Posted: March 14, 2019
A Best Practice Approach to Monitor and Enforce Direct Marketing Compliance by Paul Gipson
Monitoring and enforcing of a company’s policies and procedures, especially regarding legal standards, is an essential component of corporate compliance. Federal and state regulators have provided clear evidence of the importance of monitoring and enforcing corporate compliance through their commentary and various enforcement actions against companies who engage in direct marketing activities.
The Federal Communications Commission (FCC) has long maintained that sellers may be held vicariously liable under the Telephone Consumer Protection Act (TCPA) for unlawful telemarketing by third-parties (seeFCC 2013 Ruling). Additionally, many TCPA class actions and enforcement actions have been filed against sellers for the actions of their telemarketers regardless of the seller’s actions to prevent non-compliant or unlawful marketing efforts. Therefore, it’s on the seller to prove that an adequate monitoring program is in place and that a “hands off” approach is not their stance. A few examples:
Takeaway: According to the Telemarketing Sales Rule, a seller causes the telemarketing activity even if it retains a third-party telemarketer and authorizes the telemarketer to market the seller’s products and services. Telemarketers initiate or receive phone calls to or from consumers, and sellers provide, offer to provide, or arrange to provide goods or services to consumers in exchange for payment. The mere fact that a third-party telemarketer is empowered to sell a seller’s product is all a court may need to find a seller liable for its telemarketer’s violations.
There’s a lot that can be gleaned from commentary following enforcements against companies whose third-parties were likely the culprit of non-compliance. Below is an excerpt taken directly from the FTC:
Keep your own house in order and watch what others are doing. The scope of the Telemarketing Sales Rule is broad. If you don’t want to be called to answer for TSR violations, establish effective monitoring and compliance programs that apply in-house and to people or companies that market your products.
Therefore, while compliance guidelines are a crucial first step for laying the ground rules, their value in terms of meaningful compliance is suspect unless the procedures are monitored and enforced. And, of course, this monitoring and enforcement certainly extends to third-party providers and not just a companies’ inhouse call center. Lastly, when it comes to contracts and policies, companies must ensure the ground rules are set and there’s a clear plan of how it intends to monitor the service provider along with the documentation it will be requesting to conduct the monitoring.
So, what does all this mean? Monitor what others are doing on your behalf to ensure non-compliant activities that can cause your company to wind up in court are not occurring! And, if they are occurring, do something about it. Below is some of the key monitoring mechanisms that can help to shed light on what service providers are doing on a companies’ behalf.
For a successful monitoring program of third-party service providers, companies should take a 360-degree approach. This refers to deploying a proactive and reactive monitoring and audit program of third-party activities. There’s a multitude of companies and services out there that help with this, but that’s not the focus here. Instead, see below for the actual toolset of audit mechanisms that can give a seller piece of mind when it has third-parties acting on its behalf.
Perform Onsite Audits
As part of the assessment process, auditors should evaluate current and proposed use of customer engagement activities to ensure these activities are not putting your business at risk. If issues are discovered, a seller should work to correct these issues. In general, auditors should meet with the third-party’s top-to-bottom team, from the account manager to the agents who interact with customers. This is also a valuable time for training opportunities.
Monitor Complaints Made to FTC
Did you know that on a daily basis the FTC publishes complaints made by consumers on its complaint website? The data set contains information reported by consumers, including the telephone number originating the unwanted call, the date the complaint was created, the time the call was made, the consumer’s city and state, the subject of the call, and whether the call was a robocall. Therefore, its recommended that companies look at the phone numbers their third-parties use to contact consumers and check to see if complaints are made from consumers about those numbers. This allows companies to monitor for trends and investigate when needed.
