BHPH Compliance Training Standards: The 2026 Operational Framework
Your compliance program must be documented and audited before you fund the first loan.
You can legally operate a BHPH program in 2026 only if you have written policies covering TILA disclosures, ECOA anti-discrimination rules, FCRA credit reporting procedures, state usury limits, and repossession notice requirements—and proof that all lending staff have completed training on each topic. Before you acquire inventory or solicit your first customer, document your compliance framework, assign a compliance officer, and obtain the required state license and surety bond.
Ready to build a defensible BHPH compliance program? Start by identifying your state's licensing requirements and scheduling initial staff training this quarter.
How to qualify: BHPH compliance framework checklist
Obtain state BHPH license and conduct background clearance. Most states require a BHPH finance company license (or equivalent consumer finance license) before you can legally lend. Processing takes 60–90 days. You'll submit proof of business ownership, personal and business credit reports, and compliance policies. Your personal credit score must typically exceed 650–680 to qualify; fair credit ranges from 620–680 FICO, so you need solid personal financial standing to clear the underwriting background check.
Post a surety bond or net worth deposit. State regulators require a surety bond (typically $25,000–$100,000 depending on your state and projected lending volume) or a capital deposit in that amount. This protects customers if you fail to honor loan terms or wind down improperly. Annual bond renewal costs 2–5% of the bond face value ($500–$5,000 per year for a $50,000 bond). Have this in place before submitting your license application.
Hire or designate a compliance officer. Assign one internal staff member or retain a third-party compliance consultant responsible for training, audits, and regulatory response. This person must document all training sessions with sign-in sheets, dates, and topics covered. They report to ownership quarterly on compliance audit findings and recommend corrective action.
Draft written compliance policies and procedures manual. Your manual must cover loan origination (including TILA disclosures), credit approval (ECOA nondiscrimination rules), underwriting criteria, collections processes, repossession protocols, and dispute resolution. State law dictates some sections (e.g., repossession notice timelines); federal law mandates others (e.g., ECOA adverse action notices). Allocate 40–80 hours for initial drafting or work with a compliance attorney ($2,000–$5,000) to accelerate the process.
Enroll all lending and collections staff in baseline compliance training. Every loan officer, collections agent, and customer service representative must complete formal training on TILA, ECOA, FCRA, state usury caps, and repossession notice requirements before they handle borrower data or make lending decisions. Training takes 4–8 hours per employee and must be documented. Most training providers (American Compliance Institute, National Association of Finance Brokers, or in-house counsel) issue certificates valid for 12 months; require annual recertification.
Implement a BHPH-specific software or compliance module. Select software that generates TILA-compliant disclosures, enforces underwriting criteria, logs collections calls (TCPA-compliant), and flags ECOA red flags (e.g., automatic credit denials by age or race). The software should also audit file completeness (missing signatures, unsigned adverse action notices) and generate compliance reports for your officer. Budget $3,000–$12,000 annually for software plus 20 hours of implementation and staff onboarding.
Create a documentation and record retention system. Establish a filing protocol (digital or physical) that preserves original signed loan documents, truth in lending forms, adverse action notices, repossession notices, and collections records for a minimum of six years. Federal regulations (TILA, ECOA, FCRA) require this. Implement a retrieval system so you can produce any borrower file within 48 hours of a regulator's request or a customer dispute.
Schedule an internal audit before you fund the first loan. Have your compliance officer (or an outside auditor) review three test loan files for completeness: signed disclosure forms, income verification, credit reports, underwriting notes, and adverse action notices if applicable. Correct any gaps. This dry run catches systemic problems before regulatory examiners find them.
Decision: In-house compliance training vs. third-party provider
| Criteria | In-House Training | Third-Party Provider |
|---|---|---|
| Initial setup cost | $1,000–$3,000 (materials, time) | $5,000–$15,000 (consulting, course licensing) |
| Annual cost per employee | $200–$500 | $400–$1,200 |
| Time to deploy | 4–6 weeks | 1–2 weeks |
| Customization to your state | High (you adapt federal rules to state law) | Medium (provider uses templates; you verify fit) |
| Instructor expertise | Depends on hiring (attorney, consultant, or self-study) | High (dedicated compliance trainers) |
| Documentation & proof | You manage certificates; audit trail risk | Provider delivers certificates; auditable |
| Scalability | Slower (you must train each new hire manually) | Faster (employee enrolls in online course; instant certificate) |
| Best for | 1–5 employees; simple BHPH model | 5+ employees; multi-state or rapid growth |
Pros of In-House Training
You control messaging and can tailor examples to your specific state usury caps, repossession timelines, and licensing rules. Your compliance officer learns the material deeply and can answer staff questions in real time. One-time material cost is low, and you can reuse training slides year after year. For a single-location dealer with 3–4 lending staff, this model costs $2,000–$3,000 total and takes 4–6 weeks to build out.
