Recipe for Compliance

I captain our company’s competitive barbecue team, so I see the world through smoke-colored lenses – even compliance. And I’ve learned that most car people would rather talk about food than compliance issues, so in this article I will incorporate both.

As in all things worthwhile, begin with the end in mind. In barbecue, the appropriate end is producing a mouth-watering protein that amazes and delights the recipients.

• Pork butt
• Chicken
• Ribs
• And the Gold Standard: brisket

 In compliance, the appropriate end is addressing the four main areas of regulatory concern:

• Fixed operations - environmental, health and safety (EH&S), Occupational Safety & Health Administration (OSHA) requirements, lift safety, etc.
• Variable operations -Unfair and Deceptive Acts and Practices (UDAP), Fair Credit Reporting Act, Equal Credit Opportunity Act, and so on
• Data Security -it touches everything
• Audit

The secret to both amazing barbecue and compliance is the same: understanding the basics and committing to a process. Even complex projects – like brisket – can be broken down into simple, repeatable tasks. Here’s how to produce a crowd-pleasing brisket every time:

1. Trim. Show no mercy – trim away any part of the brisket that is thinner than your thumb. Thin edges turn to concrete on the smoker. And trim the fat cap down to about a quarter inch (save the fat and render it to tallow while you smoke the Main Event). Be prepared to see a 17-pound packer reduce its weight to 13 pounds in the process. Try not to think about how much it costs.

2. Rub. Don’t overthink this. Until you get on the competition circuit, a 50/50 homemade blend of kosher salt and course ground pepper (we call it Dalmatian ) will suffice. Sprinkle from about 12 inches above the meat to let it spread out evenly.

3. Smoke. In barbecue, wood is your first ingredient. Texans lean toward post oak. I live in Florida and favor hickory or cherry. Tend your fire for a thin blue smoke and let nature take its course.

4. Wrap. Somewhere in the internal temperature of 165 or so, the meat will stop getting warmer. We call this the Stall, when the evaporative cooling effect balances the BTUs your fire is throwing at the meat. At this point, I wrap the brisket in butcher paper and add the Wagyu beef tallow I’ve been smoking alongside the meat – game changer. Then I put it back on the smoker until the internal temperature hits 203 to 205.

5. Rest. The crucial step. Let the juices redistribute back through the meat for at least two hours; eight is better.

Do all that and you will produce an amazing brisket. Every. Single. Time.

 A compliance program – a compliance management system, or CMS – is just like that. Here are the simple, repeatable tasks applicable to dealerships that make the seemingly complicated requirements easy to achieve:

1. Written policies. This is the foundation – record what you expect of your employees and your operations as a whole. Make all employees read and acknowledge the policies that apply to them. Repeat the process every year.

2. Consistent training. How can employees follow laws they do not even know exist? They can’t, which is why training is so important. Break it into digestible – and therefore memorable – chunks. Online is best, as it creates a record of who took which training when, and test comprehension. Retain the records.

3. Activity. Training tells your employees what to do. Do those things. 

Fixed Operations:

• Written safety program
• Hazard communication
• Safety data sheets
• Annual EPA and OSHA training and testing
• Respirator fit test and medical evaluation
• Quarterly inspections
• Lift safety inspections

Variable Operations:

• Sexual harassment and discrimination reporting and investigation process
• UDAP
• • Advertising compliance – advertised price include allnongovernmental fees?
  • Payment quotes clear, consistent and accurate?
  • F&I products properly presented and knowingly consented to?

Data Security

• Safeguards Rule
• • Administrative controls
  • Technology controls
  • Physical controls
• Red Flags Rule
• • Biometric ID verification
  • Documentation validation

4.  Audit. And once your employees have done the right things the right way, document that through audits. Audit your deal jackets. Audit your Safeguards Rule compliance (it’s required by law). Audit your Red Flags Rule compliance (it’s required by law, too). Audit your EH&S compliance. Do it regularly in-house (a worthy practice) and periodically with an independent third party (the gold standard).

Note that there are a lot of discrete steps, and the list above is not exhaustive. But each of those steps is both necessary and manageable. Do all of those steps, carefully and consistently, and you will have implemented a CMS. Just as the law – and common sense – requires.

Do all that, and you will produce an amazing compliance posture. Every. Single. Time.