Dealership Law Expert: The Most Costly Mistakes Dealers are Making
发布时间 2024-08-13 09:00:33 来源
In complying with that rule is going to stop identity thieves from basically stealing cars from you. And I've talked to the mid-sized dealers that lose over a million dollars a year to identity theft. As most of you know, the contracts can come back on you as the dealer, and you're stuck with the bad deal when the finance company kicks it back to you because there was an identity thieves involved. So that to me is sort of low-hanging fruits or something that dealers could probably tighten up easily and save them money today. Welcome to the Cardio Shubgai podcast. Today, my guess is Brad Miller. Brad was the former chief regulatory counsel at NADA. And currently the head of legal at Comply Auto, a compliance solution company serving car dealers. We dive deep into the most costly compliance mistakes dealers are making, plus the top three sleeper risks within dealerships. Let's get into it. A big thank you to our sponsors for making today's episode possible.
遵守该规定将有效防止身份窃贼基本上从你那里偷车。我和一些中型经销商谈过,他们因为身份盗窃每年损失超过一百万美元。正如大多数人所知,合同最终可能会回到经销商身上,当金融公司因为涉及身份盗窃而将其退回时,你就得为这笔糟糕的交易买单。所以,我认为这是一个经销商可以轻易改进并立即节省成本的方面。欢迎收听Cardio Shubgai播客。今天我的嘉宾是Brad Miller。Brad曾是全国汽车经销商协会(NADA)的前首席监管顾问,目前是Comply Auto(一家为汽车经销商提供合规解决方案的公司)的法律负责人。我们将深入探讨经销商最常见的合规错误,以及经销商中存在的三大潜在风险。让我们开始吧。感谢我们的赞助商使今天的节目得以实现。
Open Lane, car dealership guy news, and Comply Auto. And now let's get into the show. You know, compliance, like, one of those topics where if you told me a couple years back, like, hey, you'd be excited to speak about that. I'm just being honest with you. Like, I would have said like zero chance. Take me to the dealership outages, right? With CDK, then there was some impact from CrowdStrike. We saw kind of multiple companies in a span of maybe like a month, a month and a half. I'm starting like a very big picture, but do you think that this was like a harbinger moment for the industry where like things will materially change for the customer, for the dealer? Or is this like, hey, it's another bump along the road.
开放车道,汽车经销商的最新消息,和Comply Auto。现在让我们进入正题。你们知道,合规性这个话题,如果几年前你告诉我我会很期待谈论它,说实话,我会觉得完全不可能。当时遇到经销商停运的时候,比如CDK系统的宕机,再加上CrowdStrike的影响,我们看到可能在一个月左右的时间里,有多家公司都受到了影响。我现在从大的方面开始谈,你觉得这对行业来说是一个转折点,会对客户和经销商带来实质性的改变吗?还是说,这只是前进路上的一个小波折?
Will this and has this like changed our industry forever and in what ways dealers are very unique in all of American, the American economy in the sense they are probably one of the most highly regulated small businesses that are out there. I mean, you think about, you know, whether it's environment, health and safety, issues in the back end in the body shop and the service department, because of all the chemicals and the heavy equipment in the lifts. And then you also have, you know, the employment issues and the interface with the OEMs. And because of what dealers do in the front end, very sensitive financial information, credit applications, assisting consumers with financing, leasing vehicles, they're regulated like banks.
这是否已经以及将会永远改变我们的行业?在哪些方面?经销商在整个美国经济中都非常独特,因为它们可能是监管最严格的小型企业之一。想一想,无论是环境、健康与安全方面的要求,还是在车身修理和服务部门的后台工作中使用的化学品和重型设备,再加上雇佣问题和与原始设备制造商(OEM)的对接问题,经销商在这些方面都有严格的规定。由于经销商在前端的工作涉及到非常敏感的金融信息,比如信用申请、帮助消费者融资和租赁车辆,他们的监管标准类似于银行。
I mean, really, I've told dealers for many years, you're sort of swimming in the deep end of the pool and you know, you can't have your floaties on, right? I mean, you got the dealers have to get serious about what's happening. And, you know, look, they're trying to do their daily business. You know, I think that what this really will mean is they need more and more dealers will see, knowing what's going on with their systems, having some technical capabilities internally and getting the right people to work with externally is going to be a core competency of being a dealer, right?
我的意思是,真的,多年来我一直告诉经销商们,你们就像在泳池的深水区游泳,不能戴上浮排,对吧?我的意思是,经销商们必须认真对待正在发生的事情。你看,他们在努力做日常业务。我认为,这实际上意味着他们需要更多地了解自己的系统,具备一些内部的技术能力,并与合适的外部人员合作,这将成为成为一个优秀经销商的核心竞争力,对吧?
I mean, you can't go to other, you know, dealers are financial institutions under federal law. We can talk about why that is and how that sort of come about. But the reality is they're the regulated entities. They're the only regulated entity in the auto space, right? It's not the OEM. It's not the vendor. In most cases, that is directly regulated. It's the dealer. So the dealer has all these obligations on them and they frankly need help, right? And so it's been a struggle for a number of years for raising the awareness of these issues. Again, I hope at the end of the day, the CBK issue and some of these other issues result in no exposure of customer data. I hope that the damages are minimized and I hope for the best outcome. But the reality is when you see your entire operation go down, in many cases, for days of no weeks, that is a wake up goal.
我的意思是,根据联邦法律,你不能去其他的经销商或金融机构。我们可以谈论为什么会这样以及这种情况是如何产生的。但现实是,他们是受监管的实体。在汽车领域,他们是唯一受监管的实体,不是原始设备制造商(OEM),也不是供应商。在大多数情况下,直接受监管的是经销商。因此,经销商肩负着所有这些义务,他们坦率地说需要帮助。多年来,提高对这些问题的意识一直是个挑战。我希望最终,CBK问题和其他一些问题不会导致客户数据泄露。我希望损失能降到最低,并希望结果是最好的。但是,现实是,当你看到整个运营全部中断,往往是几天甚至几周,这就是一个唤醒信号。
Quick. Give us a quick overview of what you do today. I just want to set the table for the conversation and all these different areas with an automotive we're going to touch on. Just explaining that you're a company auto. Can you just give us an overview like what does comply auto do? What do you do with in comply auto? Just give us the high level. Absolutely. I'm on the head of legal at comply auto. So I've been brought in as the main lawyer director of compliance and regulatory issues at comply auto. Comply auto is a software company. So we provide software and services to dealers to help them meet their compliance obligations in several specific areas today. Privacy and data security, safety, and also in some sort of advertising and F&I tools that are very powerful as well as workforce in some other areas, like it's it's count some state specific training issues, but it's a broad suite of training software, pardon me, compliance software for dealers.
快点,给我们快速介绍一下你今天的工作。我只是想为接下来的对话准备一下,我们会涉及到汽车行业的各个不同领域。解释一下你们公司是做什么的。你能简单概述一下Comply Auto是做什么的吗?你在Comply Auto的职责是什么?请从高层次上简要说明。
当然。我是Comply Auto的法律负责人,我是公司主要的律师,负责合规和监管事务。Comply Auto是一家软件公司,我们为经销商提供软件和服务,帮助他们在今天的几个特定领域满足合规要求。这些领域包括隐私和数据安全、安全性,以及一些非常强大的广告和F&I(财务与保险)工具。除此之外,我们还提供一些涉及到工作培训和州特定培训问题的广泛合规软件。
I've been an idea for 16 years. I'll tell you I had been in many meetings with dealers. Oftentimes many of the largest dealers in the country, most sophisticated, very smart people who are talking about data issues, talking about privacy and data security and just needed help. They clearly needed help. And, and, you know, we did what we could from an ADA perspective to help them. And an ADA does a great job in many ways, but I looked around and said, I think they need some more specific real world actual in the store help. And I knew the folks that comply auto. I knew what a great job they did, what a great product they had. And so, you know, I joined them a couple months ago to sort of help them get these products in the hands of dealers, right? These, this, the theory is leveraging technology to help dealers address these very complicated obligations they have under the law. And it's, and it's really been, you know, it's a three year old company and it's gone from, you know, nothing to 10,000 dealers very quickly because the products good and because the need is huge.
