Tom Kline

Lead Consultant & Founder | Better Vantage Point

Tom Kline, a former franchise dealership owner with 30+ years of experience, specializes in risk mitigation by preventing and solving dealership problems through risk transference remedies, compliance, and dealership dispute resolution. Tom is the Lead Consultant and Founder of Better Vantage Point and has worked with both publicly-held and private dealerships. Kline speaks at national conferences and workshops, writes for six (6) publications, and has endorsements from multiple trade groups. Thanks for seeing things from a Better Vantage Point, where “We Get You Out of Trouble…and Keep You Out of Trouble.“

Why You Should Be Concerned About Regulatory Oversight: How Regulators Do What They Do

By

For this month, something new. I’ve written this article so you can copy it and have each employee at the dealership sign it. Having written employee acknowledgments of your policies is an important part of a robust GRC program at the dealership (Governance, Risk, and Compliance). If a regulator comes to visit, having this signed acknowledgment in every employee file would help you quell any claims of “willful non-compliance.” Here is it: Regulators are those governmental agencies that have oversight of our dealer operations.   When a regulator calls us or comes to visit, it is usually the result of an unhappy customer(s) – which we have not satisfied – who complains to them. Subsequently, the regulators will ask many questions about our business practices and how we operate. They have the authority to fine us and try to impose penalties to ensure our compliance with the myriad of laws we must follow. Here is a partial list of regulators:   The Attorney General The Consumer Financial Protection Bureau (CFPB) The Federal Trade Commission (FTC) A Member of the House of Representatives (Federal and State) A Member of the Senate (Federal and State) The State Police The Internal Revenue Service (IRS) The Treasury Department The United States Secret Service To understand the depth and breadth of what they look at, please see the attached page entitled “ CFPB Supervision and Examination Process .” (Page 12 of 1814.) While this is a specific page from the CFPB operating procedures, it is analogous to any regulatory agency’s daily operating procedures. We discuss this as our training this month to highlight the continuous cycle of supervision each of these agencies performs when it comes to businesses within their purview.  1. Pre-Examination/Scoping The CFPB is looking for “risks, areas of inquiry, and focus.” From their perspective, this means they are trying to examine those areas where businesses may take advantage of customers. Suppose the CFPB has reason to believe your dealership is not acting within the scope of accepted business practices. In that case, they will “Request and review documents and information needed to begin examination.” That means they will ask for your “internal policies, audit reports, training materials, recent data.”   It’s likely that if they come looking, they will find something. At a dealership and any business, for that matter, when a regulator examines a company, they find problems. Ultimately this will cost the dealership both time and money. One former dealer used to advise frequently, “When you shine a light on any one item at a dealership, you will find issues and uncover problems.” He is right.   2. Examination (offsite and onsite) This section talks about who the regulator(s) will interview and which operations they are going to examine. It further states they will “compare policies and procedures to actual practices by reviewing a sample of transactions.” Further, they will “compare the conduct to legal requirements.” No company wants a regulator to interview employees. With further examinations and this type of unwanted scrutiny, additional issues will be brought to the surface.   3. Communicate conclusions and required corrective action This is when the regulator tells you or mandates to you how you must run your company going forward. If you are not cooperative, they will “pursue supervisory agreement or formal enforcement action as needed.”   This means that the company would have to agree to a written understanding of how the company must operate on a go-forward basis. If a company declines to comply, the regulator will pursue “formal enforcement action,” which means costly court or administrative proceedings in which the company will have to spend a lot of money on attorneys to defend itself. Fines can be “nuclear” as recent dealers were tagged for more than $10 million, $3.380 million, and even a dealer in California who were fined $27 million.  4. Monitoring The regulator will periodically come back to the dealership and examine reports, transactions, and corrective actions which the company has performed in order to meet whatever agreement was reached. So, the regulators return to ensure compliance with all rules, laws, and regulations. If the dealership has not complied, they will bring the company back to court. This may subject the business to additional fines and penalties, and suspensions. This cycle may continue until the company is out of business or is compliant.  Compliance with any regulatory process is cumbersome, time-consuming, and costly, even if the inquiry is for one customer. An example of a written employee acknowledgement:   Our company is educating you as to these issues as we do our very best to run things in a professional manner while satisfying each and every customer. This also serves as a reminder that it is the company’s policy to follow the laws, rules, and regulations which have been communicated to you during your employment. If you find anything out of the ordinary, please report this to your supervisor or one of the owners. My signature below indicates that I: 1. Will comply with company policies and procedures 2. Will ensure that the company’s customers are satisfied with our dealership 3. Will communicate with my manager of one of the owners if I see items that are out of compliance with the company’s rules and regulations 4. I will immediately communicate with one of the owners if I receive a regulatory or media inquiry.  These things, I promise. _________________________ ________________________ Employee Print Name Employee Signature   January _____, 2023 *If you’d like a Word copy of this document, please reach out to me at tomk@bettervantagepoint.com, and I will be happy to send it along to you.  Thanks for seeing things from a Better Vantage Point. For more information:  Phone Number: 757-434-7656  Email Address: tomk@bettervantagepoint.com Website:  https://bettervantagepoint.com Website:  https://alwaysdobetter.com/howwehelp YouTube Channel:  https://www.youtube.com/channel/UC-ytHE0-c5lUJbzm0H4drog LinkedIn Profile:  https://www.linkedin.com/in/tompkline/
Non-GMO Dealerships

