Trust, but verify: The importance of auditing to gain compliance
As we navigate the rule changes that will impact the consent requirements surrounding the Telephone Consumer Protection Act (TCPA), support and guidance are paramount for businesses. To extend a helping hand in these uncertain times, ActiveProspect conducted a webinar, “Alignment, Auditing, and Adherence: The AAA approach to TCPA compliance”, discussing strategies businesses may use to address these changes effectively.
Benjamin Farrar, our Director of Privacy, Security, and Compliance, and Michael Peronto, our Director of Professional Services, had an insightful discussion with Peggy Daley, Attorney and Vice President at Charles River Associates, and Benjamin Zitter, Chief Compliance Officer at What If Media Group.
In this blog post, we will focus on the importance of due diligence when beginning relationships with companies. This is a necessary step to gain compliance and emphasize the significance of audits to affirm trust in partners. Let’s dive right in!
First things first: Beware of known litigants
The FCC’s upcoming changes to the one-to-one consent rule are set to take effect soon in January 2025, and it’s well-known that there are active litigants monitoring these developments. How quickly should we expect these litigants will begin pursuing legal action concerning the one-to-one consent rule?
As Peggy says: “I would expect instantaneous lawsuits.” This is because, as Peggy continues to explain, the gap in compliance becomes apparent when the new regulations take effect and lawsuits begin to emerge, prompting businesses to recognize the severity of the issue.
Often, seeing a verdict or observing peers facing legal challenges spurs companies into action. It’s a typical business reaction – once your peers start facing consequences, it usually escalates your own efforts to comply. It’s likely to be quite straightforward for litigants to target companies right after the new rules are implemented, especially as businesses begin to understand the significant risks involved and rush to rectify their practices.
According to Peggy, for companies that have previously been targeted for TCPA violations, there won’t be any grace period; plaintiffs’ attorneys will be monitoring these companies closely from day one. Those who have managed to stay under the radar might have slightly more time, but it’s unrealistic to expect any leniency from the plaintiffs’ bar during this transition.
Best practices when collaborating with third-party vendors
1. Vet your vendors over time
As you know, there are various ways that third-party vendors are involved in the lead managing process. In this context, it’s crucial to understand that the “see no evil, hear no evil” defense doesn’t hold up. Typically, these third-parties are considered your agents, and regardless of the strength of your contracts, they are likely to be viewed as such. This means that any violations they commit could be attributed to you as if you committed them yourself.
Therefore, it’s essential to thoroughly vet these vendors not just initially, but continuously over time. Their performance can change, and it’s often more critical to monitor them after the partnership has begun since they are acting on your behalf.
Before entering into any business relationship with a third-party vendor, make sure you have the right to conduct audits and include a cooperation clause in case of legal issues, ensuring access to all necessary documents. Continual vetting for their reliability is crucial, as Peggy advises.
2. Only collaborate with top-notch vendors
There is a range of lead generation companies out there, from the highly professional to the decidedly dubious. According to Peggy’s own experience, it’s crucial to partner with the former – top-tier, professional lead generators and call centers.
Engaging with the less reputable ones, especially those serial entities run by individuals who frequently shut down and reopen under new names, can lead to significant problems. Such companies often fail to cooperate, disappear, or may be involved in outsourcing their lead generation to numerous questionable sources, leaving you to face the consequences.
Therefore, as Peggy says, conducting thorough due diligence before establishing any relationship is essential. This includes evaluating the company’s and its leaders’ reputations, as well as their policies, procedures, and compliance standards.
You are ultimately responsible for compliance, so it’s wise to ensure you’re entering into business relationships with partners who share your commitment to high compliance standards.
3. Run audits to make sure everything is working properly
Having the right to audit is crucial because sometimes you might uncover serious violations, which could occasionally stem from mere technical issues that are fixable.
As Peggy explains, it’s not uncommon to see this with software where, for example, a feature like “press five to stop calls” might malfunction for months due to a technical glitch. However, the law doesn’t take intent into consideration, making audits essential. They are important not only to verify trust in the people and policies but also to ensure that everything is functioning correctly.
Sometimes, the failures are due to innocent reasons, not malice. In defending these companies, Peggy’s approach involves demonstrating that there was consent for the types of calls identified as breaches of the TCPA. She does this by selecting a sample of the calls in question and then retrieving all related records to establish whether consent was indeed given.
However, as Peggy says, “our clients get consent, but it’s sometimes hard to document or find it. This is why you go into business with good partners because they, your third-party vendors, may have all the consent documentation.”
4. Make sure you have easy access to consent documentation
This is where ActiveProspect comes in with a solution to help you easily document and store proof of consent: TrustedForm.
