Deal Jacket Audits: How AI is Stopping the FTC at the Door

For decades, “compliance auditing” at a dealership meant a controller or office manager randomly pulling five deal jackets a month and checking for signatures. In the eyes of the FTC, this is woefully inadequate. With enforcement actions resulting in settlements of $10 million or more, the cost of missing a pattern of fraud in your deal jackets dwarfs the cost of any auditing technology.

What Is in a Deal Jacket?

Before discussing how to audit deal jackets, it helps to understand what is inside one. A complete deal jacket typically contains:

• Retail Installment Sales Agreement (RISA): The core financing contract between the buyer and the dealership, which is then assigned to the lender.
• Credit Application: The consumer’s personal and financial information, including SSN, income, and employment history.
• OFAC Check: Verification that the buyer is not on the Office of Foreign Assets Control sanctions list.
• Truth in Lending Act (TILA) Disclosures: Federally mandated disclosures showing the Annual Percentage Rate (APR), finance charge, amount financed, total of payments, and total sale price.
• F&I Product Contracts: Agreements for GAP insurance, extended warranties, service contracts, tire-and-wheel protection, and other aftermarket products.
• Buyer’s Order: The itemized breakdown of the vehicle price, trade-in value, taxes, fees, and add-ons.
• Privacy Notice: Required under the Gramm-Leach-Bliley Act, disclosing how the dealership handles consumer financial information.
• FTC Holder’s Rule Notice: A specific notice required by 16 CFR 433 in 10-point boldface type, preserving the consumer’s right to assert claims against any holder of the contract.

Every one of these documents must be accurate, properly disclosed, and signed. A single discrepancy in a single document can trigger regulatory scrutiny across your entire operation.

The FTC Enforcement Landscape

The FTC has made it clear that it views deal jacket manipulation as a priority enforcement area. Recent actions illustrate the scale of penalties:

• Napleton Automotive Group (2022): Settled for $10 million over allegations of sneaking undisclosed junk fees into contracts. The FTC found that Black customers were charged approximately $190 more in interest and $99 more for add-ons than white customers, demonstrating how unaudited F&I discretion enables discriminatory pricing.
• Leader Automotive Group (2024): A $20 million settlement over a scheme involving unauthorized add-on products inserted into deal jackets without consumer consent.
• Sage Auto Group (2017): A $3.6 million settlement involving yo-yo financing, where customers drove off the lot before financing was finalized, then were called back to sign more expensive contracts.

The CFPB has also been active in the auto finance space. Toyota Motor Credit settled for $60 million in 2023 over allegations that it designed systems to prevent consumers from canceling unwanted add-on products like GAP insurance and service contracts.

Common Schemes the FTC Targets

Federal and state regulators look for specific patterns in deal jackets:

• Payment Packing: Quoting a monthly payment that already includes undisclosed add-on products, so the customer never realizes they are paying for products they did not request.
• Yo-Yo Financing: Letting the customer take the vehicle before financing is finalized, then demanding they return to sign a contract with worse terms or face repossession.
• Rate Markup Discrimination: Allowing F&I managers to add discretionary interest rate markups that disproportionately affect minority borrowers.
• Product Sliding: Adding F&I products (extended warranties, paint protection, etc.) to the contract without the customer’s knowledge or informed consent.

These schemes share one common trait: they are nearly impossible to detect by manually reviewing five deals a month.

The Safeguards Rule Connection

The FTC Safeguards Rule under 16 CFR 314.4 requires financial institutions to protect the integrity and confidentiality of customer information. When an F&I manager modifies contract terms, adds unauthorized fees, or alters financial data in the DMS without oversight, that is a violation of the data integrity requirement. Deal jacket auditing is not just a consumer protection measure; it is a component of your information security program.

Why Manual Audits Fail

Humans are inconsistent. They get tired. They have relationships with the F&I managers they are supposed to audit. A manual audit of five deals per month out of 200 or more transactions covers roughly 2.5% of your volume. The FTC knows this. A manual sampling approach will miss:

• The pattern where one F&I manager adds a specific product to every deal on the last day of the month to hit a bonus threshold.
• The TILA disclosure error that only appears when a specific lender’s rate sheet is used.
• The recurring $299 “document preparation fee” that is not disclosed in the buyer’s order but appears in the RISA.

How AI-Driven Auditing Works

Modern AI auditing tools combine multiple technologies to review 100% of deal jackets:

• Optical Character Recognition (OCR): The AI reads every page of every scanned document, converting images of contracts into machine-readable text. This works even on handwritten notations and poor-quality scans.
• Natural Language Processing (NLP): The system interprets the extracted text to understand contract terms, identify product names, and extract financial figures like APR, payment amounts, and fee totals.
• Cross-Reference Validation: The AI compares the extracted deal jacket data against the DMS records. If the RISA says the APR is 7.9% but the DMS shows the buy rate from the lender was 4.9%, the system flags a 300 basis point markup for review.
• Anomaly Detection: Machine learning models identify statistical outliers. If the average GAP insurance price across your store is $795 but one F&I manager averages $1,295, the system flags the deviation.
• TILA Compliance Checks: The system verifies that all Truth in Lending Act disclosures are present, mathematically accurate, and consistent with the actual deal terms.
• Disclosure Verification: The AI confirms that every required signature block is not just present but dated correctly, that the FTC Holder’s Rule notice (16 CFR 433) appears in the required format, and that the privacy notice is included.

The Business Case

The math is straightforward. The Napleton settlement was $10 million. The Leader settlement was $20 million. These figures do not include legal fees, lost business, or reputational damage.

AI-driven auditing tools for a typical dealership group cost a fraction of a single enforcement action. More importantly, they catch problems before deals are funded, allowing you to correct errors, retrain staff, and terminate bad actors before regulators get involved.

What the FTC Expects to See

During an examination, the FTC will look for evidence that you have systematic controls over your deal documentation:

1. A documented audit process describing what is reviewed, how often, and by whom.
2. Audit records showing the results of each review period, including exceptions found and how they were resolved.
3. Corrective action documentation proving that identified problems led to retraining, policy changes, or personnel actions.
4. Consistency of coverage. Auditing 100% of deals demonstrates a fundamentally different level of diligence than spot-checking 2.5%.

By auditing every deal, every page, every time, you can catch and fix errors before the deal is ever funded, and long before the FTC ever knocks on your door.