我在这个行业已经有16年时间了。我可以告诉你,我参加过许多与经销商的会议,通常是全国一些最大的、最复杂的、非常聪明的经销商,他们在谈论数据问题、隐私和数据安全,还需要帮助。他们显然需要帮助。你知道,我们从ADA(美国汽车经销商协会)的角度做了我们力所能及的帮助。而ADA在很多方面做得很好,但我环顾四周觉得,他们需要一些更具体的、在门店实际操作的帮助。我认识ComplyAuto的那些人,知道他们做得很棒,产品也很出色。所以,你知道,几个月前我加入了他们,帮助他们将这些产品交到经销商手中。这种理念是利用技术帮助经销商应对他们在法律下非常复杂的义务。这家公司成立只有三年,但进展很快,从无到有,已经有1万家经销商,因为产品好,需求也很大。
Okay. That's helpful. Now, I want to kind of go step by step here. We have, I want to touch on cyber security, then I want to go to cars, rule, and FTC, and then we can keep going. So we can, you know, we can pick one regulatory agency at a time. All right. So let's just start with, you mentioned to me before the call that there are some really like sort of breaking news, you know, fresh news regarding the CDK situation, deal shortages. Can you share that with us? Absolutely. So, so for those of you who've been sort of under a rock on June 19th, there was a, there was what they call the cyber incident at CDK, which was widespread and took a lot of dealers down in terms of their other online operations. The, there have been several updates from CDK and there was one issue just yesterday. So there is some breaking news in this area. Obviously we put out information on all the, all the updates today to give you some background. The latest is the following is that they, the CDK issued an update saying a few things that are important. One is they reiterated that as of today, they have not determined that any, I was just going to say by the area of this podcast, it'll be, you know, a couple of days ago. So, okay. So in the last, you know, so at this, this most recent week, yeah, in the last week, in the most recent notice that we, that we're aware of, CDK announced that, that they, that they, they're, their investigation is continuing, but they still won't have any indication that what's called PII, I personally identified when information was involved. And that's an important threshold issue that dealers have to understand because that the legal obligations that flow to dealers changed tremendously. If, if whatever happened at CDK involved information, right, if someone got Brad Miller's information, my address, my social, whatever information I had, they had a dealership, that, that means that certain other obligations come into effect for dealers.
好的。这很有帮助。现在,我想一步一步来,我们先从网络安全说起,然后再谈到汽车、规则和联邦贸易委员会(FTC)。这样我们可以一个一个地讨论不同的监管机构。好吧,那就从你在电话前提到的有关于CDK的最新情况和交易短缺的突发新闻开始。能和我们分享一下这些内容吗?
当然可以。对于那些还不太了解情况的人来说,6月19日CDK发生了一个所谓的网络事件,影响范围很广,导致很多经销商的线上业务中断。CDK已经发布了几次更新,昨天还有一个新情况,所以在这方面确实有一些最新的消息。显然,我们今天发布了所有更新信息,以便大家了解背景情况。最新的情况是这样的:CDK发出了一个更新,说明了一些重要的事情。首先,他们重申截至今天,他们还没有确定任何个人身份信息(PII)被涉及。这是一个非常重要的门槛问题,经销商必须了解,因为如果CDK发生的事情涉及到个人信息,比如我的姓名、地址、社会安全号码等,那么经销商的法律责任将会大幅度改变。
Okay. So as of today, they still say they, no indication is being involved, but they also have agreed to do two things because two of the important things that arise for dealers in a breach situation is you got to notify the FTC on a federal level, and then you have to notify consumers that were affected under state law. So there's federal obligations, state obligations. CDK had already announced that they were going to go ahead and notify the FTC on behalf of all the dealers, right? So that was sort of, they were reiterating that they were going to do that. Then one bit of news was they shared the fact that they actually have filed something, and it was within the 30-day timeframe with the FTC. So that's important. That's, but the second piece is they also agreed that they would handle any state data breach obligations in the same way. So that's news, and that's important.
好的。所以到今天为止,他们仍然表示没有迹象表明他们参与其中,但他们也同意做两件事,因为在出现数据泄露的情况下,两个对经销商很重要的问题是:第一,你必须在联邦层面通知联邦贸易委员会(FTC),然后你必须根据州法律通知受影响的消费者。因此,有联邦和州的义务。CDK已经宣布他们将代表所有经销商通知联邦贸易委员会,对吗?所以他们是在重申这一点。另外一个消息是,他们实际上已经在30天内向FTC提交了相关材料。这很重要。第二,他们也同意以同样的方式处理任何州的数据泄露义务。这是个新闻,而且很重要。
And that's very, you know, it's a great thing that they've stepped up to say that they're going to do that. I don't know that it ends the inquiry for me. If I'm an in-house lawyer to dealership, but it is a good thing and it is new.
这真是很好的事情,他们站出来说他们会这么做。我不确定这是否能完全解答我的疑虑。如果我是一个汽车经销商的内部律师,我会觉得这是个好事,而且这是个新的改变。
So still no, no indication PI was involved, but they're stepping up on both the federal and the state notice level to help dealers with those notice obligations. So that is breaking news and something the dealers should know about. All right. So Brad, tell us more, let's dig deeper into the CDK and CrowdStrike outages.
所以目前仍然没有迹象表明个人信息泄露参与其中,但他们正在加紧联邦和州级别的通知,以帮助经销商履行这些通知义务。这是一个值得经销商关注的重要消息。好的。那么,布拉德,告诉我们更多信息吧,让我们深入探讨一下CDK和CrowdStrike的系统中断问题。
Like I would talk to me like bigger picture implications. Where does this go from here? And in a way, I haven't talked much about CrowdStrike. I just to be clear, and thankfully, CrowdStrike did not affect dealers directly. I mean, some dealers were affected to be clear, but it wasn't nearly as widespread in the dealer world as the CDK incident. And remember the crowdtrack affected many vendors that work with the others.
我会这样跟自己说:考虑一下更大的影响。这之后会怎么发展呢?还有,我之前没有怎么提到过CrowdStrike。需要澄清一下,值得庆幸的是,CrowdStrike没有直接影响到经销商。虽然确实有一些经销商受到了影响,但远没有CDK事件那么广泛。而且要记住,CrowdStrike影响了很多与其他人合作的供应商。
A lot of vendors. That's right. And of course, the world wide economy, I'm good grief. Just so people understand, the CDK issue was a was clearly, I mean, this note, we don't have details yet, but pretty clearly it was a bad guy that got into the CDK system and it attracted a ransom payment to classic sort of hack slash ransomware. CrowdStrike was a software update gone bad, right?
很多供应商。没错。当然,全球经济,天啊。为了让大家明白,CDK的问题显然是坏人侵入了CDK系统,导致要求支付赎金的一种经典黑客攻击/勒索软件事件。CrowdStrike则是因为一次软件更新出错了,对吗?
I mean, you think about that, the poor person or people responsible for that update, right? They push out an update on what's called endpoint detection software and it affected the Microsoft systems around the world, whether Delta Airline CEO just came out recently and said it cost them half a billion dollars, right? Because of canceled flights. So the worldwide impact of that is unbelievably widespread.
我意思是,你想想那个负责更新的人或团队,真是够倒霉的。他们推送了一个叫做终端检测软件的更新,结果影响了世界各地的微软系统,Delta航空公司的CEO最近就说,这次更新让他们损失了五亿美元,因为大量航班被取消。所以,这次更新的全球影响简直是无比广泛。
And it's partly due to the nature of the product they had and the fact that it was so difficult to fix after the fact, right? But there's a sort of security feature. So I mentioned that because, first of all, people need to understand there has never been a company, regardless of the size, that has not had some issue with a software update, right?
这是由于他们产品的性质以及事后修复的难度,对吧?但也有某种安全特性。所以我提到这一点,首先是因为人们需要明白,无论公司大小,从未有过公司在软件更新时没有遇到问题的,对吧?
How does that affect us in the deal of the world? Well, think about, we've talked about this for years at AAD, I think about cars, right? Think about this happening in the near, in two or three years from now with a fleet of vehicles, right? They're getting software updates.
这对我们在全球交易中的影响如何?好吧,想一想,我们在AAD会议上讨论了多年的话题,我想到汽车,对吧?想想未来两三年内,车辆队伍中的这种情况,对吧?它们正在接收软件更新。
You know, I got forbid it happens, but we don't want to, you know, some large manufacturer with their entire fleet break, right?
你知道的,我希望不要发生这种情况,但我们不希望看到某个大型制造商的整个车队都出故障,对吧?
I mean, that's, that's a real issue that could happen in the dealership world.
我的意思是,那确实是一个可能会在汽车销售行业中发生的实际问题。
And our dealers have ready to address that as a consumer, you know, a service issue should arise. So there's a lot of issues industry wide that has an impact on, I would argue. But thankfully, it had a little bit less of a direct impact, at least on dealer specific systems, as you said, vendors.
我们的经销商已经准备好应对作为消费者可能出现的服务问题。因此,有很多行业内的问题对我们有影响,我认为是这样。但幸运的是,这些问题对经销商特定系统的直接影响相对较小,正如你所说的供应商问题。
Now, there's that, right? And there's also the overarching question of, you're always going to get pushed back from people saying, oh, you know, that's why we need to keep third parties out of these systems, right? I mean, there's, there's sort of a, there's sort of a, like I said, a pendulum that goes back and forth. We have to protect this ourselves. We have to let the best-in-class come in there and work on these things.