TrustedForm is the ultimate compliance solution for documenting TCPA consent on digital lead capture forms.
First, use TrustedForm Certify to generate documentation of consent. You’ll be able to see a session replay that documents exactly when and where prior express written consent was obtained throughout a lead capture event.
Then, once the certificate is issued, use TrustedForm Retain to get certificate availability for up to 5 years, so you can easily access proof of consent in case you need it to mitigate TCPA litigation.
Watch this short video to see how TrustedForm works.
Start certifying leads with TrustedForm today! It’s easy. Just follow these steps:
- Sign up for a free ActiveProspect account.
- Copy the TrustedForm web SDK JavaScript snippet.
- Paste it into your web forms.
5. Ensure script adherence for call centers
According to Michael, “one of the biggest things you could possibly do is make sure that [your vendors] are adhering to the scripts that you have.” As he explains, particularly when you start working with third-party call centers acting on your behalf, it’s essential to make it clear to them that they must use the script you’ve provided for every call.
If a customer requests not to be called again, it’s important that their agents properly mark this request in their system and that this information is relayed back to your CRM. This prevents any future issues where a call center receives a Do-Not-Call (DNC) request, and then, months later, you inadvertently contact that customer again. Adhering to the script is a vital component of your compliance strategy, as Michael suggests.
To this regard, Benjamin Zitter emphasizes the importance of using a brand in your scripts that is registered as a Doing Business As (DBA). He has observed problems in the past where companies failed to have the proper registration. He mentions this as a critical checkpoint to be aware of.
6. Regularly audit your vendor’s consent disclosures
According to Michael’s experience, there’s typically a roughly even split in how companies handle compliance. About half of the companies rely on their lead providers to include the necessary disclosures on their landing pages, assuming compliance is met. The other half, often larger enterprise-level firms, conduct regular audits as mandated by their compliance departments.
Michael believes that regardless of the reputation of the lead source, monitoring your consent disclosures is crucial. If your disclosures do not explicitly grant consent for your firm to make contact, you could find yourself in a difficult position.
ActiveProspect can help you with that. TrustedForm Verify provides the capability to oversee and control your TCPA consent language disclosures in real time. This tool helps you identify and categorize consent variations among your partners, and it updates the disclosure language automatically with each new lead.
With TrustedForm Verify you can actively review and modify the disclosures if they do not meet your criteria when a new lead is received.
In this context, as Michael suggests, “you want to reach out to your vendors first, have them provide you with the disclosures that display on their page. Have a good conversation with them.” In his experience, vendors usually show flexibility, especially when faced with upcoming regulations.
Michael notes that while some may not make changes, many will accommodate your needs for compliance reasons. However, he advises that you should keep a close watch on your consent disclosures.
7. Monitor and limit your vendor’s ability to outsource
Another crucial aspect, according to Peggy, is ensuring that your third-party vendor’s ability to outsource their responsibilities is restricted, or ideally, completely eliminated.
If outsourcing does occur, as Peggy explains, it’s vital that you maintain control over the process. You might be familiar with their policies and disclosures, but if they start purchasing leads from another source, who in turn buys leads from yet another, you won’t have visibility into the actual disclosures agreed to by the lead. You would only have seen the disclosures from higher up the chain, which are not directly relevant to that specific lead.
Therefore, it’s essential to tightly manage any outsourcing activities, if you choose to allow them at all.
Final thoughts
Our webinar “Alignment, Auditing, and Adherence: The AAA approach to TCPA compliance” was a clear reminder of the importance of legal review and regular audits, correct consent from leads, and a comprehensive understanding of a vendor’s practices.
The key takeaways from this enlightening discussion underscored the value of upholding compliance with lead generation and contact practices through deliberation, often with the help of reputable vendors. It underlined the need for regular audits of vendor activity and maintaining good, clear communication lines with both vendors and internal teams.
Watch the entire episode to learn how to guide your business through the tumultuous waters of FCC regulations. And to make sure you never miss any FCC, FTC, or TCPA update, subscribe to InsideCBM now and get all the updates you need, delivered straight to your inbox.
DISCLAIMER: This page and all related links are provided for general informational and educational purposes only and are not legal advice. ActiveProspect does not warrant or guarantee this information will provide you with legal protection or compliance. Please consult with your legal counsel for legal and compliance advice. You are responsible for using any ActiveProspect Services in a legally compliant manner pursuant to ActiveProspect’s Terms of Service. Any quotes contained herein belong to the person(s) quoted and do not necessarily represent the views and/or opinions of ActiveProspect.