"Culture drives great results.” ~Jack Welch
“Treasures of wickedness profit nothing: but righteousness delivereth from death.” ~Proverbs 10:2
Recall the last time you engaged in your organization’s annual budget process. If you are like many Chief Compliance Officers, your Chief Financial Officer probably wasn’t offering huge increases in your budget. In fact, you were likely asked (or told) how much of a budget reduction target you would be expected to achieve in 2014. It’s enough to make you want to declare, “Really?!?”
In this era of exponential increases in domestic and international regulatory compliance obligations, we are planning strategically to meet the monitoring and reporting challenges with enhanced governance, efficient technology applications, and increased staffing. Yet we are frequently challenged financially to justify our alleged expense-side burden on the income statement, while our revenue-producing friends across the income statement aisle often escape the budgeting process unscathed—or even emboldened. We must partner with them.
Why do I believe that we must engage our colleagues in Sales & Marketing to share our commitment to enterprise-wide regulatory compliance? Well, it certainly begins with the “tone at the top” set in the C-suite, thus implying that all production, revenue, and administrative leaders must be equally and uniformly committed to your organization’s Code of Conduct. And while I am not implying that our Sales & Marketing employees are solely responsible for regulatory fines and sanctions, exposure to the marketplace does generate the overwhelming volume of regulatory action for any organization.
So, let me ask you a few questions…
· What product or service does your organization sell?
· What is the profit margin on each unit sold?
· How many units must you sell to recover the income consumed by a large regulatory fine, attendant civil litigation, and associated loss of revenue from brand reputation depreciation?
Apply that calculation to the recent J.P. Morgan Chase $13 billion U.S. Department of Justice settlement. Someone at that bank is going to have to sell a slew of mortgages and auto loans to recapture that lost revenue!
So, let me ask you a few more questions…
· What is the aggregate cost to invest in training each of your employees to comprehend and practice ethical and compliant behavior appropriate for their job classification at your organization?
· What is the aggregate cost to invest in implementing appropriate internal controls and continuous monitoring systems to prevent, detect, and mitigate compliance failures at your organization?
· Is the sum of those two investments less than the cost of a large regulatory fine, attendant civil litigation, and associated loss of revenue from brand reputation depreciation?
Notwithstanding the painful financial cost of fines and litigation, salespeople viscerally understand the burden of attempting to sell a product or service that has become a perceived societal pariah. [Think Arthur Andersen…Enron…the Ford Pinto.]
When we train our Sales & Marketing colleagues to understand pertinent consumer protection regulation and encourage those colleagues to leverage management, the Code of Conduct, and your Compliance team to detect, report, and mitigate compliance risks, everyone wins. Let’s face it…sales incentives and corporate bonuses are larger for everyone in the company when left undiminished by preventable costs of fines, litigation, and lost sales. And that, my friends, is why Sales & Marketing should care about regulatory compliance.
Friday, November 22, 2013
Tuesday, November 5, 2013
Regulatory Compliance: Tear Down That Ivory Tower!
I recently ran into a Compliance colleague, “Jill”, whom I hadn’t seen in a while. As we exchanged pleasantries, Jill explained how busy she has been at her organization, to a point where she “couldn’t even get out of her office for lunch most days.” I understood her sentiment, but I challenged Jill’s premise that her most effective oversight of her Compliance Management Program was being accomplished sitting at her desk with her nose to the proverbial grindstone.
“What do you mean?”, Jill inquired.
“For starters, how are you assessing the compliance culture within and across your organization?”, I responded. I waited for the predictable response.
“I receive reports from each department head on a quarterly basis. I meet with those same department heads at least annually as we update our risk assessment. “ And then she punctuated her response, “I always know what is going on from a Compliance perspective.”
We visited for a few more minutes before continuing on our respective journeys. I have the utmost respect for Jill, and the many colleagues with whom I’ve engaged in similar conversations over the years. But I was reminded again that day that differing viewpoints pervade our Compliance Management profession.
I liken the practice of our craft to that of a world traveler. In fact, given the international nature of Regulatory Compliance, many of us have become world travelers from time to time. But one cannot truly experience traveling the world by reading other people’s written accounts of foreign lands. Similarly, Compliance professionals cannot simply read stacks of reports, formally engage depart heads once or twice annually, and conclude that they have traveled the organizational “globe”.
We’ve got to come down out of our ivory towers. In fact, we’ve got to tear down our ivory towers in the Compliance Department and never return to our old ways. Instead, let’s engage leaders at all levels across our organizations as often as possible. Informal dialogue that may occur within the context of a scheduled project meeting, or a chance meeting in the hallway, can often generate useful information that lends itself well to a holistic risk assessment.
Leaders want to tell you what concerns they are facing, and when those concerns signal regulatory compliance exposure, you have an opportunity to collaborate further toward a resolution. Internal Audit provides another natural source of regulatory compliance risk data gleaned from its expansive reach throughout your organization. Regulatory Compliance also finds a natural ally in the Information Technology Department, where governance, risk management and compliance looms large over an ever-evolving landscape. Compliance professionals grow to become trusted confederates with leaders of lines of business, Internal Audit and Information Technology.
