Mid-Atlantic Dealer News - December 2022

The

of the MIDATLANTIC INDEPENDENT AUTO DEALERS ASSOCIATION

PENNSYLVANIA • MARYLAND • DELAWARE 1501 North Front St., Harrisburg, PA 17102 (717) 238-9002

midatlanticautodealersunited.org Copyright 2022

Chris Smiley - Advisor Mountville Motor Sales, Columbia, PA rcsmiley@comcast.net

Noah Melamed- President Ticket to Ride Auto, Lancaster, PA nmelamed@yourttr.com

Bert Straub, President - Elect 1st Choice Auto LLC, Fairview, PA bertcstraub@gmail.com

John DeFilippo - Treasurer DeFilippo Bros. Motorcars, Prospect Park, PA john.m.defilippo@gmail.com

Clint Weaver- Secretary America’s Auto Auction Harrisburg, Mechanicsburg, PA clint.weaver@americasautoauction.com

Tom Hodges, Vice-President Tom Hodges Auto Sales, Hollywood, MD tom@tomhodgesauto.com

Dan Limongelli, Vice-President Jo Dan Motors, Plains, PA jodanmotors@gmail.com

Michael Mansour, Vice-President Car Connection, Inc., New Castle, PA mike@carconnection1.com

Beth Melamed, Vice-President Ticket to Ride Auto, Lancaster, PA bmelamed@yourttr.com

Tom Brandis • tombrandis@netscape.net Advantage Auto Sales & Credit, Quakertown, PA

Lisa Cohowicz • lisac@nepautoauction.com North East Pennsylvania A/A, Scranton, PA

Jeff Dreier • dreierauto@hotmail.com Dreier Auto Sales, Shavertown, PA

April Hollobaugh • ajautosalestitusville@gmail.com A&J Auto Sales, Titusville, PA

Kevin Luring • k.luring@yahoo.com ADESA PA, York, PA

James Makia • james@exclusivemotorcarsmd.com Exclusive Motorcars, Randallstown, MD

Dan McNamee • dtlcars@aol.com Daniel Thomas Auto Sales, Croydon, PA

Gregg Pachik • gregg.pachik@manheim.com Manheim Philadelphia, Hatfield, PA

Kerri Rotunda • kerrir@corryade.com Corry Auto Dealers Exchange, Corry, PA

George Smouse • gasmouse@zoominternet.net Smouse Trucks & Vans, Mt. Pleasant, PA

Steve Worley • worleymotors@hotmail.com

Worley Motors, Enola, PA

Jay Zimmerman

• jay@zimmermansauto.com

Zimmerman’s Auto Sales, Mechanicsburg, PA

Email heather@piada.org

5 |

Governor Wolf Signs Legislation Setting Penalties for the Theft of Catalytic Converters

On Nov. 3, 2022, Governor Tom Wolf signed House Bill 23981 into law as Act 1302 of 2022. House Bill 2398 (Oberlander-R) amends Title 75 (Vehicles) of the Pennsylvania Consolidated Statutes to provide for the regulation and operation of highly automated vehicles (HAVs) with or without a human driver.

6

Succession Planning for Dealers in an Evolving Business Environment

While there are many considerations in running a thriving dealership, one of the most important (and often overlooked) is developing and maintaining a succession plan. 12

A Blueprint for Safeguards Compliance

There are many necessary elements to compliance, and it is unlikely that any one company does all those functions with its own forces. Safeguards compliance requires policy drafting, vulnerability assessments, overall risk assessments, a written information security program, end-point detection and response, and the list goes on.

You Aren’t

Doing Enough to Prevent Fraud

Dealers need to implement what’s now considered everyday technology that can help them spot synthetic identity fraud before it happens.

Why One-Man Dealerships Need a CRM as Much as the Big Guys One-man shows have an especially tough road ahead. Without the manpower of larger dealerships, critical jobs fall through the cracks: marketing, lead nurturing, sales, and even compliance.

MARIADA Members,

Beginning this month on December 9, the FTC will begin enforcing the Safeguards Rule for all financial institutions (car dealerships included). What this means is that financial institutions under FTC jurisdiction must have measures in place to keep customer information secure. The businesses covered by this rule (again, including car dealerships) are responsible for taking steps to ensure that they provide safeguards for the customer information in their care. Fines and penalties to businesses/dealerships not in compliance after December 9 could be severe. Don’t be unprepared.

For more information and the opportunity to take an online class covering what you need to do, visit our website. Visit piada.org and click “Education” in the main web navigation bar and then click on “Safeguards Compliance Course.” All users who complete the $75 course earn a certificate upon completion for a one-year duration. Having this certificate will undoubtedly help if the FTC does come calling.

One final point: dealership owners are NOT required to be the point person on the FTC Compliance. They may select a qualified employee to learn about the rules and coordinate the businesses plan to safeguard customer information. Please remember, however, as with everything else, the owner is ultimately responsible for the dealership being compliant.

Thank you for your support,

You can get DEALER TITLES processed ON THE SPOT or within 24 hours!

You can get SALVAGE TITLES processed ON THE SPOT or within 24 hours!

You can get your RETAIL PAPERWORK processed ON THE SPOT or within 24-48 hours!

At our offices! M-F: 9am-2pm 1501 North Front St, Harrisburg, PA 717-238-9002

Use This Everyday Technology to Fight Identity Fraud

Mobile and ID scan technologies, now widely used in online banking, could help dealers during online transactions.

Synthetic identity fraud is a complex issue that continues to increase each year, posing great problems for everyone from auto dealers to lenders alike. In fact, synthetic identities can be severely detrimental to a lender’s rate of losses, as well as the severity of loss, and dealers can face millions worth of chargebacks each year, eating away at precious profits.

According to industry experts, the automotive industry is facing upwards of thousands of synthetic identity issues every month, and possibly accounting for $1.2 billion in fraud alone.1

IDENTITY FRAUD EXPLAINED

Synthetic identity fraud is typically a result of fraudsters using any combination of fictitious information in collaboration with data from an actual person. This type of fraud can be difficult to spot, particularly in a digital or automated world. It often goes unnoticed until it is too late and multiple accounts have been opened with a single falsified identity, which can be particularly painful for all involved.

SYNTHETIC IDENTITY FRAUD COMPONENTS

In one example, the fraudster takes his or her new falsified identity and then applies for a new line of credit or an auto loan with the newly created persona. This establishes a credit file at the credit bureaus. The fraudster then pays a coconspirator to add the falsified identity as an authorized user to their credit card. As the coconspirator continues to pay their bills on time, this good credit behavior is now associated with the fraudsters new falsified identity. The fraudster now uses this established credit history to open new lines of credit and new identities. This process doesn’t happen overnight and takes time to build their lines of credit and credit worthiness. The fraudster is doing all this to work to build up to the “Bust Out.”

The “Bust Out” is when the fraudster

maximizes all of his lines of credit with purchases and prepares to just walk away. This is where the real danger is to dealers. Right before the bust out and the impact walking away would have on the fraudster’s credit, he or she looks to make major purchases – and the number one purchase is typically automobiles.

When dealers and lenders eventually uncover this potential fraud, many will investigate to determine if the right due diligence was performed to identify the consumer at the dealer. It’s not uncommon for lenders to ask for buy-backs, particularly when there are repeated cases. If a dealer cannot document the process they followed, they run the risk of being held liable for the entire fraudulent amount and potentially losing lender relationships. Ultimately, everyone involved feels the impact to their bottom line.

