Podcast

Speak with an Expert
Home » Resources » Podcast » S3 E38: Managing Telemarketing Partner Risks

S3 E38: Managing Telemarketing Partner Risks

Audio version

Managing Telemarketing Partner Risks

Transcript

Jordan Eisner  
All right, here we are. Welcome back, listeners and subscribers. Another episode of Compliance Pointers and another episode with the Tony Jarnigan. Hey, Tony.


Tony Jarnigan  
Hey, Jordan.


Jordan Eisner  
How are things done in Florida?


Tony Jarnigan  
I think it might be a little rainy right now, but going good overall. Thanks for asking. How’s things in Duluth?


Jordan Eisner  
It’s overcast. Uh, mid 70s, high 70s. Kind of nice. Kind of nice. Yeah, if the sun comes out, it’ll be hot.


Tony Jarnigan  
Cool. Cool. Get in the fall weather.


Jordan Eisner  
You worried at all about the hurricane? I don’t know the name, but that’s heading towards Florida? No, no, no. Floridians don’t care about that.


Tony Jarnigan  
I mean, I’ve been through these things, you know, too many times, but uh.


Jordan Eisner  
Yeah.


Tony Jarnigan  
We’re not. We don’t. We’re not. We’re not having to hunker down now, whatever that means. I’m still not sure what hunker down means, but or or evacuate either. So we’re doing good.


Jordan Eisner  
OK, good. I hope.
Good. I hope that doesn’t change. Um.
So I’m trying to think of a clever segue from hunkering down in preparation and hurricane risk into third party.
Telemarketing vendor risk. And yeah, I got nothing. So I’ll just announce the topic. For those watching and listening, you might be familiar with Tony Jarn again. This is got to be close to 10 episodes for you, Tony.
Maybe not this season, but over the course. It’s been a few. Or maybe that’s just how impactful the episodes you’ve been on have been, but.


Tony Jarnigan  
Thanks very much for that, Jordan. I don’t, I don’t, I don’t think it’s 10, but I do know I have did hear recently that I’m, I’m moving up the the chart in terms of number of of appearances made.


Jordan Eisner  
OK, it’s been several we can we can we we know that for certain. So this is a good topic today. I think this is overlooked a lot with organizations using third-party telemarketers. I’m gonna you know, emphasize that telemarketer can have a broad definition. And if you’re tuning out of this episode because you think, Oh well, that’s not us, we don’t engage any third-marty telemarketers, you might be surprised what counts. And we’re not necessarily going to give a definition of that, but if you’ve got companies texting.
On your behalf, placing outbound solicitation calls on your behalf, even if they’re fielding them on your company’s behalf and then they call them back later. There’s several ways that you can meet the definition here, so this could be applicable to you.
Tony has been with CompliancePoint. I always am either over or under on this Tony, but I’m gonna say the over under is 3 1/2 years. Bingo.


Tony Jarnigan  
Bingo. You’re spot on this time, Jordan. That’s right.


Jordan Eisner  
But the but prior to that I think close to a decade ride Disney Vacation Club and and even prior to that experience in compliance, privacy all in in this realm so and has been working with our clients in a variety of different areas and a lot of our clients, I was almost at big clients, but doesn’t necessarily have to be a big client. A lot of our organizations have vendors. They have vendors that place calls on behalf. And so we have a vast experience in helping them manage. You’d call that downstream risk, right?
Downstream risk associated with activities that’s happening on their on their behalf. So what’s their liability? We say vicarious liability right of vendors or even partners in some instances that are conducting telemarketing campaigns on their behalf. So we’re going to talk about ways to effectively mitigate that.
We’re going over and I’m gonna read my script here, Tony, but we got four things we want to know.
Why do businesses need to know that their vendors are operating in compliance with TCPA and other regulations when shopping for them? How can you vet compliance and potential risks when you’ve selected a partner or vendor?
What compliance elements should be included in the contract? And once a third party is making calls on behalf, how should you manage that? What sort of maintenance for monitoring compliance? So let’s start with the first one. Why do businesses need to?
Ensure that their vendors are operating in a compliance manner, or at least mostly compliant manner or a very, you know, risk mitigating manner when it comes to TCPA and other similar type regulations that govern this space.