So join me! Grab your water bottle or coffee cup, and explore your organization more freely. Engage others daily and take a more genuine interest in the regulatory compliance challenges facing your fellow leaders. Collaborate with them to develop lasting compliance solutions. Your risk assessments and resultant regulatory compliance program will flourish, producing more meaningful results for the entire organization. You won’t want to return to the ivory tower.
“What do you mean?”, Jill inquired.
“For starters, how are you assessing the compliance culture within and across your organization?”, I responded. I waited for the predictable response.
“I receive reports from each department head on a quarterly basis. I meet with those same department heads at least annually as we update our risk assessment. “ And then she punctuated her response, “I always know what is going on from a Compliance perspective.”
We visited for a few more minutes before continuing on our respective journeys. I have the utmost respect for Jill, and the many colleagues with whom I’ve engaged in similar conversations over the years. But I was reminded again that day that differing viewpoints pervade our Compliance Management profession.
I liken the practice of our craft to that of a world traveler. In fact, given the international nature of Regulatory Compliance, many of us have become world travelers from time to time. But one cannot truly experience traveling the world by reading other people’s written accounts of foreign lands. Similarly, Compliance professionals cannot simply read stacks of reports, formally engage depart heads once or twice annually, and conclude that they have traveled the organizational “globe”.
We’ve got to come down out of our ivory towers. In fact, we’ve got to tear down our ivory towers in the Compliance Department and never return to our old ways. Instead, let’s engage leaders at all levels across our organizations as often as possible. Informal dialogue that may occur within the context of a scheduled project meeting, or a chance meeting in the hallway, can often generate useful information that lends itself well to a holistic risk assessment.
Leaders want to tell you what concerns they are facing, and when those concerns signal regulatory compliance exposure, you have an opportunity to collaborate further toward a resolution. Internal Audit provides another natural source of regulatory compliance risk data gleaned from its expansive reach throughout your organization. Regulatory Compliance also finds a natural ally in the Information Technology Department, where governance, risk management and compliance looms large over an ever-evolving landscape. Compliance professionals grow to become trusted confederates with leaders of lines of business, Internal Audit and Information Technology.
So join me! Grab your water bottle or coffee cup, and explore your organization more freely. Engage others daily and take a more genuine interest in the regulatory compliance challenges facing your fellow leaders. Collaborate with them to develop lasting compliance solutions. Your risk assessments and resultant regulatory compliance program will flourish, producing more meaningful results for the entire organization. You won’t want to return to the ivory tower.
Thursday, October 17, 2013
Don’t make the wrong call!
Ensuring compliance with the Telemarketing Sales Rule (TSR) and Telephone Consumers Protection Act (TCPA)
* The FTC has long blazed a trail of consumer protection aimed at unscrupulous telemarketers.
* The FCC has strengthened its arsenal of weapons aimed at robocallers.
* Failure to incorporate the 2013 requirements can cost your company millions of dollars.
* Compliance Departments must engage all stakeholders in the organization.
* Building a compliant outbound calling & texting program will protect profits and the brand.
No longer can any sales and service organization naively believe that it will escape the notice of United States federal consumer protection regulators. If your organization uses a telephone to reach consumers, then the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are two such agencies for which regulatory compliance professionals must maintain a watchful eye.
In conjunction with the robust outbound communication activities that our sales and service operations undertake, careless violations of FTC and FCC consumer communications laws garner sizeable financial penalties. To understand the impact of the October 2013 FCC amendments, it is helpful to review the FTC’s Telemarketing Sales Rule requirements.
FTC Telemarketing Sales Rule 2008 Amendments
The FTC administers the Telemarketing Sales Rule (TSR). Amended in 2008, the TSR governs outbound telephone calls initiated by a telemarketer, including those involving dialing technology (“autodialers”) and pre-recorded messages. As defined by the FTC:
• “Outbound telephone call” to mean a telephone call initiated by a telemarketer to induce the purchase of goods or services or to solicit a charitable contribution;
• “Telemarketer” means any person who, in connection with telemarketing, initiates or receives telephone calls to or from a customer or donor; and
• “Telemarketing” means a plan, program, or campaign which is conducted to induce the purchase of goods or services or a charitable contribution, by use of one or more telephones and which involves more than one interstate telephone call.1
Some prerecorded messages still are permitted under these rules — for example, messages that are purely informational. That means a consumer may still receive calls to let him/her know a flight’s been cancelled, reminders about an appointment or messages about a delayed school opening. But the business doing the calling still isn’t allowed to promote the sale of any goods or services. Political calls, calls from certain healthcare providers and messages from a business contacting a consumer to collect a debt also are permitted. Prerecorded messages from banks, telephone carriers and charities also are exempt from these rules if the banks, carriers or charities make the calls themselves.2
While notifying consumers of a store address change is considered informational (thus not telemarketing), inviting them to a grand opening celebration at the new address could be considered part of a “plan, program or campaign” to induce the purchase of goods or services. That is, merely mentioning the grand opening could be the “hook” for a court or regulator to determine that the entire script is “telemarketing.”
