Tom Kline

More than thirty (30) years ago, I made a list of what motivates people. (I’m not sure why I was motivated to make the motivation list though.) I have no recollection of where these pieces or parts may come from, but here they are: 1. Make money 2. Save money 3. Save time 4. Avoid effort 5. Get more comfortable 6. Achieve greater cleanliness 7. Attain fuller health 8. Escape physical pain 9. Gain praise 10. Be popular 11. Attract someone else 12. Conserve possessions 13. Increase enjoyment 14. Gratify curiosity 15. Protect family 16. Be in style 17. Have or hold beautiful possessions 18. Satisfy appetite 19. Emulate others 20. Avoid trouble 21. Avoid criticism 22. Be individual 23. Protect reputation 24. Take advantage of opportunities 25. Have safety in buying something 26. Make work easier It’s not a perfect list, but it’s not bad either. "Nothing happens at a dealership until something is sold." That’s what pays the bills. It’s easy to see how this list could be parlayed into motivational leverage with the goal of selling something. On the other hand, and on the “other” side from selling, in governing the business, some of motivators can be utilized to avoid problems, dodge pain, save money, protect your reputation, and avoid trouble. Where the focus is eliminating or avoiding problems, that’s called governance, risk, and compliance (GRC). Avoiding foreseeable problems (or “preventable risk”) will be the core motivation of this article. At a dealership, a robust GRC program will extinguish issues which are obvious and avoidable. Here’s a summary of the eight (8) steps involved in a dealership GRC program: 1. Identify risks and compliance obligations 2. Prioritize the work by potential catastrophic problems and willful non-compliance penalties 3. Reduce exposure by building a proactive risk transference program 4. Create your internal policies and procedures for risk and compliance 5. Evolve from reactive to proactive to ameliorate your risks 6. Assign responsibilities and accountability 7. Track progress to protect the dealer (personally) and the dealership’s assets 8. Routinely review and audit people, processes, policies, and technology to document and revise compliance and risk protocols A robust GRC program will translate into action when the dealership brings a keen focus on having a compliance program. Some dealers say they have a strong program, when, in fact, they (sadly) do not. "For example, do you have a designated compliance person at each store?" These duties do not have to be a full-time and they're exclusively focused job. Compliance duties can be a part of an employee’s other responsibilities. If no one is designated as the compliance person at each store, then you really have no program. No one is actually performing the work. Now is a great opportunity to start your GRC program as enforcement activity against dealerships is on the upswing by the Federal Trade Commission (FTC) and the state Attorneys General. In November of 2021, the FTC passed new regulations which dealers must comply as a part of the Gramm Leach Bliley Act (GLBA), originally effective on May 23, 2003. There were two (2), new deadlines for compliance: January 10, 2022 and December 9, 2022. The December 9 deadline was pushed to June 9, 2023. (The update – alone - was forty-two (42) pages of three (3) columns of type of eight (8) point, small type in the Federal Register.) Here’s a brief summary of what you need to know to be compliant on this issue: About GLBA The GLBA was born out of the need to protect customers Personally Identifiable Information (PII). It is a federal data security rule which requires dealers to keep customer information secure and protected. The original rule added the burden to the dealers of ensuring that affiliates and service provider partners of the dealership safeguard the customer data, as well. This has translated into these actionable items: Lock all doors and access to any place at the store which may have PII Disposing and/or securing unfunded deals, pay stubs, tax returns etc. Limiting access to computer applications which may house PII The overabundance of data breaches necessitated an FTC update in 2021. January 10, 2022 Deadline By January 10, 2022, the dealership was to: Develop a written Information Security Program (ISP) which contains administrative, technical, and physical safeguards “that are appropriate to your size and complexity…and the sensitivity of any customer information at issue.” The dealership’s ISP should “base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.” Risk Assessments: “You shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure…or compromise of such information and reassess the sufficiency of any safeguards in place to control these risks.” Test or Monitor: “Regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems.” Oversee Service Providers: Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue. Dealer are required to contract to implement and maintain such safeguards. Evaluate and Adjust your ISP in light of: - Testing and monitoring - Any material changes to you operation - The result of your