USING EVERYDAY TECHNOLOGY TO PREVENT FRAUD

The prevention of synthetic identity fraud is not an exact science, and the vast majority of dealers today believe they are taking necessary measures to prevent this type of theft. However, a closer look at these procedures leaves many experts in the industry scratching their heads in disbelief.

Currently, most dealers utilize scanning technology to scan a person’s driver’s license to satisfy compliance, procedural checklists and to OCR the data to populate the CRM at the time of loan application or even during a test drive. While this process is critical, it lacks a significantly critical element that can potentially prevent or even thwart the vast amount of synthetic fraud attempts.

Scanning of the driver’s license is important, but dealers must also utilize verification technology to validate the driver’s license and the person’s true identity. This additional step helps to

validate and verify the individual via address verification, red flag, OFAC and synthetic fraud checks. It is estimated that 95% of dealers today still don’t include this verification step in their process.

With the proliferation of more digital and online shopping, the verification and validation of one’s identity is even more critical when a potential fraudster is sitting in the privacy of their own home filling out a loan application. Mobile and ID scan technologies are now widely used in online banking applications, and these could significantly help dealers during an online transaction.

Stop Blaming Friction on the Sales process

The potential counterpoint of friction is baseless. Dealers might feel this additional step creates friction during the transaction. However, millions upon millions of online transactions in other e-commerce platforms take place each day, and the average consumer now expects for this additional layer of security to be a part of any online transaction – especially one that involves the second-largest purchase aside from the home mortgage itself.

Synthetic identity fraud continues to be a growing problem today for dealers and lender partners across the entire automotive spectrum. It is important to have thorough training for all employees to have a higher level of awareness for the potential for synthetic identity fraud. It is also important for dealers to implement what’s now considered everyday technology that is no longer viewed as friction by the consumer. While instincts are important, it’s even more critical to have access to the right tools and sophisticated technology that can help dealers and lenders spot synthetic identity fraud before it happens. n

1autonews.com/finance-insurance/synthet ic-ids-phony-employers-among-auto-bor rower-fraud-trends

Governor Wolf Signs Legislation Setting Penalties for the Theft of Catalytic Converters

On Nov. 3, 2022, Governor Tom Wolf (pic tured at left) signed House Bill 23981 into law as Act 1302 of 2022. House Bill 2398 (Oberlander-R) amends Title 75 (Vehicles) of the Pennsylvania Consolidated Statutes to provide for the regulation and operation of highly automated vehicles (HAVs) with or without a human driver. However, at the request of the Pennsylvania Independent Automobile Dealers Association (PIADA), Senator Wayne Langerholc (R-Cambria) amended House Bill 2398 in the Senate to include language addressing the theft of catalytic converters.

The theft of catalytic converters has reached epidemic proportions in both Pennsylvania and across the country, with incidents of catalytic converter theft doubling in Pennsylvania from 2019 to 2020. Currently, state and local police have proven ineffective in preventing these thefts.

Moreover, the theft of catalytic converters has severe financial repercussions on small automobile dealers. Once a catalytic converter is stolen from an automobile dealer, they are then responsible for covering the large insurance deductible (average $2,500) associated with their policy. Many small automobile dealers across the state simply cannot afford multiple catalytic converters being stolen off their lot.

To address this problem, the legislation added section 3723 of Title 75 (Vehicles) which creates a new offense of theft of catalytic converters. Grading of the offense related to the theft of catalytic converters is as follows:

1. A misdemeanor of the third degree if the value of the catalytic converter is less than $50.

2. A misdemeanor of the second degree if the value of the catalytic converter is between $50 and less than $200.

3. A misdemeanor of the first degree if the value of the catalytic converter is between $200 or more but less than $1,000; and

Endnotes

4. A felony of the third degree if the value of the catalytic converter is $1,000 or more.

Section 3723 (relating to theft of catalytic convert) shall take effect in 60 days (January 2, 2023).

In addition, it is important to note the contributions of state Representative Mary Isaacson (D-Philadelphia) who championed this issue in the House by sponsoring House Bill 22903. House Bill 2290 was moving through the state House before it stalled this Fall. However, it was Representative Isaacson’s language that Senator Langerholc amended into House Bill 2398, with the permission of state Representative Donna Oberlander (R-Clarion), and we were able to get it across the finish line.

Act 130 will go a long way in helping to stem the ever-increasing tide of catalytic converter thefts that have been sweeping across the Commonwealth and will help small automobile dealers avoid the severe financial repercussions associated with catalytic converter theft on their lots. n

1 House Bill 2398 PN 3563 legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?syear=2021&sind=0&body=H& type=B&BN=2398

2 Act 130 of 2022 legis.state.pa.us/cfdocs/legis/li/uconsCheck.cfm?yr=2022&sessInd=0&act=130

3 House Bill 2290 PN 2696 legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?syear=2021&sind=0&body=H& type=B&BN=2290

Succession Planning for Dealers in an Evolving Business Environment

While there are many considerations in running a thriving dealership, one of the most important (and often overlooked) is developing and maintaining a succession plan. This strategy allows for the transfer of ownership to the next round of leaders, whether family members, a trusted partner, or an outside buyer, will position you and your business for future success.

WHY NOW?

Having a succession plan is important for many reasons. In today’s environment, there are three crucial reasons that rise above the rest:

1. There’s a lot of buy/sell activity in the industry, including accelerated consolidation. If your long-term plan is to exit the industry, you should consider the current market valuations and buyer interest.

2. The U.S. is on the verge of material changes in tax laws that could affect your finances and the value of your business if passed on to future generations. The estate and gift tax exemption, currently at a historic high of $12.06 million per person or $24.12 million per married couple, will drop by half in 2026 when the current tax law lapses. It could drop even faster if Congress passes a new law before 2026.

3. The market, labor costs, supply chains, and other factors influencing dealerships continue to fluctuate. As the pandemic brought home to us,

every business needs a plan in place in case top leadership can’t run day-today operations.

CONSIDER YOUR PRIORITIES

To begin the succession planning process, you need to identify your goals. Perhaps you’d like to sell to family, management, or a third party to generate liquidity. You may also want to maintain some level of control of the business, particularly during a transition, if you’re gifting or selling the business to family members or selling to trusted employees. You may also want to step away completely and allow a third party to take over.

In addition to identifying your goals, it’s important to consider how your decision will affect employees and the community to assess whether your actions align with your goals.

Finally, you’ll want to consider the financial implications of your decision, whether it’s reducing the amount of taxes you pay or generating liquidity for future needs.

IDENTIFY KEY PLAYERS

One of the most critical succession planning decisions is determining the organization’s future leadership. While it can be difficult and emotional to talk with family and key managers about the future, it’s an essential piece of the process. An honest talk about your goals and theirs will help clarify your options and develop a more realistic succession plan.

Facilitating the process will be two crucial teams: internal and external. Your internal team will consist of key family members, senior dealership managers, your banker

lawyer, and accountant. Your external team will consist of advisors who think broadly and are strategic and defensive, like a transition attorney, estate lawyer, investment bank and appraiser, or auditor.