The amended TSR expressly bars telemarketing calls that deliver prerecorded messages, unless a consumer previously has agreed to accept such calls from the seller.3 As a result, most businesses became required to obtain the consumer’s written permission before they could call a consumer with prerecorded telemarketing messages, or “robocalls”. In fact, a business has to make it clear it’s asking to call a consumer with these kinds of messages, and it can’t require a consumer to agree to the calls in order to get any goods or services. If the consumer initially agrees to receive robocalls, the consumer also retains the right to change his/her mind and rescind his/her opt-in.
The FTC takes enforcement of the TSR very seriously when it comes to robocall violators. A May 2013 FTC action resulted in a Department of Justice settlement4 resulting from an FTC-led complaint.5 Specifically, citing 16 C.F.R. § 310.4(b)(l )(v)(A), the Defendant company was permanently restrained and enjoined from engaging in, causing others to engage in, or assisting other persons to engage in:
A. Initiating any outbound telephone call that delivers a prerecorded message to induce the purchase of any good or service unless, prior to making any such call, the seller has obtained from the recipient of the call an express agreement, in writing, that:
1. the seller obtained only after a clear and conspicuous disclosure that the purpose of the agreement is to authorize the seller to place prerecorded calls to such person;
2. the seller obtained without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service;
3. evidences the willingness of the recipient of the call to receive calls that deliver prerecorded messages by or on behalf of a specific seller; and
4. includes such person’s telephone number and signature.
The Defendant was ordered to undergo federal compliance monitoring, extensive recordkeeping and detailed reporting for 10 years. Additionally, the settlement included judgment in the amount of $75,000 entered in favor of the FTC against Defendant as a civil penalty. The Defendant’s judgment was far more lenient that the $16,000 per call that the FTC is authorized to assess under the TSR.
FCC Telephone Consumer Protection Act 2012 Amendments
The FCC administers the Telephone Consumer Protection Act (TCPA). In alignment with the FTC position, revised FCC TCPA rules took effect on October 16, 2013 and require “prior express written consent” for pre-recorded telemarketing calls using autodialer technology made to both cell phones and land line phones. This rule change expressly amends the previous FCC rule which (1) had not required written consent; and (2) had allowed prerecorded telemarketing calls to land line phones where a business relationship existed.
The FCC has taken a very broad view of the use of autodialer technology. Although the rules provide a very specific definition of autodialer, regulators and the courts have interpreted the definition so broadly that any computerized dialing device could be viewed as an autodialer. It is advisable not to make non-consented calls to cellphones, unless your organization has an entirely manual process for initiating the call.
Misuse or misunderstanding the use of autodialer technology in the absence of receiving prior express written consent has expensive consequences. The TCPA has a private right of action and recent class action lawsuits have settled for tens of millions of dollars.6
Costly non-compliance
Non-compliance with the TSR and the TCPA exposes your organization to civil liability and regulatory sanctions and fines. At up to $1,500 per violation, non-compliance with the TCPA text message requirements alone could expose your organization to a sizeable civil judgment. A company that sends a mere 7,000 non-consented text messages could statutorily incur a fine in excess of ten million dollars.
This TCPA text message revision is anticipated to also invite predatory class action litigation as enterprising plaintiff attorneys seek to capitalize on the technical change to the law. Regulatory penalties and class action lawsuits give rise to negative publicity that have the potential to damage your organization’s profitability and its brand.
Build compliance into your outbound calling and texting programs
To address this potential reputational, regulatory, and legal risk exposure, compliance professionals should partner with the stakeholders in the organization who have a vested interest in outbound calling and texting programs. These stakeholder functions will likely include Sales, Marketing, E-Commerce, Call Centers, and Information Technology (yes, IT! They own the autodialer and messaging hardware and software your organization relies upon). And don’t forget those third-party service providers that may actually be managing your call lists, opt-ins, and outbound calling and texting programs.
Once you have marshaled your stakeholders, you will want to undertake:
(1) a review of existing outbound calling and texting programs, approval processes, and vendor contracts; and
(2) provide detailed guidance to management regarding required current changes and safeguards for current and future programs.
You will specifically want to address pre-recorded messages sent to both land line and cellular phones, as well as text messages sent to cellular phones.
Compliant pre-recorded messages
Your organization may call consumers who have provided written permission after being fully informed that they have expressly assented to receive prerecorded calls regarding your products and services. If your organization has not obtained such “prior express written consent” since October 16, 2013, you will want to solicit a revised affirmative written opt-in. Guidance interpreting the amended TCPA treatment of prerecorded calls suggests that a consumer must have the option to affirmatively check an unchecked box beside verbiage that explicitly and plainly explains that the consumer is opting into receiving prerecorded calls to his/her cell phone and/or land line phone.
A prerecorded message system must also adhere to the following opt-out language and activation safeguards:
• Businesses using robocalls are required by law to tell a consumer at the beginning of the message how to stop future calls, and must provide an automated opt-out the consumer can activate by voice or key press throughout the call.
• If the message could be left on voicemail or an answering machine, businesses also have to provide a toll-free number at the beginning of the message that will connect to an automated opt-out system the consumer can use any time.
