Tom Kline

Lead Consultant & Founder | Better Vantage Point

Tom Kline, a former dealership owner with 30+ years of experience, specializes in solving dealership problems through risk mitigation remedies, compliance, and dispute resolution for dealerships. Tom is the Lead Consultant and Founder of Better Vantage Point and has worked with publicly-held and private dealerships. Kline recently created AlwaysDoBetter.com/HowWeHelp, a digital comment box, to prevent employees and customers from posting negative reviews online while giving the dealer an opportunity to resolve the issue.  Kline is a member of the Expert Panel for Dealership Marketing Magazine and an Endorsed Expert for the RVDA, VIADA, and the CIADA. Kline recently spoke at the national Digital Dealer Conference and will be presenting at the RVDA National Conference. Thank you for seeing things from a Better Vantage Point.

Six (6) Perspectives On The New GLB Safeguard Regulations

By

The new Gramm Leach Bliley Act (GLBA) regulations aren’t going away and become effective on December 9, 2022. You don’t have to agree, but you do have to comply. If you haven’t started already, it’s time to begin the work of parsing out how you will respond. I’ve asked various industry experts to chime in on how you should focus your efforts. Here’s what they had to say: Atul Patel CEO, Orbee  “Occasionally you get a nudge to rethink what you’re doing. While it might feel like it’s more an elbow to the ribs, the FTC Safeguard Rule that is part of the Gramm-Leach-Bliley bill is forcing auto dealerships to take their customer’s data security seriously. We find this to be the biggest opportunity for dealerships to   take back control over your data that is created on  your  properties, from  your  media investments, by  your  customers. When your shoppers give you their Personal Indentifiable Information (PII), they believe it was to you. But what is more likely is that it was to a third-party such as a trade-in tool, credit form, chat, and so on. We restructure the way data is created, stored, and activated. This offers the clearest path to Safeguard Rule compliance while benefiting your customer experience.” Jim Lawrence  COO, Sensitive Data Protect, LLC “There are 5 steps dealers should take to establish a good-faith compliance effort to address general cybersecurity, the FTC's Safeguard Rules, the ongoing battle against "phishing," and ransomware attack prevention:  Perform cybersecurity testing to find gaps in consumer facing IT infrastructure and behind your firewall.  Establish the policies and procedures and trainings to address the gaps and evaluate the investment options for ongoing IT security preventative measures. Make sure to review the difference between a "bundled" approach to cybersecurity versus a piecemeal, single-point solution.    Partner with an experienced automotive service provider who knows where the sensitive consumer data hides on your DMS and the third party software applications that share your client and prospect database.   NOTE : Dealers' are now responsible for their customer data. Their liability doesn't stop at the edge of their lot, it now stretches out to your third party dealer service providers. Approach your cybersecurity insurance provider about all this "Good-faith Compliance Effort" because they value and reward dealers with lower premiums and deductibles who attend to the needs of their cybersecurity in a "bundled" more comprehensive way.    SPECIAL STEP : If you're in the buy/sell due diligence process or even considering it, show your dealership's ability to protect its operational and sales value other dealers can't with the documentation of your good faith cybersecurity effort.” Michael Tuno President, ARMD Resource Group, LLC “In October of 2021, the FTC updated the 2003 Safeguards Rule to reflect the sign of the times.  While the industry is buzzing about this update as if it is something new, it simply is a rule that is reflecting the current state of the industry and the ever-growing risk to dealers with protecting customer’s information, both paper and  digital. The term “qualified” has been added to describe the seemingly elusive role in a dealership of a “CCO”.  The need to document all the digital audits and deploy the risk mitigation steps like multifactor authentication etc. have been added.  An incident response plan to document the dealer’s plan to deal with a breach has been added.  Vendor risk management continues to be a critical task, even since the 2003 days. The FTC is going to hold third parties responsible for any customer information in a more stringent light.  At the end of the day, on December 9, 2022, dealers are advised to document all these updates to the Safeguards Rule.  If it isn’t documented, it didn’t happen!    At $43,792 per day per violation, not to mention UDAAP or UDAP, (especially if you are using the FTC boilerplate privacy policy at your store), it can get very expensive very quickly if this law’s requirements aren’t met.  Déjà vu!” Hao Nguyen General Counsel, ComplyAuto “What we've seen is that the revised federal Gramm-Leach-Bliley Act's Safeguards Rule ("Revised Rule") continues to confuse dealerships across the country on how to exactly fulfill these new obligations. Many folks are talking about it -- their attorneys, state and national trade associations, and other dealers -- but none of them provide a cost-effective solution to meet the dealers' needs.  We work closely with a dealership's IT company or third-party managed service provider ("MSP") as two halves to a pair of scissors to get the dealership fully compliant with the Revised Rule. We help create required documentation (the Information Security Program and all of the required plans that go with it), provide employee security awareness training, execute phishing simulations on employee emails, perform penetration testing and vulnerability scanning as well as risk assessments at the dealership, and help manage vendor requirements in signing Data Processing Agreements and completing vendor risk assessments. Not only will this help fulfill the Revised Rule but also potentially affect cybersecurity premiums. If your clients have not experienced it yet, dealerships across the country tell us that their quoted premiums have increased two to three hundred percent for this year. Implementing our services to bolster your data protection and cybersecurity protocols will go a long way in showing them that you place a priority on data security and will possibly reduce your cybersecurity premiums (or get coverage in the first place).” John Acosta  CEO, Vtech Dealer IT “Compliance is like a marathon. Come the end of the year; you want to be on mile 22 rather than mile 3 of the race. Some of the GLBA compliance requirements are major systems upgrades that take time to set up properly. Start planning now.”    Of course, he’s right.  Here are other GLBA considerations: Is all of your customer data encrypted? Do you have endpoint protection throughout the dealership? Do you have a data retention policy in place? Have you implemented multi-factor authentication (MFA)? Do you have a written “incident response plan?” Have you completed cyber training for all employees?  …and there’s more… To practice optimal risk mitigation, here, begin by figuring out where your biggest areas of vulnerability are and build out your program from there.  Feel free to reach out to any of these folks (including me) if we can answer any questions.  We are happy to receive your call.  Cheers!    
Oops They Did It Again

