Commercial Requester Information Handbook


Audit Requirements


The Compliance Audits Unit audits commercial requesters to ensure compliance with the requirements of CVC, California Code of Regulations (CCR) Title 13 and the terms and conditions of the Commercial Requester Account.

1. Will my account be audited?

All Commercial Requester Accounts are subject to DMV audits. Any account may be audited regardless of the method used to request or receive the information (on-line, hardcopy, magnetic tape, etc.) or the type of information that the requester is authorized to receive (basic, residence address, mailing address or residence address with post notification).

Certain conditions may warrant an unannounced audit, however, in most cases DMV will contact the requester by telephone approximately 1 to 2 weeks in advance to schedule the audit.



2. How are account holders selected?

Audit requests that are referred to us because of complaints or investigations are considered a priority. The remaining audits are scheduled based on a selection criteria determined by the management of the Compliance Audits Unit.



3. What happens during the audit process?

The audit consists of:

  • An entrance conference to explain the audit process
  • Testing and review of supporting documentation
  • An exit conference to inform you of any findings
  • A written audit report

Typical audits take 4 to 6 hours for the conferences and on-site testing, however, some may require additional time.



4. What do I need for the audit?

The auditors will review your:

  • Supporting documentation to show evidence of proper use
  • Required logs (refer to page 2.007)
  • Information Security Statements
  • Listing of employees authorized to request information
  • Listing of terminated employee authorization
  • Billings or invoices from your re-seller/service provider.

The supporting documentation must be kept at the physical place of business listed on the application or the branch location form (INF 1106BL) and shall be made available for audit.



5. What is supporting documentation?

Supporting documentation shows evidence of proper use of DMV information and it varies according to the type of business. We typically see the following:

Insurance companies provide policy numbers, accident reports, SR-1 information or insurance quotes.

Law offices supply us with a client information sheet, retainer agreement, accident report and court case number.

Private investigators provide us with case name, file numbers, client information and reports.

Registration services supply information related to the transaction processed such as fees collected, method of payment, date fees collected, cost to client.

Dealers pull their dealer jacket, purchase/lease agreement/odometer disclosure statement, release of liability, title, registration or a bill of sale.

Towing companies provide towing and lien sale data.

Auto auctions provide us with stock/inventory numbers, report of sale, and buyer/seller information.



6. What happens after the audit?

Once the audit is completed and reviewed by management, an audit report is issued. You may be required to respond in writing to the findings in the audit report and explain what corrective action has been taken to address the findings. Failure to respond to the audit report within the specified timeframe may result in the inactivation of your requester account.

Audits with findings (non-compliance with CVC, CCR, and the Terms and Conditions of the Commercial Requester Account or other applicable statutes) are subject to final determination by ISB management for adverse or corrective action (re-audit, monitoring, referral to legal office or referral to investigation).



7. Can DMV take any other actions?

If an audit discloses a violation of any provisions of the California Code of Regulations (CCR) Title 13, whether by omission or commission, DMV may have grounds to take action that may result in suspension or termination of access privileges of the requester. DMV may also pursue appropriate administrative, civil, and/or criminal action for any violations in accordance with CVC 1808.45 and 1808.46 and Title 13 of the CCR.



8. Is there any thing else I should know about the audit?

If the audit reveals violation(s) of CVC 1808.22 through 1808.47 and/or violation(s) listed under CCR Section 350.52 the requester may be subject to administrative or criminal action.



9. If my account is terminated either voluntarily or involuntarily, what should I do?

Whenever an account is terminated with or without cause, or voluntarily closed pursuant to CCR 350.16 (b), the department may require the holder to surrender all information and records retained pursuant to CCR 350.48 & 350.18 (b) (4) and (5) not later than the end of the third business day following the date of termination or closure. The notification to surrender the records must be included in the notice of revocation or termination.



10. If my account is terminated and I am notified to surrender my records where should they be sent?

Upon notification to surrender the records, they should be mailed to:

Department of Motor Vehicles
Compliance Audits Unit MS H230
P.O. Box 932345
Sacramento, CA 94232-3450