MAXIMIZE THE VALUE OF YOUR DEALERSHIP

Once your team is in place, you’ll want to get your documents in order. These include:

1. Financial and business information. You should pull your business’s financial statements and consider conducting an audit if you plan to sell the dealership. An audited statement is a more powerful statement to share with a prospective buyer.

2. Updated appraisal. An appraisal will compare your business to other dealerships, their gross margins and growth rate. Key metrics are important, whether you’re selling or benchmarking the success of your business for future managers.

3. Strategic plan. It’s an excellent time to create or update the strategic plan for your dealership. It will help you look at your dealership in the context of how the industry is changing and evolving. Opportune times to update your strategic plan include any time you experience changes in your family situation or senior management team.

Initiating a succession plan can be emotional, and the process will take time. However, once you get started, you’ll find relief in clarifying your goals, understanding the intent of your family and senior managers, and creating strategies that maximize the value of your business and legacy. n

Initiating a succession plan will bring relief in clarifying your goals and creating strategies that maximize the value of your business and legacy.

The CARLAWYER©

Here’s our monthly article on selected legal developments we think might interest the auto sales, finance, and leasing world. This month, the developments involve the Department of Justice, Consumer Financial Protection Bureau, Federal Financial Institutions Examination Council, Federal Reserve Board, and Federal Trade Commission. As usual, our article features the “Case(s) of the Month” and our “Compliance Tip.” Note that this column does not offer legal advice. Always check with your lawyer to learn how what we report might apply to you or if you have questions.

FEDERAL DEVELOPMENTS

On September 28, the Department of Justice announced a settlement with Westlake Financial, resolving allegations that the company violated the Servicemembers Civil Relief Act by failing to provide interest rate benefits to qualified servicemembers for the entire period required under the Act and by improperly delaying approval of interest rate benefit requests. Under the settlement, Westlake agreed to pay $185,460 to 250 servicemembers who did not receive interest rate benefits back to the date their military orders were issued or who had to wait more than 60 days to receive their benefits. Servicemembers who did not receive interest rate benefits back to the date their orders were issued will receive a refund of any excess interest they paid, as well as an additional payment of three times the overpayment or $100, whichever is higher. Servicemembers whose interest rate approvals were delayed more than 60 days will receive $500. Westlake will also be required to pay an additional $40,000 civil penalty to the United States. Finally, the agreement requires Westlake to revise its SCRA policies and procedures and training to ensure that interest rate benefits

are timely and appropriately applied to servicemember accounts.

On September 29, the Consumer Financial Protection Bureau sued MoneyLion Technologies, Inc., an online lender, and 38 of its subsidiaries, alleging that the defendants’ practices violated the Military Lending Act and the Consumer Financial Protection Act. Specifically, the complaint alleged that the defendants overcharged servicemembers and their dependents by imposing membership fees that, together with stated loan interest rate charges, exceeded the MLA’s 36% rate cap. The complaint also alleged that the defendants collected on these illegal loans and associated fees, failed to give requisite disclosures, and inserted illegal arbitration clauses designed to take away servicemembers’ ability to vindicate their rights in court. According to the complaint, the defendants required consumers to join a MoneyLion membership program and pay monthly membership fees to access a “low-APR” installment loan product, but the defendants did not allow consumers to cancel their memberships until their loans were paid in full and, in some instances, until they paid their past-due membership fees. The defendants allegedly misled consumers by telling them at the time of enrollment that they could cancel their memberships for any reason. The Bureau is seeking monetary relief for consumers, disgorgement of unjust gains, an end to unlawful practices, and a civil money penalty.

On October 3, the  Federal Financial Institutions Examination Council, on behalf of its members, released an update to the October 2018 Cybersecurity Resource Guide for Financial Institutions. The purpose of the guide is to help financial institutions meet their security control objectives and prepare to respond to cyber incidents. In response to the increasing prevalence of ransomware incidents, the updated guide now includes ransomwarespecific resources to address this threat.

On October 5, the  Department of Justice announced a settlement with AmeriCredit Financial Services, Inc., d/b/a GM Financial, for violating the Servicemembers Civil Relief Act by improperly denying servicemembers’ requests to terminate their vehicle leases, charging servicemembers improper early termination fees or lease amounts after termination, failing to provide servicemembers timely refunds of lease amounts they paid in advance after termination, and repossessing vehicles from servicemembers without court orders. Under the consent order, AmeriCredit agreed to pay $3,534,171 to affected servicemembers and a $65,480 civil penalty to the United States. The order also requires AmeriCredit to repair the servicemembers’ credit, provide SCRA training to its employees, and implement policies and procedures that comply with the SCRA.

On October 13, the  Consumer Financial Protection Bureau and the Federal Reserve Board announced that they are increasing the dollar thresholds in Regulation Z (Truth in Lending) and Regulation M (Consumer Leasing) for exempt consumer credit and lease transactions. The DoddFrank Act provides that the dollar amount thresholds for TILA and the CLA must be adjusted annually by any annual percentage increase in the consumer price index. Based on the annual percentage increase in the consumer price index as of June 1, 2022, the protections of TILA and the CLA generally will apply to consumer credit transactions and consumer leases of $66,400 or less in 2023. However, private education loans and loans secured by real property (such as mortgages) are subject to TILA regardless of the loan amount.

The  Federal Trade Commission recently extended the deadline to comment on its advance notice of proposed rulemaking on the prevalence of commercial surveillance and data security practices that harm

consumers and whether new rules are needed to protect consumers’ privacy and information. Comments are now due by November 21, 2022.

On October 18, the  Federal Trade Commission filed a complaint and obtained a proposed court order against Passport Automotive Group, Inc., its president and vice president, and several of the D.C.-based dealerships Passport owns and operates. The proposed order resolves allegations that the defendants represented in advertisements that consumers could purchase inspected, reconditioned, or certified vehicles at specific prices that already included the costs of inspection, reconditioning, preparation, and certification; however, in many instances, when consumers attempted to purchase these vehicles for the advertised prices, the defendants allegedly charged them hundreds to thousands of dollars in fees for inspection, reconditioning, preparation, and certification. The FTC also alleged that the defendants discriminated on the basis of race, color, and national origin in violation of the Equal Credit Opportunity Act by imposing higher financing costs and fees on Black and Latino consumers, on average, than nonLatino White consumers. The proposed order would require the defendants to establish a fair lending program, including a provision that would require each dealership to either charge no financing markup or charge the same markup rate to all consumers; prohibit the defendants from misrepresenting the cost or terms to buy, lease, or finance a vehicle; prohibit the defendants from misrepresenting whether a fee or charge is optional and require the express, informed consent of the consumer before charging a fee; and require the defendants to pay $3.38 million to be used for consumer relief.

On October 19, 2022, a three-judge panel of the U.S. Court of Appeals for the Fifth Circuit issued its ruling in Community Financial Services Association of America v. Consumer Financial Protection Bureau, holding that the CFPB’s funding mechanism violates the Constitution’s separation of powers, thus rendering the Bureau’s 2017 Payday Lending Rule invalid. The court concluded that the “Bureau’s funding apparatus cannot be reconciled with the Appropriations Clause and the clause’s

underpinning, the constitutional separation of powers.” The CFPB obtains funding by requesting an amount that is “determined by the Director to be reasonably necessary to carry out” the CFPB’s functions from the Federal Reserve Board, which must be granted provided it does not exceed 12% of the Federal Reserve Board’s total operating expenses. Because the CFPB obtains its funding through the Federal Reserve Board, it is not required to rely on congressional appropriations legislation for its monies. Further, the CFPB’s monetary requests are not subject to review by the Committees on Appropriations. The court further concluded that, although the CFPB had the authority to promulgate the Payday Lending Rule, “the agency lacked the wherewithal to exercise that power via constitutionally appropriated funds.” Because the CFPB could not have promulgated the rule but for its unconstitutional funding, the court found that the unconstitutional funding provision inflicted harm on the plaintiffs, requiring the Payday Lending Rule to be vacated.