By

I'll bet you one dollar ($1.00) you have this issue, too. When you're shopping at the market and see a food product that's "non-GMO," don't you stop and think about it? Follow my logic here, please. If it's "non-GMO," that means it's "natural," right? I mean, if it's not genetically modified, it's natural? So, if it's natural, that indicates it's "real food." So, they didn't insert not-real food into my food. Amiright? So, why do they feel the need to tell me that my food is made up of one hundred (100%) percent food? Why can't they just leave that off the labeling? Am I missing something here? I just want true and genuine food. Likewise, shoppers want a "genuine" dealership, not an artificial corporate one with no personality and a queue for everything. How do you translate this to action, so the customers feel what you are about? Let's just take one step today, and here it is: Respond to your online complaints like a human (and definitely not a robot) and invite the customers into the store to get their problem resolved. You cannot resolve these issues by communicating through postings on websites. All too often, I see dealers have "robo-responses" posted by real people telling the customers that the dealership is "sorry for their experience" and then offering nothing to the customer. Zero, zip, nada. What function is that fulfilling exactly? How does that help either the dealership or the customer? Even worse, I was recently at a dealership group in New England whose policy was to post something which said, "Please email xxxx@dealership.com and tell me your concerns." This was posted after the customers had just spilled their guts telling the dealership, and elaborating to the public, the very nature of the problems. At best, it appeared the dealership was insincere. The issue here is not just a reputational one. When potential buyers are scouring the internet, looking for where to purchase, they read these reviews to determine the genuine nature of the dealership. You really can tell the culture of a store by how its employees respond. So, responding to these reviews will help you sell units, too. I've seen it happen over and over again. Beyond this, an even better practice is when you have earned the right to ask the customer to "update" their review after you have fixed their problem. Here's what those updates should look like. And these are posted from the internet: "Previously, in a letter, I complimented the salesman yet slammed the dealership, which, in hindsight, was unfair since I never met Mr. Kline. After reading my letter, Mr. Kline was concerned enough about my feelings and thoughts about his dealership to invite me into his office and explain why I was so distressed. We listed my complaints and found that some were just anger on my part and unwarranted, yet some were justifiable. He fixed the ones that were justified. I guess the point I am trying to make is that he didn't have to do that. The owner of a corporation took the time to satisfy the concerns of one individual. I think that was great, and he'll have my business for life. Most times, you can get the help you need from the managers, and I'm not saying everyone should be running to the owner with every problem. It's just nice to know that Mr. Kline's door is always open. Thank you." Here's another: "At first, when I got the response back from Tom Kline, I did not respond back. I felt why bother if that is how his employees treat customers. I am sure it is the same way. Well, Mr. Kline kept calling, trying to settle this matter. Finally, he got a hold of my daughter, and we agreed to meet with him. I really did not want to, but my daughter said that it wouldn't hurt anything. I have to say that today I met with Tom Kline, and he was much different than what I accepted. He apologized, listened (truly listened to what I had to say and how I felt). He fixed the problem. I was so far off in my judgment about him, and I am glad that I listened to my daughter. I just knew that I would never use the dealership again for anything, but after dealing with Mr. Tom Kline, I have changed my mind. Thank you very much for your assistance and truly listening." Finally: "First, I want to thank Mr. Kline for his response. I was indeed contacted by Mr. Kline today and have set up a meeting with him soon. I must say any company that will take the time to not only listen to a customer but agrees to make it right is a place I want to do business with. I have never seen an organization except for the military to respond and address a problem so quickly. I look forward to working with Mr. Kline in fixing some concerns I have." There's nothing magical here, just good, old fashioned work. Fixing these complaints is money in the bank. And if you are not going to repair your customers' problems, the government will. Regulatory actions almost always start with unsatisfied customer complaints. Look at the recent regulatory actions against dealers resulting from upset and unresolved customer issues: Federal Trade Commission (FTC) Napleton Automotive $10 million Federal Trade Commission (FTC) Passport Automotive $3.380 million Commonwealth of Massachusetts Jaffarians Ongoing State of California Paul Blanco $27.5 million So, you can sell more units, have happier customers (who will continue to patronize your dealership), and avoid lawsuits and regulatory issues by controlling your online customer issues. By managing and overseeing these internet complaints, you are minimizing your risks and increasing your revenues. Now, that's a non-GMO deal if I've ever heard one!
The Best Parking Lot Strategy