By

Oops, they did it again.  I just unpacked my new desktop computer, screens, camera, and enough cables for you, me, and every adult on the planet. (Well, not quite but definitely an abundance!) Along with my new goodies, I purchased, and I quote, the “Download Microsoft Office Home and Business 2021 All Languages Online Product Key License 1 License.” (Please note “Business” is part of the title here.)  So, when I bought this, I had an expectation I could use it for my WORK as a consultant, because I run a “Business.” When downloading the product, it wouldn’t sync with my Outlook. At. All. (There’s no telling how many times I attempted this with different variations and permutations.)    After six (6) hours on the telephone and online chats with Dell and Microsoft “support,” and my web host provider, I learned I had purchased the wrong product. After much typing and chatting and phoning, I finally learned from these fine folks, you see, “Business” doesn’t actually mean I am able to use it for a “business,” because I was informed that “Business” is really the “Home” version. Insanely aggravating, right?  Silly me, I thought the word “Business,” actually meant you could use it for a business. The software I purchased was $229.24 for a one-time charge but now Microsoft told me the new price for you know – business business - was $99 per year. Honestly, after six (6) hours struggling with tech support, I really didn’t care, I just wanted this nightmare to end. (Doesn’t that sound like a customer coming out of F&I after a long transaction?) And please allow me to mention I resent the word “support” here because none was given!     My Microsoft situation is a textbook bait and switch advertising ploy and is in breach of federal laws. I’m sure Microsoft has plenty of lawyers to argue about this. (By the way, if you’re a class action lawyer looking for a new case, Microsoft might be your next target…) This story illustrates two (2) important considerations in running your store: 1.     If you are having customers accuse you of bait and switch advertising, examine both your website and your other ads, including television, radio, internet etc. (Have you, as the dealer, looked at your online reviews recently? This is a terrific way for you to “listen” to customer feedback.)  If the terms are not “clear and conspicuous,” then likely the ad would be considered deceptive in some way. Because of competitive pressures, I know some dealers who advertise this way intentionally (so BEWARE!) and some who do it unintentionally. Either way, if you pay attention to Joe Public’s feedback, you will learn about process kinks at your store, and you can improve on procedures and avoid false advertising accusations and problems.   2.     In my experience, there is (almost) always a disconnect between the advertising and the sales staff, which leads to claims of bait and switch. The ad agency or in-house ad person should be training the sales staff on advertising specials and how terms were calculated mathematically. When Sally arrives at the lot and requests the advertised deal, then the sales person should be able to articulate clearly “how the deal works” and understand how to communicate this to Sally courteously and effectively. Otherwise, when Sally is told she cannot get the deal, (for whatever reason the sales agent creates), she will be (rightfully) upset. This is a classic scenario where the dealership can make improvements and avoid pitfalls by conveying information to the customer clearly and concisely. This potential negative situation occurs when the sales agent simply doesn’t have the information to properly do their job.This is easily fixed through training.   There are both federal enforcement agencies concerned with these issues, as well as the state Attorneys General.  As an example, Pennsylvania’s Attorney General, Josh Shapiro issued an advisory on March 3, 2022 warning of unfair and deceptive practices which violate the Pennsylvania Consumer Protection Law. Here are three (3) salient points specifically about dealers directly from his advisory: Represent and advertise goods or services at their actual price, comply with the terms of warranties given to the buyer; and not engage in fraudulent or deceptive conduct which creates a likelihood of confusion or misunderstanding. Sell a motor vehicle under the terms or conditions, including price or warranty, which a motor vehicle manufacturer or dealer has advertised or otherwise represented. Disclose any hidden charges in any advertised price of a vehicle, as well as the expiration date of any advertised price. Don’t be the dealer who ends up saying: “Oops!...I did it again, I played with your heart, Got lost in the game…”  It didn’t go well for Brittany Spears in 2007 and it won’t go well for your business either.  If your sales staff gets lost in the game, and plays with customers’ heart, you are going to create irate prospects, which (1) you won’t sell, so you will lose the sale and, (2) even worse, these bait and switch behaviors will attract regulators and lawyers.   Then, it’ll be your “Oops,” which will lead to a hefty fine, lawsuit, or worse…both!
I Hope You'll Learn With Me!