Cons of In-House Training
You assume liability if training is incomplete or inaccurate—and if a regulator audits you, they may question whether an attorney or qualified expert designed the curriculum. Scaling becomes expensive: each new hire requires one-on-one or group training, eating into staff time. You also risk inconsistent instruction if your designated trainer leaves the company. Proof of training relies on your filing system; a poorly organized certificate archive can fail a CFPB or state exam.
Decision framework
Choose third-party training if you have 5+ lending staff, plan to expand to multiple locations, or operate in more than one state. A provider like the National Association of Finance Brokers or American Compliance Institute ($7,000–$12,000 annually) produces standardized, auditable certificates and keeps pace with regulatory changes. Choose in-house training if you're launching a small BHPH program (1–3 employees), have tight cash flow, and your compliance officer has legal or banking background. After year one, reassess: most dealers graduate to third-party training as volume grows because the audit protection and consistency are worth the cost.
State licensing timelines and costs: Most states approve BHPH licenses in 60–90 days if your application is complete; missing a surety bond or compliance policy can delay approval by 30+ days. Budget $2,000–$8,000 in application and bond fees upfront.
ECOA adverse action notice requirements: Federal law requires you to notify borrowers in writing within 30 days if you deny credit based on their application (income, credit score, debt-to-income ratio, etc.). The notice must state the principal reason for denial and inform them of their right to request a credit report copy. Failure to send an adverse action notice can trigger ECOA liability of $1,000–$10,000 per violation plus attorney fees. Your BHPH software should auto-generate these notices; if you deny applications manually, assign this task to your compliance officer and maintain a log of notices sent.
TILA disclosure compliance: Truth in Lending Act requires you to disclose the annual percentage rate (APR), finance charge in dollars, payment schedule, total amount financed, and total of all payments before the customer signs the contract. Errors in APR calculation (e.g., rounding incorrectly, omitting fees) can expose you to TILA statutory damages of $100–$5,000 per violation. Use BHPH software that calculates APR to two decimal places, includes all fees in the finance charge, and generates disclosures automatically. Test your calculation logic against three sample loans before going live.
Background: BHPH compliance in 2026 and how federal and state law shape your program
A Buy Here Pay Here operation is a subprime lending business. You finance used cars to borrowers with credit scores below 620 FICO, often with down payments of 20–40% and loan terms of 36–60 months. Your borrowers typically have limited credit history, prior defaults, or high debt-to-income ratios. Because this customer base is higher-risk, federal regulators (the Consumer Financial Protection Bureau, the Federal Trade Commission, and the Department of Justice) and state attorneys general scrutinize BHPH dealers for discrimination, predatory pricing, and collections abuse.
Compliance training is non-negotiable because a single unaware loan officer can expose your entire business to civil liability and regulatory enforcement. According to the CFPB's enforcement portfolio, the agency has issued over $800 million in restitution to consumers victimized by BHPH discrimination and improper collections from 2015–2025. The agency does not distinguish between large and small dealers; a 2–location BHPH dealership with $500,000 in annual lending volume faces the same TILA and ECOA standards as a nationwide chain.
Federal compliance framework
Your dealership operates under four primary federal lending laws:
Truth in Lending Act (TILA, Reg Z): Requires clear disclosure of APR, finance charge, payment schedule, and total cost before borrowing. TILA violations carry statutory damages of $100–$5,000 per violation. A single misrepresented APR on 50 loans = $5,000–$250,000 in liability.
Equal Credit Opportunity Act (ECOA, Reg B): Prohibits discrimination in lending based on race, color, religion, national origin, sex, marital status, age, or receipt of public assistance. ECOA violations trigger damages of $100–$10,000 per claim plus punitive damages, attorney fees, and potential class action exposure. Proof of discrimination is often circumstantial: if you deny loans to 80% of Black applicants vs. 30% of White applicants with similar credit profiles, the disparity triggers ECOA liability.
Fair Credit Reporting Act (FCRA): Governs how you order, use, and dispute credit reports. You must obtain a consumer's written permission to pull a credit report, provide an adverse action notice if you deny credit based on credit report findings, and ensure the consumer knows they can dispute inaccuracies. FCRA statutory damages reach $100–$1,000 per violation, and class actions are common (e.g., pulling credit reports without permission for 500+ customers = $50,000–$500,000 in liability).
Dodd-Frank Act (CFPB jurisdiction): Empowers the Consumer Financial Protection Bureau to supervise BHPH dealers and fine them for unfair, deceptive, or abusive acts or practices (UDAAP). The CFPB focuses on deceptive loan pricing (hiding prepayment penalties, inflating interest rates above disclosed APR), abusive repossession practices (repossessing without proper notice), and targeting vulnerable borrowers (e.g., elderly, non-English speakers).
State-level licensing and usury requirements
Most states require a BHPH dealer (or finance company license) to legally offer in-house loans. Licensing requirements vary:
- Net worth or capital requirements: 15 states require $25,000–$100,000 minimum net worth; 10 states have no minimum.