By

I'll be in trouble with my wife if she finds out I told you this.  Do you have a strategy for getting the best space in the parking deck? From my personal observations, most folks tend to drive onto the lower decks and try to (maybe) find that perfect space as close to the door/stairway as possible. They will circle and circle (like airplanes waiting to land) trying to get the best space. It takes a while to find, they end up disappointed, and proceed to the next level up. Then, they do it again. (Rince, wash, repeat.) Perhaps, just maybe, there’s a better way? Consider this. Instead of trying to cram your way into the last space on Level 2, why not just drive higher to the top or the second to the top level?   You can get there quickly. You can get yourself pretty close to your preferred entrance door. (Some alleged “pros” have told me you never want to park on the top deck because of the blazing sun on your vehicle and potential to get wet if it rains.) Ha!  I’ll buy the rain argument, but unless you’ve spent as much time as I do at airports, I am going to waive you off the flight pattern with that sun related philosophy.  The added driving, elevator, or stair time is minimal compared to circling the lot like a shark.  It’s less stressful, you’re done, and on to your next task.  AmIright?  Sometimes, you just need a different perspective. Same task, same outcome, better process.   Let’s discuss the insurance renewal at your dealership. Does this sound familiar: Once a year, your insurance agent comes to visit and to deliver this year’s bad news. Your premium is going up on every single policy. Without question, they arrive in your office one (1) week ahead of your renewal so there isn’t any time to maneuver or negotiate. You’re irritated. “This isn’t right,” you say to yourself. Then, you swallow hard and tell him to renew everything and (almost) throw him out of your office – banished for another year. Sound familiar?  Here’s a different perspective and a better way. First, spread your insurance renewals throughout the year.  Don’t have all of them renew at once. Second, require your agent to bring you the quotes thirty (30) days ahead of the renewal date. In the case of the garage renewal, because of its complexity, I suggest ninety (90) days.  This accomplishes multiple things: You’ve created an opportunity to review and renew each policy calmly, carefully, and without stress.   You’ve given yourself the option of having enough time to review the actual policy forms. This allows you to consider where your vulnerabilities lie and determine if there are ways for you to cover these through the insurance policies. By requiring your agent to give you the new numbers ahead of time, you’ve opened up the option of your negotiating with the insurance company about either (1) the policy form itself or (2) the premium. You will be less aggravated. For certain, you will be able to exercise control over your policies. Maybe you will send the agent to get prices from another carrier? Maybe you will ask the carrier to come visit you or you go to their offices to talk about the policy and renewal? Perhaps, you can discuss how claims are handled and how that effects your renewal premium?  In short, you gain control. I would proffer that’s a better way. By the way, if I find our favorite parking spot on Level 7 of the Norfolk, Virginia airport parking lot blocked, I’m going to be in trouble with my wife. Please be gentle with me!   
10 + 10 = Exposure

