Case Study: How Effective is Monitoring Your Vendors for Compliance?
A look at how monitoring 3rd party vendors for compliance with do-not-call rules reduces potential legal liability
“The scope of the Telemarketing Sales Rule is broad. If you don’t want to be called to answer for violations, establish effective monitoring and compliance programs that apply in-house and to people or companies that market your products.”
- Federal Trade Commission (2017)
Compliance policies form the guidelines and standards for how a company and its vendors should operate. Monitoring and enforcement of a company’s policies and procedures, especially regarding legal standards, and in this case do-not-call rules, is an essential component of corporate compliance. Federal regulators and state attorneys general have provided clear evidence of the importance of monitoring and enforcing corporate compliance through their commentary and various enforcement actions against companies who engage in direct marketing activities.
“If you ignore the actions of your business partners, you can be liable for their actions. I’ve seen a judgment of more than $100 million with that fact situation.”
- Bill Raney from Copilevitz, Lam & Raney, P.C.
A few examples of vicarious liability in the courts:
- The Federal Trade Commission (FTC), DOJ, and various state attorney generals required Dish Network to pay $280 million due to alleged illegal calls directly made from Dish Network and through its dealers to numbers on its internal do not call list.
- SiriusXM agreed to pay $35 million to settle class action lawsuits that alleged SiriusXM’s third-parties used autodialing technology to place illegal telemarketing calls.
- Alarm.com agreed to pay $28 million to settle a class action lawsuit that alleged Alarm.com’s third-party dealer made unlawful telemarketing calls on its behalf.
- American Express agreed to pay $9.25 to settle a class action lawsuit that alleged AMEX’s third-party made numerous unwanted debt collection calls to unsuspecting consumers.
Approximately 4,000 TCPA lawsuits are filed every year and telemarketing is a top consumer complaint to the FTC & FCC. Further, it’s important to keep in mind the possibility of PR damage to your organization. The effects of negative publicity can be worse for a company long-term than the fine. Here are a few highlights of what our clients have realized from partnering with our Marketing Compliance Services group.
- Successfully defended companies against the Federal Trade Commission, states’ attorneys, and class actions
- Identified and drastically reduced compliance issues through various audits
- Implemented numerous compliance monitoring program with proven results
We’ve previously outlined ways to monitor for compliance, and tools we recommend to look under the hood, so that’s not the focus of this study.
Instead, let’s take a look at the numbers
Problem: One of the largest cable & internet providers in the U.S. employed 3rd parties to market on its behalf. They were concerned that, due to the complexity of state and federal do-not-call rules, illegal calls were being made and there was no way for them to know. While their partners were reputable and desired to do the right thing, this company understood they couldn’t take a hands-off approach to ensuring compliance.
Solution: CompliancePoint worked to develop and implement a method to obtain monthly dial records from each 3rd party vendor. Then, we scrubbed those files against relevant do-not-call lists and determined if non-compliant calls were made. Finally, we’d work with each vendor to determine what went wrong and how to fix the problem. Initially, the audits helped to correct bad procedures. Now with procedures fixed, on-going audits identify when errors, human mistakes, etc. occur to quickly identify and remediate issues.
Reduction in Do Not Call List Violations in a Single Year
99% Reduction Overall
Problem: A company was concerned that its 3rd party telemarketers were placing calls outside the allowable calling times. Federal rules allow for calls to be made between the hours of 8AM and 9PM according to the consumers’ location. Tack on state and business rules, time zone complexities, and consumers moving while keeping the same phone number, and you’ve got a tough requirement to audit.
Solution: CompliancePoint worked to develop and implement a method to obtain monthly dial records from each 3rdparty vendor. Using a custom process, we compared 100% of the phone numbers dialed, using each and every customer’s location, to the allowable calling time parameters. Each state has a window that changes daily which was checked against the customer’s location on file. If issues were identified, we’d work with each vendor to determine what went wrong and how to fix the problem.
Reduction in Calling Time Issues in a Single Year
Problem: A company was concerned that its 3rd party telemarketers were placing too many calls. While they had an attempts policy in place, which varied depending on the day and phone type (cell/land), as well as previous call outcomes, how are they to know if vendor calls too much? They were in search of audit to help to determine if a department/campaign/employee exceeded the attempts policy.
Solution: CompliancePoint often audits company’s monthly dial records for call attempts. In this situation, we worked to develop and implement a method to obtain monthly dial records from each 3rd party vendor. Utilizing a customer-built attempts policy, we analyzed 100% of outbound dials to ensure calls were being place beyond the allowable attempts. This took into account all of the factors described in their attempts policy outlined above. We were able to quickly identify the 3rd parties that were unknowingly out of compliance with this issue and work with each vendor to determine what went wrong and how to fix the problem.
Reduction in Call Attempt Issues by Month 4
CompliancePoint can do the same for your company. Don’t let 3rd party vendors keep you up at night or create liability for your brand. We’ve got proven tools to reduce compliance issues. For more information or a copy of this case study, contact us at (855) 670-8780 orConnect@CompliancePoint.com.
© 2019 CompliancePoint, Inc. All Rights Reserved
Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.