- Surety bonds: 32 states require a surety bond of $25,000–$150,000. Arizona, for example, requires a $50,000 bond for dealers with fewer than 100 active loans and $100,000 for larger portfolios.
- Usury caps: State maximum interest rates range from 18% APR (California) to 36% APR (South Dakota, many others). A few states (South Carolina, Alabama) have no statutory cap, but CFPB guidance suggests 36% as a safe harbor.
- Repossession notice: 40 states require 10–30 days' written notice before repossession. 5 states allow repossession without notice if the contract permits it (check your state carefully). Failure to provide notice can trigger consumer claims for conversion, breach of contract, and emotional distress.
Your compliance officer must maintain a state-specific regulatory matrix documenting your state's usury cap, notice requirements, licensing fees, and net worth minimums. Update it annually or when state law changes.
Recent regulatory trends (2024–2026)
The CFPB has escalated oversight of BHPH dealers, issuing guidance in 2025 on fair lending in subprime auto markets and announcing examinations of 50+ BHPH shops nationwide. The focus areas are:
Algorithmic discrimination: Using credit scoring or automated approval systems that correlate with protected characteristics (e.g., zip code proxies for race) is illegal under ECOA, even if unintentional. Your underwriting criteria must be facially neutral.
Repossession abuses: The CFPB has fined dealers for repossessing vehicles without providing notice, repossessing despite customer payment, and failing to credit payments timely. Maintain detailed repossession logs and train collections staff rigorously.
Pricing discrimination: If you charge different APRs to observably similar borrowers (e.g., a 28% APR to one borrower and 32% to another, both with credit scores in the same range), you risk ECOA liability unless your underwriting matrix documents the reason for the spread.
Bottom line
Compliance training in 2026 is not optional; it is a prerequisite to operating legally and profitably. Build a written compliance framework, assign a compliance officer, train staff annually on TILA and ECOA, and audit your files quarterly. The cost of a solid program—$8,000–$18,000 per year—is far less than the cost of a single regulatory fine ($10,000–$100,000+) or a class action settlement ($200,000–$1,000,000+). Start your compliance build before you fund your first loan.
Disclosures
This content is for educational purposes only and is not financial advice. bhphdealerfinancing.com may receive compensation from partner lenders, which may influence which products are featured. Rates, terms, and availability vary by lender and applicant qualifications.
Ready to check your rate?
Pre-qualifying takes 2 minutes and won't affect your credit score.
See if you qualify →Frequently asked questions
What compliance training is required to start a BHPH program in 2026?
You must train staff on TILA (Truth in Lending Act), ECOA (Equal Credit Opportunity Act), FCRA (Fair Credit Reporting Act), state usury caps, repossession notice periods, and collections laws. Most states require annual recertification and documented proof of training for all loan officers and collections staff. Your dealership also needs a compliance officer responsible for audits and record retention.
How much does BHPH compliance training cost annually?
Budget $8,000–$18,000 per year for compliance training, depending on dealership size and staff count. This includes third-party course providers, internal audits, legal review, and licensing renewal. Many compliance-focused BHPH software platforms bundle training modules for $2,000–$5,000 annually, reducing external costs.
What happens if my BHPH dealership fails a compliance audit?
Penalties range from $5,000–$50,000 in fines per violation by state regulators, plus mandatory retraining, license suspension or revocation, and potential federal enforcement by the CFPB. Civil liability can reach $100,000+ if customers file ECOA or TILA claims. Repeat violations or unlicensed lending can result in criminal charges and personal liability for owners.
What documentation must I keep for BHPH compliance?
Maintain loan files with signed Truth in Lending disclosures, credit reports, income verification, repossession notices, collections call logs, and correspondence for every borrower. Federal law requires retention for six years minimum. Your BHPH software must generate compliant audit trails, and you should conduct quarterly internal audits to catch discrepancies before regulators do.
Do I need a compliance officer if I'm a small BHPH dealership?
Yes. Even single-location BHPH dealers must designate a compliance officer—internal or third-party—responsible for training, audits, and regulatory filings. Many small dealers hire a part-time compliance consultant ($2,000–$5,000 annually) or use software-embedded compliance dashboards to stay current without a full-time role.
- BHPH Compliance and Regulations: 2026 Guide for Dealers (29/05/2026)
- Effective Risk Management for 2026 BHPH Dealer Financing (28/05/2026)
- BHPH Profitability & Operations Hub: Maximize Dealer Revenue in 2026 (27/05/2026)
- BHPH Risk Management & Compliance Hub: Protect Your Dealership in 2026 (26/05/2026)
- BHPH Collections Best Practices for 2026: Maximizing Cash Flow (22/05/2026)
- BHPH Debt-to-Income (DTI) Underwriting Calculator (21/05/2026)
- How to Launch a Profitable BHPH Program in 2026 (21/05/2026)
- BHPH Software & Inventory Management: Dealer Tools for 2026 (21/05/2026)