Appendix F — Consumer-Protection Law & Compliance Quick-Reference

This is a scannable companion to the law covered in Chapter 25 (the F&I process and the deal jacket) and Chapter 31 (consumer-protection law as a liability map). Use it the way Carmen would tell you to use it: as a card you glance at when a deal gets tricky — not as a substitute for actually reading those chapters, and absolutely not as legal advice.

⚠️ Read this first — the disclaimer that governs every line below.

This appendix is educational, not legal advice. It describes real laws in plain English, on purpose without inventing section numbers, exact dollar penalties, or precise dates — those change, and fake precision is worse than honest generality. The laws also vary enormously by state and change over time. Nothing here is a substitute for your own research or a lawyer. For any real situation, and for your state's current rules, your authorities are: the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), your state attorney general, your state DMV or motor-vehicle dealer board, your dealership's compliance officer, and a qualified attorney. Learn the shape here; verify the specifics there.

The mental model (from Chapter 31): Think of the law as a building. Federal law is the foundation slab — flat, the same under every dealership in the country. Each state builds its own structure on top — usually stricter, and where most day-to-day specifics live. When the two differ, the stricter one generally governs (state law can add protections, not subtract federal ones). So: know the federal floor cold, and for anything state-specific, default to "let me confirm that."

F.1 The federal credit laws (TILA, ECOA, FCRA)

These three govern the money and the credit file. You'll mostly meet them in the F&I office.

TILA — Truth in Lending Act

  • What it requires: Accurate, standardized disclosure of the cost of credit. The heart of it is the TILA box on the Retail Installment Sale Contract (RISC), showing four numbers in a comparable format: APR (annual percentage rate), finance charge (the dollar cost of the credit), amount financed, and total of payments. The point is to let a buyer compare one loan against another.
  • What trips dealers up: Quoting a payment that doesn't match the disclosed APR and amount financed; "spreading" a packed product into the payment so the real cost of credit is understated; saying one rate verbally and putting a different one in the box. A payment that doesn't reconcile to the disclosed terms is the classic TILA problem.

ECOA — Equal Credit Opportunity Act

  • What it requires: No discrimination in any credit transaction based on protected characteristics — including race, color, religion, national origin, sex, marital status, age (with narrow exceptions), or because someone receives public assistance. Also requires an adverse-action notice when credit is denied (or, in some cases, offered on materially worse terms than requested), telling the applicant the principal reasons or how to get them.
  • What trips dealers up: Treating people differently — even unintentionally, even as a pattern rather than any single decision. Because dealers can mark up the rate (the buy/sell spread), regulators have long worried that markup discretion could produce disparate impact (e.g., protected-class borrowers paying higher markups on average with no individual intent). The rule to burn in: same rate, same products, same effort to get an approval — for everyone, every time, driven only by creditworthiness and the deal. And don't skip the adverse-action notice.

FCRA — Fair Credit Reporting Act

  • What it requires: Credit reports may be pulled only with a permissible purpose — in retail, the customer's signed authorization plus a genuine financing attempt. Requires the risk-based pricing notice (or credit-score disclosure) when a report leads to worse terms, the adverse-action notice when credit is denied based on a report, and secure disposal of consumer-report information when it's no longer needed.
  • What trips dealers up: Pulling a browser's credit "to pre-qualify" before they've agreed to anything or signed; running a "spouse" who isn't a co-applicant; pulling a bureau with no signature. (No signature + no real deal = no pull.) Also: tossing intact credit applications in an open dumpster instead of shredding them — improper disposal is itself a violation.

🛒 For the buyer. ECOA is your law: the rate, the products, and the effort to get you approved should depend on your credit and your deal — never your name, accent, ZIP code, or gender. If you're denied credit, you're generally entitled to a written explanation (the adverse-action notice). And under FCRA, a dealer shouldn't pull your credit until you've signed an authorization and you're genuinely trying to finance a purchase.

F.2 Privacy and data: GLBA (privacy + safeguards) and the Red Flags Rule

GLBA — Gramm-Leach-Bliley Act

  • What it requires: Dealers that arrange financing must protect customers' nonpublic personal financial information — that's the Safeguards Rule (a written information-security program, access controls, employee training, vendor oversight, and similar measures) — and must disclose their information practices via a privacy notice (the Privacy Rule).
  • What trips dealers up: It's rarely a boardroom failure; it's the floor-level stuff. Leaving credit apps face-up on a desk, emailing or texting a Social Security number in the clear, sending a customer's bureau to a coworker, not logging out of the DMS, weak or shared passwords. Protecting customer data is part of your job, and a breach is both a GLBA problem and a trust catastrophe. (Note: the Safeguards Rule has been strengthened in recent years — verify the current requirements with the FTC and your compliance officer.)

