Peak season is here, and RV dealerships across the country are in the midst of a busy summer. Along with the customer rush, a regulatory risk spike occurs.
Fortunately, digital tools can help embed compliance into your daily operations. Here are four key compliance rules to keep on your radar this summer, along with tech tips to help you stay in the clear.
- Lock Down Your Data
Dealerships that offer or arrange financing are considered “financial institutions” under the Federal Trade Commission (FTC) Safeguards Rule. The designation means dealerships are required to maintain a written information security program.
The requirement includes providing multiple layers of administrative, physical and technical protection, such as:
- Data encryption for sensitive customer information.
- Multi-factor authentication and updated firewalls.
- Employees trained on digital security (e.g., how to spot phishing attempts).
- An incident response plan (with a built-in timeline for regular changes and reviews).
There is more. For example, dealers must appoint a “qualified individual” to oversee, implement and enforce their program. The qualified individual ensures third-party service providers meet data protection standards and are contractually obligated to do so.
Digital security is a must in any season, but it is especially important over the summer, when a sales spike means more customer data is flowing into your dealership. A single breach could damage your reputation during your busiest season.
If the breach affects 500 or more individuals, you will be required to notify the FTC within 30 days of discovery.
Tech tip: Digital platforms can flag outdated protocols, remind you to schedule penetration tests and provide a cybersecurity training library tailored to your team’s needs.
- Stay Transparent in Every Deal
The FTC’s Vehicle Shopping Rule, also known as the Combating Auto Retail Scams (CARS) Rule, provided that RV dealers were exempt. In short, though, the underlying expectation remains. Customers need to know what is optional and what is not.
I recommend following best practices for transparency, especially as they relate to pre-installed add-ons and voluntary protection products. Make sure to:
- Display full pricing, including any legally chargeable documentary fees, up front.
- Clearly disclose whether there are pre-installed add-ons and any increases in the price.
- Clearly label voluntary protection products, such as service contracts and GAP, as optional.
Use a document that shows voluntary protection products were selected with express, informed consent and how the product purchases impact the final cost.
Tech tip: Look for software that offers customizable F&I menus, disclosure templates and eSignature logs. This way, proving your emphasis on transparency is easier.
- Clearly Disclose Financing Terms
When it comes to financing, the Truth in Lending Act ensures customers know exactly what they are signing up for, without buried fees.
What does this mean for RV dealers? If you advertise any sort of financing, you are required to spell out key details, including the loan term, APR and the number, amount and timing of payments.
All the disclosures, plus the total amount financed and total cost of credit, must be clearly stated on the retail installment agreement.
Tech tip: Ensure your F&I software can auto-populate financing disclosures and trigger re-disclosure if any deal terms change. These steps will protect the customer and your team from accidental noncompliance.
- Protect Against Identity Theft
Auto loan fraud was reported to total over $9.2 billion last year. Dealers are under pressure to prove their vigilance in 2025 and beyond.
One way to do so is to demonstrate compliance with the federal Red Flags Rule. The rule requires dealerships to spot and stop fraudulent activity.
Ensure your team:
- Verifies all IDs and matches them to credit reports.
- Watches out for mismatched or suspicious personal data.
- Documents red flags whenever they appear, along with any responses or escalations.
Train on the Red Flags Rule and review your required, written Identity Theft Prevention Policy annually.
Tech tip: A connected digital tool suite makes it easy for front-line employees to reference a red flags checklist and log interventions to show regulators you are acting.
Great compliance has an impact year-round.
Adam Crowell is the vice president of legal and compliance at KPA. He has over 21 years of legal experience and thought leadership in developing strategic relationships and solutions.