Tony Jarnigan  
Yeah, it’s because of this legal doctrine that I think you’ve already referenced, right? Vicarious liability, which is in fact a legal document or legal doctrine, sorry, where one party is being held responsible for, you know, the actions of another.
And that is not because they actually did whatever it was, right, but because of the relationship with whoever did what it was. So we’ve seen a number of cases and instances where, you know, a seller can be held vicariously responsible for the actions of others.
And you know, even when in our space and telemarketing world where the seller didn’t even make the first phone call. So you know and I I look at this as sort of a catch 22 because.
A number of things that courts have looked at.
And determining whether a seller should be held vicariously liable for the actions of their vendors is based on level of involvement in the activities, right. So you know how involved the seller is in the vendor activities in terms of scripting in you know other practices.
And you know the, the concept being that the more involved you are, the more you can’t, you can’t claim ignorance, right? Or that you’re not responsible or you didn’t know. But at the same time, courts have said on the other extreme.
If you fail to monitor and you don’t look at anything that your vendors are doing, you can be held liable as well, right? So it’s like a catch 22. So what’s the answer? And we think that it’s definitely.
More on the monitor side, don’t just take a complete hands-off approach. Monitor, monitor, monitor and you know, know the compliance issues and monitor the vendors for any gaps.

But you know, compliance can’t and should not be a key reason for hiring vendors, right? There’s a number of different incentives to hiring vendors, right? Scalability, their ability to ramp up processes very quickly, cost efficiencies, but it can’t be that.
Oh well, I don’t know anything about this compliance stuff, so I’m going to offload that and then just take a hands-off approach. That shouldn’t be your strategy at all. If you don’t know compliance, you need to get amped up on compliance, or you could  outsource compliance and you know either get up on it yourself or you can you can hire us and you know we can we can do the some vetting and monitoring and that sort of thing.


Jordan Eisner  
You’re not outsourcing compliance, yeah.
So play that back.
Vicarious liability. The term right basically means that these organizations making calls on behalf and their activities and especially non-compliance, can drag you into the struggles with them right or the potential risks, whether it’s financial or reputation or other things, and that doesn’t give you reason to just outsource all compliance requirements to them and take a hands-off approach.
Build a program and you need to vet your vendors as they’re coming on board and you need to monitor them ongoing too, because compliance, you know, you hear the term all the time. It’s not set and forget it. OK, so that’s why. So let’s talk about and I like your point with, hey, there’s.
Time to ramp up and there’s cost efficiencies and these are factors to consider in looking at a vendor and it shouldn’t just be maybe robust compliance with the intent that you can just outsource that. But it does come into play and it is important. So how do you vet?
An organization that you’re looking to bring on? Is it a vendor? You know, what’s a good measuring stick for compliance and risk management?


Tony Jarnigan  
Yeah, well, there are all kinds of things come to mind here, right. And again we do all this for our clients too. But I would say you know and we get asked by our clients to do things run the gamut.
Hey, can you take a look at this consent language on this lead generators website and tell me if I can rely on that to make calls, right. And then you know or we might be something else we might do is prep questionnaires right that our clients can provide.
Their potential vendors beforehand, right and say, hey answer all these questions and so we can get a feel for your compliance posture, right. But and then you know and then they we may even review the answers to those and by the way we’ve even gone on site right to perform assessment.
For third-party vendors who, you know, call on our clients behalf. So I would just say, you know, first do a lot of vetting beforehand, right? Even before, even before you get into a relationship you didn’t necessarily want to be in.
Is, you know, start checking for see if there’s been any lawsuits, right? Check for complaince. Ask questions. You know, do they know what a compliance policy is? Do they? Do they know that consumers have the right to ask for the compliance policy?
You know, are you registered as a telemarketer where you need to be as a third-party vendor? You know if you’re a call BPO calling BPO and you know and if you have an exemption, do you know about the exemptions that you may be able to enjoy or you know, how quickly can you get me DNC files, for example, too, right? And how quickly if I get you a DNC file, if I’m filing them on behalf or I’ve got consumers asking me not to call them and I give you, I want you to make sure that you scrub your list with my DNCs. You know, how quickly can you do that?
So those are the kinds of questions that you want to ask there.


