Hello everyone! My name is Terry Dortch, representing Automotive Risk Management Partners. I spend quite a bit of time traveling across the States, interacting with folks from Louisiana, Alabama, Georgia to Northern Illinois, discussing what's currently piquing their interest. Lately, there's been a buzzword making the rounds - Cybersecurity!
Cybersecurity isn't new, but what's got people talking is its incorporation into the Safeguards Rule. The Safeguards Rule has been around since 2003 and is part and parcel of the Graham Leach Bliley Act. Its primary purpose has always been to protect customer information.
Understanding the Cyber Aspect
I'd like to dive into the cyber aspect of the Safeguards Rule. An amendment due in June seeks to bring clarity and renewed focus to this aspect. However, we must not overemphasize cybersecurity to the detriment of other vital compliance aspects. Both the cyber and real-world elements should be given their due attention.
"We need to step back a minute and take a look at the overall picture of everything."
Importance of Physical Compliance
The more I talk to dealerships, the more I realize how we're neglecting the physical aspects of the compliance piece. These aren't merely theoretical financial risks, they're real concerns that could significantly impact your revenue streams. Missteps within the sales process, backroom operations, or even your body shop operations pose imminent risks that demand our focus.
Although data and cybersecurity breaches are critical, let's not overlook the equally, if not more, consequential physical aspects.
Pay Attention to Auditing
One typical issue dealerships experience is the occurrence or appearance of disparate impact. This can lead to complications and run-ins with the Federal Trade Commission (FTC). Case in point; a dealership in Northern Illinois currently faces such predicaments.
To circumvent such situations, implementing audits should be a priority. Regular audits allow you to nip potential issues in the bud, reducing the chances of heavy penalties. Remember, compliance is an all-encompassing process that requires meticulous attention and consistency.
I want to underline that emphasizing the importance of real-world, tangible compliance does not equate to downplaying the significance of cybersecurity. Both elements play a crucial role in upholding dealership standards.
Comprehensive Compliance
Ensure the entity you're consulting comprehends the complexity and entirety of your compliance landscape. Here's a simple metaphor. If your compliance is a dike with several holes, don't patch one hole while ignoring the rest. Take care of all the holes.
A couple of years back, an automotive group in Illinois faced hefty fines to the tune of $10 million due to negligence in physical compliance. Don't fall into the same trap.
Final Thoughts
Navigating the waters of compliance is a journey. Take adequate time to understand every facet and ensure whoever's guiding you shares the same comprehensive approach. Furthermore, keep the lines of communication open with your vendors.
If you have any questions or would like to discuss these aspects further, don't hesitate to get in touch. You can reach out via phone or email as per your convenience.
Until next time, stay safe, stay compliant!