← Back to Homepage

The Reg B Notification Checklist That Actually Works: A Compliance Reality Check

|11 min read
reg b compliancecredit notificationFTC safeguards ruledealer complianceprivacy disclosure

The Reg B Notification Myth That's Costing You

Back in 1974, Congress passed the Equal Credit Opportunity Act and created Regulation B to keep discrimination out of credit decisions. Nearly fifty years later, most dealerships still treat Reg B compliance like a checkbox task — something the compliance officer handles once a year, if that. But the FTC's Safeguards Rule updates in recent years have tightened the noose considerably, and notification tracking has moved from "nice to have" to "we need this documented or we're exposed."

Here's the thing: compliance isn't actually complicated. What's complicated is doing it consistently across your dealership without a system. That's where most stores fall apart.

Myth #1: "Our Credit App Already Covers Reg B Notifications"

It doesn't. Not completely.

Your credit application might disclose that you'll be checking credit, sure. But Regulation B requires you to notify applicants about the *specific credit decision* — whether they were approved, approved with conditions, or denied. You also need to give them the reason(s) for an adverse action. That's not something a generic app disclosure handles.

Say you're looking at a typical scenario: a customer applies for financing on a 2019 Ford F-150 with 87,000 miles. Your lender approves them at 8.9% for 72 months instead of the 6.2% they requested. That's an adverse action relative to the terms they applied for. Reg B requires you to notify them of that decision and explain why (maybe it's their debt-to-income ratio, maybe their credit score, maybe their down payment amount). Your credit app form doesn't do that automatically, and neither does your DMS in most cases.

The compliance gap widens when you deny someone entirely. You're legally required to provide notice within a specific timeframe, and you need to cite the specific reasons. Lenders typically do this, but if you're self-financing or taking applications for in-house deals, the burden falls on you.

Myth #2: "The Finance Manager Will Remember to Send the Notice"

No, they won't. Not reliably. Actually , scratch that, the better framing is: you can't expect them to remember on top of everything else they're juggling. A finance manager at a busy dealership is handling 15+ transactions a month, managing compliance documents, handling payments, managing trade-ins, and dealing with lender questions. Expecting them to remember to send a Reg B adverse action notice without a system in place is like expecting your service department to remember oil change intervals without a work order system.

This is where most dealerships get into trouble. Someone forgets. Months pass. Then during an audit or compliance review, you realize you've got a stack of deals where no notice was sent. That's a documented violation, and the FTC doesn't look kindly on pattern violations.

Myth #3: "Email Counts as Notification"

It can. But only if you can prove delivery and the customer acknowledges receipt. Email is actually one of the safer methods because it creates a timestamped record, but you can't just fire off an email from your personal account and call it compliant.

Better methods include:

  • Written notice at the time of application (printed and signed)
  • Email with delivery confirmation and read receipt
  • Certified mail (leaves a paper trail)
  • SMS with timestamp and acknowledgment
  • Document in your dealership's customer database with timestamp

The key is proof of delivery. Not just sending it. Proof that it was received.

Why This Matters Right Now

The FTC's Safeguards Rule amendments (effective in 2023 and 2024, depending on your business size) now require dealerships to maintain reasonable security of customer information, including credit applications and decision records. That means your Reg B notifications aren't just a compliance requirement , they're part of your broader legal liability picture. If you can't prove you notified someone of a credit decision, you're also creating a data security and privacy gap.

Regulators are also cracking down on dealer licensing violations that stem from privacy and compliance failures. Your dealer license is only as solid as your compliance infrastructure. One significant FTC complaint about Reg B violations or privacy breaches could trigger a state licensing review.

The Checklist That Actually Works

Phase 1: Pre-Application Setup

Create a standardized disclosure form. This isn't your credit application. This is a separate document (or digital record) that explains your process. It should state that you will check credit, that you will notify applicants of the credit decision, and what methods you use for notification. Have your legal counsel review it. It doesn't need to be fancy, but it needs to be clear and documented.

Train your F&I team on the requirements. Every person who touches a credit application needs to understand that Reg B compliance is non-negotiable. Don't assume they know this. Schedule quarterly refreshers. It takes 20 minutes and saves you thousands in potential liability.

Set up a notification tracking log or system. This is critical. You need a single source of truth for every credit application and every notification sent. At minimum, this should include: applicant name, application date, credit decision date, decision type (approved/approved with conditions/denied), reason(s) for adverse action (if applicable), notification method, notification date, and delivery confirmation. Tools like Dealer1 Solutions can help consolidate this across your customer database, but even a well-maintained spreadsheet with checkboxes is better than nothing. The point is: it has to be systematic and auditable.

Phase 2: During the Application

Document the application immediately. The moment someone applies for credit, log it in your system with a timestamp. Include their name, the vehicle details (year, make, model, mileage), the loan amount requested, and the rate/term they're seeking. This creates a baseline for what they applied for.

Ensure the applicant signs or acknowledges the disclosure. If it's digital, they should click "agree" or sign electronically. If it's paper, they should sign and date it. This isn't bureaucracy. It's proof that they understood the process.

Note any co-applicants or guarantors. Reg B requires you to notify *all* parties to the credit obligation. If someone co-signs or guarantees the loan, they get a notification too. This is where dealerships slip up , they notify the primary buyer but forget the co-signer.

Phase 3: After the Credit Decision

This is where your system prevents disasters.

Log the credit decision within 24 hours. The moment your lender comes back with an approval or denial, log it. Decision date, decision type, any conditions or special terms, and any adverse action reasons. If the lender approved them at a higher rate than requested, that's an adverse action. Document it.