Compliant text/SMS messages
Changes to existing text message marketing opt-in processes may be required at your organization to conform to the new “prior express written consent” standard. Recognizing that text messages are limited in character length, these changes should be customized for your purposes, but may resemble:
• New text/SMS enrollee receives: “Reply ‘AGREE’ to receive wkly XYZ Discount Alerts. Periodic msgs may be sent using autodialer. Consent not required for purchase. Msg&Data rates may apply” (to fulfill the FCC requirement of obtaining express written consent after the initial request is received AND that his/her consent is not required in conjunction with any other purchase)
• Once the consumer replies with ‘AGREE’, enrollee receives: “Thanks for confirming! You will receive weekly XYZ Discount Alerts! Stop reply ‘STOP XYZ’. Msg&Data rates may apply.” (to fulfill the FCC requirement of explicitly informing the requestor how he/she may rescind the opt-in)
Obtain new consent from current text/SMS subscribers
Your organization may currently have thousands (or hundreds of thousands) of subscribers. When the new rules took effect on October 16, 2013, all consent obtained under the old “prior express consent” standard were invalidated. When the FCC issued its revised rules in February 2012, the agency conveyed that once the new written consent rules became effective, companies would be required to obtain the revised “prior express written consent” before sending additional marketing messages. An established business relationship will also no longer relieve advertisers of prior written consent requirement after the effective date. You may thus seek to ensure that all current subscribers also receive the message inviting them to reply ‘AGREE’.
New text/SMS message marketing programs
These same FCC principles would apply to new text marketing programs that your organization may launch in the future. The FCC interprets “marketing” very broadly in its own favor, so you will want to ensure that your Compliance Department is involved at inception to review new text messaging programs.
Conclusion
As compliance professionals, we must daily balance our organization’s customer-focused mission with the consumer protection regulatory requirements. By taking swift action with your stakeholders now regarding the TSR and TCPA, you can reduce the risk that your organization will make the wrong call.
Notes
1 The Telemarketing Sales Rule, September 2009, http://www.consumer.ftc.gov/articles/0198-telemarketing-sales-rule.
2 Ibid.
3 FTC Issues Final Telemarketing Sales Rule Amendments Regarding Prerecorded Calls, August 19, 2008, http://www.ftc.gov/opa/2008/08/tsr.shtm.
4 United States of America v. Skyy Consulting, Inc., also d/b/a CallFire, a California corporation, United States District Court, Northern District of California, San Francisco Division, Case4:13-cv-02136-DMR, Document 3, Filed 05/13/13, http://www.ftc.gov/os/caselist/1223011/130514callfirestip.pdf.
5 United States of America v. Skyy Consulting, Inc., also d/b/a CallFire, a California corporation, United States District Court, Northern District of California, San Francisco Division, Case4:13-cv-02136-DMR, Complaint, Filed 05/09/13, http://www.ftc.gov/os/caselist/1223011/130514callfirecmpt.pdf.
6 Pari Najafi v. SLM Corporation, et al., United States District Court for the Southern District of California, Case No. 10-cv-0530 MMAAmended Settlement Agreement, October 7, 2011, http://www.manatt.com/uploadedFiles/Content/4_News_and_Events/Newsletters/AdvertisingLaw@manatt/Sallie%20Mae%20amended%20settlement%20agreement.pdf.
* The FTC has long blazed a trail of consumer protection aimed at unscrupulous telemarketers.
* The FCC has strengthened its arsenal of weapons aimed at robocallers.
* Failure to incorporate the 2013 requirements can cost your company millions of dollars.
* Compliance Departments must engage all stakeholders in the organization.
* Building a compliant outbound calling & texting program will protect profits and the brand.
No longer can any sales and service organization naively believe that it will escape the notice of United States federal consumer protection regulators. If your organization uses a telephone to reach consumers, then the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are two such agencies for which regulatory compliance professionals must maintain a watchful eye.
In conjunction with the robust outbound communication activities that our sales and service operations undertake, careless violations of FTC and FCC consumer communications laws garner sizeable financial penalties. To understand the impact of the October 2013 FCC amendments, it is helpful to review the FTC’s Telemarketing Sales Rule requirements.
FTC Telemarketing Sales Rule 2008 Amendments
The FTC administers the Telemarketing Sales Rule (TSR). Amended in 2008, the TSR governs outbound telephone calls initiated by a telemarketer, including those involving dialing technology (“autodialers”) and pre-recorded messages. As defined by the FTC:
• “Outbound telephone call” to mean a telephone call initiated by a telemarketer to induce the purchase of goods or services or to solicit a charitable contribution;
• “Telemarketer” means any person who, in connection with telemarketing, initiates or receives telephone calls to or from a customer or donor; and
• “Telemarketing” means a plan, program, or campaign which is conducted to induce the purchase of goods or services or a charitable contribution, by use of one or more telephones and which involves more than one interstate telephone call.1
Some prerecorded messages still are permitted under these rules — for example, messages that are purely informational. That means a consumer may still receive calls to let him/her know a flight’s been cancelled, reminders about an appointment or messages about a delayed school opening. But the business doing the calling still isn’t allowed to promote the sale of any goods or services. Political calls, calls from certain healthcare providers and messages from a business contacting a consumer to collect a debt also are permitted. Prerecorded messages from banks, telephone carriers and charities also are exempt from these rules if the banks, carriers or charities make the calls themselves.2
While notifying consumers of a store address change is considered informational (thus not telemarketing), inviting them to a grand opening celebration at the new address could be considered part of a “plan, program or campaign” to induce the purchase of goods or services. That is, merely mentioning the grand opening could be the “hook” for a court or regulator to determine that the entire script is “telemarketing.”