现在有这种情况,对吧?还有一个更大的问题是,总会有人反对,说这是为什么我们需要把第三方排除在这些系统之外。我是说,这就像我之前提到的钟摆效应,会来回摆动。一方面我们需要自己来保护这些系统,另一方面我们又需要引进一流的专家来处理这些问题。
CDK is a slight bit of an issue. I'll bring back the aperture a little bit. I think a couple of things that we're hearing from dealers that, and that certainly we're talking about. One, the easy stuff is sort of, do you have a business continuity plan? You should be, you should be putting it in place now where we're trying to give some deal or some tools to do that.
CDK是个小小的问题。我将稍微把光圈调小一点。我想我们从经销商那里听到的一些事情,肯定是我们正在讨论的。首先,比较简单的是,你们是否有一个业务连续性计划?你们现在应该开始制定这个计划,我们会提供一些工具来帮助你们做到这一点。
Well, what does that even mean? Like for someone, what does it mean? It means that you need to be practicing and ready for what the heck you're going to do, if something like this happens again, right? So whether you're a CDK dealer or not, you should have a business continuity plan in place. This episode was brought to you by OpenLean, the leading online dealer marketplace for use cars.
这到底是什么意思呢?对某个人来说,这意味着什么呢?这意味着你需要练习并做好准备,以防类似的事情再次发生,对吧?所以,无论你是否是CDK经销商,你都应该有一个业务连续性计划。本期节目由OpenLean赞助,OpenLean是领先的二手车在线经销商市场。
OpenLean brings you exclusive inventory, simple transactions, and better outcomes. All with the lowest fees in the industry. Dealers love OpenLean because they can find a vast selection of all these exclusive vehicles, rental, dealer trades and more, all combined with a truly transparent process, best in class inspections and easy to read condition reports, allowing buyers to bid with confidence. If you're new to OpenLean, you can sign up now and receive a $350 buy fee credit. Learn more at openlean.com or click the link in the show notes below.
OpenLean为您带来独家库存、简单交易和更好的结果,而且全行业费用最低。经销商喜爱OpenLean,因为他们可以找到种类繁多的独家车辆、租赁车、经销商交易等,并结合真正透明的流程、一流的检查和易于阅读的状况报告,让买家信心十足地进行竞标。如果您是OpenLean新用户,现在注册可以获得$350的购买费用抵扣。了解更多信息,请访问openlean.com或点击下方节目备注中的链接。
OK, so in light of all the events that happened to the, you know, to the industry in the last month and a half between, again, CDK, CrowdStrike, what do you say right now in sitting in your position? What is the biggest security or regulatory risk dealerships are facing? Yeah, I mean, security, regular service, there's, you know, there are always threats on the horizon. I think, look, the easiest and most basic thing is you don't want to breach to happen in your store. Right? I mean, that is the goal that you want to spend your, you know, your staff's waking hours doing what they can to ensure, right? It's easier said than done, right? I always use the example.
嗯,考虑到过去一个半月里行业发生的所有事件,比如CDK和CrowdStrike,你现在坐在这个位置上怎么看?目前,汽车经销商面临的最大的安全或监管风险是什么?是的,我是说,安全和常规服务,总是有一些潜在威胁。我认为,最简单和最基础的事情就是你不希望在你的店里发生数据泄露,对吧?这是你希望你的员工在工作时间内尽可能确保的目标。说起来容易做起来难,我总是用这个例子来说明。
There's a well known bank that you would have known of that spends $250 million a year on cyber security, still at a breach, right? So you can't, there's almost no way to say it's that you can prevent 100% of the breaches, but you can do certain things to make your posture better and obviously to ensure that if you do have an issue, you've got a defensible position, but as the lawsuits will follow, right? And what are those things? What are those certain things? Well, the key, the first key thing is you've got to make sure you're compliant with the obligation jail under federal law. And then primary one, there's the FTC safe guard rule, right?
有一家著名的银行,每年在网络安全方面花费2.5亿美元,但仍然遭遇了泄露。那么,你几乎不可能说可以百分之百地防止所有泄露,但你可以采取一些措施来改善你的防御姿态,确保在遇到问题时,你有一个可以辩护的立场,因为随后会有诉讼。那么,这些措施是什么呢?关键的第一步是确保你遵守了联邦法律下的义务。其中一个主要的就是联邦贸易委员会(FTC)的安全保障规则。
I've been talking about this both at any day and a couple of hours for years. People are probably sick of hearing about the safe guard rule, but it's critical, right? And I am, I will tell you, I think dealers are doing a fantastic job overall, but there are still dealers that are not doing what they need to do on a basic level to be compliant with the safe guard rule. Such as why? Can you go as an example? OK, so, so a little background on this rule is important. This, this rule is the federal statute that, that authorized this rule, it's called the Grandley's Blyley Act. That was actually passed in 1999.
多年来,我几乎每天都有几个小时在谈论这个问题。人们可能已经厌倦了听到关于这个保护措施的规定,但它确实很重要,不是吗?我不得不说,我认为整体而言,销售商们做得非常出色,但仍有一些销售商在基本层面上没有做到遵守这个规定。比如说为什么?你能给个例子吗?好的,稍微讲一下这个规定的背景。这个规定是由一项名为《格拉姆-里奇-布莱利法案》的联邦法律授权制定的,该法案实际上是在1999年通过的。
OK, 25 year old rule. Why are we talking about it today? Well, the, the safeguards rule came out a few years later. The FTC was directed by Congress to issue the safe guard's rule. And basically it's a rule that says you have to take certain steps to protect this data that you get. Dealers are financial institutions under federal law. That is the Grandley's Blyley Act. A lot of dealers don't realize that. First question they say is, why does this rule even apply to me? Right? I mean, does the oil have to worry about this?
好的,25 年前的规定。为什么我们今天要谈论它?嗯,因为几年前出台了一个保护规定。国会指示联邦贸易委员会(FTC)发布这个保护规定。基本上,这个规定要求你采取一定的步骤来保护你获得的数据。在联邦法律下,汽车经销商被视为金融机构。这是根据《格兰雷-布莱利法案》规定的。很多经销商并没有意识到这一点。他们首先问的问题是,这个规定为什么适用于我?对吧?我的意思是,石油公司也需要担心这个吗?
Does the, do my vendors? No, it's the dealer and the, and the hook, the legal hook is because of what dealers do in terms of assisting in financing or leasing their financial institution, right? So you're treated the same way as a bank or a credit union, basically, for purposes of the federal law. So dealers as financial institutions have to take steps to protect the data that they collect. OK. And it's for 20 years, it was sort of take reasonable steps depending on what their size and the kind of information you have.
我的供应商需要吗?不,是经销商,法律上的联系是因为经销商在提供融资或租赁方面的作用,对吧?所以在联邦法律的意义上,你被视为银行或信用社。这样一来,经销商作为金融机构必须采取措施保护他们收集的数据。好吧。过去20年里,他们根据自己的规模和拥有的信息类型,采取了合理的步骤。
Long story short, I can give you the whole background about why the change came out in effect. The FTC issued an amended rule about a year ago that went into effect about a year ago. That basically said, no, no, it's not just do what's reasonable. You've got to do these 18, 20 different things. You have to encrypt your data at rest and in transit. You have to enact multi factor authentication. You have to do penetration testing and endpoint detection. And you have to have a written programs. So there's a whole, frankly, complicated list of things that every dealer in this country has to do.
长话短说,我可以给你讲一下这个改变背后的整个背景。大约一年前,美国联邦贸易委员会(FTC)颁布了一项修订规则,并在大约一年前生效。这项规则基本上说,不,不仅仅是做合理的事情。你必须做到这18到20项不同的要求。你必须对静态数据和传输中的数据进行加密。你必须实行多因素认证。你必须进行渗透测试和端点检测。你还必须有书面的程序。所以,实际上,这就是每个经销商必须做的一整套复杂要求。
And it's actually at the heart of what Complyado does for dealers in many ways is help them walk through those complicated issues. So so that is and here's the here's the twist and on the twist, the hard part, frankly, from a dealer perspective. Dealers can do a really good job of tightening up their ship internally. But one of their obligations under this law is also to ensure their vendors are doing the same thing. And that's been a big lift in the dealership space. Average dealer. I'm not going to be exact with this, but I know we looked at this four or five years ago.