Generate a notification immediately. Don't wait. The FTC expects notification "as soon as possible" and in no case later than 30 days (for denials, it's typically faster through the lender, but for your own decisions, 30 days is the outside). Create a standardized template notification that includes:

  • Applicant name and address
  • Application date
  • Credit decision (approved, approved with conditions, denied)
  • If approved: final terms (rate, amount, term, down payment, monthly payment)
  • If denied or adverse: specific reasons (credit score too low, debt-to-income ratio, insufficient down payment, trade-in value lower than expected, employment verification issue, etc.)
  • Your contact information and the lender's contact information
  • A statement that if they dispute the reasons, they have the right to request details

Send via your chosen method. Use your documented method (email, certified mail, SMS, or in-person). Record the date, time, and method. If email, request a read receipt. If SMS, save the delivery confirmation. If certified mail, keep the receipt.

Follow up on delivery failures. If an email bounces or an SMS fails, try an alternate method or have your F&I manager call the customer to confirm receipt. Log the follow-up attempt.

Phase 4: Record Keeping and Audit Trail

Keep everything for at least three years. Applications, disclosures, credit decisions, notifications, and delivery confirmations should all be retained. The FTC expects this, and your state licensing board will ask for it during audits.

Make your records searchable and organized. If a regulator asks, "Show me all credit applications from Q3 2024 where you sent an adverse action notice," you should be able to pull that in under 10 minutes. This is exactly the kind of workflow Dealer1 Solutions was built to handle , organizing customer records, flagging compliance actions, and creating audit-ready reports. But regardless of what system you use, the key is organization.

Conduct a quarterly self-audit. Every 90 days, pull a random sample of 10-15 applications. Verify that each one has: (1) an initial disclosure, (2) a credit decision log, (3) a notification record, and (4) delivery confirmation. If you spot gaps, figure out where the process broke down and fix it immediately.

The Real Risk You're Taking

Reg B violations aren't typically about intent. The FTC doesn't care if you "meant to" send a notification. They care about pattern and practice. If you've got five deals in a row where no adverse action notice was sent, that's a pattern. That's what triggers enforcement action.

The penalty structure is brutal. The FTC can assess civil penalties up to $43,792 per violation (adjusted annually for inflation). If you've got 20 deals with missing notifications, you're looking at potential exposure in the hundreds of thousands. Beyond the financial penalty, an FTC enforcement action triggers disclosure requirements in your state licensing renewal, which can affect your ability to operate.

And here's the thing that keeps compliance officers up at night: if there's evidence that you systematically ignored Reg B requirements, the FTC can argue that you failed to implement reasonable safeguards under the Safeguards Rule. That opens the door to broader privacy and security violations, which are even more expensive to defend.

It's not paranoia. It's just math.

The Checklist (Printable Version)

Before You Take an Application

  • ☐ Do you have a standardized credit disclosure form reviewed by counsel?
  • ☐ Has your F&I team been trained on Reg B requirements in the last 12 months?
  • ☐ Is your notification tracking system (spreadsheet, software, or other) in place and accessible to all staff?
  • ☐ Do you have a defined notification method (email, mail, SMS, or combination) documented in writing?

When an Application Comes In

  • ☐ Log the application in your system within 2 hours (applicant name, vehicle, loan amount, requested rate/term, application date)
  • ☐ Have the applicant sign or electronically acknowledge the disclosure
  • ☐ Identify any co-applicants or guarantors and document them
  • ☐ Record the lender name (if applicable) and expected decision timeline

When You Get a Credit Decision

  • ☐ Log the decision immediately (date, approval/denial, terms, any adverse action reasons)
  • ☐ If approved at different terms than applied for, flag as adverse action
  • ☐ Generate a notification using your template within 24 hours
  • ☐ Send notification via documented method
  • ☐ Record delivery confirmation (read receipt, postal receipt, SMS confirmation, or call log)
  • ☐ If delivery fails, attempt alternate method and log the follow-up

Ongoing Compliance

  • ☐ File or archive the complete notification record in your system
  • ☐ Retain all documentation for at least 3 years
  • ☐ Run a quarterly self-audit (sample 10-15 deals, verify all steps completed)
  • ☐ Schedule annual training refresher for all F&I staff
  • ☐ Review and update your disclosure form annually or when regulations change

One Strong Opinion

A lot of dealerships treat Reg B compliance like a burden , something the "compliance person" owns. That's backwards. Your general manager and finance director own this. It's not a legal nicety. It's a core operational requirement that directly impacts your dealer license, your reputation, and your bottom line. If your team doesn't understand that Reg B violations are as serious as a failed state inspection, you're going to have problems. Make it a KPI. Make it part of F&I compensation. Make it a monthly topic in your management meetings. Compliance becomes a habit when leadership treats it like it matters.

The dealerships that have solved this problem don't do it through heroic effort. They do it through system and consistency. They've built Reg B notification into their workflow the same way they built oil changes into their service process , you don't try to remember, you follow the checklist.

Your checklist is above. Use it.

What's Next

Start with a self-audit this week. Pull your last 20 applications and trace them through your current process. Do you have notifications on file for all of them? Can you produce delivery confirmation? If you can't answer yes to both, you've found your gap. Fix it before a regulator finds it.

Then implement the checklist. Pick the tracking method (spreadsheet, database, or software) and stick with it. Train your team. And commit to that quarterly self-audit. That's not compliance theater. That's the infrastructure that keeps your license clean and your exposure low.

Stop losing vehicles in the recon process

Dealer1 is the all-in-one platform dealerships use to manage inventory, reconditioning, estimates, parts tracking, deliveries, team chat, customer messaging, and more — with AI tools built in.

Start Your Free 30-Day Trial →

All features included. No commitment for 30 days.

← Back to Blog
The Reg B Notification Checklist That Actually Works: A Compliance Reality Check | Dealer1 Solutions Blog