In an illuminating discussion during ActiveProspect’s latest FCC webinar “Scenarios & solutions: Preparing your CRM for 1:1 consent” our Director of Privacy, Security, and Compliance, Benjamin Farrar, and our Director of Professional Services, Michael Peronto, emphasized the critical implications of the FCC’s recent changes, highlighting how businesses can prepare their Customer Relationship Management (CRM) systems for one-to-one consent.

In this blog post, we will provide you with suggestions of the critical steps required to ensure your CRM is ready for the FCC’s upcoming one-to-one consent requirements and help you navigate the evolving landscape of TCPA compliance effectively.

Quick recap of the latest regulatory changes

Before we dive into the best practices for one-to-one consent, let’s take a look back at how we got here.

As Benjamin says: “There have been four significant announcements that have happened over the last four plus months and it was a lot to keep up with, and I do notice the industry is sort of jumbling them together, which is understandable […], but I wanted to separate them out because when we talk about developing a compliance program and the dates that are involved with that, you do have to break these down a bit individually.”

Let’s recap these four major announcements.

1. Closing the lead generator loophole

The first big development was the FCC’s TCPA update announced in November, issued in December, and approved in January 2024.

The key change introduced is the requirement for one-to-one consent, which has been a focal point in subsequent updates. This change stems from the FCC’s concerns about the sharing of lead data with numerous potential buyers, which could lead to excessive calls and texts, making it difficult for consumers to opt out.

They criticized the use of generic lead forms and emphasized the need for a more transparent consent process, where it’s clear who will receive the data for outreach purposes.

Additionally, there are new requirements for recordkeeping. Specifically, both lead sellers and buyers must now possess proof of consent for each lead contact transaction. This marks a departure from previous practices where one could rely on another party to provide consent documentation if necessary. Now, both parties involved must have this documentation readily available.

Another key aspect of the update concerns the logical and topical content related to site interactions and purposes. The update continues to move away from generic lead and consent forms, emphasizing the need for content that aligns closely with the context of the outreach, reducing surprises for consumers receiving calls or texts.

The update also formally includes text messages in the national Do Not Call (DNC) program, clarifying and reinforcing the existing regulations that text messages are covered under the DNC rules.

2. Revocation of consent

Another key development was the one that empowers consumers to block robocalls and robotexts, approved in February. This update significantly impacts how consumers can revoke consent for calls or texts using regulated technology. Consumers can now withdraw their consent through any reasonable means – whether by call, text, email, or postal mail. This broad definition ensures that individuals have the flexibility to opt out in various ways.

As a result, companies are required to respect and process consent revocation requests as quickly as possible, within 10 business days of receipt.

3. AI voice technologies in phone calls

The third point concerns a declaratory ruling focusing on the implications of Artificial Intelligence (AI) technologies in protecting consumers from unwanted robocalls and robotexts. According to the FCC, the TCPA is confirmed to apply to AI technologies that generate human-like voices in calling technology.

What this means is that prior express written consent is required. This pertains to the notice and opt-in language that must disclose the use of AI technology, including artificial or pre-recorded voices that may mimic human speech.

4. Record-keeping requirements

The fourth update came from the Federal Trade Commission (FTC) in March, announcing revisions to the Telemarketing Sales Rules (TSR). These changes include an expansion of the record-keeping requirements.

Now, additional data fields must be recorded, and records of consent to contact must be included within the transaction details. Additionally, the period for retaining these records has been extended from two to five years.

Unlock the freshest consent-based marketing updates

Key dates you should mark on your calendar

As a result, there are five key dates to monitor for operational compliance, which we’ve organized into a timeline for your convenience.

February 8, 2024

First, following the FCC’s announcement, calls and texts made with AI technology now require prior express written consent as per a declaratory ruling. This ruling took effect on the date it was announced, which has already passed on February 8. If your consent language does not yet reflect this change, it’s important to review and update it accordingly.

April 5, 2024

The FCC’s requirements for revoking consent under the TCPA were split in two. On April 5, 2024 the FCC passed only part of this ruling, which involves the details and provisions for a one-time confirmation message to the individual revoking consent. Businesses are allowed to send one confirmation text to ensure clarity before completely stopping messages as requested by the individual.

October 2024 ≈

The other part of the FCC’s requirements for revoking consent under the TCPA, which includes the 10 business day window and what constitutes “reasonable means”, remains “indefinitely delayed”. However, it is expected to be reinstated and it could be implemented within a 30 to 60-day timeframe. It’s crucial to begin monitoring this date, and legal experts who closely track the FCC suggest marking October 2024 as a potential key date.