risk assessment - Any other circumstances which may have a material impact on your Information Security Program June 9, 2023 Deadline Unfortunately, there’s more work to be done: The definition of PII has changed to include home address, email address, and cell phone number. Your ISP should be written . Data containing PII must be encrypted both: - In transit, and at rest; The dealership must have a written data retention policy and adhere to it. A qualified and designated individual to oversee, implement, and enforce the ISP. Limit and monitor who has access to PII. Oversee Services Providers (vendors) with written agreements to ensure compliance with protecting the customer data. These must be re-verified at least annually. Dealers are required to monitor and assess these vendors and audit and document the interactions. Required Change Management Procedures: - Written - If someone gets fired or quits, your program can continue through following these procedures. - Controlling the lifecycle through procedure standardization to manage the risk and minimize the disruption. The Risk Assessment must be in writing and contain: - Identified security risks - Criteria of existing controls - Description of how the risks will be mitigated - Some risk is acceptable but must be written as to “why” - Must be updated as risks suggest - Dealers must periodically perform these assessments For information technology (IT) requirements : - Must have multi-factor authentication (MFA) - Continuous monitoring of IT systems or annual penetration testing and vulnerability assessments conducted at least every six (6) months - Anti-virus software - Endpoint protection to remotely monitor and update all computers Annual employee training for all employees - Documented with signed employee acknowledgements - Mandatory - Everyone must complete training without exceptions Written Incident Response Plan - How the dealership will respond to a data breach - Who has what responsibility and can make decisions - Communications inside the store and to third parties Data encryption is the “biggie” here. All data which contains PII must be encrypted both in transit and at rest. For example, that means when someone is scheduling a service appointment through your website, that data must be encrypted between the scheduler and your service advisors. As another example, the data sitting in your CRM must be encrypted at rest. There’s a lot here to work on here. Another example, salesmen can no longer send PII to their manager through email, as typically, it is not encrypted. The GLBA impacts your relationship with most internet vendors. Consider going to your payables department and have them develop a list of any vendors which have anything to do with email or the internet. Then contact them one by one to see whether or not they are compliant with encrypting their data. There are SaaS software solutions to help keep track of this activity. "Fines for non-compliance are $50,120 per violation." The FTC can take an expansive view of what a “violation” is, depending on the circumstances, particularly if there are issues involving multiple customer records. Data breaches are real and happen every day. Currently, one dealership in northern Virginia is immersed in a class action suit over a data breach. These lawsuits are wildly expensive. Consider that good data security is also a good business practice. Do you really want to call your third (3 rd ) generation customer and tell him his data is sitting out on the dark web as a result of a breach from your store? While not part of GLBA, cyber insurance should be a consideration and a part of your GRC program in order to protect your assets. While volumes have been written about these policies, I think it is important to talk about a few niggles. To be diligent about your cyber policy, consider: Reading the exclusions. You might be surprised at what you find. If there a sublimit for ransomware or do you have coverage to the full limits? If you have business interruption coverage resulting from a breach? If you have a “cap” on the number of individuals that the policy will cover? If penalties from regulatory bodies are covered by the policy? Are “end of life” computers or software covered by the policy? The overall philosophy with the GLBA (and the rest of your GRC program) here should be: Remediate and correct Document and report Evaluate and revise If you handle the preventative risk and ameliorate these issues, you can focus on the more positive side of the twenty-six (26) items above, like increasing your enjoyment and making money! And that’s how you can stay on the black side of the ledger! Cheers! For more information: Phone Number: 757-434-7656 Email Address: tomk@bettervantagepoint.com Website: https://bettervantagepoint.com Website: https://alwaysdobetter.com/howwehelp YouTube Channel: https://www.youtube.com/channel/UC-yt ... LinkedIn Profile: https://www.linkedin.com/in/tompkline/