By

Insurance! (Insert full eyeball roll here.) An October, 2021 survey by Embroker stated that just 22% fully read through their insurance policy, 56% admit to not knowing the cost of their insurance program, 34% carry a cyber policy, 20% admitted to not knowing how their insurance is handled, and 30% allow their policies to renew without making any changes. Let’s change that starting right now! If you don’t understand your insurance, then reach out to a consultant or your insurance broker and ask for a complete review of your coverage.   Understand what insurance you have, what the limits are, and importantly, what policies you do not have.   Here is a thumbnail: Garage Policy This is your main policy which you would turn to cover dealership operations.   Automobile liability, premises liability, product/completed operations liability, customer’s cars.    The type of coverage and the limits matter. Property This covers your buildings and business interruption, should you have one. Worker’s Comp This policy handles worker injuries on the job. Dealer’s Open Lot Your vehicles are covered separately under this policy. This can be covered and included in the Garage policy except in high hazard/catastrophe prone areas. Cyber If you have a breach of your data or if the bad guys ransom you. Pollution Covers your waste (used oil, antifreeze, tires, batteries etc.) and their disposal.   If your waste isn’t handled properly, you can be help personally liable for these problems. Directors and Officers (D&O) Would step in for allegations of fraud and wrong-doing which protect the owners, officers, and employees. Directors and officers (D&O) liability insurance protects the personal assets of corporate directors and officers, and their spouses, in the event they are personally sued by employees, vendors, competitors, investors, customers, regulators, or other parties, for actual or alleged wrongful acts in managing a company. Crime Employee dishonesty.   Theft of corporate assets by an employee of the corporation. Employment Practices Liability This policy handles problems which arise with employees, such as discrimination, harassment, wrongful termination etc. Unusual Options You can protect yourself from most issues.   Here are some more unusual options: Product Recall   Kidnap and Ransom Active Assailant/Workplace Violence Loss of Franchise Communicable Disease Liability Computer Systems Failure Injunction Risk Loss of Key Employee Loss of Key Customer It’s likely if you can think of it, you can insure it. I try to learn every day and here’s one thing I learned this week:   parametric insurance.   So, we are going to learn about it and think anew together.   According to the National Association of Insurance Commissioners (NAIC) “the term parametric insurance describes a type of insurance contract that insures a policyholder against the occurrence of a specific event by paying a set amount based on the magnitude of the event, as opposed to the magnitude of the losses in a traditional indemnity policy. An example is a policy that pays $100,000 if an earthquake with magnitude 5.0 or greater occurs. The amount of payment, the parameter, and a third party responsible for verifying that the parameter was triggered must all be specified in the contract. The third party will usually be a government agency, for example earthquake magnitude could be determined by the measurement issued by the National Earthquake Information Center.” Dealers who have significant weather-related concerns might benefit from this type of coverage.   One of the benefits of parametric insurance is claims are paid more quickly as once the outside entity verifies the event, the insurance company pays so the monies are deployed and in the hands of the business more quickly. My hope for this article is getting you to consider the importance of your insurance program.   I say “program” as there should be a strategy involved and a monitoring and auditing component to it. Please reach out if I can answer any questions.
Emotional Intelligence: A Good Dealership Habit To Pick Up