Red Flags Rule

  • What it requires: Dealers that arrange financing generally must maintain a written Identity Theft Prevention Program to detect, prevent, and respond to "red flags" — patterns or specific signs that suggest identity theft (e.g., an ID that doesn't match the applicant, an address that doesn't reconcile, a credit report fraud alert).
  • What trips dealers up: Treating identity verification as a formality and ignoring obvious mismatches because the deal looks good. The Red Flags Rule is closely related to the OFAC and fraud checks below — together they're the "is this person who they say they are, and is this deal legitimate?" layer.
  • What it requires: The Office of Foreign Assets Control (OFAC), part of the U.S. Treasury, maintains lists of sanctioned persons and entities. Businesses, including dealers, are generally expected to screen the parties to a transaction against OFAC's lists and not do business with a sanctioned party. (Dealers also have cash-reporting obligations — large cash transactions above a federal threshold must be reported to the IRS/FinCEN; confirm the current threshold and form with your compliance officer.)
  • What trips dealers up: Skipping the screen, or not knowing the dealership's process for cash-reporting on a large cash deal. These are usually handled by software in the deal flow — know that they exist and that they're not optional.

F.3 The FTC vehicle-sales rules

FTC Used Car Rule — the Buyers Guide (settled law; learn it cold)

  • What it requires: Most used-car dealers must display a standardized Buyers Guide window sticker on every used vehicle offered for sale. It states the warranty status prominently — the big choice between "AS IS – NO DEALER WARRANTY" and a box indicating a dealer warranty (with the specifics) — directs the buyer to get an independent inspection and (under updated versions) a vehicle history report, and becomes part of the sales contract.
  • The line every salesperson must internalize: The Buyers Guide overrides any contradictory verbal promise. If the sticker says "as is" and the salesperson says "we'll take care of you," the sticker wins.
  • What trips dealers up: A missing sticker (and "we forgot to put it back after detailing" is not a defense); verbally promising coverage that the as-is box contradicts. The fix is simple: if the dealer genuinely will cover something, put it in writing on the Buyers Guide or the contract.

FTC CARS Rule (Combating Auto Retail Scams) — real, but treat its status as unsettled

  • What it targets: Bait-and-switch advertising, undisclosed or worthless add-ons (the "packing" condemned in Chapter 24), charging for products with no benefit, and charges made without the customer's informed consent. Its spirit is the Chapter 24 menu philosophy turned into a rule: show every charge, get a genuine yes, no junk fees.
  • The honest caveat — read carefully: The CARS Rule has faced legal challenge, and its effective date and ultimate force have been the subject of litigation and uncertainty. This appendix does not assert it as fully in force, quote its provisions as currently binding, or give you a date. What's reliable: (1) the rule exists and reflects where regulators want the industry to go; (2) the conduct it targets is already reachable under the FTC's general unfair-or-deceptive-practices (UDAP) authority and under most states' deceptive-trade-practices laws, regardless of the rule's status; and (3) you must verify its current status with the FTC, your compliance officer, and counsel before relying on its specifics either way.
  • Why the uncertainty barely changes your behavior: The professional who already runs the Chapter 24 menu and the Chapter 30 ethics code is compliant either way. Advertise the real price, disclose every add-on with its price, never charge for something worthless, and get an informed yes — and you're above both the CARS line and the UDAP line that's been there all along.

FTC UDAP authority (the general backstop)

  • What it requires: The FTC can police "unfair or deceptive acts or practices" broadly. This is the catch-all that reaches deceptive advertising, bait-and-switch, and junk add-ons even where no specific rule names them. Most states have their own version (see F.6).

F.4 Warranties: Magnuson-Moss

Magnuson-Moss Warranty Act (federal)

  • What it requires: It doesn't force anyone to give a warranty, but it governs warranties when they are given on consumer products (including vehicles): warranty terms must be available and understandable, it distinguishes "full" from "limited" warranties, and it gives consumers a path to enforce a written warranty — often with attorney's-fee shifting if they win (which is what makes otherwise-small claims worth a lawyer's time).
  • The "tie-in" prohibition (widely misunderstood): A warrantor generally cannot void your warranty just because you used an independent shop or aftermarket parts — unless they provide the parts/service free, or can prove the aftermarket part actually caused the problem. So the line "you have to service here or your warranty is void" is usually not true.
  • What trips dealers up: Confusing a warranty (a promise to repair — "fix my car") with a service contract (a separately purchased product) or with a lemon (a car that can't be fixed — see F.5). Calling a service contract a "warranty" blurs what came free with the car versus what's being sold; say "this is a service contract."