If you are a dealer, when you get up and place your feet on the floor in the morning, you put your assets on the line, expecting a return or profit. It’s called “risk.” How you craft and hone your business practices and transact business daily, is what makes you different. Let’s talk about your daily risk because they are certainly “present,” even if you don’t think about them or see them. Risk is the degree of hazard you are willing to tolerate. How you handle risk determines your potential exposure to losses. There are three (3) kinds of risk: Preventable risk: These are risks that are controllable and should be able to be avoided or eliminated completely. External risk: These arise from events outside your dealership and beyond your control. Strategic risk: This is where your entrepreneurial spirit comes into play. A strategic risk is a venture which you embrace, in anticipation of a profit, with your taking on certain duties or responsibilities in order to accomplish your business plan. Said differently, this is a risk for you to earn profits and/or market share. You can control 2 of the 3 risk categories. For this article, let’s consider preventable risk where you can prevent problems at the store. What I see in my consulting business is dealerships could do a much better job handling customer complaints and disgruntled employees. How would you rate these the risk of upset customers and unhappy employees? Minor Moderate Major Severe Catastrophic Most dealers consider these as “minor” risks. My experience is different. To me, they can be “severe” or even “catastrophic” and should be treated as such. Let me explain. I’ve seen class action lawsuits against a dealership start with 2 women chatting in church. Unsatisfied and unhappy customers go to regulators, who end up finding problems and setting fines. Recently, these penalties range from $800,000 up to $27 million, including forced store closings. Unhappy customers can easily head over to the Motor Vehicle Dealer Board, who can vote to shut down the dealership resulting from 1 single complaint. If or when this happens, you risk the loss of your franchise. Inside the Sales and Service Agreements, most OEMs have clauses that indicate if a dealership closes for a (set) consecutive number of days, it is a clear default under the contract. What’s the “blue sky” value of your dealership today, and is that risk really worth taking? “It won’t happen to me” isn’t a business plan any more than if you are using “hope” to accomplish a goal. The “wait and see” approach is also reactive and lacks organizational structure. Being proactive is key. Consider installing more controls and monitoring mechanisms based on how you feel each identified risk corresponds to the 1-5 scale listed above. Triage the risks according to the most severe first. Assessing and controlling risk is a continuous process. (Insert attached graphic.) Outside of customer and employee problems, dealerships experience large risks in these 2 preventable areas, which we will use for illustration purposes: Unintentional advertising issues: Most dealers have mistakes on their websites. When was the last time you mystery-shopped your own website for advertising violations? Do you have a way to accomplish this? When customers feel “jerked around” by your advertising, they get upset. When they get upset, they go to lawyers and regulators. When lawyers and regulators get involved, they will inspect your business practices, including your website is absolutely low-hanging fruit for them. Here are two (2) biggest mistakes: 1. In your state, county, or city, are you allowed to have a “processing fee” or a “doc fee?” Which one? Does your disclaimer have the correct nomenclature? One or the other is provided by code, and you want to ensure you are using that terminology. 2. Do you have an asterisk (or equivalent) to tie your “sales price” to your disclaimer? If not, how is a consumer supposed to know that taxes, tags, and licensing fees are in addition to the sales price? Without the notation, federal advertising laws would dictate those fees are considered included in your sales price. While these 2 may appear nitpicky, they create potential class action exposure for your dealership and further regulatory concerns. Digital risk: 1. How tight are your infrastructure and your IT policies? There’s a dealer in northern Virginia facing a class action lawsuit right now over a large data breach. 2. The new Gramm Leach Bliley Act (GLBA) rules and regulations are onerous and require a concerted effort to be in compliance. Have you started your work here? The January 10, 2022 deadline has passed, and June 9, 2023, is coming up fast. (This topic is explained in another article.) As examples of preventable risk, a lack of forethought here makes your dealership vulnerable. These types of uncertainties can manifest themselves into real problems and potentially destabilize your dealership.  Consider a risk mitigation plan which covers these issues (and more) to ensure the continuity of your business and smooth daily operations. Risk mitigation is part of a robust governance, risk, and compliance (GRC) program.  Done well, this should contribute to the growth, profitability, and sustainability of the dealership. Thanks for seeing things from a Better Vantage Point.