Jordan Eisner  
Yeah. And you could probably determine how deep to dig into some of that too, because you know, based on how the preliminary questions and how they’re responding to those and some of the higher level ones and if.
You know, maybe they pause and they go, what’s an EBR or, you know, DNC files go, OK, we either either we abandon ship or we need to dig a little. You’re gonna have to demonstrate a little bit more from a compliance standpoint before we hire you.


Tony Jarnigan  
There are enough players in our space, right, that do it the right way. And so if you happen to run across one that’s not, you can say, well, thank you, but you know, I’m going to move on. But you know, another one that I was going to mention is, you know what kind of.


Jordan Eisner  
No.


Tony Jarnigan  
What’s your dialing platform look like? Do you know what abandonment is? You know, are you are, you know, if you’re dialing in a predictive mode or a mood that you know could result in abandoned calls, you know, how do you handle that? Do you have, do you know, do you plan an abandonment message on those abandoned calls?
And a lot of times we’ll be like, I’m not sure what that is or what, what do you know? I didn’t know I had to do that, you know, so you know that would be a telltale sign right there as well.


Jordan Eisner  
Yeah. OK. All right. So let’s say that they passed that. You like the vendor, you want to bring them on. What sort of things, what sort of things should you include in your contractual agreement with said vendor to help reduce your vicarious liability or or maybe you can’t do that, but help reduce risk.


Tony Jarnigan  
Yeah. Well, I would just speak sort of generally and broadly here, right. Because ultimately, you know, contracts are legal documents. We would, you know, advise you to make sure that you get attorney buy-in on this, right. Make sure there’s a lot of seasoned attorneys in this area and and you know, make sure they review your contracts and take.
Their advice at the end of the day, but I would say the the first school of thought is, is that if a vendor tries to get you to, you know, enter a relationship without a contract, that would be that would be your first indication that you should run far, far away, right? So don’t ever.
Enter into a relationship without a latter contract.
So again, you know, make sure that you, you know, you consult with the seasoned attorneys in the space when you’re doing your contract. But I’ll just say generally, you know, make sure that you know they’re they say that they’re require them to adhere to all federal and state laws and regulations.
That they’ll cooperate in an audit, right? If you want to audit them or have a have a company like us audit them. But also generally I think in a contract you need to make sure you spell out precisely who’s responsible for what.

Right. And it runs the gamut as well, all the way from training to record keeping. Record keeping is a huge, huge issue, right? Because you’ve got to make sure you have records to make sure that you’re in a you have a defensible position. If you don’t have records, then you know you’re a sitting duck.
So you know, but the lead Gens, by the way, should absolutely 100% be keeping records of consent, but just make sure that your contracts, you know, spell out responsibilities. But again, other than that, I would suggest, you know, consulting with an attorney.


Jordan Eisner  
So one of the things you talked about in there is that you’re given the right to audit and I don’t think that’s just, you know, once a year you’re probably included in that is calling files, other activity that could be high risk and and what’s happening with that activity abandonment, right for instance, so.
You figured out what sort of risk you want to look for and manage off of. You’ve assessed a vendor, they passed that test. You’ve contractually got these put, you know, things in place to help you monitor that. Now what do you monitor?