By

“The purpose of habit is to remove that action from self-negotiation. You no longer expend energy deciding whether to do it. You just do it.” - Kevin Kelly, '68 Bits of Unsolicited Advice' You may have never thought of it this way, but problems at dealerships usually walk through your office door on two (2) legs: Either with customers or with employees. It’s always best to tackle these two-legged issues promptly, as otherwise, they can quickly escalate to regulatory challenges or, worse yet, lawsuits. I’ve seen it happen again and again. There are two main ways to confront problems as the dealer principle: You can personally manage the issue itself, or  You can manage the problems through well-trained employees who are empowered to fix them Your operations will be smoother for you if you choose to embrace your employees’ ability to handle the day-to-day concerns.   One of the most powerful tools you can teach your employees to deploy is effective and strategic emotional intelligence, i.e. the ability to understand, use, and manage emotions through communicating in a positive way. Your managers should understand this skill so they can effectively convey even difficult information to your customers.   The best way to change the communication style within your team is for you, as the leader, to model the use of your own emotional intelligence, whenever possible.  Here’s an example from last week. I was at a dealership group that wants to empower its managers to resolve customer problems through improved emotional intelligence. Together, the owners and I dug in with an action plan and dedicated a day to one-on-one sessions with all key stakeholders. We trained and practiced to ensure the managers understood the concepts and opportunities and could employ emotional intelligence tools effectively.   In this intimate training, we focused on a top-tier issue:  How to De-Escalate Customer Problems and Build Trust (To prevent problems at a dealership, this is step one and is the most important training for employees.) During one memorable session, with just the three of us in the room, one of the managers seemed particularly fidgety, wouldn’t make eye contact with me, despite being only three feet in front of me. He looked at his watch, then looked at the floor, and then looked at his watch again...then, stared at the floor.  Clearly, something was bothering him. (Let’s call him “Anthony.”) Me: Anthony, you look like something’s bothering you. Are you okay? Anthony: Yea, it’s nothing. Don’t worry about it. Me: You look uncomfortable. (When you label the emotion of what someone is feeling, it is disarming.) Anthony: Naw. Sorry, let’s continue. Me: Anthony, I can tell something’s wrong. Please let me what it is so I can help you. Anthony: I apologize (looks at his watch)… let’s keep going. Me: Do you need to be somewhere else? Is that why you keep looking at your watch? Anthony: It’s not about work. Don’t worry about it. Me: Where do you need to be? Anthony, I fix problems; it’s what I do! So please tell me what’s up so I can help. It turns out Anthony had an appointment at the post office to have his passport interview. I asked how long he had been waiting for the meeting (knowing everything is still backed up because of COVID) and he indicated he waited about six (6) to seven (7) weeks for the meeting.  I asked the other manager in the room if Anthony could go to his appointment and I could train him later. And, that’s exactly what ended up happening.  There I was, training about using emotional intelligence, and in that moment, I needed to deploy the very same tool, so Anthony could learn about emotional intelligence! Yes, Anthony should have told his boss about the appointment weeks in advance, days in advance, and the morning of his appointment so we (all) could have avoided the herky-jerky start-stop. When someone is feeling boxed in, they quite often don’t think clearly, as Anthony displayed. (I’m certain he had pressures at home and was told, “you’d better not miss this appointment.” At least, his face indicated that conversation had taken place.)  So the moral of the story is: Use emotional intelligence when managing your employees and deploy these tactics to resolve customer and employee problems. Train on specifics and remind everyone to recognize the emotions at play under all situations. Then, you won’t have to remind yourself of this. Happily, it will be habit. You will just do it!
How Dealers Should Handle COVID (Co-author Kristina Vaquera)