实际上,这正是Complyado在许多方面为经销商所做的核心工作:帮助他们解决那些复杂的问题。 这里有一个转折,坦率地说,从经销商的角度来看,这部分是比较难的。经销商可以在内部做得非常好,把自己的业务管理得井井有条。但是,根据这项法律,他们还有一个义务是确保他们的供应商也在实行同样的管理。这在经销商领域是一项艰巨的任务。普通经销商,虽然我不能给出确切数据,但我记得我们四五年前对此进行过研究。
I've heard different numbers between 25 and 40 different third parties. They've got to share information with, right? Those are service providers. Those are people like your DMS, your CRM, your website vendors, you know, whether it's, you know, the service schedule, or whatever software providers you work with. And sometimes physical information, but usually software providers, there's a lot of them, right? And each of those third parties for the dealer to meet their obligation has to take those same steps to protect the data that as you are, right? And that's a big lift. But just frankly, there may be some vendors that aren't doing the enough and they can't, and they can't promise in a contract that they are if they're not doing the right thing. So that is the big lift from a dealer perspective. Make sure your internal house is in order. And then obviously make sure that your vendors are also doing the right things.
我听说有不同的统计数据,第三方有大约25到40个。这些第三方必须分享信息,对吧?这些都是服务提供商,比如你的DMS(经销商管理系统)、CRM(客户关系管理系统)、网站供应商,不管是服务安排还是你使用的其他软件提供商。有时候是实体信息,但通常是软件供应商,有很多,对吧?为了经销商能够履行他们的义务,每个第三方都必须采取同样的措施来保护数据,就像你们所做的一样。这是个很大的挑战。坦白说,有些供应商可能没有做足够的工作,他们无法在合同中承诺他们在做正确的事情,如果他们没有真正做到。所以从经销商的角度,这是一个很大的任务。首先确保你们内部的工作到位,然后显然也要确保你们的供应商在做正确的事。
I want to pause on this for a second because I want to talk more about the cars rule before we get to vendors and whatnot. So cars rule is if you, anyone that knows, has read about the cars rule, it could fundamentally change the way cars are bought and sold. It, it severely impacts the car buying experience. You know, just some like anecdotes as a dealer, you have to share the exact outdoor price with the customer. If you're on a test drive, you have to give them the exact outdoor price. You think we all know if you've ever sold a car, even if you have any, if you ever bought a car, you know that it's, it's virtually impossible to have that price. It's just not how buying a car works, right? You have to get financing and there are steps to the process. The first question for you at starting a very high level is, is the cars rule going to happen? Yes or no? Sure. And so let me give you the status and it is sort of a confusing one. Usually they issue a rule. They tell you when it's when you have to comply and then you have to comply, right? What happened here is they issued the rule. They said when the date was, and this was so egregious that NADA, along with the Texas Holiday Law Association, suedo.
我想先暂停一下,因为我想在讨论供应商和其他问题之前,多谈谈汽车规则。汽车规则是这样,如果你读过相关内容,你会知道这可能会从根本上改变汽车的购买与销售方式。这对购车体验有很大影响。比如说,作为一个经销商,你必须向客户提供确切的总外价格。如果你在试驾,你也得给他们确切的总外价格。我们都知道,无论是卖车还是买车,这几乎是不可能的,因为购车不是这样运作的。你需要融资,还有其他步骤。首先,我想问的高层次问题是,汽车规则会实施吗? 是或否?让我来解释一下目前的状况,这有点复杂。通常情况下,他们会发布规定,告诉你何时需要遵守,然后你必须遵守。而在这里的情况是,他们发布了规定,设定了日期,但这太过严重,以至于NADA联同德州度假法律协会提起了诉讼。
So the status is the court's thinking about this right now. They're going to listen to oral arguments from both lawyers in mid-October. What that means for a decision on the ultimate outcome of the rule is I'm clear. My guess, my guess would be sort of maybe around the start of next year, one one twenty five. All right. So in theory, something could change within six months in theory. All right. Get, tell me, explain to me like, you know, like I'm a fifth grader, like what could change? I show up to that dealership. Again, in theory, I know it's not going to be perfect, but like what are what's what's the range of possibilities on January 1st, 2025? When I enter that dealership, what am I doing differently, potentially? So let's let's say the NADA challenge doesn't succeed and the rule goes into effect. There are a sort of a series of obligations, right? And it gets complicated. This is sort of a hard hard to explain in an elevator speech. But a couple of things that I think you hit on the biggest change from a deal of perspective is understanding what the FDC would require you to disclose as a dealer in terms of offering price.
目前的情况是法庭正在对这个问题进行思考。他们将于十月中旬听取双方律师的口头辩论。这意味着关于规则最终结果的决定还不清楚。我猜测,大概会在明年年初,可能是一月一日左右做出决定。所以理论上说,在六个月内可能会有变化。请告诉我,像我五年级学生那样解释,可能会有什么变化?假设我再次去那家经销店。理论上,我知道这不是完美的,但在2025年1月1日,当我进入那家经销店的时候,可能会有什么不同的地方?
假设NADA(全国汽车经销商协会)的挑战没有成功,规则开始生效。会有一系列的义务,这确实比较复杂,不容易用几句话说清。但我认为你提到的最大变化是,从经销商的角度来看,理解FTC(联邦贸易委员会)要求你作为经销商在提供价格时必须披露的内容。
And let's, you know, let's let's again, to simplify it, what the FDC doesn't like are dock fees and other fees that are not disclosed in the advertised price of the vehicle. What they don't like is a dealer saying this car is $35,000 and then you go into the dealership and, you know, even without taxes or anything else, it's $38,000 because of a fee that wasn't disclosed, a mandatory fee that wasn't disclosed in the advertised price.
好的,让我来简化一下。这段话的意思是,FDC(公平商业委员会)不喜欢那些没有在广告价格中说明的额外费用和服务费。他们不喜欢经销商在广告中说这辆车是$35,000,但当你走进经销店时,发现车价变成了$38,000,因为有一笔之前没有透露的强制性费用。
So that is probably at a fundamental level. One of the biggest changes dealers would have to understand is they have to make sure their advertisements and their communications with consumers include this new offering price, which is an all as you said, an all and out the door price now. It could exclude taxes and there's a whole bunch of exceptions always. But there's a distinction between mandatory add-ons and and and and optional add-ons. It's complicated. But at the end of the day, you got to have a price that someone can walk in and pay $35,000 for, not $35,000 plus. Right. So that that is going to be a difference. And frankly, proving that and complying with what they required dealers to do is going to be a lift.
这可能是一个基本层面上的变化。经销商需要理解的一个最大改变是,他们必须确保广告和与消费者的沟通中包括这个新的报价,即你所说的"全款到手价"。虽然可能会排除税费,并且总是有很多特殊情况需要考虑,但必须区分强制附加项目和可选附加项目。这其实很复杂。但归根结底,你需要提供一个明确的价格,比如顾客能够直接支付的$35,000,而不是$35,000加上一些额外费用。所以这将是一个不同之处。而且,实际上要证明并遵守这些要求,对经销商来说是一项挑战。
Right. How do you make sure you've got a record that you gave this person in your very first communication with them? This offering price, right? You can't even have a normal conversation with the person comes in and says, Hey, you know, I like that. So we're out of right there. You know, you know, is that eligible for the finance special? And you can't say, Oh, yeah, let's let's take a look at it and talk about the features. No, your first communication has to say the offering price is $5,297. And that has to be documented somehow. And then you can have a normal human conversation. Right. So it's just one of the many ways the FTC doesn't get how this world works. And they're forcing these sort of square pegs and round holes from the dealer perspective.
好的。那么你怎么确保你在第一次与这个人的交流中就提供了报价记录呢?这个报价对吧?你甚至无法正常地与顾客对话,比方说顾客进来后说,“嗨,我喜欢这个。”接着问,“这是否符合特价融资条件?”你不能说,“哦,是的,让我们看看,并谈谈它的特点。”不,你的第一次交流必须明确说出报价是5,297美元,而且这必须以某种方式记录下来,然后你才能进行正常的人际对话。这只是联邦贸易委员会(FTC)不了解这个行业运作方式的众多例子之一,他们强行让经销商执行这些不切实际的规定。
You're also going to have to stop anytime they talk about a monthly payments or a monthly payment comparison and give them a disclosure of the total of the payments or if the mental payments being compared, if you give them another form. So those new forms and new disclosures that, you know, again, ironically, the FTC says they did this to make the whole process go faster, which, of course, the nonsense. OK, so when when is the next when is the next milestone with this car's rule? Like when is the next decision being made? Yeah, again, a world argument started October and then the courts decides at some point after that, right?
你还需要在他们谈论每月付款或每月付款对比时停止,并向他们披露总付款额,或者在对比时,如果你给他们另一种形式的付款也要进行披露。所以这些新的表格和新的披露方式,对于加快整个流程,FTC(联邦贸易委员会)表示这样做是为了加快整个流程,然而这显然是无稽之谈。好的,那么关于这条汽车规则的下一个里程碑是什么时候?什么时候会做出下一个决定?是的,世界争论在10月份开始,然后法院会在那之后的某个时间做出决定,对吧?