F.5 State-level items (verify locally — these vary a lot)

Everything in this section is state-specific and changes. The shapes below are durable; the numbers and thresholds are not. Your state DMV/dealer board, AG, and counsel are the authorities.

Lemon laws

  • What they do: Give buyers a remedy (typically replacement or refund/buyback) when a vehicle has a substantial defect the manufacturer can't fix after a reasonable number of repair attempts (or after the vehicle is out of service for a cumulative number of days) within a defined time/mileage window.
  • The durable shape: Mostly a state matter; mostly new vehicles (some states extend limited protection to used/leased — many don't — verify); for substantial defects (use/value/safety), not rattles or cosmetics; the obligation usually runs against the manufacturer, not the selling dealer. Documentation is the entire case — every repair order and every day out of service.
  • What trips people up: Assuming lemon laws cover any car with any problem (they don't — used as-is cars and minor issues generally aren't covered), and not keeping the paper trail. This appendix deliberately gives no attempt-count or day-count — those differ by state.

Dealer licensing and bonding

  • What it requires: Selling cars for profit generally requires a dealer license (with an application, background check, often pre-licensing education) and a surety/dealer bond — a financial guarantee that gives wronged buyers something to claim against. Curbstoning (selling for profit without a license, often flipping problem cars as fake private-party sales) and title jumping/floating (reselling without ever titling the car in the seller's name) are illegal in essentially every state and harm buyers directly.
  • What trips people up: The specifics — bond amounts, education hours, license categories — are entirely state-set and change. Route licensing questions to the DMV/dealer board.

Titling, registration, and trade payoff

  • What it requires: The dealer must transfer the title correctly, pay off any lien on a trade, and get the new title and registration to the buyer within the state's required timeline.
  • What trips dealers up: Dragging their feet on paying off a trade's lien after a spot delivery (the customer's old loan keeps accruing and their credit can take a hit), or blowing the registration deadline — stranding a customer with a car they can't legally drive or sell. Both are fast routes to a complaint, a bond claim, and a state-law violation.

The cooling-off "right" (the myth — state law, usually none)

  • The reality: In most states there is NO automatic right to cancel a car purchase. Once you sign and take delivery, the deal is generally final. The federal three-day cooling-off rule mainly covers certain door-to-door / off-premises sales — not a dealership car purchase. A few states (or specific used-car deals) offer narrow cancellation rights, and some are a purchasable option (you pay extra for a short return window) — but these are exceptions, not the rule.
  • What trips dealers up: Telling a hesitant customer "sign now, you've got three days to bring it back" to push them over the line. In most states that's a flat-out false statement of law (a textbook deceptive practice) and a manufactured fake safety net. Verify your state's actual rule; never promise a return right that doesn't exist.

Spot delivery / the "yo-yo"

  • What it is: Spot (conditional) delivery lets a customer take the car before financing is finalized. The abuse — the "yo-yo" — drags the customer back days later to re-sign at worse terms ("the bank needed more"), banking on their reluctance to return the car. Many states regulate conditional delivery; some require specific disclosures and a right to unwind (get the trade and down payment back).
  • What trips dealers up: Treating a conditional delivery as final, or using it to extract worse terms. If a conditional deal can't be finalized as agreed, the customer is entitled to the deal as written or to unwind it — not to a quietly worse one.

Other state-specific items to always verify

  • Doc/admin fee caps, usury (interest-rate) limits, required state-specific forms and disclosures, advertising rules, and odometer disclosure mechanics (the federal odometer law below sets the floor; states administer the titling).

F.6 Marketing, communications, and odometer rules

TCPA — Telephone Consumer Protection Act (calls and texts)

  • What it requires: Restricts certain automated calls and texts to consumers; consent is the whole ballgame. You generally need prior express consent to send marketing texts or use certain automated systems — in the lead context, usually from the checkbox and disclosure on the web form the customer submitted. You must honor opt-outs immediately (a reply of STOP means stop, promptly and permanently). Separately, Do-Not-Call rules (the National Do Not Call Registry plus internal do-not-call lists) restrict telemarketing calls to registered numbers.
  • What trips dealers up: Blasting the CRM "about the sale" to numbers that never consented; texting after a STOP. TCPA damages are statutory and assessed per violation — per text — so a careless blast to thousands of non-consenting numbers can be catastrophic, not a small fine.

CAN-SPAM Act (commercial email)

  • What it requires: Commercial emails must avoid deceptive subject lines and false headers, identify themselves as advertising where required, include a valid physical postal address, and provide a working unsubscribe mechanism that you honor promptly.
  • What trips dealers up: No working unsubscribe, a fake "from," or continuing to email someone after they opt out.