For this month, something new. I’ve written this article so you can copy it and have each employee at the dealership sign it. Having written employee acknowledgments of your policies is an important part of a robust GRC program at the dealership (Governance, Risk, and Compliance). If a regulator comes to visit, having this signed acknowledgment in every employee file would help you quell any claims of “willful non-compliance.” Here is it: Regulators are those governmental agencies that have oversight of our dealer operations.   When a regulator calls us or comes to visit, it is usually the result of an unhappy customer(s) – which we have not satisfied – who complains to them. Subsequently, the regulators will ask many questions about our business practices and how we operate. They have the authority to fine us and try to impose penalties to ensure our compliance with the myriad of laws we must follow. Here is a partial list of regulators:   The Attorney General The Consumer Financial Protection Bureau (CFPB) The Federal Trade Commission (FTC) A Member of the House of Representatives (Federal and State) A Member of the Senate (Federal and State) The State Police The Internal Revenue Service (IRS) The Treasury Department The United States Secret Service To understand the depth and breadth of what they look at, please see the attached page entitled “ CFPB Supervision and Examination Process .” (Page 12 of 1814.) While this is a specific page from the CFPB operating procedures, it is analogous to any regulatory agency’s daily operating procedures. We discuss this as our training this month to highlight the continuous cycle of supervision each of these agencies performs when it comes to businesses within their purview.  1. Pre-Examination/Scoping The CFPB is looking for “risks, areas of inquiry, and focus.” From their perspective, this means they are trying to examine those areas where businesses may take advantage of customers. Suppose the CFPB has reason to believe your dealership is not acting within the scope of accepted business practices. In that case, they will “Request and review documents and information needed to begin examination.” That means they will ask for your “internal policies, audit reports, training materials, recent data.”   It’s likely that if they come looking, they will find something. At a dealership and any business, for that matter, when a regulator examines a company, they find problems. Ultimately this will cost the dealership both time and money. One former dealer used to advise frequently, “When you shine a light on any one item at a dealership, you will find issues and uncover problems.” He is right.   2. Examination (offsite and onsite) This section talks about who the regulator(s) will interview and which operations they are going to examine. It further states they will “compare policies and procedures to actual practices by reviewing a sample of transactions.” Further, they will “compare the conduct to legal requirements.” No company wants a regulator to interview employees. With further examinations and this type of unwanted scrutiny, additional issues will be brought to the surface.   3. Communicate conclusions and required corrective action This is when the regulator tells you or mandates to you how you must run your company going forward. If you are not cooperative, they will “pursue supervisory agreement or formal enforcement action as needed.”   This means that the company would have to agree to a written understanding of how the company must operate on a go-forward basis. If a company declines to comply, the regulator will pursue “formal enforcement action,” which means costly court or administrative proceedings in which the company will have to spend a lot of money on attorneys to defend itself. Fines can be “nuclear” as recent dealers were tagged for more than $10 million, $3.380 million, and even a dealer in California who were fined $27 million.  4. Monitoring The regulator will periodically come back to the dealership and examine reports, transactions, and corrective actions which the company has performed in order to meet whatever agreement was reached. So, the regulators return to ensure compliance with all rules, laws, and regulations. If the dealership has not complied, they will bring the company back to court. This may subject the business to additional fines and penalties, and suspensions. This cycle may continue until the company is out of business or is compliant.  Compliance with any regulatory process is cumbersome, time-consuming, and costly, even if the inquiry is for one customer. An example of a written employee acknowledgement:   Our company is educating you as to these issues as we do our very best to run things in a professional manner while satisfying each and every customer. This also serves as a reminder that it is the company’s policy to follow the laws, rules, and regulations which have been communicated to you during your employment. If you find anything out of the ordinary, please report this to your supervisor or one of the owners. My signature below indicates that I: 1. Will comply with company policies and procedures 2. Will ensure that the company’s customers are satisfied with our dealership 3. Will communicate with my manager of one of the owners if I see items that are out of compliance with the company’s rules and regulations 4. I will immediately communicate with one of the owners if I receive a regulatory or media inquiry.  