On October 20, the  Federal Trade Commission issued an advance notice of proposed rulemaking (ANPR) seeking comment on deceptive or unfair acts or practices relating to “junk fees.”  For purposes of the ANPR, the FTC stated that «the term ‹junk fees› refers to unfair or deceptive fees that are charged for goods or services that have little or no added value to the consumer, including goods or services that consumers would reasonably assume to be included within the overall advertised price; the term also encompasses ‘hidden fees,’ which are fees for goods or services that are deceptive or unfair, including because they are disclosed only at a later stage in the consumer’s purchasing process or not at all, whether or not the fees are described as corresponding to goods or services that have independent value to the consumer. These terms may overlap - a junk fee can be a hidden fee, but not all junk fees are hidden fees.” Comments must be received within 60 days after the ANPR is published in the Federal Register.

On October 27, the Consumer Financial Protection Bureau released an outline of proposals under consideration for its rulemaking on personal financial data

rights. The Bureau is developing proposals to require financial institutions offering deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing. The Bureau is pursuing this rulemaking pursuant to a dormant authority under Section 1033(a) of the Dodd-Frank Act. Section 1033(a) authorizes the Bureau to prescribe rules requiring “a covered person [to] make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data.” Pursuant to its obligations under the Small Business Regulatory Enforcement Fairness Act of 1996, the Bureau is seeking feedback from small entities on the proposals under consideration. A report based on the input received from the small entities will be prepared, and the Bureau will then consider the input as it develops a proposed rule. The Bureau has provided a high-level summary and discussion guide of the regulatory provisions it is considering proposing. These proposals address the following topics: (1) coverage of data providers who would be subject to the proposals under consideration; (2) recipients of information, including consumers and authorized third parties; (3) the types of information that would need to be made available; (4) how and when information would need to be made available; (5) third-party obligations; (6) record retention obligations; and (7) implementation period. The summary and discussion guide also illustrates how the Bureau’s proposals under consideration would apply to a hypothetical transaction involving data access to an authorized third party.

CASE(S) OF THE MONTH

Under Pennsylvania Motor Vehicle Sales Finance Act’s Single-Document Rule, Retail Installment Contract, Which Did Not Include Arbitration Provision or Incorporate Contemporaneously Signed Purchase Agreement and Arbitration Agreement, Governed Dispute, and, Therefore, Dealership Was Not Entitled Continued on page 14

PENNSYLVANIA

PITTSBURGH

21095 Route 19

Cranberry Twp., PA 16066

717-469-2842 Services

724-452-5555 | Fax 724-452-1310

Tom McDonald, GM

Shawn Byers, AGM

Zak Hanna, Senior Manager Client Service

Justin LaScola, Manager Client Service Dealer

Wednesdays, 9 AM

TRA Sale Wednesday, 11:30 AM

717-665-7521

PHILADELPHIA

2280 Bethlehem Pike Hatfield, PA 19440

215-822-1935 | Fax 215-822-8140

Charles Polina, GM

Scott Mulligan, AGM

Gregg Pachik, Dealer Services Manager

Troy Moyer, Commercial Accounts Manager

Tuesdays, 9:30 AM

Manager Services other stating at 9 AM

TRA Sale, Tuesday 12 PM

BALTIMORE-WASHINGTON

7120 Dorsey Run Road Elkridge, MD 21075

410-796-8899 | Fax 410-799-0512

Chad Spearman, GM Audrey England, AGM

Steve Soprano, Dealer Sales Manager

Tuesdays, 9:30 AM

A Blueprint for Safeguards Compliance

I look at Safeguards Rule compliance from a particular perspective. Let me explain. Boniface Bernhardt Günther was born in 1866 in Baden-Baden, Grand Duchy of Baden (the German states wouldn’t coalesce into a single country until 1872). He studied the building trades in Bern, Switzerland, returning to his hometown in 1888, where he became subject to conscription into the army of the nascent German Empire.

At that time, the German Army could keep draftees until they were 50 years old. This did not appeal to young Bernhardt, so he fled the country and never returned to his homeland until he was fifty – just in case. Like many German draft dodgers of his day, he wound up in Wisconsin. But instead of settling in Milwaukee, he stayed on the north-bound train for another 90 miles. When he got off the train, it was at a town named Oshkosh. The Fraulein waiting for him was named Anna.

Like so many fugitives, Boniface changed his name. He changed Anna’s name, too, when she married him and became Mrs. Ben B. Ganther and my great-grandmother. In 1900 – the year my grandfather was born – Ben founded a construction company bearing his anglicized name. My grandfather eventually ran it, then my father. Today, 123 years later, my big brother (named Ben, of course) runs it.

I guess you could say building is in my blood.

The Ganther Company is a general contractor. Rare is the building firm that can perform all of the varied trades necessary to erect a modern building. You need sitework, foundations, utilities, carpentry, concrete forming and finishing, electrical,

HVAC, plumbing, painting, structural steel, roofing, and the list goes on.

The Safeguards Rule is like that: there are many necessary elements to compliance, and it is unlikely that any one company does all those functions with its own forces. Safeguards compliance requires policy drafting, vulnerability assessments, overall risk assessments, a written information security program, end-point detection and response, and the list goes on.

What is needed is a general contractor –an entity that can perform some of the functions with its own forces, and engage subcontractors to perform the services it does not. Part of the general contractor role is to negotiate those subcontractor’s prices and manage the overall project. Done right, the client accepts one bid, signs one contract, gets one monthly invoice, cuts one monthly check and lets the general contractor worry about the details. Using that analogy, let’s examine the trades necessary to build a Safeguards Rule compliance program.

THE BLUEPRINT

The first essential element of a building project is a set of plans. A roll of construction blueprints shows every layer of the necessary work. Want to know where the lighting fixtures go? Go to the reflected ceiling plan page. Wastewater pipes? See the plumbing page. It’s all there, logically laid out for a skilled contractor to follow.

Fortunately, your Safeguards project already has a blueprint, should you choose to use it. NADA’s Dealer Guide to the FTC Safeguards Rule acts like such a blueprint. It is detailed, thorough, and discusses all of the necessary elements. Let’s review its

structure – you’re going to be following its guidance soon enough.

DESIGNATE A QUALIFIED INDIVIDUAL

Notice that the Rule requires a Qualified Individual, not individuals. There must be one person in the dealership, or dealership group, whose name is on the blame line. The buck needs to stop somewhere.

What qualifies a person to be the Qualified Individual, or QI? The primary qualification is the ability to oversee the organization’s Information Security Program. The QI does not need to be a computer science major or IT professional. You don’t need to know how to conduct a network vulnerability assessment to ensure that one has occurred.