October 15, 2024

The fourth important date to note is related to updates in the TSR. These updates include the extension of the record-keeping requirements, specifically increasing the consent retention period from two to five years. This change is scheduled to take effect on October 15, 2024.

January 27, 2025

The final significant date that initiated this whole journey is the update concerning one-to-one consent, enhanced record-keeping requirements, and the logical and topical organization of your website contents.

The enforcement date is set for January 27, 2025, but it’s crucial to consider the 30, 60, and 90 days leading up to this date in your lead funnels. Additionally, there’s the unpredictability of legal challenges that might arise, attempting to extend the applicability date. These efforts might not succeed, but it’s essential to prepare, particularly from an operational standpoint.

It’s not only about the enforcement date itself but also about how you manage the leads you gather in the days leading up to it and how you can effectively integrate them into your systems.

One potential issue to consider: Retroactivity

In this scenario, Michael expects the issue to be brought before the courts. In the realm of TCPA, there have been numerous interpretations and amendments concerning the definitions within this legislation. Therefore, Michael advises you should consider the possibility of retroactive application.

How to effectively prepare for one-to-one consent

Let’s see the components of a one-to-one consent action plan and how to prepare your various systems and vendors for such a change, including your CRMs and contact centers.

1. Meet with your legal team

First, as Michael suggests: “I would immediately take this to my legal team and ask for their interpretation of this rule.”

As he continues to explain, one key aspect to concentrate on is understanding your disclosure obligations and determining how far back you can legitimately contact your customers. For instance, if your legal team advises that you can contact leads 30 days after obtaining consent, you’ll need to start collecting that one-to-one consent 30 days before any rule changes take effect.

Keep in mind that this interpretation process can take some time. Some legal teams are well-versed in TCPA regulations and upcoming changes, while others may not be as familiar and might need to consult external legal advisors. This could significantly extend the time needed for internal processes and legal consultations. So start early!

2. Meet with your internal teams

After receiving your legal team’s interpretation, the next step is to have meetings with your internal teams. This should include your Marketing, IT, System Administration, Business Intelligence, and Reporting teams. In these meetings, you’ll want to discuss which systems and vendors will be impacted by this change. 

Michael suggests organizing this information in a spreadsheet, where you can list the affected components based on the requirements set by your legal team.

3. Meet with your vendors

Now it’s time to start to coordinate meetings with your external sales and marketing outreach systems and vendor providers. As Micheal suggests, you should arrange sessions with each vendor to discuss the specific solutions and requirements they provide for compliance with these new requirements.

Here you can find some outreach templates that you can use to reach out to your internal teams and lead providers.

Discussion topics you should have with your vendors

After identifying which vendors, internal systems, and departments are impacted by this change and scheduling meetings with them, here are what topics you should discuss with your lead providers and publishers.

1. How are they approaching one-to-one consent?

First, you’ll want to understand the modifications they are implementing in response to the upcoming one-to-one consent requirement. Many lead providers and publishers may be altering their landing pages and the way leads move through their funnels.

It’s crucial to know what these changes look like to ensure they comply with your legal requirements. Additionally, you should find out when they plan to implement these changes.

2. Are they capturing consent?

Another important topic to address with your lead providers is whether they are properly capturing consent. It’s essential that they not only capture TCPA compliant defendable consent but also provide you with documentation of it, and that you retain consent to contact data (e.g. the TrustedForm Certificate).

A key requirement is that both the seller and the lead buyer must possess proof of consent for this FCC TCPA one-to-one change, before the call or text outreach.

3. Is lead pricing changing?

A third discussion point should be your lead pricing. Many lead providers operate on a shared lead model where a consumer’s consent to contact transaction could be transacted to multiple buyers simultaneously. With the new FCC one-to-one consent requirements, your pricing arrangements with these providers might change.

It’s important to initiate this conversation early to understand their pricing plans, as this could impact your budget and total expenditure on leads.

4. What are the disclosures going to say?

Another important topic to discuss with your lead providers is disclosures. You need to ask, “What will our disclosures say?” and ensure you are actively monitoring them. While some of you may already be vigilant about monitoring disclosures, others might only review them sporadically – perhaps quarterly – or not at all.

Manually managing disclosures can be cumbersome. Typically, you would need to contact each lead provider to inquire about their disclosures, receive the information, and then share it with your legal team.

This process is not only time-consuming but also prone to delays in receiving updates about any changes to disclosures. Therefore, utilizing a tool that helps you monitor disclosures in real time can significantly streamline this process and help ensure you are always up-to-date, which Michael highly recommends.

