The 2019 Online Lenders Alliance (OLA) Compliance University is a wrap. This two-day event, held in Washington DC on July 23-24, 2019, featured a wide range of content from industry professionals, compliance experts, and regulators. While many topics were covered, central themes included recent or pending changes in the compliance and regulatory landscape and best practices for how companies can remain compliant in a rapidly changing environment.
As a new member of OLA, I was honored to represent ActiveProspect and share best practices around a critical aspect of compliance – documenting and storing proof of prior express written consent for TCPA purposes. While complying with the Telephone Consumer Protection Act (TCPA) is usually the primary reason to document consent, there are also benefits to using this best practice for the Fair Credit Reporting Act (FCRA) documentation, as well.
Our session consisted of three speakers who addressed some of the trends and compliance considerations involving TCPA.
- David Smith from Bradley opened the panel with a discussion highlighting the unbalanced playing field that exists with TCPA today. While many issues remain uncertain, such as the definition of automated telephone dialing systems and what qualifies as revocation of consent, one thing is constant – companies are viewed as guilty before proven innocent and the burden of proof is entirely on the company to demonstrate compliance. Furthermore, with the average cost of a TCPA settlement at $6.6 million dollars in 2018 and an increasing concern with 3rd party liability, the arena is fraught with risks like never before.
- Tom Algie from Idology addressed other imbalances with issues related to Know Your Customer (KYC). We are at a place where consumers want to provide the least amount of information and also have as much of a frictionless experience as possible. Unfortunately, providing the consumer with that experience comes with compliance risks, most notably when it comes to data security and right party verification. Tom detailed how to add friction in the process only when necessary to provide a great customer experience while also improving KYC and compliance outcomes.
- For my part, I focused on how companies in the online lending industry can provide a more effective defense for TCPA and FCRA challenges by leveraging third party documentation services. The primary guideline for providing the best defense is quite simple: If you can’t prove it, it never happened. Using third party documentation services is the most effective way of proving it and allows for the best defense of consumer and regulatory inquiries regarding lead and application events.
Features of such services include:
- Video Replay- This is the most compelling evidence available and shows every aspect of the lead or application event via a video replay of the events that happened on the page. All graphics, text, and consumer actions such as mouse movements and data inputs are captured.
- Data– Page location, time on page, lead age, location, IP address, and other key data elements can help identify fraudulent leads as well as qualify the good ones.
- Language Scan– Automate your vendor compliance process by scanning for required or forbidden language in real-time on all leads from your partners.
- Storage- Proof of consent is stored on behalf of the company throughout the storage term.
- Accessibility- It’s important to have immediate access to the proof of consent for internal reviews and to be able to share in the event of litigation.
I also stressed that all companies in the lending space need to be protected. During this event and the OLA Executive Policy Summit event held in May, regulators from the FTC were very clear on its position.
If a company is in the chain of custody of a lead or application that comes into question, it will be held equally responsible for all compliance regulations. Furthermore, individual liability is also becoming more of a focus for regulators. To be safe, lead generators, publishers, networks, and lenders should review their compliance practices to ensure they can present a timely and effective defense on all of their lead and application traffic.