Regulatory Compliance Review: Getting Your House in Order for the New Year

 

By: Sarah Milovich, General Counsel and VP of Compliance at Carleton

 

As the lending industry looks toward the new year, it’s an important time to review compliance infrastructure and ensure readiness for the evolving regulatory landscape. Given the recent slowdown in federal rulemaking from the CFPB, the focus on state-level regulatory compliance has never been more critical. In reviewing recent changes, between January 2024 and September 2025—a twenty-month period—state legislatures and regulatory bodies enacted 119 changes that directly impact motor vehicle lending, add-on products, and dealership operations.  

While this volume of change sits within what we consider an "average" operating environment, the sheer breadth of updates serves as a powerful reminder that continuous compliance vigilance isn't optional—it's foundational to sound business practice. The end of the year is the ideal moment to conduct a comprehensive internal audit, not just to fix known issues, but to proactively review internal best practices for challenges in the upcoming year. 

 

A Balanced View of State-Level Shifts 

A majority of the recent regulatory activity we track remains centered on vehicle-specific transactions, underscoring the enduring complexity of state-by-state auto finance laws. Of the total changes, 119 updates were concentrated in the motor vehicle space alone. This included significant activity in areas of dealer profit and consumer protection: there were 16 updates to add-on product regulations (like service contracts and GAP waivers) and 26 updates to dealer regulations, covering everything from warranty work wages to manufacturer relations.  

For lenders and dealers, even stable revenue streams require continued scrutiny of associated disclosures and refund processes to ensure compliance across different jurisdictions, including disclosure requirements for GAP Waiver in states like Massachusetts and Illinois. 

Beyond sales, administrative requirements saw important shifts, including 17 updates establishing or mandating the use of Electronic Lien Provisions. While these systems streamline processes, they often introduce new compliance fees that must be accurately implemented and disclosed. 

Similarly, 12 updates to Dollar Bracket Adjustments for retail installment sales contracts (RISCs) and small loans ensure that lenders must keep pace with incremental rate and threshold changes, many of which are tied to the Consumer Price Index (CPI). Maintaining system agility to handle these small, frequent adjustments is key to maximizing permissible returns and avoiding compliance headaches, particularly in states with strict rate limits that change annually or on a regular cadence. 

 

The Emerging Compliance Frontier: Data Privacy 

While the bulk of regulatory activity has been steady and predictable, one area shows a clear and accelerating upward trend: Info Security and Data Privacy. Overall, the period saw 18 updates related to consumer data protections affecting consumer credit. What’s particularly noteworthy is the emerging focus on data privacy within the motor vehicle sales cycle. Although the number of direct MV Privacy Provisions is currently small—with only three updates identified—this is the segment showing a distinct "lift." 

This is the industry's early warning signal of motor vehicle-specific data privacy laws—the compliance equivalent of a future disruption. These updates focus specifically on provisions for data removal following a sale, often requiring dealers to delete consumer data stored in the vehicle itself. 

This trend is set to accelerate. For auto lenders, this means going beyond traditional information security—protecting customer data on internal servers—to understanding and enforcing the downstream obligations of data handling post-sale. As an example, a robust modern compliance plan must include specific protocols for managing and deleting data in connected vehicles, defining who is responsible for this task, and ensuring compliance across the dealership network. 

 

A Year-End Compliance Checklist 

The 179 state-level changes over the past two years reinforce a singular priority for the new year: robust operational readiness. An average volume of change is still a massive volume of work when executed across 50 states. 

Auto lenders and dealers should implement a targeted, year-end compliance checklist: 

1. Review System Agility: Verify that systems for calculating rates, fees, and payments are immediately updated to reflect the 12 observed bracket adjustments and the 11 documentary fee updates.  

2. Audit Add-On Disclosures and Refund Processes: Conduct a full audit of all add-on product sales (16 updates) to ensure current disclosures and refund procedures align with the latest state laws, particularly for GAP waivers. 

3. Prioritize Data Privacy Preparedness: This is the most critical step for future-proofing your compliance management system. Develop and test internal protocols for handling requests for data deletion, especially for data stored within the vehicle itself, and be prepared for increased regulation in this space. 

By addressing the steady flow of traditional motor vehicle and lending changes while keeping a vigilant eye on the rapidly increasing importance of data privacy, the auto lending industry can enter the new year not just compliant, but strategically positioned for future stability, compliance responsiveness, and overall growth. Do not mistake regulatory uncertainty or a shifting federal focus for permission to relax internal processes and guidelines. In fact, the fragmented and active state landscape demands the opposite. Use this moment to invest in tightening your policies and procedures—reshaping today's compliance efforts into tomorrow's competitive advantage.