Originally published in Automotive News | September 2, 2024 issue
by Doug Fusco | Managing Partner of Dealership Compliance at Informativ
Dealers need to protect customer information, train staff and invest in technology to sleep better at night.
Let’s pretend we have a friend who’s an auto dealer.
We’ll call him Larry — a fictional character based on my many interactions hearing the challenges and concerns of real dealers.
Larry always followed the rules but even he would say compliance wasn’t a focus of his operations until June 9, 2023.
That’s when the FTC dramatically expanded its Safeguards Rule in the auto industry. Not that long ago, the FTC guidelines were only a few pages long. Now, they’ve ballooned to 145 pages with obligations to maintain physical security of customer information, create administrative processes for handling data and implement technical safeguards to protect against threats.
More than a year after enforcement of this rule began, our surveys show about half of dealers are still unsure about what they need to do to be compliant; or they think they’re already covered when in reality they’re still at risk.
Larry is determined to be on the right side of that statistic. He is working to get his team on board and changing bad behaviors that developed out of simply wanting to sell cars and getting to “yes” from a customer. Larry wants to stop staying awake all night worrying about the risk of FTC fines or class-action lawsuits.
Here’s how Larry sleeps better at night.
Customer information locked down
When Larry read the obligations in the FTC Safeguards Rule, he knew he needed stricter controls over physical access to sensitive customer data. Too many of his sales staff were leaving customer information in unsecure locations such as on their desks or the copy machine. A lot of them were getting and ultimately storing consumer information on their cell phone or in their personal email. His general manager even confessed to having photos of 100s of driver’s licenses on his phone. Plus, his dealership hadn’t done a great job of retaining dead deals over the years. All these issues were Safeguards Rule fines or lawsuits waiting to happen.
To fix this, Larry started small. He required staff to lock file cabinets, ensured paperwork was not left out in the open and restricted access to areas where sensitive information was stored. Practices such as taking photos of customers’ driver’s licenses on personal phones was strictly prohibited. Because there were still problems with consistent enforcement, he began researching digital platforms that could help his showroom by enforcing a compliant process, going paperless, creating digital deal jackets and sending and receiving secure links to customers to collect loan documents such as proof of income, driver’s licenses and other information.
Acting more like the TSA
Next, Larry tackled the administrative obligations of FTC regulations for his dealership. He’s been in the automotive sales industry a long time and knows most dealers rely on hope when it comes to compliance.
To avoid becoming one of those dealerships, he developed a consistent, compliant process for every deal. He was inspired by airports and TSA checkpoints. Though they don’t always offer the best experience, they do one thing better than a lot of businesses — they never skip a step in their process. Your identification is always verified or scanned at security.
Larry revised his dealership’s policies to ensure all employees understood the importance of protecting customer information. He required regular training sessions and compliance reviews. He created a dedicated compliance team responsible for monitoring adherence and began researching technology that could enforce these consistent processes from lead to sale — particularly one his sales team would love and be more likely to use.
Anticipating threats
In addition to these physical and administrative obligations, Larry realized to stay in technical compliance he needed to control and protect his dealership’s data. He invested in robust cybersecurity measures such as installing advanced firewalls, encryption tools and secure data storage. He also made sure all dealership systems were regularly updated to protect against the latest threats.
Larry also took a controlled approach to compliance by identifying the four points where data entered his dealership and were most vulnerable to fraud and breaches.
- The walk-in: direct interaction with customers face-to-face
- Online credit app: gathering data, consent and credit remotely
- Digital retailing: gathering data, product interests and needs remotely
- Remote: collecting customer information and product needs through any other method (sales enablement platform, QR codes, CRM).
After identifying these key entry points, Larry trained staff on secure handling of data and enforced compliant processes at each of these points.
Continuous training
Even with all the training, Larry knows turnover is a fact of life. He deals with a consistent churn of salespeople. Also, the further away his staff gets from training and compliance reviews, the more those consistent practices disappear and a gap between compliant processes and actual processes grows. To combat this, he implemented a system of continuous training and reinforcement.
New hires receive thorough compliance training as part of their onboarding; existing employees attend regular refresher courses.
Investment in technology
Most importantly though, Larry realized he could train and retrain staff constantly, but they needed more than that.
He invested in technology in other areas of his dealership, such as the machine that tracks expensive key fobs because salespeople forget to return them after a test drive.
It only made sense then that he would spend money on a reliable front-end compliance enforcement platform to steer his staff’s behavior to his specific policies regardless of a busy showroom on a Saturday afternoon or a slow one on a sleepy Monday morning.
Investing in technology that put up guardrails and enforced compliance in the showroom allowed Larry and his sales staff to focus on what they loved — selling cars faster and making customers happy.
The road ahead
Larry knows the compliance landscape has changed for the auto industry. There are a lot more regulations and red tape than ever before. But he’s committed to protecting customer information and abiding by FTC regulations. And Larry knows with technology, time and training, he can flip his dealership’s compliance from an expense to a profit.