We did there under no there's no deadline. So just just a rough guess is probably, like I said, start of the year. We'll have the fifth circuit decision. Now, does that mean that's the end? Could somebody appeal it to the Supreme Court? Maybe so. We'll see how that goes. But but but let's let's let's also level send a few things. I think, you know, so there's a chance that it will just come into effect as as if, you know, any day loses the lawsuit. It comes into effect and it'll come effect. I would think pretty quickly because the FTC is probably saying, look, you already waited two years, you know, this was coming. So he got 60 days or whatever. I'm just making that up.
我们做的那些事情并没有任何截止日期。所以,就像我之前提到的,大致猜测可能是在年初我们会得到第五巡回法院的决定。那么,这是否意味着结束了呢?可能有人会向最高法院上诉。这还是得看情况。但是,让我们平心而论地看几件事。我认为,有一定的可能性这最终会生效。如果某一天诉讼失败了,它就会生效,而且我认为会很快生效,因为联邦贸易委员会(FTC)可能会说:“你已经等了两年,你知道这件事了,所以你还剩60天时间。”这个时间我是随口编的。
So there'll be some point early next year where dealers will just have to start being ready to comply with this, right? Or any day could win, in which case, it doesn't mean the FTC can't do anything. They just have to go back to the drawing board. So maybe you have to wait another year or two when the same rule comes out again, right? So that's another possibility. In the meantime, there are also other rules that they've taken to pass like the junk fee rule, which currently would not apply to dealers because of the cars rule. But if the cars were goes away, then I'll send you going to worry about the junk fee rule.
所以明年年初的某个时刻,销售商必须做好准备,遵守这项规定,对吧?或者任何一天这项规定都有可能生效,在这种情况下,并不意味着联邦贸易委员会(FTC)就无能为力。他们只是需要重新制定规则。所以你可能还得再等一到两年,等到同样的规则再次出台,对吧?这也是一种可能性。同时,还有其他已经通过的规则,比如垃圾费规则(junk fee rule)。目前这个规则不适用于汽车销售商,因为有汽车规则(cars rule)。但如果汽车规则失效,那你就得操心垃圾费规则了。
So it's gets confusing, but here's my bottom line for dealers. There's going to be something in this area that is going to require you to at least understand, probably adapt at least your advertising practices and most likely the disclosures you get to consumers. So understanding at least basically what they're getting at and probably having some training in place now for your staff, because I'll tell you, the other big C change is, in my mind, is that, you know, dealers are used to, as you said, in your experience as a dealer, you're used to the alphabet soup of requirements to giving all these disclosures and forms and deal jacket gets huge because of all the stuff the government makes you do.
所以这可能会让人感到困惑,但这是我对经销商的底线。在这个领域会有一些事情要求你至少了解,可能还需要调整你的广告做法,并且很可能需要更改你向消费者提供的披露内容。因此,至少要基本理解他们的意图,并且最好现在就为你的员工提供一些培训。因为我认为,另一个重大变化是,经销商们习惯于你所说的各种各样的信息披露要求,以及由于政府规定而变得庞大的交易文件。
But that's historically been confined to the F&I office, right? You train the F&I folks for a reason, because they know this stuff. They can comply with it on behalf of your dealership. One thing the cars rule does is sort of expand that obligation to everybody in the store, right? So even if they come and ask the receptionist about a car, you've got to have a document showing that your first communication was X, right? So that's, to me, that's one of the biggest problems with the rule is it's going to make it such an artificial interaction from the consumers perspective, potentially. And a dealership, right? I mean, people want to help consumers at the dealership and you may be constrained, say, I'm sorry, I wish I could help you, but I need you to talk to, you know, and funnel them over to someone who's trained on how to do the right way.
但这通常仅限于财务和保险(F&I)办公室,对吧?你培训F&I人员是有原因的,因为他们了解这些内容,他们可以代表你的经销商遵守规定。但汽车规定的一个作用是将这种义务扩展到店内的每个人,对吧?所以即使他们来问接待员关于汽车的问题,你也必须有一个文件显示你们的首次沟通是怎样的。对我来说,这个规定的最大问题之一是,它可能会让消费者的互动变得相当不自然。作为一个经销商,我的意思是,店里的人都是想帮助消费者的,但你可能会被限制住,说不好意思,我希望可以帮到你,但我需要你去找那个受过专业培训的人。
So I want to zoom out now, talk to me about what are the costliest mistakes that dealers are making? Like, if you have to stack rank A, like, what are those, like, top three that you're seeing? Costliest mistakes from a compliance regulatory, just what are those three things? Yeah, and I think the way to address that is to say, where's the biggest potential financial risk in terms of your. Well, it's where's the biggest potential, but also realistically, right? Like, I had massive as a dealer, right? I had massive potential risk with, you know, financing and making sure that, you know, we're getting the exact information and, you know, selling to thousands of customers a year.
好,现在我想从宏观上来谈一谈。跟我说说,哪些是经销商常犯的最昂贵的错误呢?比如说,你能不能列出前三名呢?在合规和法规方面,哪些错误导致的代价最大?对,我认为应该这样来回答:哪些是潜在的财务风险最大的地方?嗯,是的,但也要现实一点,对吧?作为一个经销商,我曾经面临巨大的潜在风险,比如融资、确保获取准确的信息以及每年向成千上万的客户销售产品。
But that was something that we did very, very tightly. And, you know, we avoided the financial risk there. Whereas, you know, if there was oil on the floor in the shop that wasn't properly cleaned up and I'm giving you like a stupid example, but you know, I'm trying to say, like, I'm trying to, I want to bridge the gap of, like, potential, but also, you know, real. Yeah. And I, right. It's a great point. And I think, you know, it is funny because there is an inherent tension between compliance and profitability. Sometimes there just is, right? I mean, you know, if you take shortcuts, sometimes you can make more money, right? And that's just the reality. I get it.
不过,那件事我们处理得非常严谨。你知道,我们在那里避免了财务风险。而且,如果商店地板上有油渍没清理干净,我给的是一个很愚蠢的例子,但你明白我的意思,我是想弥合潜力和现实之间的差距。是的,我认为你的观点很好。确实有趣的是,合规和盈利之间往往存在固有的紧张关系。有时候,如果采取捷径,确实可以赚更多钱,这就是现实。我明白了。
You know, we can talk about one specific issue when we talk about some of the things happening in the website world about a very clear sort of tension that exists there. But, but to me, you know, I'm actually going to go back to one that's, that's a little bit older and a little bit under the radar because I think this is a sleeper huge financial issue for dealers and that's red flags. So, so there are requirements under federal law to, and to basically verify the identity of someone that you're going to extend credit to. That's a best oversimplification. But that's essentially what you have to do. And the reality is that's one where the, where this aligns, because being compliant with that rule is going to stop identity thieves from, from basically stealing cars from you.
你知道的,当我们谈论网站世界中的一些事情时,我们可以专门讨论一个非常明确的问题。这其中有一种明显的紧张关系。但是,对我来说,我想回到一个稍微久远一些且不太引人注意的问题,因为我认为这是一个潜在的重大财务问题,那就是红旗警示(Red Flags)。根据联邦法律的规定,你需要核实你要提供信贷给的人的身份。简而言之,这就是你必须做的。而事实是,这个规定的遵守可以防止身份窃贼从你那里偷车。
And I've talked to dealers that mid-sized dealers that lose over a million dollars a year to identity theft, right? Because as most of you know, the contracts can come back on you as the dealer and you're stuck with the bat with the bad deal when the when the finance company kicks it back to you because there was an identity theft involved. So that to me is sort of low hanging fruits or something that dealers could probably tighten up easily and save them money today, right? I obviously did security and privacy. The breach, the breach noticed real cost and is a is happening today. I mean, CDK aside, you know, there was a large dealer roof in the West Coast that had a direct attack themselves that they were down.
我和一些中型经销商谈过,他们每年因为身份盗窃损失超过一百万美元,对吧?因为你们大多数人都知道,合同会回到经销商头上,当金融公司发现其中涉及身份盗窃而拒绝交易时,你作为经销商就得承担这个坏账。所以对我来说,这是一个显而易见的问题,经销商可以轻松解决,从而节省费用,对吧?显然,我做了安全和隐私方面的工作。数据泄露的真正成本是很高的,而且现在每天都在发生。比如说,有一家西海岸的大型经销商就遭受了一次直接攻击,他们的系统都瘫痪了。
This ransomware events happened unfortunately routinely with dealers and these are real hard costs the dealers have to face today. So I do put that in the in my top tier of triage, right? I used to tell dealers two or three years ago that TCPA text messaging communicating to their customers was probably in the top top tier. But there's been a Supreme Court case that sort of took a little bit of the pressure off that because basically the planters lawyers, some of their theories were blown out the door. So so I'm not that still in the top five, but it's the pressure on that's come down a little bit. Text messaging is still has some inherent risks.