In fact, many of the necessary tasks can be performed by dealership employees or outside vendors, such as Managed Service Providers. But the ultimate responsibility cannot be outsourced – it has to remain within the dealership or group in the person of the QI. That person needs to report to senior dealership management or the board of directors if such a board exists. It is a significant role and needs to be treated as such.

CONDUCT A RISK ASSESSMENT

Once a QI has been designated, that person’s first task should be to conduct a risk assessment (it will be one of many). A risk assessment is an evaluation of the internal and external risks to the security and integrity of data on a network. The Rule refers to the security of customer data, but in the real world businesses protect

their entire network, not just the slices that might hold customer data. Dealers need to protect their own data, too.

Risk assessments can involve softwaredriven questionnaires that walk you through common potential risks, and can be supported by vulnerability scans. Note that vulnerability scans are not the same as risk assessments, though they be part of the risk assessment process. Vulnerability scans should be conducted at least quarterly (some solutions can run vulnerability assessments continuously); risk assessments need to be conducted “regularly,” which should mean at least annually. If certain events occur (switching DMS providers, for example), a new risk assessment should be conducted before the anniversary rolls around.

The Rule requires dealers to inventory their networks. Even though that system inventory is itself a mandatory safeguard (discussed below), the logical time to perform this particular task would be during the risk assessment process.

The risk assessment must be recorded in writing. That written document should evaluate and categorize identified risks, and assess the sufficiency of any safeguards already in place. It should also designate additional safeguards to implement that would address any unmitigated risks the assessment uncovered.

IMPLEMENT SAFEGUARDS

The risk assessment should tell you what needs to be done. Implementing safeguards is the doing. Some safeguards are mandatory:

• ACCESS CONTROLS. Access to customer data must only be permitted to authorized users. Examples of access controls include password protection for electronic databases and locked doors securing physical files.

• SYSTEM INVENTORY. This should already have been performed as part of the risk assessment process. It is broader than you might think, and requires the dealership to consider all locations of customer data, not just

the DMS and CRM environments. Websites, appointment scheduling software, personal computers and cell phones of dealership employees may all contain customer data and should be included in the system inventory.

• ENCRYPTION. Customer data needs to be encrypted, both in transit and at rest. Fortunately, many software applications have system settings that can be configured to accomplish this at no cost. Review of the systems inventory should shed some light on where the data resides that requires encryption.

• SECURE DEVELOPMENT PRAC TICES. This requirement reminds me that the Safeguards Rule was not written with the average dealership in mind. That’s because the average dealership does not develop its own software. But some do, and even those that do not need to ensure that the sources of the software they use that involves the transmission, processing and storage of customer data was de veloped using secure practices.

• MULTI-FACTOR AUTHENTICA TION. This is a big one. The factors include knowledge (such as knowing a password), possession (such as a onetime code sent to your smart phone), and inherence (such as a fingerprint, facial or retina scan). Access to cus tomer data requires use of more than one type of factor, say a knowledge factor (password) and an inherence factor (fingerprint). Two knowledge factors won’t do.

• DISPOSAL PROCEDURES. When you no longer need customer data, it must be disposed of in a secure man ner. Paper records should be shred ded; electronic records deleted. Used computers that contain customer data must be scrubbed. And data must be kept no longer than necessary. The Rule would like to see customer data disposed of within two years, but rec ognizes that it may be retained for longer if required by law or there are legitimate business reasons to do so. This is a good topic to discuss with your local counsel.

• CHANGE MANAGEMENT

PROCEDURES. Changes to a dealership’s IT infrastructure can introduce new risks. Those risks need to be recognized and addressed. Change management procedures are how that’s done. NADA included a sample Change Management Policy in its Dealer Guide to the FTC Safeguards Rule.

• MONITORING

AND LOGGING OF AUTHORIZED USER ACTIVITY.

All system use must be logged; that is, authorized users’ activity must be recorded and unauthorized use must be detected. The Rule doesn’t specify how dealerships must accomplish this requirement, but one way is to engage a Security Operations Center (“SOC”) to handle the task. Machine learning over time can allow the SOC to distinguish authorized from unauthorized behavior. For example, the SOC my company employs sent an alert when someone logged into our network at 11:00 p.m., long after normal business hours. Turns out it was our COO doing some late night work, but now our SOC recognizes that off-hours access from his home computer is “authorized.”

REGULARLY TEST PROGRAM EFFECTIVENESS

You cannot expect what you cannot inspect, so regular testing and evaluation of your Information Security Program is a must. Of all the safeguards the Rule mandates, this one may do the most to actually protect customer data – if it’s done right. This requirement can be satisfied by employing either continuous monitoring (often called “EDR” – endpoint detection and response) or semi-annual vulnerability assessments and an annual penetration test.

IMPLEMENT POLICIES AND PROCEDURES FOR PERSONNEL TO IMPLEMENT YOUR ISP

The greatest threat to customer data security is located between the monitor Continued on next page

Continued from previous page and the chair – in other words, your own employees. Therefore, all your employees must receive security awareness training. This can include basic Safeguards training, as well as phishing simulations and testing. Such training should occur at initial hiring and repeated at least annually thereafter.

In addition to this standard employee training, your QI and IT personnel (including appropriate service providers) need ongoing training to remain current on evolving threats and security developments. Because the occurrence and effectiveness of this training must be verified, archived testing should be a part of the process.

OVERSEE SERVICE PROVIDERS

There are four subparts to this requirement. First, you must take reasonable steps to select service providers that are capable of adequately protecting customer data. Second, you must obligate your service providers by written contract

to implement the safeguards necessary to protect customer data. Third, you must “periodically assess” your service providers with respect to this obligation. Fourth – and this is new – you must monitor your service providers on an ongoing basis to verify they are maintaining adequate safeguards. This does not mean “continuous” oversight, but it must be regular. This last obligation is potentially overwhelming. Fortunately, there is software that can accomplish the task relatively inexpensively. Whether you must actually audit service provider compliance is not yet clear.

DRAFT INCIDENT RESPONSE PLAN

What do you do in the aftermath of a “security event” – anything that results in unauthorized access to or misuse of an IT system and its contents? The answer to that question must be set forth in a written Incident Response Plan, and it must be accomplished before the security event occurs (and certainly before December

9, 2022). Again, NADA has a sample Incident Response Plan in its Guide. It’s an excellent starting point.

DRAFT ANNUAL REPORT

As if the foregoing is not enough, there remains one more annual task: the written annual report. The QI must prepare this for the dealership’s board of directors (if there is one) or senior management (if there isn’t). The annual report should memorialize the effectiveness of the Information Security Program, any security events and the dealership’s response, the status of service provider performance, the status of service provider agreements, the results of any testing, and any recommended changes to improve the Program.

