Compliance 101 – Stop Guessing Start Knowing Part One

Most businesses don’t have it in the budget to hire a compliance consultant or pay for compliance training, despite the fact violations can be hefty and potentially even include jail time.

We aree on your side and is here to provide a stable foundation for a solid compliance program that will keep you on the right track with your compliance obligations.

Through this series of newsletters, we will cover compliance as it pertains to a credit transaction. Read on…


Knowledge is Power! Unfortunately, we don’t all have time to be a superhero. Keep these newsletters nearby, then rest assured that you’ll have the answer or answers you need when in doubt.

Informativ is well known throughout the industry as the “best-in-class” leader of credit reports, and federal and state regulatory compliance tools. We will provide a straightforward understanding of the What, When, Why, and To Whom to satisfy credit report compliance requirements. Nothing in these materials should be regarded as rendering legal advice for specific cases. Please seek appropriate assistance from qualified legal counsel.


A creditor is anyone who requests information from a person, persons, or business with the intent of providing or facilitating credit. Also, a creditor is any business that accepts a credit application regardless of whether you are the funding source or providing credit information to a lender. You must abide by FCRA, ECOA, GLBA, and other agency guidelines, and failure to do so can result in hefty fines leveled against an individual or business. Towards the end of this newsletter series, we will provide a list of all compliance fines and secure document storage rules.


LET’S BEGIN WITH THE ITPP (Identity Theft Prevention Program)

The Red Flags Rule requires creditors to implement a written Identity Theft Prevention Program. Templates are most likely available from your compliance provider or available on the internet and are free to download. Here is another source for the Red Flags Rule.

The ITTP should be put in place immediately, filed in a safe location, and kept current by reviewing and updating quarterly, ensuring the program maintenance by employed, knowledgeable, and relevant personnel. The program will be a compliance necessity indefinitely. It is a Safeguards Rule violation if complete paper and electronic information plans are not in place, even if no customer information is compromised.

By recognizing Red Flags warning signs of identity theft in your day-to-day operations, focusing on red flags now, you will be better able to spot a fraudster using someone else’s identity to obtain products or services from you.

The ITTP Rule applies to any business that provides products or services and bills customers later.


A signed credit application containing proper authorization provides a vetted subscriber permissible purpose to request a consumer credit report. Consent language may vary depending on the type of credit report you are pulling—for example, a traditional hard-pull credit report vs. a prequalification or soft-pull credit report. Consult your credit report, compliance provider, or legal counsel to confirm that you are using current and correct consent language on all credit applications, such as paper credit applications, verbal consent, or electronic submission.

Consent is valid for 30 days from the date of the application. If re-pulling credit is necessary after the 30-day window, a new signed application is required. If you do not do business with the applicant, keep all applications in a dead deal or similar file. Also, if changing or correcting the application is necessary, start over and recapture consent after the changes or corrections have been made. Doing this with proper authorization is the only protection against a consumer complaint or potential lawsuit.

The Equal Credit Opportunity Act (ECOA) requires you to keep a copy of a credit application for 25 months after notifying the consumer of the action taken with the application. As a general rule, it is best to keep all finance deal information for at least 7 years.

Having a solid system for maintaining your credit applications should make it easy to retrieve a specific credit application in the event of a challenge or audit. Responding quickly with a signed credit application will most often be all you need to satisfy the request for proof.

Note: The Credit Reporting Agencies audit dealers annually. If you are requested to show proof of consent and cannot produce a signed credit application, you may be subject to a more in-depth audit or a suspension of service from the bureau.


From helping your team go further faster, sell more cars, and make more money to ultimately giving you peace of mind, our complete and proactive credit and compliance solution improves, expedites, and complements your current sales process. See why top dealers are happy they chose us… and you should too.