These things, I promise. _________________________ ________________________ Employee Print Name Employee Signature   January _____, 2023 *If you’d like a Word copy of this document, please reach out to me at tomk@bettervantagepoint.com, and I will be happy to send it along to you.  Thanks for seeing things from a Better Vantage Point. For more information:  Phone Number: 757-434-7656  Email Address: tomk@bettervantagepoint.com Website:  https://bettervantagepoint.com Website:  https://alwaysdobetter.com/howwehelp YouTube Channel:  https://www.youtube.com/channel/UC-ytHE0-c5lUJbzm0H4drog LinkedIn Profile:  https://www.linkedin.com/in/tompkline/

I'll bet you one dollar ($1.00) you have this issue, too. When you're shopping at the market and see a food product that's "non-GMO," don't you stop and think about it? Follow my logic here, please. If it's "non-GMO," that means it's "natural," right? I mean, if it's not genetically modified, it's natural? So, if it's natural, that indicates it's "real food." So, they didn't insert not-real food into my food. Amiright? So, why do they feel the need to tell me that my food is made up of one hundred (100%) percent food? Why can't they just leave that off the labeling? Am I missing something here? I just want true and genuine food. Likewise, shoppers want a "genuine" dealership, not an artificial corporate one with no personality and a queue for everything. How do you translate this to action, so the customers feel what you are about? Let's just take one step today, and here it is: Respond to your online complaints like a human (and definitely not a robot) and invite the customers into the store to get their problem resolved. You cannot resolve these issues by communicating through postings on websites. All too often, I see dealers have "robo-responses" posted by real people telling the customers that the dealership is "sorry for their experience" and then offering nothing to the customer. Zero, zip, nada. What function is that fulfilling exactly? How does that help either the dealership or the customer? Even worse, I was recently at a dealership group in New England whose policy was to post something which said, "Please email xxxx@dealership.com and tell me your concerns." This was posted after the customers had just spilled their guts telling the dealership, and elaborating to the public, the very nature of the problems. At best, it appeared the dealership was insincere. The issue here is not just a reputational one. When potential buyers are scouring the internet, looking for where to purchase, they read these reviews to determine the genuine nature of the dealership. You really can tell the culture of a store by how its employees respond. So, responding to these reviews will help you sell units, too. I've seen it happen over and over again. Beyond this, an even better practice is when you have earned the right to ask the customer to "update" their review after you have fixed their problem. Here's what those updates should look like. And these are posted from the internet: "Previously, in a letter, I complimented the salesman yet slammed the dealership, which, in hindsight, was unfair since I never met Mr. Kline. After reading my letter, Mr. Kline was concerned enough about my feelings and thoughts about his dealership to invite me into his office and explain why I was so distressed. We listed my complaints and found that some were just anger on my part and unwarranted, yet some were justifiable. He fixed the ones that were justified. I guess the point I am trying to make is that he didn't have to do that. The owner of a corporation took the time to satisfy the concerns of one individual. I think that was great, and he'll have my business for life. Most times, you can get the help you need from the managers, and I'm not saying everyone should be running to the owner with every problem. It's just nice to know that Mr. Kline's door is always open. Thank you." Here's another: "At first, when I got the response back from Tom Kline, I did not respond back. I felt why bother if that is how his employees treat customers. I am sure it is the same way. Well, Mr. Kline kept calling, trying to settle this matter. Finally, he got a hold of my daughter, and we agreed to meet with him. I really did not want to, but my daughter said that it wouldn't hurt anything. I have to say that today I met with Tom Kline, and he was much different than what I accepted. He apologized, listened (truly listened to what I had to say and how I felt). He fixed the problem. I was so far off in my judgment about him, and I am glad that I listened to my daughter. I just knew