By

Answers these questions honestly: Do you have a Compliance Management System (CMS) and whose responsibility is it? When was the last enterprise risk assessment to ensure all personal and dealership assets are protected? (Who has looked at the “big picture?”) Who trains the staff about compliance and how often? Has anyone ever done an analysis of your insurance policies to determine if there are any holes in your coverage?   Do you have a process at the dealership to find and fix online consumer complaints? Do employees have a channel and mechanism to bring their complaints to the attention of management?  When was the last update to the Employee Guidebook? Do employees sign a Legal Rights Agreement? Are you using arbitration to settle disputes with consumers? (In practice, do you understand why this strategy is highly ineffective?) Are you prepared for a local media story? Do your employees know what to do, what to say, or who to direct the reporter to? Who audits your websites on a monthly basis to ensure compliance with advertising laws? Who inspects your other advertising?    Does your dealership have work to do?  Any one of these issues could cost you a lot of money.   Remember, it’s not how much money you make that’s important.  What’s critical is how much money you keep! Consider the “what if.”  What if…this were to happen or that were to happen?  How would you handle it? If those ten (10) didn’t stimulate you enough, here are another ten (10): What would you do if a regulator walked into your dealership? Do you have a plan as to how you would handle that situation One very large dealership group with more than eighty (80) stores allowed the Federal Trade Commission (FTC) to survey its customers to ask them about potential dealership wrongdoing.  What would be your thinking here? How would you handle that?  Have you started your work on the new Gramm Leach Bliley regulations?  The deadline is December 9. Unfortunately, the new regulations are complicated enough that you cannot simply write a check for an “app” to be compliant.  Some of your work will require good ol’ fashioned shoe leather.  Is anyone tracking how your waste (oil, batteries, tires etc.) is being disposed of and have you ensured your vendors have the adequate insurance to protect the dealership if it’s not handled properly?  Do you have a recall policy for your used vehicles?  Whether or not the used car is “your brand,” did you know the dealership would likely be liable if a customer were in an accident as the result of an unfixed recall? Have you ever checked to see how your IRS 8300 processes are working?  Are your cashiers receipting in monies with enough detail for you to track the transactions?  (Did you know the fines for non-compliance are up to $3 million and potential jail time?)  Did you recently inspect your Red Flag compliance?  Are your F&I managers just “blowing past” that screen and selling vehicles without paying attention?  This is a critical issue which will help in your defense if you are ever taken to court for selling a vehicle to someone with a stolen identity. As a dealership, are you sending out Adverse Action Notices in compliance with the Fair Credit Reporting Act (FCRA)?  Failure to send these could result in a class action lawsuit to include punitive damages for “willful non-compliance.” Are you selling repossessed vehicles or salvage vehicles without disclosing this status? Does your staff know how to handle an Office of Foreign Asset Control (OFAC) “hit” on a potential buyer’s credit application?  Do you have a procedure in place?   These questions are but a few of the concerns for your dealership when you are thinking about your daily risk.  As one dealer friend of mine advises, “Button up!”. Another says, “Stop everyone from reaching into your pocket!” Practice your “what ifs” and prepare!   In my experience, it’s not necessarily “if,” but “when!” Watch the YouTube video here . Check out Tom Kline's YouTube Channel for relevant information which is at the forefront of sharing preventative measures and insightful actions that you can take today to protect your dealership.
Let The Government Be Your Customer Service Department!