这类勒索软件事件不幸地在经销商中经常发生,这些是真正的高额成本,经销商今天必须面对。因此,我将其放在我的优先处理事项的顶级位置。我以前告诉经销商,两三年前,通过TCPA短信与客户沟通可能是最重要的事情之一。但有一桩最高法院案件在某种程度上减轻了这方面的压力,因为基本上原告律师的一些理论被推翻了。所以,虽然短信沟通仍然存在一定的风险,它的压力有所减轻,但仍然在我的前五个重要事项中。
And the reason is because they're statutory damages. Anytime you have stats, in other words, if you have a law that says you break it, you get X dollars per violation, that's going to attract planners lawyers like flies to honey, right? So that is what cumulative. But it's gimbal, right? I mean, in the TCPA case, it was $1,500 per color text, right? And these bits are very easy as a plaintiff's lawyer to come and say, you did this wrong. I multiplied how many text messages you sent by $1,500 pay me $2 million, right? So that was a real problem for a long time.
原因是因为这些是法定损害赔偿。当有法律规定,如果你违反了规定,每次违规将被罚款一定金额时,这种情况就会吸引律师,就像蜜吸引蜜蜂一样,这种情况非常普遍。例如,在TCPA(电话消费者保护法)案件中,每次违规的电话或短信就被罚款1,500美元。作为原告律师,可以很容易地指出你的错误。然后把你发送的短信数量乘以1,500美元,就能得到200万美元的赔偿金,对吧?这种情况在很长一段时间内都是个大问题。
Still is a problem. It's become a little bit better because of the of some of the rules and some of the policies that have been placed at dealerships. But that, you know, I've said for a long time to bring this down to the dealer world. That's one of the many reasons you got to make sure you understand what your salespeople are doing with their personal phones with consumers, right? I mean, let's bring this to the real world. People communicate on their phone at the time, right? Salespeople are human. They do things the way that everybody wants to do things. Dealers have to really think about the risks and the potential liabilities that could bring to you as a dealer. Having that unfettered. You got to get controls over that. You have to have records to show you what you're going to do because there still are some risks out there from from those communications. Especially marketing communications. And then I, you know, I guess I would also put only because it's so topical and it's a really under the radar issue is some of these, what they call wiretapping lawsuits that are hitting the. This is a very underreported issue that a lot of folks out there may know about that we are seeing every day affect dealers. OEMs, finance companies and others. I can bring it into what that means later. But that's those are sort of if I'm doing triage, there is sort of my top two or three from a pure financial perspective today for dealers.
还是有问题。虽然因为一些规则和政策的实施,情况有所好转,但你知道,我已经说了很长时间了,要把这个问题带到经销商的层面上。这也是你必须确保了解你的销售人员如何使用个人手机与消费者沟通的原因之一,对吧?让我们回到现实世界,人们总是用手机交流,销售人员也是人,他们会按照每个人的习惯行事。经销商必须认真考虑这种行为可能带来的风险和潜在责任。如果不加以控制,你必须设立一些控制措施并保留记录,证明你要采取的行动,因为这些沟通方式仍然存在一些风险,特别是营销类的沟通。此外,这里有一个非常热门但又很低调的问题,那就是所谓的窃听诉讼。尽管这个问题报道甚少,但实际上每天都在影响经销商、原始设备制造商(OEM)、金融公司等。我可以稍后详细解释这个问题的意义,但就目前来说,如果我要从纯粹的财务角度为经销商进行分类,这些是我认为最重要的两三个问题之一。
This episode is brought to you by my very own car dealership guy news. CDG News is here to help you stay updated on all things automotive. We're not your typical news group. We're bringing you concise, unbiased car industry news and easy to digest formats from the hottest headlines to podcast summaries, dealership best practices and industry insights. We've got it all covered. And guess what? It's all free. No paywalls. Just like we always promise. Hop over to CDG. News. That's CDG. News. And check us out. We're all yours for your feedback. Tell us what you need. Give us your honest thoughts. We're here to deliver real value. So don't wait. Head to CDG. News. Now we'll click the link in the show.
这集节目由我自己的汽车经销商新闻赞助。CDG News在这里帮助你掌握所有关于汽车行业的最新动态。我们不是传统的新闻团体,我们为你带来简明扼要、公正的汽车行业新闻,以及易于理解的形式。从最热门的头条新闻到播客摘要、经销商最佳实践和行业见解,我们全都覆盖。而且你猜怎么着?这些全都是免费的,无需付费墙,就像我们一直承诺的那样。访问CDG.News,就是CDG.News,来看看我们吧。我们非常欢迎你的反馈。告诉我们你的需求,给我们你的真实想法。我们在这里为你提供真正有价值的信息。所以不要犹豫,马上去CDG.News,或者点击本节目中的链接。
What about like quick wins? Right. A lot of these. There's a lot of things that you said changing. Moving from a vendor to another one that maybe, you know, is more compliant because, you know, it protects your customer from it. That's a process. Right. But like, are there any quick wins, whether it's like some form of training with your teams? Like if someone is listening and they're like, you know, if they could, if you could leave them right now with one quick win that they could go to the dealership and implement pretty seamlessly. Privacy policy. I mean, I don't even know what. I, you know, I, well, the risk of a little self interest, it's, it's in the cookie consent ban a world. So let me explain this, this issue is it's one that people have to understand.
那么关于那些快速的收益呢?对,有很多这样的情况。你说的很多事情需要改变,比如从一个供应商换到另一个可能更合规的供应商,因为这能更好地保护你的客户。这是一个过程,对吧。但有没有什么快速的收益,比如说进行某种形式的团队培训?假如有人在听,他们想要立即采取行动,你能不能给他们一个可以很顺利地在经销店实施的快速收益呢?比如隐私政策。我的意思是,我都不知道该怎么说……我有点出于自身利益考虑,但这是关于cookie同意的全球问题。所以让我解释一下,这个问题是人们必须理解的。
I will tell you this. I actually have seen a lot more demand letters and lawsuits in this area than anywhere else. And I'll tell you why. Remember what I said earlier? Statutory damages. Right. So there are some, this is actually a sort of a new one to many people and arises under state law. And of course, as many of these things that comes out of California and there's a California statute that has as mentioned, $5,000 statutory damages. Okay. So this is going to sound odd if this is new to you, but there are plenty of lawyers who are following hundreds of these lawsuits saying that basically by implementing cookies, pixels, scripts on your website without the consent of the consumer, appropriate consent, that that is wire tapping. Okay.
我来告诉你这件事。我实际上在这个领域看到的需求信和诉讼比其他任何地方都多。让我告诉你为什么。还记得我之前说的吗?法定赔偿,对吧?所以,有些人,这对很多人来说实际上是新的,并且根据州法律产生。当然,像许多此类事情一样,它来自加利福尼亚州,加州有一项法规,规定了5000美元的法定赔偿。好,如果你是第一次听说,这可能听起来很奇怪,但有很多律师在追踪数百起诉讼,他们基本上声称,在未获得消费者适当同意的情况下,在你的网站上实施小甜饼、像素、脚本行为就是窃听。
So there's actually these wire tapping statutes on the books in California and Florida and some other states. And believe it or not, they've managed to commit some courts to say that that act of sort of, of, of loading these cookies and using the cookies without the consent of the consumer is wire tapping. So quick win, get the right consent. Right. So we have, we, one of the things we provide to our customers is a, is a banner that we've looked at all these cases. We've done a very thorough investigation of where it is. We have some customization you can do. There's geo-fencing by states. Lots of tools you can implement, but get the right banner on your website.
所以,实际上在加利福尼亚州、佛罗里达州和其他一些州都有窃听法。信不信由你,他们成功地说服了一些法院认定在未经消费者同意的情况下加载和使用这些Cookies是一种窃听行为。所以,要快速解决这个问题,关键是获得正确的同意。我们为客户提供的一项服务就是一个弹窗广告条。我们已经仔细研究了所有相关案例,并进行了彻底调查。我们还有可以进行的一些定制,比如根据州划分的地理围栏工具。有很多工具可以实施,但要确保你的网站上有正确的弹窗广告条。
I mean, it's as simple as that. We've seen these things on websites now, right? But then the pops up says, you know, you know, I accept or deny cookies. It's the pain of my existence. It is. And it's too bad because it's, you know, again, this is just sort of the way the world's going. You try to make it as seamless as possible, but it is. This is real and this is and you it's not been in the press as much, but it's frankly, these are demand letters going out and frankly, we've got to get settled.