that I would never use the dealership again for anything, but after dealing with Mr. Tom Kline, I have changed my mind. Thank you very much for your assistance and truly listening." Finally: "First, I want to thank Mr. Kline for his response. I was indeed contacted by Mr. Kline today and have set up a meeting with him soon. I must say any company that will take the time to not only listen to a customer but agrees to make it right is a place I want to do business with. I have never seen an organization except for the military to respond and address a problem so quickly. I look forward to working with Mr. Kline in fixing some concerns I have." There's nothing magical here, just good, old fashioned work. Fixing these complaints is money in the bank. And if you are not going to repair your customers' problems, the government will. Regulatory actions almost always start with unsatisfied customer complaints. Look at the recent regulatory actions against dealers resulting from upset and unresolved customer issues: Federal Trade Commission (FTC) Napleton Automotive $10 million Federal Trade Commission (FTC) Passport Automotive $3.380 million Commonwealth of Massachusetts Jaffarians Ongoing State of California Paul Blanco $27.5 million So, you can sell more units, have happier customers (who will continue to patronize your dealership), and avoid lawsuits and regulatory issues by controlling your online customer issues. By managing and overseeing these internet complaints, you are minimizing your risks and increasing your revenues. Now, that's a non-GMO deal if I've ever heard one!

I'll be in trouble with my wife if she finds out I told you this.  Do you have a strategy for getting the best space in the parking deck? From my personal observations, most folks tend to drive onto the lower decks and try to (maybe) find that perfect space as close to the door/stairway as possible. They will circle and circle (like airplanes waiting to land) trying to get the best space. It takes a while to find, they end up disappointed, and proceed to the next level up. Then, they do it again. (Rince, wash, repeat.) Perhaps, just maybe, there’s a better way? Consider this. Instead of trying to cram your way into the last space on Level 2, why not just drive higher to the top or the second to the top level?   You can get there quickly. You can get yourself pretty close to your preferred entrance door. (Some alleged “pros” have told me you never want to park on the top deck because of the blazing sun on your vehicle and potential to get wet if it rains.) Ha!  I’ll buy the rain argument, but unless you’ve spent as much time as I do at airports, I am going to waive you off the flight pattern with that sun related philosophy.  The added driving, elevator, or stair time is minimal compared to circling the lot like a shark.  It’s less stressful, you’re done, and on to your next task.  AmIright?  Sometimes, you just need a different perspective. Same task, same outcome, better process.   Let’s discuss the insurance renewal at your dealership. Does this sound familiar: Once a year, your insurance agent comes to visit and to deliver this year’s bad news. Your premium is going up on every single policy. Without question, they arrive in your office one (1) week ahead of your renewal so there isn’t any time to maneuver or negotiate. You’re irritated. “This isn’t right,” you say to yourself. Then, you swallow hard and tell him to renew everything and (almost) throw him out of your office – banished for another year. Sound familiar?  Here’s a different perspective and a better way. First, spread your insurance renewals throughout the year.  Don’t have all of them renew at once. Second, require your agent to bring you the quotes thirty (30) days ahead of the renewal date. In the case of the garage renewal, because of its complexity, I suggest ninety (90) days.  This accomplishes multiple things: You’ve created an opportunity to review and renew each policy calmly, carefully, and without stress.   You’ve given yourself the option of having enough time to review the actual policy forms. This allows you to consider where your vulnerabilities lie and determine if there are ways for you to cover these through the insurance policies. By requiring your agent to give you the new numbers ahead of time, you’ve opened up the option of your negotiating with the insurance company about either (1) the policy form itself or (2) the premium. You will be less aggravated. For certain, you will be able to exercise control over your policies. Maybe you will send the agent to get prices from another carrier? Maybe you will ask the carrier to come visit you or you go to their offices to talk about the policy and renewal? Perhaps, you can discuss how claims are handled and how that effects your renewal premium?  In short, you gain control. I would proffer that’s a better way. By the way, if I find our favorite parking spot on Level 7 of the Norfolk, Virginia airport parking lot blocked, I’m going to be in trouble with my wife. Please be gentle with me!   