Tony Jarnigan  
Well, you want to make sure that, you know, I would say tell them that you know you want to be able to put your consumer hat on or even your compliance hat, right. And test their systems and you know, tell them that you, you know, you want to see records, you know you want to.
Able to test the procedures and say, you know, come in as a consumer and say, you know, get get the vendor on a phone call and say, you know, tell the agent, you know, don’t call me anymore and then see if what happens if they don’t call you anymore, you know, test their if they say that they.
They in fact provide copies of their do-not-call policy or your do-not-call policy for people that that request it. Test it to see if it happens.
Make sure that you know you’re reviewing your their scripts. Make sure they’re providing the disclosures that they need to be providing both on the federal and state level. You know, monitor their DNC list scrubbing practices right at the end of the day. Just want to make sure that they’re in fact.
Making calls with a legal basis, whether it’s because of, you know, the type of kind of technology that they’re using and the types of devices they’re calling or that or relative to, you know, being on the do-not-call list from a DNC perspective.


Jordan Eisner  
Yeah.


Tony Jarnigan  
But anything that touches compliance, test it. And then by the way, and then this sort of a spring, I think this is brings a circle to a point you made at the top of the show and that is relative to the kinds of vendors you should be thinking about, right? And it’s not always just about telemarketing or texting, I remember what a couple of episodes ago, right when I was here, we did e-mail, right? So even if you’re using a marketing agency and it’s sending email on your behalf because of those states that have those.
Laws that say that you know you can’t mislead in an e-mail that’s separate apart from canned spam. Ask to review those subject lines. Make sure that you look at their the opt-out procedures and you know they’re not making it too difficult to opt out of e-mail.
I remember doing an assessment for a client and when they said well send us some emails and let you know or I opted in for emails and then tested the opt out procedure and I had to search high and low to finally find the link to opt out. And then once I did that, instead of being told how to opt out, I got a full on ad that was even more detailed than what it was I was looking at to begin with. And then I had to look for another opt out link and then even then.
I was taken to the next page where.
It wasn’t intuitively obvious what you needed to do. It said it and you had to scroll around and hover. Then finally something populated that said enter your e-mail address. So we would not consider that to be a clear and conspicuously adopted.


Jordan Eisner  
No, not good practice. Yeah. OK, Yeah.


Tony Jarnigan  
Right, so test stuff like that.


Jordan Eisner  
Well, I think that ought to do it for today. I mean that was that was a lot in the inside of about 20 minutes. So and some key points there sort of risk exists out there for organizations engaging these vendors, how to assess that risk before you bring on a vendor, how to contractually protect yourself in onboarding the vendor and then.
To monitor for after that. So that was very life cycle. So thanks for that, Tony, and I would say too I in these episodes I usually make plugs for CompliancePoint naturally, but I would make even more so a plug here. I mean if.


Tony Jarnigan  
Sure.


Jordan Eisner  
If you’re a listener and you’re struggling to monitor these vendors or you’re concerned about the risk of the vendors making these or conducting this activity on your behalf, we have been doing this for a long time. We have built.
Programs in response to investigations by the FTC and FCC for organizations we weren’t working for previously, but we hired on and we’ve brought it, you know, helped, I would say, alleviate some pressure from those companies. We’ve served as expert witnesses in.
Hundreds of cases where we’ve seen the sort of activity that was overlooked, that wasn’t monitored in terms of a company that knows what is the activity that’s going to that’s high risk that’s going to get a company in trouble. How do you monitor for it? How do you build a paper trail and defendable position?
That you’re taking this stuff seriously, we’re one to have a conversation with is where I’ll leave it at that and and and practitioners like Tony here. So Tony, thanks for your time for anybody you know interested in learning more about our services around these or just even questions with some of the things to look for.


Tony Jarnigan  
Anytime, Jordan.


Jordan Eisner  
Please don’t hesitate to reach out compliancepoint.com. You can e-mail us directly at connect@compliancepoint.com and you can reach out on on LinkedIn. Many channels that you can find us. If you just Google CompliancePoint, you should have no shortage of options to get in touch and we can fill those inquiries.
Till next time, everybody. Thanks and be well.

Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.

Get a Quote