By

Three super-large dealership groups are trying it!   Here’s how it’s going for them so far… Carvana lost the ability to transact in Illinois according to  Automotive News  (May 16, 2022) because, “The Secretary of State's police department opened an investigation into consumer complaints about Carvana in February, (Henry) Haupt told  Automotive News . The investigation spans about 90 signed complaints, Haupt said. He said he couldn't provide an exact date as to when Carvana might see the suspension lifted.” According to a press release from the Texas Attorney General’s Office: “Texas Attorney General Ken Paxton filed a deceptive trade practices lawsuit against the online used vehicle dealer Vroom Automotive LLC and Vroom Inc., which also sells cars to Texas consumers under the name Texas Direct Auto. The lawsuit alleges that Vroom has misrepresented and failed to disclose significant delays in transferring clear title and obtaining vehicle registrations, burdening thousands of consumers. The State also alleges that Vroom has misrepresented and failed to disclose vehicle history and condition and terms of financing and approval—all violations of the Texas Deceptive Trade Practices Consumer Protection Act. According to the lawsuit, Vroom has not managed its growth effectively, leading to inadequate systems and procedures that have harmed Texas consumers.  Over the last three years, consumers have filed over 5,000 complaints with both the Better Business Bureau and the Office of the Attorney General against Vroom and Texas Direct Auto.”  According to the Federal Trade Commission’s (FTC) Press Release dated April 1, 2022: “The Federal Trade Commission and the State of Illinois are taking  action against Napleton , a large, multistate auto dealer group based in Illinois, for sneaking illegal junk fees for unwanted “add-ons” onto customers’ bills and for discriminating against Black consumers by charging them more for financing.  Napleton will pay $10 million  to settle the lawsuit brought by the FTC and the State of Illinois, a record-setting monetary judgment for an FTC auto lending case… A survey cited in the complaint showed that 83 percent of buyers from the dealerships were charged junk fees for add-ons without authorization or as a result of deception. One consumer cited in the complaint reported that the dealership located in Arlington Heights, Ill., charged him for nearly $4,000 in add-on fees after he’d paid a similar amount in down payment.” So, from the outside looking in, it appears these three (3) organizations do not have procedures in place to handle their customer queries, issues, and problems. So, by default, by attrition, or by apathy, they are ceding control and allowing the regulators to fine them and suspend them, thereby driving the dealerships to manage their own business affairs. (Good pun, right?)                                                                                                                 In the Napleton matter, a staggering 83 percent of buyers said Napleton took advantage of them. Let’s examine that statistic even further. In order to gather the information about the 83 percent, Napleton had to allow the FTC to have access to its customer files.  The FTC must have had quite a lot of leverage for Napleton to agree to give them that access.  Further, 83 percent cannot be simply “miscommunications” or “misunderstandings.”  It’s an astonishing number which cannot be explained away. Let’s keep this simple: Handle your customers or the government will.  
Six (6) Perspectives On The New GLB Safeguard Regulations