我的意思是,这件事很简单。我们现在在各种网站上都能看到类似的情况,对吧?然后会弹出一个窗口,让你选择接受或拒绝 cookies。这简直是让我头疼的问题。确实是这样,很遗憾,因为这就是世界发展的方式。我们试图让一切尽可能无缝衔接,但事实就是如此。这是真实存在的,尽管媒体关注得不多,但是这些确实是正在发送的需求信件,我们需要尽快解决这个问题。
I think it's settled. You don't hear about the press, but just in the past two weeks, I would say there were another dozen or two filed in, including one large OEM, where is the defendant and a few other lenders in the auto space. And so they've hit the auto space hard. Again, quick wins. It's easy. Adopt adopt a compliant consent. It can't be just anything. In fact, you can make it worse if you do a bad one, but get the right consent banner and get consent. So you can prove you've done it, but does that we found if you do that right, they move on to the next, you know, the next website to try to see.
我想这已经确定了。你可能没有听到媒体报道,但就在过去的两周内,又有十几起案件被提交,包括一个大型原始设备制造商作为被告,以及其他几家汽车领域的贷款人。所以,他们对汽车领域打击很大。这是快速取胜的法子。这很简单。采用合规的同意形式。不能随随便便做一个。实际上,如果做得不好,可能会更糟。但是,确保使用合适的同意横幅并获得同意。所以你可以证明你已经这样做了,但是我们发现,如果你做对了,他们就会转移到下一个网站继续尝试。
So. Talk to me a little bit about marketing and AI. You know, there's a we have there's a very big rise in AI chatbots. Lots of dealers are starting to implement chatbots. And in many cases, it's driving R. Why it's driving profitability. It's 24 seven. Right. I'm personally a fan of several companies that offer this service. Talk to me about the issues that you foresee there. Right. Cause that's a whole new Pandora box, right? It is. It is. I'm sorry. I was going to say, yeah, it's a great question. I mean, the first thing to remember is what I just said. Make sure if that things loading as its own, as its own sub domain or others, you know, it's in a way.
好的。跟我聊聊关于市场营销和人工智能的事情吧。你知道,现在人工智能聊天机器人有了很大的发展。很多经销商开始使用聊天机器人,在很多情况下,这推动了投资回报率并提高了盈利能力,因为它是24/7全天候运转的。我个人很喜欢几家提供这种服务的公司。你能跟我聊聊你在这方面预见的问题吗?这简直是一个全新的潘多拉魔盒,对吧?确实如此。对不起,我的意思是,这是个很好的问题。首先要记住的是我刚才提到的内容,确保它以自己的子域名加载或以其他方式加载,因为这在某种程度上会影响结果。
There's a lot of ways to get in trouble on your website. Think about what a chatbot obtains, right? I mean, people tell you all sorts of things in the chatbot. They can tell you they're credit history and all sorts of sensitive information. So protect it. But the AI issues specifically, they're sort of two, two, two things the authorities to date are focused on. Okay. Uh, and certainly the FTC level. And then there's also been some things come from the Biden administration and at least federally. And one is they are concerned about deception and the use of an AI tool.
在你的网站上,有很多方法可能会惹上麻烦。想想看,一个聊天机器人获取了什么,对吧?我的意思是,人们会在聊天机器人那儿告诉你各种各样的信息。他们可能会告诉你他们的信用历史,还有各种敏感信息。因此,要保护这些信息。但关于人工智能的问题,具体来说,有两个主要方面是目前当局所关注的。好的,尤其是联邦贸易委员会(FTC)的层面。此外,拜登政府也颁布了一些相关规定,至少在联邦层面上。其中一个关注点是他们担心在使用人工智能工具时可能出现的欺骗行为。
So this is sort of a weird one, but believe it or not, they care whether somebody thinks they're speaking with a human being or not. Right. So it's a tricky one because I know these chatbots are often AI driven and they have a little person's face and it looks like you're speaking to someone, but try, you know, at least think about, uh, you know, clarifying that this is, this is automated, but as the FTC has expressed interest in that, they seem deceptive, right? To, uh, to, to have someone speaking to an AI tool that thinks a person.
所以,这有点奇怪,但相信与否,他们在意是否有人认为自己是在和人类说话。对,这有点棘手,因为我知道这些聊天机器人通常是由AI驱动的,并且有一个小人的头像,看起来像是你在和某个人说话,但试着至少考虑一下,呃,你知道,澄清这是自动化的。联邦贸易委员会对此表示了关注,他们认为如果有人认为自己在和人工智能工具说话而不是真人,这有点欺骗性。
The bigger issue, I think is the use of AI in two areas. And that's in, uh, employment or financing. And so obviously the employment space is not as relevant for dealers. But in terms of financing, that does become an issue for dealers. Um, and the issue that the federal government is concerned about, they call it algorithmic bias. Uh, and what they say is, you know, if you're making a decision using AI and it affects either financing offer or financing term, something like that, then you've got to be able to prove what the basis of that algorithm was, right?
我认为更大的问题在于人工智能在两个领域的使用。一个是就业,另一个是融资。显然,就业领域与经销商关系不大。但在融资方面,这确实成为了经销商的问题。联邦政府关心的问题是所谓的“算法偏见”。他们认为,如果你在做决策时使用了人工智能,并且这影响了融资方案或融资条款等,那么你必须能够证明该算法的依据。
So I'll give you an example. You've got it. Now, this is not necessarily a chatbot, but this is an AI tool that's popular in the dealership space. Some, an AI tool that will say, you know, we don't want to give our incentive dollars to just everybody who wants to buy an F one 50. We want to target Brad Miller and, you know, Sue Smith to give these incentives to, right? Now, how did that AI, how did that algorithm behind the AI determinate was Brad Miller, Sue Smith and not somebody else, right? And is there some sort of fair lending violation based on that?
让我给你举个例子。你明白了。这并不完全是一个聊天机器人,但这是一个在经销商领域很受欢迎的AI工具。某个AI工具会说:“我们不想把我们的奖励金给每个想买F150的人。我们想针对布拉德·米勒和苏·史密斯提供这些奖励,对吧?”那么,这个AI背后的算法是如何确定要给布拉德·米勒和苏·史密斯,而不是其他人呢,对吧?这种做法是否存在某种公平放款的违规行为呢?
Is there some sort of disparate impact on the federal law? There, there's a very big push. In fact, one of the FTC commissioners, and I told you earlier, five commissioners, one of them was a former professor at Georgetown and his specialty was algorithm advice. That's like his big issue. So I, I tell you that, but that is a real issue in our world, whether it's lending decisions, incentive decisions, anything that also involves something that a decision that's made affecting a price that you give to somebody, you're going to have to be ready, at least your vendors are going to have to be ready to explain how that was determined. So that those are the areas that they focused on. Now, your point in the chatbot, I think the communication piece, you know, you, you're also going to have to worry about that we got cars rules, implications that I can explain. So there's lots of regulatory implications of chatbots, but the two things that jump out of me are protecting that information, make sure you understand how that works within your, your website ecosystem. And two, if it involves anything having to do with financing, you just have a higher level you have to worry about. All right. So Brad, we spoke a lot about the insta operations, the DMS. Is there anything else regarding dealership websites? You know, this is like the modern storefront for the dealer. Anything else at that point? Yeah, exactly. You've transitioned on that exactly right. I mean, it's not, you know, I've been around long enough to know it used to be just the DMS that the dealers were worried about who's accessing my data, who owns the data. These are somewhat antiquated concepts. But now it's transitioned to the CRM. And then today, I think the biggest area of weakness for dealers, in my personal opinion, is your website. You would not, but I would just encourage dealers to, to understand what's happening on your website. I hear a lot of sort of pushback from dealers on, you know, the level of OEM control on the advertising on the websites. But there's a whole back end to what's happening on your websites. If you go and look, you would be amazed at the cookies and the scripts and the pixels and the third parties that are taking information from your website and using it for purposes that are sometimes outside the scope of what they probably ought to be doing, right? Think about what's on your website. It's not only information about who's visiting your virtual storefront, but it could be credit applications. It could be all sorts of very sensitive and very relevant and very, you know, valuable information. And so, again, it's just, it's just something a lot of dealers don't have an awareness on. It's in this technical realm where, where you kind of need a little bit of help. But I would just encourage dealers, in addition to the liability issues we talked about, you know, in terms of website, you know, these lawsuits, you just got to know what's going on with your website. And that information is critical to running your store. So I want to encourage dealers to stay on top of that if they can.
