As I sit down to write my first article of 2026, it occurs to me that I have been writing compliance articles for seven years. After such a period, I find myself repeatedly talking about the same compliance topics. 

I guess this realization is twofold: It validates the importance of reminding the industry of areas where it continues to be at risk while proving the need for continuous monitoring. 

Data Security After the 700Credit Breach

As a new year begins, I like to start with the biggest compliance concerns. It is no secret that the 700Credit data breach had a huge impact on the auto industry. While the breach was on the vendor side, dealers still have an obligation to safeguard customer information, including the data shared with their service providers. 

I will defer to a recent article written by James Ganther, wherein he describes a dealer’s legal obligation when a data breach occurs.

Full disclosure: My husband and I were victims of the 700Credit breach. We received notification that our nonpublic, personal information was present in the records involved. The company offered one year of credit monitoring services and recommended we place a credit freeze and fraud alert with all three credit bureaus. 

Unfortunately, we have been past victims of identity theft, so we already had these steps in place. When talking to clients, I use myself as an example of one of the 1.4 million consumers who are frustrated with the money, time and effort it takes when you are a victim of identity theft.

Data breaches are happening everywhere. Identity thieves are more cunning than ever, so it is important for dealers to stay vigilant and ensure they establish Red Flags policy and procedures. The Federal Trade Commission requires that every dealer must have an identity theft prevention program in place, that dealership personnel are trained on the policy, and that the program in place is consistently followed on every transaction.

Be Concerned. Be Very Concerned. 

Aside from the unfortunate news of the data breach, there are a couple other areas of compliance I will touch on, as these are important concerns dealers should continue to monitor in their dealerships. We refer to them as elevated concerns. 

Elevated concerns are findings that should be prohibited practice in a dealership, and if they continue to occur the dealership should take serious disciplinary actions. These may include but are not limited to fines and termination. 

Bank fraud, such as altered credit applications, bookout inconsistencies, forgeries and straw purchases, are non-negotiables. Federally insured institutions have an obligation to file a suspicious activity report if they suspect bank fraud.

Shotgun purchases have become a hot topic of late. Dealers have an obligation to notify all involved finance sources when:

• A buyer or co-buyer purchases multiple vehicles in a short period of time

• The deals are approved by two or more finance sources

• The finance sources are unaware of the contemporaneous loans

Inconsistent payment quotes are considered a prohibited practice. Over time, we have seen different forms of payment packing, the addition of undisclosed products, quoting 365 days to first payment, using more than a $10 payment range, and using unrealistic terms, just to name a few. 

Front-end improvement is the practice of increasing the agreed-upon sales price without documentation to support the price increase. If you are selling above manufacturer’s suggested retail price or an advertised selling price, you need to be transparent by appropriately disclosing add-ons/addendum and have the customer agree to them in writing.

Finally, an Office of Foreign Assets Control search should be run on all parties to the deal, including third parties that are not on the deal. If there is a hit, the dealer must clear it and document steps taken before proceeding with the transaction.

These are just a few of a long list of elevated concerns that dealers should be aware of and act upon if they are occurring in their dealership — in 2026 and beyond. 

Penny Bell is an associate at Automotive Compliance Education (ACE) and gvo3 & Associates.