The amended TSR expressly bars telemarketing calls that deliver prerecorded messages, unless a consumer previously has agreed to accept such calls from the seller.3 As a result, most businesses became required to obtain the consumer’s written permission before they could call a consumer with prerecorded telemarketing messages, or “robocalls”. In fact, a business has to make it clear it’s asking to call a consumer with these kinds of messages, and it can’t require a consumer to agree to the calls in order to get any goods or services. If the consumer initially agrees to receive robocalls, the consumer also retains the right to change his/her mind and rescind his/her opt-in.
The FTC takes enforcement of the TSR very seriously when it comes to robocall violators. A May 2013 FTC action resulted in a Department of Justice settlement4 resulting from an FTC-led complaint.5 Specifically, citing 16 C.F.R. § 310.4(b)(l )(v)(A), the Defendant company was permanently restrained and enjoined from engaging in, causing others to engage in, or assisting other persons to engage in:
A. Initiating any outbound telephone call that delivers a prerecorded message to induce the purchase of any good or service unless, prior to making any such call, the seller has obtained from the recipient of the call an express agreement, in writing, that:
1. the seller obtained only after a clear and conspicuous disclosure that the purpose of the agreement is to authorize the seller to place prerecorded calls to such person;
2. the seller obtained without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service;
3. evidences the willingness of the recipient of the call to receive calls that deliver prerecorded messages by or on behalf of a specific seller; and
4. includes such person’s telephone number and signature.
The Defendant was ordered to undergo federal compliance monitoring, extensive recordkeeping and detailed reporting for 10 years. Additionally, the settlement included judgment in the amount of $75,000 entered in favor of the FTC against Defendant as a civil penalty. The Defendant’s judgment was far more lenient that the $16,000 per call that the FTC is authorized to assess under the TSR.
FCC Telephone Consumer Protection Act 2012 Amendments
The FCC administers the Telephone Consumer Protection Act (TCPA). In alignment with the FTC position, revised FCC TCPA rules took effect on October 16, 2013 and require “prior express written consent” for pre-recorded telemarketing calls using autodialer technology made to both cell phones and land line phones. This rule change expressly amends the previous FCC rule which (1) had not required written consent; and (2) had allowed prerecorded telemarketing calls to land line phones where a business relationship existed.
The FCC has taken a very broad view of the use of autodialer technology. Although the rules provide a very specific definition of autodialer, regulators and the courts have interpreted the definition so broadly that any computerized dialing device could be viewed as an autodialer. It is advisable not to make non-consented calls to cellphones, unless your organization has an entirely manual process for initiating the call.
Misuse or misunderstanding the use of autodialer technology in the absence of receiving prior express written consent has expensive consequences. The TCPA has a private right of action and recent class action lawsuits have settled for tens of millions of dollars.6
Costly non-compliance
Non-compliance with the TSR and the TCPA exposes your organization to civil liability and regulatory sanctions and fines. At up to $1,500 per violation, non-compliance with the TCPA text message requirements alone could expose your organization to a sizeable civil judgment. A company that sends a mere 7,000 non-consented text messages could statutorily incur a fine in excess of ten million dollars.
This TCPA text message revision is anticipated to also invite predatory class action litigation as enterprising plaintiff attorneys seek to capitalize on the technical change to the law. Regulatory penalties and class action lawsuits give rise to negative publicity that have the potential to damage your organization’s profitability and its brand.
Build compliance into your outbound calling and texting programs
To address this potential reputational, regulatory, and legal risk exposure, compliance professionals should partner with the stakeholders in the organization who have a vested interest in outbound calling and texting programs. These stakeholder functions will likely include Sales, Marketing, E-Commerce, Call Centers, and Information Technology (yes, IT! They own the autodialer and messaging hardware and software your organization relies upon). And don’t forget those third-party service providers that may actually be managing your call lists, opt-ins, and outbound calling and texting programs.
Once you have marshaled your stakeholders, you will want to undertake:
(1) a review of existing outbound calling and texting programs, approval processes, and vendor contracts; and
(2) provide detailed guidance to management regarding required current changes and safeguards for current and future programs.
You will specifically want to address pre-recorded messages sent to both land line and cellular phones, as well as text messages sent to cellular phones.
Compliant pre-recorded messages
Your organization may call consumers who have provided written permission after being fully informed that they have expressly assented to receive prerecorded calls regarding your products and services. If your organization has not obtained such “prior express written consent” since October 16, 2013, you will want to solicit a revised affirmative written opt-in. Guidance interpreting the amended TCPA treatment of prerecorded calls suggests that a consumer must have the option to affirmatively check an unchecked box beside verbiage that explicitly and plainly explains that the consumer is opting into receiving prerecorded calls to his/her cell phone and/or land line phone.
A prerecorded message system must also adhere to the following opt-out language and activation safeguards:
• Businesses using robocalls are required by law to tell a consumer at the beginning of the message how to stop future calls, and must provide an automated opt-out the consumer can activate by voice or key press throughout the call.
• If the message could be left on voicemail or an answering machine, businesses also have to provide a toll-free number at the beginning of the message that will connect to an automated opt-out system the consumer can use any time.