Call Data Audits
Call data audits can be a powerful tool in documenting that a third-party’s calling processes and procedures are working properly and compliantly. Although the data revealed has potential to be less than pleasing, it can demonstrate critical issues that need to be resolved that may not have otherwise been discovered. Regular data audits can significantly reduce, or even eliminate, the number of issues by:
Recently, we worked with a company that relied on consumers to self-identify if their telephone number was a wireless or landline number when completing their online web form. The required express written consent disclosure language, as required by the TCPA, was only displayed if the number was identified by the consumer as a wireless number. A data audit revealed that approximately 35% of the telephone numbers not identified as wireless, actually were. That means a lot of calls that required the TCPA consent were made without it. Therefore, companies should not rely on consumers to self-identify the type of number they are providing as mistakes can, and do, happen. Furthermore, in my experience at CompliancePoint, I’ve observed the results and effectiveness of a calling data audit program in terms of identifying and remediating issues as outlined in the real client data below:
Perform Mystery Shopping & Call Recording Audits
I strongly recommend that companies should monitor the interactions between its third parties and its customers and prospects both for customer-service criteria and compliance requirements. In the context of do not call and telemarketing compliance,a mystery shopper may request a call via a web form, answer the call, and place a do-not-call request. Obviously, if the third-party continues to call then that’s an issue. Another example might involve a mystery shopper sitting through an entire sales pitch to ensure all required disclosures were stated. Call recording audits can be just as effective to monitor for service, disclosures, and other compliance requirements that may occur during a call. Most contact centers typically have a quality assurance program in place, but these programs typically only focus on soft-skills and customer-services areas and don’t include compliance requirements. Without a Q.A. focus on compliance, telephone representatives may be breaking the rules unbeknownst to them or their company.
Something to Consider
Arbitration agreements can be a powerful weapon to protect against class action lawsuits. An arbitration agreement is a written contract in which two or more parties agree to settle a dispute outside of court and can be used to dismiss a plaintiff’s ability to claim class action status. For example, they also may allow that if one party sues the other in court, the party that has been sued can invoke the arbitration agreement to require the matter to proceed in arbitration instead of court. An arbitration agreement may also contain a provision that prohibits the consumer from bringing claims as a group to a business. Therefore, without a certified class, the potential financial penalties following a TCPA suit can be significantly reduced. Sellers who use third-party telemarketers should ensure such agreements are in place where appropriate.
Including indemnification clauses for third-party service providers can also be a valuable tool to an extent. They can help to settle financial disputes following litigation, however the FTC does not concern themselves with such clauses. Instead, the FTC will likely go after the seller regardless if such clauses are in the seller’s contracts with its service providers. Personally, I’ve been told by a FTC employee during a conference that indemnification clauses are not worth the weight of the paper they’re written on.
There’s a lot to take in here and there’s certainly other monitoring tools that may be more relevant to a specific company, however the recommendations here will provide a solid start.
The FTC and the FCC have implemented rules and commentary, as evidenced by enforcements and lawsuits, that require a strong monitoring program. In fact, its rumored enforcements are referred to as “appropriate incentives,” for sellers to monitor and police compliance by third-parties.In other words, a hands-off/look-the-other-way approach may cause a company to end up in serious trouble.
Companies that are considering using third-party telemarketers are well-advised to provide appropriate indemnification clauses in contracts to help settle financial burdens resulting from enforcements or litigation. A strong evaluation and selection process should be in place when determining who your companies wants to be in business with. And last, but certainly not least, companies must demonstrate the sort of reasonable due diligence the FCC and FTC have consistently recommended when using telemarketers. Enforcements have shown that companies can be held liable if they know, should know, or consciously avoid knowing wrongdoing by their third-parties they do business with. Vicarious liability can be avoided, and a company with strong contract language, adequate record keeping, monitoring mechanisms, and documented enforcement actions in the event of wrongdoing would be in a strong position to avoid such liability.
For more information on this or any other compliance related questions, please do not hesitate to contact me at email@example.com.
Paul Gipson, Managing Associate at CompliancePoint, is focused on U.S. and certain international direct marketing compliance regulations. He works with clients in a variety of industries and is dedicated to provide reliable and practical consulting services. Paul has earned a Certified Information Privacy Professional (CIPP/US) certification from the International Association of Privacy Professionals, a Customer Engagement Compliance Professional (CECP) certification from the Professional Association for Customer Engagement (PACE), and has a B.A. in Business Management with a focus on consumer economics from the University of Georgia. In his spare time, he enjoys woodworking, hiking, and spending time at one of the many parks in Atlanta, where he resides.