联邦法律是否存在某种不同影响?有一个非常大的推动力。事实上,FTC的其中一位委员,而我之前提到过,有五位委员,其中一位曾是乔治城大学的教授,他的专长是算法建议。这是他非常关注的问题。所以,我告诉你,但这确实是我们世界中的一个实际问题,无论是贷款决策、激励决策,还是任何涉及价格决策的事情,你都需要准备好,至少你的供应商需要准备好解释这是如何决定的。所以这些是他们关注的领域。
现在,关于聊天机器人,我认为沟通方面,你也需要担心我们有汽车规则的影响,我可以解释。所以聊天机器人有很多监管影响,但对我而言突出的两个问题是保护信息,确保你了解其在你网站生态系统中的工作方式。其次,如果涉及任何与融资有关的内容,你需要更加注意。
好,Brad,我们谈了很多关于即时操作和DMS的事情。在关于经销商网站方面还有什么要补充的吗?你知道,这就像现代经销商的门店。还有其他要点吗?
是的,确实如此。你说得完全正确。我已经在这一行待得够久了,以前经销商只担心谁在访问我的数据,谁拥有数据。这些概念有些过时了。但现在转变到了CRM上。今天,我个人认为,对经销商来说,最大的问题是他们的网站。你可能不知道,但我鼓励经销商了解你的网站上发生了什么。我听到很多经销商抱怨OEM对网站广告的控制程度,但你的网站后台发生了很多事情。如果你看看,你会惊讶于有多少cookies、脚本、像素和第三方正在从你的网站获取信息,有时它们的用途可能超出了该做的范围。
想想你网站上的东西,不仅是关于谁在访问你的虚拟门店的信息,还可能是信用申请,各种非常敏感和相关的、有价值的信息。因此,很多经销商对此没有意识到。这是在技术领域,需要一些帮助。但我鼓励经销商,除了我们谈到的责任问题,了解你网站发生的事情。这些信息对经营你的商店至关重要。所以我想鼓励经销商尽可能掌握它。
Hey, Brad, before we wrap up, all this regulation and compliance and, you know, given we're in such a technological world, do you think that this is just going to hamper innovation for car buying? Like, are we just going to see the car buying experience?
嘿,布拉德,在我们结束之前,关于所有这些法规和合规性,再加上我们身处这么一个科技发达的世界,你觉得这些会阻碍汽车购买的创新吗?你是否认为我们未来的汽车购买体验会受到影响?
Let me preface that with like, we're already seeing the industry facing so many different forces, whether it be direct to consumer. Right? Online upstarts. There's all these competing forces for the consumer. Right? That's enough to have an impact on the experience. Now you're adding regulations, compliance.
让我先说一下,我们已经看到这个行业正面临许多不同的力量,无论是直销给消费者,对吧?还有在线新兴企业。消费者面对这么多竞争力量。这些已经足以影响消费者的体验。现在你再加上各种法规和合规要求。
Do you think that ultimately this hamper's innovation or you optimistic that we can, you know, kind of evolve through it using technology and make the car buying experience actually better, not take five hours? Like, what's your, what's your outlook? I have learned to never underestimate dealers. I'm telling you.
你觉得这最终会阻碍创新,还是你对我们通过科技进步、改进购车体验持乐观态度?比如说,让购车过程不需要花五个小时。你怎么看这个问题?我学到的是,千万不要低估经销商的能力,真的。
It is going to get more complicated, but there are going to be some smart people out there who leverage technology to make it better. And I will, I learned in 20 plus years in this business that I will never underestimate dealers ability to take, take, you know, lemons and turn to lemonade. I mean, there's, and there are ways to do that.
情况会变得更加复杂,但会有一些聪明的人利用技术来改进它。 我在这个行业工作了20多年,学到了永远不要低估经销商们将坏情况(柠檬)变好(柠檬水)的能力。我是说,他们确实有方法做到这一点。
You know, I think, I think as part of a professionalization of our industry, I think it could be viewed as a good thing. You know, data security is a good thing. Right? I mean, if there's some pain up front, but making, making consumers feel good about that kind of about their interaction with you is helpful.
你知道,我认为,作为我们行业专业化的一部分,这其实是件好事。数据安全是好事,对吧?虽然一开始可能有点麻烦,但让消费者对与你的互动感觉良好是有益的。
And I do think things will speed up. There's always bumps in the road. I think there'll be transitions. Doing yourself may no longer be an option, but absolutely. I am, I'm optimistic that dealers will take the requirements, turn them into a consumer benefit and, and hopefully, you know, make the process even more professional, more pleasing from a consumer perspective.
我确实认为事情会加速推进。路上总会有一些颠簸,我认为会有一些过渡期。自己动手可能不再是一个选项,但我非常乐观。我相信经销商会接受这些要求,把它们转化为消费者的利益。希望他们能让这个过程更加专业,从消费者的角度来看也更加令人满意。
And give more to consumers. Now, again, they have to have the ability to do it. That's always the part that that has been my number one dealer advocacy issue for so long is dealers are hands-strong art.
并给予消费者更多。现在,他们还必须拥有这样做的能力。这一直以来都是我最关注的经销商权益问题之一,因为经销商的手脚被束缚住了。
When dealers, when the chains are taken off, dealers are able to do amazing things from the technology perspective. And so hopefully we can get those, some of those restrictions removed and dealers will be 1000 flowers of competition will make things better. Any closing thoughts?
当限制被解除时,代理商能够从技术角度做出令人惊叹的事情。因此,希望我们能取消这些限制,让代理商百花齐放,竞争会让一切变得更好。有什么最后的想法吗?
I mean, this is, you know, you've shared a lot of really great knowledge here. And then, and I already, I'm already thinking about having to bring you on again to talk about, you know, the update on the cars rule, kind of what changes in October, November, January. Can only imagine how topical this is going to be. Any, any closing thoughts before we wrap up?
我的意思是,你看,你刚刚分享了很多非常有价值的知识。我已经在考虑再次邀请你来讨论关于车辆法规的更新情况,比如说十月、十一月、明年的一月会有哪些变化。这将会是一个非常热门的话题。我们在结束之前,你还有什么想说的吗?
Yeah, look, I think the closing thoughts are, you know, I, it's been my job for 20 years until dealers bought these regulatory regimes and, you know, it can sound depressing and overwhelming, but there are people out there to help you. A, and B, it's, it's not something you can't overcome. Dealers are doing it.
是的,你看,我觉得最后的想法是,嗯,我在这一行业已经做了20年,直到经销商们接受了这些监管制度。你知道,这些可能听起来让人沮丧和不知所措,但还是有些人可以帮助你的。首先,你并不是无法克服这些问题。其次,经销商们也在做到这一点。
Dealers are meeting the obligations and not hampering their, their ability to, to give a great customer experience and still be profitable. So, so I don't think in the long run that these will be more than small speed bumps for the, for the dealers that you have to focus on it for a little while.
经销商正在履行义务,并且没有妨碍他们提供优质的客户体验,同时也保持盈利。因此,我认为从长远来看,这些对经销商来说只不过是一些小的障碍,他们只需要在这方面稍微关注一下。
You got to make it a priority, a cultural issue or store. But if you do those things, you're going to be ahead of the game. And frankly, I think in the long term, you'll be, you'll come out on top. Not just over these, you know, the, whatever the States and the feds sort of layer on you, but also your competition. So encourage you to do that and find the right people to partner with.
你必须把它当成一个优先事项,一个文化问题或者储备。但如果你这样做了,你就会领先于游戏。坦白说,我认为从长远来看,你会胜出。不仅仅是对抗那些州政府和联邦政府加给你的压力,还包括你的竞争对手。所以我鼓励你去做,并找到合适的合作伙伴。
Well stated, Brad Miller from comply auto. We'll throw up links in the show notes below if anyone wants to learn more about how you're working with dealers, how you're helping dealers out. Again, super impressive background at any DA. You've spent lots of years in this industry. So you know a thing or two to say the least.
说得好,来自Comply Auto的布拉德·米勒。如果有人想了解更多关于你如何与经销商合作,以及你如何帮助他们的话,我们将在下面的节目备注中提供链接。再次强调,你在NADA(全国汽车经销商协会)拥有令人印象深刻的背景。你在这个行业工作了很多年,所以你肯定是非常有经验的。
But I appreciate you coming on. This was extremely insightful and I will have to do it again. Well, you see, thank you so much for having me in any time. All right. Hope you enjoyed that episode. Please give the podcast a rating. Consider subscribing to the show and check the show notes for links to what we talked about. Thanks for tuning in. I'll see you guys next time.
但我真的很感谢你的参与。这次对话非常有见地,我以后还会再邀请你。好的,非常感谢你随时能来参加。好吧,希望你喜欢这一集。请给这个播客评分,考虑订阅我们的节目,并查看备注中的相关链接。感谢你的收听。我们下次再见。