Compliant text/SMS messages
Changes to existing text message marketing opt-in processes may be required at your organization to conform to the new “prior express written consent” standard. Recognizing that text messages are limited in character length, these changes should be customized for your purposes, but may resemble:
• New text/SMS enrollee receives: “Reply ‘AGREE’ to receive wkly XYZ Discount Alerts. Periodic msgs may be sent using autodialer. Consent not required for purchase. Msg&Data rates may apply” (to fulfill the FCC requirement of obtaining express written consent after the initial request is received AND that his/her consent is not required in conjunction with any other purchase)
• Once the consumer replies with ‘AGREE’, enrollee receives: “Thanks for confirming! You will receive weekly XYZ Discount Alerts! Stop reply ‘STOP XYZ’. Msg&Data rates may apply.” (to fulfill the FCC requirement of explicitly informing the requestor how he/she may rescind the opt-in)
Obtain new consent from current text/SMS subscribers
Your organization may currently have thousands (or hundreds of thousands) of subscribers. When the new rules took effect on October 16, 2013, all consent obtained under the old “prior express consent” standard were invalidated. When the FCC issued its revised rules in February 2012, the agency conveyed that once the new written consent rules became effective, companies would be required to obtain the revised “prior express written consent” before sending additional marketing messages. An established business relationship will also no longer relieve advertisers of prior written consent requirement after the effective date. You may thus seek to ensure that all current subscribers also receive the message inviting them to reply ‘AGREE’.
New text/SMS message marketing programs
These same FCC principles would apply to new text marketing programs that your organization may launch in the future. The FCC interprets “marketing” very broadly in its own favor, so you will want to ensure that your Compliance Department is involved at inception to review new text messaging programs.
Conclusion
As compliance professionals, we must daily balance our organization’s customer-focused mission with the consumer protection regulatory requirements. By taking swift action with your stakeholders now regarding the TSR and TCPA, you can reduce the risk that your organization will make the wrong call.
Notes
1 The Telemarketing Sales Rule, September 2009, http://www.consumer.ftc.gov/articles/0198-telemarketing-sales-rule.
2 Ibid.
3 FTC Issues Final Telemarketing Sales Rule Amendments Regarding Prerecorded Calls, August 19, 2008, http://www.ftc.gov/opa/2008/08/tsr.shtm.
4 United States of America v. Skyy Consulting, Inc., also d/b/a CallFire, a California corporation, United States District Court, Northern District of California, San Francisco Division, Case4:13-cv-02136-DMR, Document 3, Filed 05/13/13, http://www.ftc.gov/os/caselist/1223011/130514callfirestip.pdf.
5 United States of America v. Skyy Consulting, Inc., also d/b/a CallFire, a California corporation, United States District Court, Northern District of California, San Francisco Division, Case4:13-cv-02136-DMR, Complaint, Filed 05/09/13, http://www.ftc.gov/os/caselist/1223011/130514callfirecmpt.pdf.
6 Pari Najafi v. SLM Corporation, et al., United States District Court for the Southern District of California, Case No. 10-cv-0530 MMAAmended Settlement Agreement, October 7, 2011, http://www.manatt.com/uploadedFiles/Content/4_News_and_Events/Newsletters/AdvertisingLaw@manatt/Sallie%20Mae%20amended%20settlement%20agreement.pdf.
Friday, October 11, 2013
WHEN ETHICS AND EXPEDIENCY COLLIDE
“It is the mark of an educated mind to be able to entertain a thought without accepting it.” ~Aristotle
“There are no easy answers' but there are simple answers. We must have the courage to do what we know is morally right.” ~Ronald Reagan
As Compliance and Ethics Professionals, we are daily reminded that violations of law and dignity are no less common now than they were in ancient civilizations. We report upon and read about corporate, government, and personal scandals that boggle the mind. Acts and omissions that defy common sense are nonetheless undertaken out of expediency, greed and ignorance, only to eventually expose the perpetrators in the public square.
Why?
Why--with all the failed historical examples, complex laws, regulatory bodies, education and training—do some organizations continue to succumb to poor judgment and wrongdoing, while other organizations rise above?
While we speak often about the ‘tone at the top’, we must also acknowledge that ideas and actions emanate at all levels of our organizations. Driven by deadlines, profits, corporate goals, marketplace competition, etc., individuals contemplate ideas and execute upon those ideas. But not all ideas for generating revenue, decreasing expenses, or streamlining processes merit the same consideration.
An organization’s culture, modeled by its leaders at all levels, must unambiguously communicate that execution must meet its values. A healthy exchange of ideas should always be weighed sufficiently and transparently by knowledgeable stakeholders, so as to expose potential ethical, legal and financial pitfalls. Though we are charged with educating our operational and administrative colleagues about our Code of Conduct and our Legal and Regulatory obligations, we have the additional obligation to actively counsel them as well.
Leveraging our Anonymous Reporting Hotlines, Internal Audit Departments, and industry and regulatory trends, we ourselves must be prepared to actively engage our colleagues across our organizations to probe for prospective lapses. In a highly-charged competitive environment, we cannot idly sit by and fail to question if expediency is trumping ethical decision-making. Let’s not forget that we are the protagonists—not the villains—in this story.