That’s a lot, and that’s just the blueprint. But blueprints aren’t completed projects – they’re just the instructions. Once you understand the blueprint, you understand the scope of the project. Now you just need to put it out to bid! n

Continued from page 9 to Compel Arbitration:  Two individuals bought used vehicles from a dealership. In connection with their purchases, the buyers each signed a retail installment contract, a retail purchase agreement, and an arbitration agreement. In each transaction, the RIC did not include an arbitration provision or make any reference to the RPA or the arbitration agreement. Further, the RIC contained an integration clause stating that the RIC itself is the entire contract between the parties. Each RPA explicitly incorporated the arbitration agreement by reference. The buyers brought a putative class action lawsuit against the dealership for breaching its purchase contracts with them and violating Pennsylvania’s Unfair Trade Practices and Consumer Protection Law by failing to complete the permanent licensing and registration of their vehicles despite collecting fees to do so and by improperly issuing temporary plates. The dealership moved to compel arbitration. The U.S. District Court for the Eastern District of Pennsylvania denied the motion. With respect to arbitration, the court noted that the Pennsylvania Motor Vehicle Sales

Finance Act creates a single-document rule for installment sales of vehicles that requires all agreements between buyers and sellers to be incorporated into one document - the RIC - either in fact or by reference. The RIC signed by the plaintiffs did not include an arbitration provision and did not incorporate by reference the RPA or the arbitration agreement. The RIC also contained an integration clause. Therefore, the court concluded that, under the MVSFA’s single-document rule, the RIC subsumed the RPA and the arbitration agreement and governed the dispute. The court rejected the dealership’s argument that arbitration should be compelled because the Federal Arbitration Act preempted the state’s MVSFA. See Jennings v. Carvana LLC, 2022 U.S. Dist. LEXIS 178402 (E.D. Pa. September 30, 2022).

COMPLIANCE TIP

Our Case of the Month spotlights yet another arbitration provision issue for consideration – single document rule issues. Generally, in states that have a single document rule, all of the agreements between buyers and sellers must be included into one document, either

in fact, or by reference. In this case, the RIC did not include an arbitration provision nor did it incorporate by reference the purchase agreement or the arbitration agreement. It also contained an integration clause stating that the RIC itself is the entire contract between the parties. Are you in a single document rule state? Does your RIC include an arbitration provision or incorporate one by reference? If not, you may have to defend a class action lawsuit in court vs. going to arbitration. You’ll want to talk to your friendly attorney about these issues.

So, there’s this month’s roundup! Stay legal, and we’ll see you next month. n

Eric (ejohnson@hudco.com) is a Partner in the law firm of Hudson Cook, LLP, Editor in Chief of CounselorLibrary.com’s Spot Delivery®, a monthly legal newsletter for auto dealers and a contributing author to the F&I Legal Desk Book.  For information, visit www. counselorlibrary.com. ©CounselorLibrary.com 2022, all rights reserved. Single publication rights only to the Association.  HC# 48859701-5100.

You Aren’t Doing Enough to Prevent Fraud

Dealers need to implement what’s now considered everyday technology

can help them spot synthetic identity fraud before it happens.

Yes, it’s true, more people are shopping and buying cars and trucks online. Research firm Frost & Sullivan forecasts 6 million cars will be sold online around the world in 2025. It’s obviously convenient but there are still plenty of threats of fraud to be on the lookout for — fraud that can harm both the consumer and the dealer/lender. Online car-buying scams are widespread today and can take the form of fake ads, gift card rip-offs, fraudulent wire transfers, title washing, curbstoning, identity theft, synthetic fraud, fake escrows, payment plans and phony checks.

The other truth here is that fraud also still happens inside the physical dealership.

According to the experts at Point Predictive, they tracked $1.78 billion worth of fraud in automotive last year.

The company also pointed to a trend where 70% of dealers said customers misrepresented themselves or their income; or used fake paystubs during the shopping process. This type of activity doesn’t just happen online, it can also happen at the dealership — and it’s largely avoidable.

The prevention of synthetic identity fraud is not an exact science, and the vast majority of dealers today believe they are taking necessary measures to prevent this type of theft or make statements such as “my lenders need to worry about synthetic fraud, I don’t.” However, a closer look at these procedures leaves many experts in the industry scratching their heads in disbelief.

Just Scanning a Driver’s License Is No Longer Enough

Currently, most dealers utilize scanning technology to scan a person’s driver’s

license to satisfy compliance, procedural checklists and to OCR the data to populate the CRM at the time of loan application or even during a test drive. While this process is critical, it lacks a significantly critical element that can potentially prevent or even thwart the vast amount of synthetic fraud attempts.

Scanning of the driver’s license is important, but dealers must also utilize verification technology to validate the driver’s license and the person’s true identity. This additional step helps to validate and verify the individual via address verification, red flag, OFAC, synthetic fraud checks and even bounce it off the state’s databases to verify that it is an active license. It is estimated that 95% of dealers today still don’t include this verification step in their process.

And with the proliferation of more digital and online shopping, the verification and validation of one’s identity is even more criti cal when a potential fraudster is sitting in the privacy of their own home filling out a loan application. Mobile and ID scan technolo gies are now widely used in online banking applications, and these could significantly help dealers during an online transaction.

Simply scanning a driver’s license isn’t enough, and this misstep is costing dealers and lenders billions. According to the FTC, retail businesses lose billions of dollars annually when fraudsters purchase or return goods by using counterfeit driver’s licenses. Fraudsters have become increasingly sophisticated and are able to replicate state driver’s licenses, that are not embedding state-of-the-art security features implemented by the states.

The Process Is Easy and Customers Will Appreciate It The right process is a simple addition

to a dealer’s or salesperson’s regular workflow. Using a link sent by the dealer to a customer’s mobile device, the customer is guided through the process of capturing their document and selfie. Facial recognition software checks the selfie against the image on the driver’s license to determine a match. The driver’s license is scanned and run through rigorous data and document recognition checks to determine its authenticity. The mobile device is authenticated. Information obtained from the license is run against identity verification tools to find evidence of fraud.

An Extra Five Minutes Should No Longer Be Considered “Friction”

Dealers might feel this additional step creates friction during the transaction or that inconsistent performance will add unnecessary steps to the sales process. However, millions upon millions of online transactions in other e-commerce platforms take place each day, and the average consumer now expects for this additional layer of security to be a part of any online transaction — especially one that involves the second-largest purchase aside from the home mortgage itself.

Synthetic identity fraud continues to be a growing problem today for dealers and lender partners across the entire automotive spectrum. It is important to have thorough training for all employees to have a higher level of awareness for the potential of synthetic identity fraud. It is also important for dealers to implement what’s now considered everyday technology that is no longer viewed as friction by the consumer. While instincts are important, it’s even more critical to have access to the right tools and sophisticated technology that can help dealers and lenders spot synthetic identity fraud before it happens. n

that

AUCTION DIRECTORY

PENNSYLVANIA

ADESA MERCER

758 Franklin Road, Mercer, PA 16137 724.662.4500 / Fax: 724.662.8716

Friday 9:00 AM

Office M-W: 9-4:00; TH: 9-5:00; F: 8-5:00 adesa.com

ADESA PA

I-83 Ex. 28 (Old Ex. 12), 30 Industrial Rd. York, PA 17406 717.266.6611 / Fax: 717.266.7650