How to prepare your systems for one-to-one consent

Now that you have a clear understanding of the overall background, we’ll discuss how to get your CRM or contact center software ready for the upcoming changes.

1. Create a flag field

As Michael suggests, the first step you should take is to add a flag field in your CRM to indicate whether you have one-to-one consent for a lead. This could be a simple checkbox that shows consent status. This is crucial because if one-to-one consent becomes retroactive, you’ll need to efficiently filter out leads that lack this consent for automated dialing, text messaging, and drip campaigns.

Another key point is integrating this flag field into your Business Intelligence (BI) tools. Whether you’re using direct reporting from your CRM system, your contact center software, or external BI tools like Tableau or internal data warehouses, ensure that this flag is included. This integration will help you maintain accurate and comprehensive reporting across all your analysis tools.

2. Capture and store consent within your systems

Additionally, it’s crucial to ensure that you are capturing consent within your CRM or contact center platform. While your lead provider may be obtaining the consent, you also need to have a record of this consent to contact transaction before calling or texting  to meet the requirements.

According to Michael, you should collect and store this consent certification in a specific field within your system. This is important for situations where a regulator or a TCPA plaintiff may require access to this data.  

The TrustedForm Certificate and data can be retained and saved as a URL in your CRM records.  

3. Check your reporting requirements

There are specific reporting requirements associated with the FTC’s Telemarketing Sales Rule (TSR). It’s important to note that the TSR mandates detailed reporting that you might not have immediately accessible. These requirements include maintaining extensive call detail records, such as the caller and recipient numbers, the date, time, and duration of the call, and the call’s outcome.

Additionally, you must keep a complete copy of the consent on file. As you refine your reporting processes, make sure to incorporate the FTC’s TSR’s requirements into your internal tools for your reporting needs.

4. Check your landing pages

As Michael points out, your company generates its own first-party leads, and it’s crucial to ensure that your landing pages include the necessary disclosures to comply with the upcoming FCC one-to-one consent changes.

Gather and store documentation of consent with TrustedForm Certify & Retain

TrustedForm provides independent documentation of consent which can be used to help you mitigate the risk of TCPA litigation.

You can use TrustedForm Certify to generate a documentation of consent and view a session replay of exactly when and where consent to contact was obtained. Then, you can use TrustedForm Retain to store that proof of consent for 5 years and access it in case you need it.

Start certifying leads with TrustedForm now! It’s very easy. All you have to do is:

TrustedForm will start capturing lead consent right away!

Monitor and update your consent disclosures with TrustedForm Verify

ActiveProspect offers an easy and automated way to monitor and manage your TCPA consent language disclosures in real time: TrustedForm Verify.

With TrustedForm Verify, you can identify and categorize consent variations for your different partners or lead buyers and automatically populate disclosure language when you receive a new lead.

After you’ve generated a documentation of consent via TrustedForm Certify and accessed it through TrustedForm Retain, TrustedForm Verify allows you to quickly approve or reject the disclosures. Therefore, if the disclosures on a new lead do not meet your acceptance criteria, you have the capability to actively examine and assess those disclosures.

Key takeaways

Let’s summarize the key points to take away from this discussion:

  1. Consult with your legal counsel to understand how these changes might affect different aspects of your organization and to identify any potential issues.
  2. Begin planning immediately and start preparing your company’s technology now for the one-to-one consent changes, especially since there’s a significant chance these changes could be applied retroactively.
  3. Develop a plan to communicate with your vendors, including your systems, lead providers, and internal teams, to ensure compliance with these impending changes.
  4. Mark the key compliance dates presented above on your calendar. While some dates may change, it’s important to keep track of them and understand how they specifically impact your organization.
  5. Gather proof of consent with TrustedForm Certify and store it in your systems with TrustedForm Retain.
  6. Check your consent disclosures with TrustedForm Verify.

ActiveProspect is always here to help you navigate the latest TCPA updates with confidence, offering easy solutions to help you maintain compliance.


DISCLAIMER: This page and all related links are provided for general informational and educational purposes only and are not legal advice. ActiveProspect does not warrant or guarantee this information will provide you with legal protection or compliance. Please consult with your legal counsel for legal and compliance advice. You are responsible for using any ActiveProspect Services in a legally compliant manner pursuant to ActiveProspect’s Terms of Service. Any quotes contained herein belong to the person(s) quoted and do not necessarily represent the views and/or opinions of ActiveProspect.