By

The new Gramm Leach Bliley Act (GLBA) regulations aren’t going away and become effective on December 9, 2022. You don’t have to agree, but you do have to comply. If you haven’t started already, it’s time to begin the work of parsing out how you will respond. I’ve asked various industry experts to chime in on how you should focus your efforts. Here’s what they had to say: Atul Patel CEO, Orbee  “Occasionally you get a nudge to rethink what you’re doing. While it might feel like it’s more an elbow to the ribs, the FTC Safeguard Rule that is part of the Gramm-Leach-Bliley bill is forcing auto dealerships to take their customer’s data security seriously. We find this to be the biggest opportunity for dealerships to   take back control over your data that is created on  your  properties, from  your  media investments, by  your  customers. When your shoppers give you their Personal Indentifiable Information (PII), they believe it was to you. But what is more likely is that it was to a third-party such as a trade-in tool, credit form, chat, and so on. We restructure the way data is created, stored, and activated. This offers the clearest path to Safeguard Rule compliance while benefiting your customer experience.” Jim Lawrence  COO, Sensitive Data Protect, LLC “There are 5 steps dealers should take to establish a good-faith compliance effort to address general cybersecurity, the FTC's Safeguard Rules, the ongoing battle against "phishing," and ransomware attack prevention:  Perform cybersecurity testing to find gaps in consumer facing IT infrastructure and behind your firewall.  Establish the policies and procedures and trainings to address the gaps and evaluate the investment options for ongoing IT security preventative measures. Make sure to review the difference between a "bundled" approach to cybersecurity versus a piecemeal, single-point solution.    Partner with an experienced automotive service provider who knows where the sensitive consumer data hides on your DMS and the third party software applications that share your client and prospect database.   NOTE : Dealers' are now responsible for their customer data. Their liability doesn't stop at the edge of their lot, it now stretches out to your third party dealer service providers. Approach your cybersecurity insurance provider about all this "Good-faith Compliance Effort" because they value and reward dealers with lower premiums and deductibles who attend to the needs of their cybersecurity in a "bundled" more comprehensive way.    SPECIAL STEP : If you're in the buy/sell due diligence process or even considering it, show your dealership's ability to protect its operational and sales value other dealers can't with the documentation of your good faith cybersecurity effort.” Michael Tuno President, ARMD Resource Group, LLC “In October of 2021, the FTC updated the 2003 Safeguards Rule to reflect the sign of the times.  While the industry is buzzing about this update as if it is something new, it simply is a rule that is reflecting the current state of the industry and the ever-growing risk to dealers with protecting customer’s information, both paper and  digital. The term “qualified” has been added to describe the seemingly elusive role in a dealership of a “CCO”.  The need to document all the digital audits and deploy the risk mitigation steps like multifactor authentication etc. have been added.  An incident response plan to document the dealer’s plan to deal with a breach has been added.  Vendor risk management continues to be a critical task, even since the 2003 days. The FTC is going to hold third parties responsible for any customer information in a more stringent light.  At the end of the day, on December 9, 2022, dealers are advised to document all these updates to the Safeguards Rule.  If it isn’t documented, it didn’t happen!    At $43,792 per day per violation, not to mention UDAAP or UDAP, (especially if you are using the FTC boilerplate privacy policy at your store), it can get very expensive very quickly if this law’s requirements aren’t met.  Déjà vu!” Hao Nguyen General Counsel, ComplyAuto “What we've seen is that the revised federal Gramm-Leach-Bliley Act's Safeguards Rule ("Revised Rule") continues to confuse dealerships across the country on how to exactly fulfill these new obligations. Many folks are talking about it -- their attorneys, state and national trade associations, and other dealers -- but none of them provide a cost-effective solution to meet the dealers' needs.  We work closely with a dealership's IT company or third-party managed service provider ("MSP") as two halves to a pair of scissors to get the dealership fully compliant with the Revised Rule. We help create required documentation (the Information Security Program and all of the required plans that go with it), provide employee security awareness training, execute phishing simulations on employee emails, perform penetration testing and vulnerability scanning as well as risk assessments at the dealership, and help manage vendor requirements in signing Data Processing Agreements and completing vendor risk assessments. Not only will this help fulfill the Revised Rule but also potentially affect cybersecurity premiums. If your clients have not experienced it yet, dealerships across the country tell us that their quoted premiums have increased two to three hundred percent for this year. Implementing our services to bolster your data protection and cybersecurity protocols will go a long way in showing them that you place a priority on data security and will possibly reduce your cybersecurity premiums (or get coverage in the first place).” John Acosta  CEO, Vtech Dealer IT “Compliance is like a marathon. Come the end of the year; you want to be on mile 22 rather than mile 3 of the race. Some of the GLBA compliance requirements are major systems upgrades that take time to set up properly. Start planning now.”    Of course, he’s right.  Here are other GLBA considerations: Is all of your customer data encrypted? Do you have endpoint protection throughout the dealership? Do you have a data retention policy in place? Have you implemented multi-factor authentication (MFA)? Do you have a written “incident response plan?” Have you completed cyber training for all employees?  …and there’s more… To practice optimal risk mitigation, here, begin by figuring out where your biggest areas of vulnerability are and build out your program from there.  Feel free to reach out to any of these folks (including me) if we can answer any questions.  We are happy to receive your call.  Cheers!