Wednesdays 9:00 AM; INOPS 8:30 AM Specialty Sale every 4th Wed 8:30 AM adesa.com

ADESA PITTSBURGH

378 Hunker Waltz Mill Rd. New Stanton, PA 15672 724.925.4700 / Fax: 724.925.4701

Tuesday 9:00 AM pittautoauction.com

AMERICA'S AA - HARRISBURG

1100 S. York St., Mechanicsburg, PA 17055 717.697.2222 / Fax: 717.697.2234

Thursday 8:45 AM harrisburgautoauction.com

AMERICA’S AA - LANCASTER

1040 Commercial Ave., P.O. Box 406 East Petersburg, PA 17520 717.569.5220 / Fax: 717.569.3109

Weekly Sales Wed. 9:00 AM INOPS 8:30 AM americasautoauction.com

AMERICA’S AA - PITTSBURGH

55 E. Buffalo Church Rd. Washington, PA 15301 724.225.1777 / Fax: 724.225.7223

Thursday 12:30 PM americasautoauction.com

BLOOMSBURG AUTO AUCTION

25 Ridge Road, Bloomsburg, PA 17815 570.784.2306

Wednesday 10:00 AM bloomaa.com

Capital Auto Auction 5135 Bleigh Ave., Philadelphia, PA 19136 215.332.2515

Monday thru Friday 9:00 AM - 4:30 PM capitalautoauction.com

CENTRAL PENNSYLVANIA AA

Exit 178 of I-80, Lock Haven, PA 17745 800.248.8026 / Fax: 570.726.7841

Thursday 9:45 AM

Office: MTF 8-5:30 W-Th 8-6:00 cpaautoauction.com

CORRY AUTO DEALERS EXCHANGE

P.O. Box 317, 12141 Route 6 West Corry, PA 16407 814.664.7721 / Fax: 814.664.7724

Thursday 10:00 AM 3 Lanes Dealer Consign, Fleet/Lease corryade.com

GARDEN SPOT AUTO AUCTION

Robert Rd. & Apple St., Ephrata, PA 17522 717.738.7900 / Fax: 717.738.7930

Tuesday 10:00 AM gardenspotautoauction.com

GREATER ERIE AUTO AUCTION

7700 Avonia Road, (Exit 16 of I-90 & PA Route 98) Fairview, PA 16415-0916 814.474.3900 / 877.474.GEAA  Fax: 814.474.4969 Tuesday 1:45 PM greater-erie.com

LEHIGH VALLEY AUTO AUCTION

3880 Lehigh St., Whitehall, PA 18052 610.435.5554 / Fax: 610.435.5557 Wednesday 5:00 PM lehighvalleyautoauction.com

MANHEIM KEYSTONE

488 Firehouse Road, Grantville PA 17028 717.469.7900 / Fax: 717.469.2842

Every Monday 11:00 AM manheim.com

MANHEIM PENNSYLVANIA 1190 Lancaster Rd., Manheim, PA 17545 717.665.3571 / Fax: 717.665.9265

Exotic Highline Sales every other Thursday - 9:00 AM

Every Friday Sale 8:30 AM manheim.com

MANHEIM PHILADELPHIA

2280 Bethlehem Pike, Hatfield, PA 19440 215.822.1935 / Fax: 215.822.8140

Tuesday 9:30 AM

TRA Sale - Tuesday 12:30 PM

Office: M-Th 8:30-5:00; F 8:30-1:00 manheim.com

MANHEIM PITTSBURGH AA

21095 Route 19, Cranberry Twp., PA 16066 724.452.5555 / Fax: 724.452.1310

Wednesday 9:00 AM manheim.com

NORTH EAST PENNSYLVANIA AA

860 N. Keyser Ave., Scranton, PA 18504 570.207.CARS / Fax: 570.207.1860

Tuesday 10:00 AM nepautoauction.com

PERRYOPOLIS AUTO AUCTION

Route 51 S. Perryopolis, PA 15473 724.736.4445/ Fax: 724.736.0466

Friday 9:45 AM perryautoauction.com

MARYLAND

BSC AMERICA/BEL AIR AUTO AUCTION

P.O. Box 200, 4805 Philadelphia Rd. Belcamp, MD 21017 410.879.7950 / Fax: 410.893.1515

Thursday 8:30 AM at Clayton Station

Thursday 8:00 AM at Bel Air in Belcamp bscamerica.com

MANHEIM BALTIMORE-WASHINGTON

7120 Dorsey Run Rd., Elkridge, MD 21075 410.796.8899 / Fax: 410.799.0512

Tuesday Sale, 9:30 AM

Tuesday Frontline Sale, 9:00 AM TRA/Salvage, 1:00 PM manheim.com

NEW JERSEY

ADESA AUCTION OF NEW JERSEY 200 N. Main, Manville, NJ 08835 908.725.2200 / Fax: 908.725.3446

Consignment Sale Thursdays 8:45 AM

Topline Sale 9:00 AM monthly Thursdays

GM Factory Sale Bi-weekly Tuesdays 10:00 AM adesa.com

MANHEIM NEW JERSEY AA

730 Rte. 68, P.O. Box 188 Bordentown, NJ 08505 609.298.3400 / Fax: 609.298.4489

Wednesday 9:00 AM manheim.com

NEW YORK

ADESA BUFFALO

12200 Main St., Akron, NY 14001 716.542.3300 / Fax: 716.542.3547

Sale Tuesday 9:00 AM Boat & RV Sale

2nd Tuesday Monthly 11:00 AM

Ford Factory Tuesday Monthly 9:00 AM Office: M-Tu: 8-5, W: 8-4, Th: 9-4, F: 9-3 ADESA.com/Buffalo

ADESA LONG ISLAND

425 Patchogue Yaphank Rd. Yaphank, NY 11980 631.205.5000 adesa.com/longIsland

ADESA SYRACUSE

5930 State Rte. 31, Cicero, NY 13039 315.699.2792 adesa.com/syracuse

BUFFALO AUTO AUCTION

5300 Lockport Road Lockport, NY 14094 716.549.4800 deeregunner@hotmail.com

MANHEIM ALBANY

459 Route 146, Clifton Park, NY 12065-0440 518.371.7500 jay.waterman@manheim.com manheim.com

MANHEIM NEW YORK AA

2000 Dealer Drive, Newburgh, NY 12550 845.567.8400 / Fax: 845.567.8410

Every Thursday 9:00 AM

Ford Factory Closed Sale

Bi-Weekly 10:00 AM

Heavy Truck & Equipment Sale

First Thursday of the Month 11:00 AM manheim.com

MANHEIM ROCHESTER

20 Cairn Street, Rochester, NY 14611 585.328.2277 sara.fico@coxautoinc.com manheim.com

ROCHESTER- SYRACUSE AUTO AUCTION

1826 State Route 414, P.O. Box 129 Waterloo, NY 13165 315.539.5006 sprankie@rsautoauction.com rsautoauction.com

STATE LINE AUTO AUCTION

830 Talmadge Hill Rd. S. Waverly, NY 14892 607.565.8151 / Fax: 607.565.3915

Ally Financial Open Sale –EVERY

FRIDAY, 9:20 AM

GM Financial Open Bi-weekly. Simulcast in all lanes. statelineauto.com

WEST VIRGINIA

MOUNTAIN STATE AUTO AUCTION

Route 2, Box 835, Shinnston, WV 26431 304.592.5300 / Fax: 304.592.3510

Monday 10:30 AM

Office: 9:00-5:00 mtstateaa.com

One-Man Dealerships Need a CRM as Much as the Big Guys

Independent dealers are facing tougher competition than ever before.

Franchise dealer pre-owned departments, national chains, and even ecommerce brands like Carvana are all competing for the same customers. If you don’t meet a customer’s needs, they will simply head to the next dealership that will.

One-man shows have an especially tough road ahead. Without the manpower of larger dealerships, critical jobs fall through the cracks: marketing, lead nurturing, sales, and even compliance.