Federal odometer rules

  • What they require: Federal law (the Truth in Mileage Act, administered through state titling) requires an accurate odometer disclosure on transfer of ownership and prohibits odometer tampering — rolling back or disconnecting an odometer, or making a false mileage statement. (Disclosure rules have been modernized in recent years, including longer disclosure periods for newer vehicles and electronic titling in some states — verify current requirements with NHTSA and your state DMV.)
  • What trips dealers up: Sloppy or false mileage entries on title work; this is serious — odometer fraud carries civil and criminal exposure.

🛒 For the buyer. On marketing: a dealer needs your consent to text you, and "STOP" must work. On used cars: the odometer disclosure on your title paperwork should match the car — and if a vehicle history report shows a mileage reading lower than an earlier one, that's a major red flag worth walking away over.

F.7 The consequences (why all of this matters)

When a line gets crossed, the costs stack — and they don't all land on the dealership.

The dealer's exposure: civil lawsuits (plus, under many of these laws, statutory damages and attorney's fees); regulatory enforcement by the FTC, CFPB, state AGs, and DMVs/dealer boards (investigations, fines, consent orders); class actions (the nightmare — the same improper thing done to many customers, multiplied); license suspension or revocation (for an independent, that's the whole business); lender consequences (lenders refusing the dealer's paper, forcing repurchases, or cutting them off); and reputational damage that poisons the referral well the whole book says the real money lives in.

Your personal exposure: individuals can be personally named and held liable for fraud, knowing misrepresentation, or violations they personally committed (lying on a credit app, falsifying income, a false statement of law); you can be fired ("I was just trying to make the deal" is not a defense); F&I/management licenses can be revoked; criminal exposure exists for the serious stuff (fraud, forgery, odometer tampering, knowingly facilitating loan fraud); and your reputation follows you — the industry is smaller than it looks.

💡 The unifying insight (from Chapter 31). Notice that not one of these laws prohibits legitimately selling a car at a profit. They prohibit being opaque (TILA, the Buyers Guide, CARS), discriminatory (ECOA), careless with people's data (FCRA, GLBA, Red Flags), a pest without consent (TCPA, CAN-SPAM), a liar about the law or the car (UDAP, the cooling-off myth, lemon/warranty/odometer misrepresentation), or an unlicensed dodger of the rules (curbstoning, title jumping). The law isn't a tax on selling cars — it's a list of the ways of selling cars that aren't selling at all, they're cheating. The compliant way, the right way, and the long-run profitable way are the same way.

F.8 The federal floor at a glance

Law What it requires of you The violation that bites
TILA Disclose APR, finance charge, amount financed, total of payments — accurately A payment quote that doesn't match the disclosed terms
ECOA Same rate/products/effort for all; adverse-action notice on denial Treating people differently by protected class (even unintentional patterns)
FCRA Permissible purpose to pull credit; risk-based/adverse notices; secure disposal Pulling a browser's/non-applicant's bureau; dumping intact credit apps
GLBA Protect customer financial data (Safeguards); privacy notice SSNs exposed; data emailed/texted in the clear; not logging out
Red Flags / OFAC Identity-theft program; screen parties against sanctions lists; cash reporting Ignoring obvious ID mismatches; skipping the screen
FTC Used Car Rule A Buyers Guide in every used car's window Missing sticker; verbal promise that contradicts an "as-is" box
FTC CARS Rule (status uncertain — verify) No bait-and-switch, no packing, informed consent for charges The conduct is reachable via UDAP regardless of the rule's status
Magnuson-Moss Honor written warranties; no improper "use-our-shop-or-else" tie-ins Voiding a warranty over independent service (usually illegal)
TCPA / CAN-SPAM Consent to text; honor STOP; honest, unsubscribable email Blasting non-consenting numbers (per-message damages)
Federal odometer (TIMA) Accurate odometer disclosure on transfer; no tampering False mileage entries — civil and criminal exposure

The "verify locally — never answer from memory" list: doc-fee caps · usury limits · cooling-off/cancellation rights (usually none — bust the myth) · lemon-law thresholds · required state forms and disclosures · spot-delivery rules · licensing/bond requirements · titling/registration timelines. The one-line reflex: "For state-specific questions, I confirm — I don't guess."

Final reminder, because it bears repeating: this is a map, not the territory, and not legal advice. The federal floor described here is the same everywhere; the state structure on top varies and changes. Before you rely on any of it for a real deal or a real dispute, confirm the current rule with the FTC, CFPB, your state DMV/dealer board or AG, your dealership's compliance officer, and a qualified attorney. Knowing the shape is what keeps you out of trouble; verifying the specifics is what keeps you out of court.