“There are no easy answers' but there are simple answers. We must have the courage to do what we know is morally right.” ~Ronald Reagan
As Compliance and Ethics Professionals, we are daily reminded that violations of law and dignity are no less common now than they were in ancient civilizations. We report upon and read about corporate, government, and personal scandals that boggle the mind. Acts and omissions that defy common sense are nonetheless undertaken out of expediency, greed and ignorance, only to eventually expose the perpetrators in the public square.
Why?
Why--with all the failed historical examples, complex laws, regulatory bodies, education and training—do some organizations continue to succumb to poor judgment and wrongdoing, while other organizations rise above?
While we speak often about the ‘tone at the top’, we must also acknowledge that ideas and actions emanate at all levels of our organizations. Driven by deadlines, profits, corporate goals, marketplace competition, etc., individuals contemplate ideas and execute upon those ideas. But not all ideas for generating revenue, decreasing expenses, or streamlining processes merit the same consideration.
An organization’s culture, modeled by its leaders at all levels, must unambiguously communicate that execution must meet its values. A healthy exchange of ideas should always be weighed sufficiently and transparently by knowledgeable stakeholders, so as to expose potential ethical, legal and financial pitfalls. Though we are charged with educating our operational and administrative colleagues about our Code of Conduct and our Legal and Regulatory obligations, we have the additional obligation to actively counsel them as well.
Leveraging our Anonymous Reporting Hotlines, Internal Audit Departments, and industry and regulatory trends, we ourselves must be prepared to actively engage our colleagues across our organizations to probe for prospective lapses. In a highly-charged competitive environment, we cannot idly sit by and fail to question if expediency is trumping ethical decision-making. Let’s not forget that we are the protagonists—not the villains—in this story.
Wednesday, August 21, 2013
YOUR DREAM TEAM: Where Everyone is a Compliance Leader
"In looking for people to hire, you look for three qualities: integrity, intelligence, and energy. And if they don't have the first, the other two will kill you." ~ Warren Buffet
“The supreme quality for leadership is unquestionably integrity. Without it, no real success is possible, no matter whether it is on a section gang, a football field, in an army, or in an office.” ~Dwight D. Eisenhower
Who leads legal and regulatory compliance at your organization?
How many of your employees are in a compliance role?
Before you respond, consider this…every employee in my organization is in a compliance role...and is charged with being a compliance leader. We only hire compliance leaders to fill each open position throughout the organization. Sales. Operations. Human Resources. Accounting. Facilities Maintenance.
You may be wondering why an organization would engage in such a hair-brained staffing strategy. (You may also be wondering how much longer such an organization could remain in business.) But hearkening back to the words of Warren Buffet and President Eisenhower above, how else could you possibly select talent?
In today’s increasingly complex international regulatory topography, no function within your organization escapes the need to develop policies, processes and training that will address compliance requirements at all employee levels. A CEO cannot simply rely upon on an Internal Audit function, a Legal Department, or a Regulatory Compliance team to identify and mitigate all enterprise-wide risks.
Further, day-to-day compliance and risk management responsibility cannot fall solely upon the shoulders of department heads or supervisors. As leaders, each of you knows that there are far more events occurring for which you are unaware than those that do rise to your attention. Each of our employees—from the most senior to the newly-hired—must understand his/her vital role in preventing, identifying, reporting, and resolving the compliance issues that affect his/her respective role and department.
We must hire individuals that bring the added skill of compliance awareness. I want:
• a talented facilities maintenance employee who also appreciates the impact the EPA and OSHA have at our organization;
• a certified public accountant who also appreciates the impact that the SEC and PCAOB can have;
• a customer-focused call center agent who also appreciates the impact that the FTC and FCC can have; and so forth.
Myself, I’d rather have thousands of sets of eyes mitigating risk globally than to rely only upon my own comparatively limited viewpoint. So, let me ask those questions a different way now…
Who doesn’t lead legal and regulatory compliance at your organization, and why not?
How many of your employees aren’t in a compliance role, and why not?
“The supreme quality for leadership is unquestionably integrity. Without it, no real success is possible, no matter whether it is on a section gang, a football field, in an army, or in an office.” ~Dwight D. Eisenhower
Who leads legal and regulatory compliance at your organization?
How many of your employees are in a compliance role?
Before you respond, consider this…every employee in my organization is in a compliance role...and is charged with being a compliance leader. We only hire compliance leaders to fill each open position throughout the organization. Sales. Operations. Human Resources. Accounting. Facilities Maintenance.
You may be wondering why an organization would engage in such a hair-brained staffing strategy. (You may also be wondering how much longer such an organization could remain in business.) But hearkening back to the words of Warren Buffet and President Eisenhower above, how else could you possibly select talent?
In today’s increasingly complex international regulatory topography, no function within your organization escapes the need to develop policies, processes and training that will address compliance requirements at all employee levels. A CEO cannot simply rely upon on an Internal Audit function, a Legal Department, or a Regulatory Compliance team to identify and mitigate all enterprise-wide risks.