By

Another article about COVID-19?  Ugh! Snap! And oh, my! Employers everywhere are tired with having to handle this additional burden to running their business. But, now, more than ever, it’s important to mitigate your risk by being consistent and current in how you handle COVID. Don’t let your guard down now.    In this article, we will limit our discussion to the federal perspective on COVID as each state may have its own rules or requirements.  FACT: The Equal Employment Opportunity Commission (EEOC) says you can mandate employee vaccinations for employees physically entering the workplace based on business necessity subject to reasonable accommodation requirements. In essence, if it is a threat to the safety and well-being of employees and customers, you can require vaccinates. Very few jobs at the dealership may be completed by being isolated by plexiglass or office walls. Most require daily face-to-face customer contact that cannot be eliminated. FACT: If vaccines are required, employees may claim two (2) accommodations: Because of their sincerely held religious beliefs (i.e., Title VII of the Civil Rights Act), or Because of their disability (i.e. the Americans with Disabilities Act) If an employee asserts an accommodation request, call your employment lawyer for more specifics on how to handle the situation. Each case is different based on the facts. FACT:  To protect your employees and customers, ensure you have the latest signage from the Centers for Disease Control (CDC), Occupational Safety and Health Administration (OSHA) and your state safety and health departments. For example, current CDC guidance has different masking requirements depending on whether you are in a low or medium to high-risk transmission area. Click here for more information. FACT:  As the employer, you are still required to provide personal protective equipment (PPE) and sanitizing stations. Outbreaks at the dealership? If you are having frequent positive COVID situations at the store, you may need to revisit your policies and their efficacy. If you make changes, document what you are doing. Are you required to keep a log of positive cases, or report to your state? Make sure you are doing so if required. If OSHA, or any agency, visits you, they want to know what you are doing to protect everyone. Be diligent here.  FACT:  If you sell fleet vehicles to the government, or have a federal contract, then you may be a federal contractor. If so, you must follow federal COVID mandates required by Executive Order. You may also be subject to mandatory vaccine requirements if you have 100 or more employees.  FACT:  On September 9th, President Biden signed an Executive Order requiring employees of contractors doing business with the federal government to be vaccinated which builds off a previously issued Executive Order from July. President Biden also mandated that OSHA is developing a rule requiring all businesses with more than 100 employees to ensure their employees are fully vaccinated or require workers who remain unvaccinated to produce a negative test result on at least a weekly basis before coming to work. This mandate also requires employers to provide paid time off for the time it takes workers to get vaccinated or to recover if they are under the weather post-vaccination. It is unknown if employers will have to pay for the cost of testing and/or the time associated with testing.   This situation continues to evolve. Don’t “take on” risk by being lackadaisical when it comes to COVID. Author's note: The above article is for informational purposes only and does not constitute legal advice and does not create an attorney-client relationship.
Do You Understand the Components of Your Garage Insurance Policy?

By

Flavor: Something we crave in our daily routine. Try this flavor-filled description: “There’s a sense of cornmeal next to sawdust, oily vanilla, and a hint of fresh honey sweetness that entices your senses. It takes on a caramel corn sweetness as the vanilla carries you towards sweeter woods and cherry fruits. The end is short and sweet with a distant wisp of orange oils next to a slight minerality.” Recently, I found this depiction in an online article on Uproxx. Do you know what’s being described? (You’ll have to read the whole article or skip to the bottom for the answer.) With an increase in the complexity of flavors, I would proffer that you discover more appreciation of the product through the layers of taste. And so it is with your garage insurance policy. The more you understand it, the more you will appreciate it and have the taste for it.  I recently studied a garage insurance policy for a client. (Try not to be jealous.) I found 107 items in the policy which were questionable and needed further investigation as they were important for the dealer. As it turned out, at least 26 were actionable. My initial review drove the premium down from $109,641 to $81,511. Based on that audit, here are eight (8) select items for you to consider: What is the total value of your land + building + used vehicle inventory (not floor planned) + parts + blue sky? Your liability umbrella should exceed that total number or the business is underinsured in the case of a catastrophic accident. Do you have enough employee crime coverage to satisfy a claim resulting from someone stealing a vehicle? Do you have an aggregate over your vehicle weather deductible to act as a “stop loss” in the event of a large loss? (For example, if you have a $1000 deductible and 600 vehicles are damaged, you are out of pocket $600,000. If you had a $250,000 aggregate, you would write a check for the $250,000 and not the $600,000.) Have you compared your vehicle physical damage coverage limits to your actual inventory to determine if you should adjust the policy up or down? Did you know this exclusion is in most policies? “Loss caused by an ‘employee’ if the ‘employee’ had also committed ‘theft’ or any other dishonest act prior to the effective date of this insurance and you or any of your partners, ‘members’, ‘managers’, officers, directors or trustees, not in collusion with the ‘employee’, learned of such ‘theft’ or dishonest act prior to the Policy Period shown in the Declarations.” How much are you paying for Med Pay coverage? Isn’t it duplicative of your basic liability coverage? If you eliminate the coverage, how much money could you save? Are you paying an extra premium for higher limits on your uninsured and underinsured drivers policy (than you are legally obligated by your state) to pay? How much will this save you? Also, have you considered a separate, higher limit to protect the owners? Are you accurately self-reporting the number of dealer tags? Getting the flavor here? Make it a priority to review your policy with someone knowledgeable who will go through it and explain everything to you. While it may be distasteful upfront, you’ll be glad you did while gaining an understanding of what provisions the policy contains. And, it’s not ice cream that was being described above.  It was bourbon!