That’s why one-man shows need a CRM (Customer Relationship Management tool) as much as any other dealer.

I know what you’re thinking: “We’re too small. We don’t need a CRM. Those are for the bigger guys.”

Right? Wrong.

Every dealership—even one-man shows— need a CRM in this day and age. That’s because customers don’t care if you’re a one-man show or part of a national dealer group. They expect the best possible service, and if you can’t give it to them, someone else will.

CRM tools are like rocket fuel for your business. They allow you to organize and automate so that you can compete with the big guys.

And no, CRMs do not have to cost thousands of dollars a month. They don’t even have to cost hundreds of dollars. With the right CRM, you can get the support you need for a fraction of the cost.

Before we jump into pricing, let’s look at exactly why your dealership needs a CRM.

LEAD MANAGEMENT

Leads can come from a number of sources: your website contact form, word of mouth, third-party lead sites, phone calls, texts, emails, walk-ins, etc. No matter where the lead originates, dealers need to track all of these touchpoints.

CRMs help dealerships organize all of their lead information in one place so that following up on potential customers is more efficient. All that is required is entering customer data and keeping the data current.

LEAD NURTURING AND GENERATION

Inconsistent or missed follow-ups with potential leads can mean lost sales and lost dollars.

Lead nurturing can make a huge difference in your sales numbers. Inbound marketing agency, Strategic, found that lead nurturing increased sales opportunities by 20% compared to nonnurtured leads. Ask yourself: What would your business look like if you increased sales by 20%?

CRMs systemize the relationship-building activities we all know are so important, but none of us have time for. More importantly, it allows you to deliver a consistent experience for your customers.

One especially effective feature of good CRMs is the auto-response function. Auto-responders help you quickly respond to every lead inquiry, even when you’re not available to respond personally.

According to a Harvard Business Review study, companies that responded to a customer query within an hour were seven times more likely to qualify the lead. Companies that waited 24 hours or longer were significantly more likely to lose the sales lead. Auto-responders ensure you’re the first to respond to every customer, every time.

STREAMLINED COMMUNICATION

Much of the sales process today happens before the customer arrives at the dealership. This makes customer communication more important than ever. CRMs help you keep track of all customer conversations, whether they happen via call, text, or email. Your CRM should include these features:

• Texting platform. Texting through your CRM platform ensures all customer communication stays within the company, even if a salesperson leaves the dealership. A texting platform will also keep your

business TCPA compliant.

• Call management. Phone calls are still the most effective way to connect with prospective customers. Recording calls for training and quality purposes provide a documented record should questions arise. Recorded calls are also effective training tools for new salespeople.

• Email. CRMs keep your email box organized. Each email message is connected to a customer’s profile so that you have an accurate, up-todate thread of every conversation.

• Customer Notes. Imagine getting a phone call from a number you don’t recognize. It’s a customer calling you back about a car they looked at earlier that week, and they want to know if the offer is still good. Do you remember that exact customer and offer? Of course not. With customer notes, if a phone number is in your CRM, all of the customer’s information pops up on your phone so you can be ready.

TRACK THE ROI OF EACH MARKETING CHANNEL

If you’re spending money on social media ads and sponsored listings on third-party sites, it’s critical to know the Return on Investment (ROI) of each channel. But it’s not enough to know which channels brought in the most leads; you want to know which channels resulted in the most sales.

One-man shows can’t afford to spend thousands of dollars on advertising that yield little to no results. Choose a CRM that allows you to track the ROI of each marketing channel. This will help adjust your marketing dollars accordingly and optimize your spending.

INTEGRATION WITH YOUR DMS

Lastly, one-man shows want to choose a CRM that integrates with their dealership management system (DMS). These integrations allow dealers to streamline the sales process from start to finish. For example, some DMS-CRM integrations allow you to scan a customer’s driver’s license and instantly create a customer file

in the DMS. There’s no need for duplicate data entry and no chance for information to fall through the cracks.

THE COST OF A GOOD CRM

More than ever, one-man shows need a CRM that makes it easier to juggle the many hats they wear. They need tools that help them track leads and manage customer communications, optimize ad spend, and remain TCPA compliant.

Most dealer CRMs on the market today cost thousands of dollars a month. At that price, you won’t hear us arguing that it’s worth the investment.

But CRMs don’t have to cost thousands of dollars. They don’t even have to cost hundreds of dollars. The key to saving money is choosing a CRM that’s built for independent dealers and one-man shows like yourself.

If you’re a one-man show that’s ready to take control of your business, it’s time to invest in a CRM. n

PENNSYLVANIA FORMS DEALERS CAN ORDER MARYLAND FORMS DEALERS CAN ORDER

SECURE FORMS

DESCRIPTION

QUANTITY $MEMBER $NON-MEMBER MEMBER EXT NON-M EXT

“As is” Supplemental Statement ____ $24.00 $48.00 $ _______ $ _______

Buyers Guide Plastic Holders (50) ____ $40.00 $80.00 $ _______ $ _______

Buyers Guide Window Form $20.00 $40.00 $ $

Buyers Guide Window Form (Spanish) $18.00 $36.00 $ $

Consignment & Sales Agreement Form ____ $25.00 $50.00 $ _______ $ _______

Deal Jackets $30.00 $60.00 $ $

Fees Chart (wall mount) $14.00 $28.00 $ $

Fraud Hotline Poster $14.00 $28.00 $ $

Installment Sales Contract (100) ____ $150.00 $300.00 $ _______ $ _______

FTC Buyers Guide (100 per pack) $28.00 $56.00 $ Check one:

Restricted Power of Attorney (100 per pack) $10.00 $20.00 $

Deal Jackets (100 per pack) $24.00 $48.00 $

Test Drive Agreements (100 per pack) $28.00 $56.00 $

Interpreter Confirmation of Translation $25.00 $50.00 $ $

Key Tags (250) $32.00 $64.00 $ $

Lease Agreements $78.00 $156.00 $ _______ $ _______

Limited Warranty $26.00 $52.00 $ _______ $ _______

No Purchase Required Disclosure $24.00 $48.00 $ $

Notary Receipt Pad $15.00 $30.00 $ $

Odometer Mileage Statement ____ $18.00 $36.00 $ _______ $ _______

Power of Attorney Disclosure Forms $18.00 $36.00 $ $

Rental Agreements $32.00 $64.00 $ $

Retail Buyer Order Form ____ $32.00 $64.00 $ _______ $ _______

Secure Power of Attorney ____ $50 00 $50 00 $ _______ $ _______

Secure Power of Attorney Log Book $15.00 $30.00 $ $

Temp Tag Log Book $15.00 $30.00 $ $

Title Release Authorization ____ $15.00 $30.00 $ _______ $ _______

Used Vehicle Record ____ $15.00 $30.00 $ _______ $ _______

ADP FORMS

Customer Delivery Check List $28.00 $56.00 $ $

Customer Proposal $28.00 $56.00 $ $

Damage Disclosure ____ $28.00 $56.00 $ _______ $ _______ Delivery Confirmation $28.00 $56.00 $ $

Goodwill Repair Acknowledgement $28.00 $56.00 $ $ Insurance Coverage Acknowledgement

$28.00 $56.00 $

Lease Spot Delivery Agreement $28.00 $56.00 $ $ Notice to Co-Signer $28.00 $56.00 $ $ Trade-In Appraisal $28.00 $56.00 $