Further, day-to-day compliance and risk management responsibility cannot fall solely upon the shoulders of department heads or supervisors. As leaders, each of you knows that there are far more events occurring for which you are unaware than those that do rise to your attention. Each of our employees—from the most senior to the newly-hired—must understand his/her vital role in preventing, identifying, reporting, and resolving the compliance issues that affect his/her respective role and department.
We must hire individuals that bring the added skill of compliance awareness. I want:
• a talented facilities maintenance employee who also appreciates the impact the EPA and OSHA have at our organization;
• a certified public accountant who also appreciates the impact that the SEC and PCAOB can have;
• a customer-focused call center agent who also appreciates the impact that the FTC and FCC can have; and so forth.
Myself, I’d rather have thousands of sets of eyes mitigating risk globally than to rely only upon my own comparatively limited viewpoint. So, let me ask those questions a different way now…
Who doesn’t lead legal and regulatory compliance at your organization, and why not?
How many of your employees aren’t in a compliance role, and why not?
Tuesday, July 30, 2013
BUILDING EFFECTIVE COMPLIANCE PROGRAMS: It Takes a Village
“No member of a crew is praised for the rugged individuality of his rowing” ~Ralph Waldo Emerson
“If everyone is moving forward together, then success takes care of itself” ~Henry Ford
I had recently been contacted by an individual who had been tapped by her organization to launch a corporate compliance program. My colleague approached me with that perennial question, “How did you build your program?...” I paused to consider my response.
Despite the mythology to which some may wish to subscribe, individuals don’t design, build or improve corporate compliance programs alone. While certainly individuals contribute significant leadership, ideas, and work product to a successful compliance program, it is truly the efforts of interconnected contributors that weaves the fabric of the program.
From scoping and documenting the program charter through defining and populating a comprehensive compliance risk universe, it takes a village of invested professionals to build the program. Since a compliance program likely encompasses several lines of business and diverse operating functions spread across multiple locations, personal interaction with a variety of leaders and staff is necessary to identify, quantify, and rank risks across an organization. I don’t know about you, but I certainly have experiential limitations regarding various functions outside my areas of expertise. Without those subject matter experts, my program would be neither comprehensive nor effective.
Thus, while it would have been terribly tempting to my ego to lead my fellow professional colorfully through an anecdotal reprisal of my rugged journey to locate the holy grail of corporate compliance on a lonely mountaintop, my better angels prevailed. “Katherine, I’d be pleased to share with you how we built our program, and the lessons we’ve learned…” And with that discussion, another member was added to the compliance program “village.”
Wednesday, July 3, 2013
EXPOSING MY DIRTY LAUNDRY: Responding to Ethical Incidents in Advance
“Ethics is knowing the difference between what you have a right to do and what is right to do.”
~Potter Stewart, former U.S. Supreme Court Justice
“The time is always right to do what is right.”
~Martin Luther King, Jr., U.S. civil rights leader
Today’s revelation that former Olympus Corporation Chairman Tsuyoshi Kikukawa had received a suspended sentence for his role in a $1.7 billion accounting fraud is a reminder that neither business ethics courses nor prior real-world examples have stemmed the tide of high-profile executive wrongdoing. In addition to former Olympus Executive Vice President Hisashi Mori, Hideo Yamada, the former auditing officer, also received a suspended sentence, debunking any myths that corporate audit and compliance professionals are above temptation.
Sufficient ink has been dedicated to detailing the corporate, government, and NGO ethical downfalls throughout the modern age. Fraud observes no geographical, political or industry boundaries. Ethical lapses remain pervasive and persistent, but I believe they are preventable.
What are you doing within your organization currently to acknowledge and mitigate the risks posed by executive ethical lapses?
Tone at the top is more than an email, a poster, or even a video distributed by your chief executive officer expounding the importance and benefits of maintaining an ethical cultural. Real ethical leadership takes root within an organization when the board of directors and senior leadership infuse the culture with relevant actions.
· Strategic planning conferences and periodic governance meetings should include ethics discussions on the agenda.
· Tabletop exercises should be built around current ethical lapse events in your industry.
· Internal metrics should be tracked and benchmarked against other like organizations.
· Employees at all levels must be encouraged to ask questions and report observed ethical lapses in good faith without fear of retaliation.
What are you doing when a significant ethical lapse strikes from within your own organization?
At one time or another nearly every organization, be it for-profit, government agency, faith-based, etc., will need to address an ethical incident that emanates from within its own walls. More than just the fear of negative publicity or criminal prosecution should drive the organization’s response. Many a relatively minor ethical incident has morphed into fodder for bloggers and 24/7 cable news outlets simply due to senior level fumbling and obfuscation amidst embarrassing revelations.
In fact, the best time to publicly address ethical lapses within your organization is before one has emerged.
· Plan, document and test your organization’s Ethical Incident Response Plan (E-IRP).
· Educate senior leadership regarding effective and transparent communication strategy, obtaining communication training in advance where needs dictate.
· Communicate in a coordinated, transparent and timely manner both internally and externally to your organization, erring on the side of humility and candor.
Organizations are governed and led by human beings. Men and women, regardless of demographic variables across cultures, shun the humiliation and ridicule that scandal generates. Applying an objective E-IRP model in advance of ethical lapses will mitigate the risk that my dirty laundry—or yours—will hang too long on the proverbial corporate clothesline.
Subscribe to:
Posts (Atom)