 27, 2025 in a 2-1 decision — the court found the FTC failed to issue an Advance Notice of Proposed Rulemaking as required by the FTC Act. Critically, the court did not rule on whether the rule's underlying requirements were valid.

The vacated provisions included:

  • Prohibition on misrepresenting costs or terms
  • Required disclosure of vehicle's "full cash offering price"
  • Required disclosure that add-on products are voluntary
  • Prohibited charging for add-ons that provide no benefit
  • Required express, informed consent before charging for any item

The FTC enforces these same principles today under existing Section 5 authority. The Leader Automotive and Lindsay Auto Group settlements confirm that vacating the rule changed the legal vehicle, not the enforcement posture.

Private Lawsuit Risk Persists

A quieter CFPB does not protect dealers from private class-action lawsuits. TILA, FCRA, ECOA, and state consumer protection laws all provide private rights of action with statutory damages and attorney's fees.

Statutory damages vary by law, but the exposure adds up fast:

  • TILA violations: $200-$2,000 per individual violation; class actions capped at lesser of $500,000 or 1% of net worth
  • FCRA violations: $100-$1,000 per willful violation
  • State UDAP claims: Vary by state, often include treble damages and attorney's fees

Consumer protection attorneys actively file these cases — and a dealership with poor disclosure documentation is a straightforward target. Federal enforcement levels don't factor into that calculus.

How to Build a Compliant F&I Process

Foundational Elements of a Compliance Program

Every dealership should implement:

  1. Written compliance plan covering credit applications, product sales, pricing, disclosures, and customer complaints
  2. Code of ethics that sets clear standards for fair dealing and transparency
  3. Designated compliance officer responsible for oversight (F&I director, GM, or outside consultant)
  4. Standardized complaint response protocol documenting how complaints are received, investigated, and resolved
  5. Training records for all F&I staff covering compliance topics

Five foundational elements of a dealership F&I compliance program process flow

Documentation is the primary defense in an audit or lawsuit. If you can't prove you trained staff, implemented policies, and followed them consistently, you have no defense.

Process Consistency is Critical

Inconsistency is one of the most common triggers for UDAP and fair lending investigations. To protect your dealership:

  • Use the same menu presentation process for every customer
  • Charge the same price for each product regardless of the buyer
  • Script product presentations in compliance with state-specific requirements
  • Document any legitimate business reasons for pricing variations (e.g., different coverage levels, term lengths, vehicle types)

Example: If you charge Customer A $895 for GAP coverage on a 60-month loan for a $25,000 vehicle and Customer B $1,295 for the same coverage, term, and vehicle value, you must be able to document a legitimate, non-discriminatory reason for the difference. If you cannot, you have fair lending exposure.

Training and Program Structure Matter

Consistent processes only hold up under scrutiny if your team understands why they exist. Dealers who invest in ongoing F&I training and work with experienced partners to structure their product programs reduce their regulatory exposure significantly.

DealerRE supports this through both online and in-person F&I training, along with compliance assistance covering legal forms, regulatory filings, and state-specific product requirements. The goal is an F&I operation that's both profitable and defensible — one where pricing is consistent, decisions are documented, and regulators find exactly what they expect to see.

Frequently Asked Questions

Does the CFPB regulate auto dealerships?

Most auto dealers are exempt from direct CFPB supervision under Dodd-Frank Section 1029(a). However, the CFPB's reach extends indirectly through its oversight of auto lenders. BHPH dealers who directly extend credit are subject to direct CFPB authority.

What is Regulation F of the Consumer Financial Protection Bureau?

Regulation F implements the Fair Debt Collection Practices Act (FDCPA) and governs how debt collectors may communicate with consumers. Its application to dealer F&I operations is limited, but it is relevant for BHPH dealers or dealers with in-house collections operations.

Can you report a dealership to the FTC?

Yes. Consumers and businesses can file complaints against dealerships with the FTC at ReportFraud.ftc.gov. The FTC investigates and takes enforcement action against dealers for deceptive or unfair F&I practices.

What is UDAP and why does it matter for F&I managers?

UDAP (Unfair or Deceptive Acts or Practices) is the foundational law underlying most dealer enforcement actions. It covers everything from misleading payment quotes to undisclosed add-on products and creates liability including unintentional violations by dealership staff.

What happens if a dealership violates CFPB regulations?

The CFPB can refer violations to the FTC or state attorneys general, which may result in civil penalties, consumer restitution orders, and reputational damage. Private plaintiffs may also pursue class-action claims under related consumer protection laws.