Answers these questions honestly: Do you have a Compliance Management System (CMS) and whose responsibility is it? When was the last enterprise risk assessment to ensure all personal and dealership assets are protected? (Who has looked at the “big picture?”) Who trains the staff about compliance and how often? Has anyone ever done an analysis of your insurance policies to determine if there are any holes in your coverage?   Do you have a process at the dealership to find and fix online consumer complaints? Do employees have a channel and mechanism to bring their complaints to the attention of management?  When was the last update to the Employee Guidebook? Do employees sign a Legal Rights Agreement? Are you using arbitration to settle disputes with consumers? (In practice, do you understand why this strategy is highly ineffective?) Are you prepared for a local media story? Do your employees know what to do, what to say, or who to direct the reporter to? Who audits your websites on a monthly basis to ensure compliance with advertising laws? Who inspects your other advertising?    Does your dealership have work to do?  Any one of these issues could cost you a lot of money.   Remember, it’s not how much money you make that’s important.  What’s critical is how much money you keep! Consider the “what if.”  What if…this were to happen or that were to happen?  How would you handle it? If those ten (10) didn’t stimulate you enough, here are another ten (10): What would you do if a regulator walked into your dealership? Do you have a plan as to how you would handle that situation One very large dealership group with more than eighty (80) stores allowed the Federal Trade Commission (FTC) to survey its customers to ask them about potential dealership wrongdoing.  What would be your thinking here? How would you handle that?  Have you started your work on the new Gramm Leach Bliley regulations?  The deadline is December 9. Unfortunately, the new regulations are complicated enough that you cannot simply write a check for an “app” to be compliant.  Some of your work will require good ol’ fashioned shoe leather.  Is anyone tracking how your waste (oil, batteries, tires etc.) is being disposed of and have you ensured your vendors have the adequate insurance to protect the dealership if it’s not handled properly?  Do you have a recall policy for your used vehicles?  Whether or not the used car is “your brand,” did you know the dealership would likely be liable if a customer were in an accident as the result of an unfixed recall? Have you ever checked to see how your IRS 8300 processes are working?  Are your cashiers receipting in monies with enough detail for you to track the transactions?  (Did you know the fines for non-compliance are up to $3 million and potential jail time?)  Did you recently inspect your Red Flag compliance?  Are your F&I managers just “blowing past” that screen and selling vehicles without paying attention?  This is a critical issue which will help in your defense if you are ever taken to court for selling a vehicle to someone with a stolen identity. As a dealership, are you sending out Adverse Action Notices in compliance with the Fair Credit Reporting Act (FCRA)?  Failure to send these could result in a class action lawsuit to include punitive damages for “willful non-compliance.” Are you selling repossessed vehicles or salvage vehicles without disclosing this status? Does your staff know how to handle an Office of Foreign Asset Control (OFAC) “hit” on a potential buyer’s credit application?  Do you have a procedure in place?   These questions are but a few of the concerns for your dealership when you are thinking about your daily risk.  As one dealer friend of mine advises, “Button up!”. Another says, “Stop everyone from reaching into your pocket!” Practice your “what ifs” and prepare!   In my experience, it’s not necessarily “if,” but “when!” Watch the YouTube video here . Check out Tom Kline's YouTube Channel for relevant information which is at the forefront of sharing preventative measures and insightful actions that you can take today to protect your dealership.