S2 E3: The Impact of the FCC’s New Lead-Generation Rules

The Impact of the FCC’s New Lead-Generation Rules


Jordan Eisner: Welcome to Compliance Pointers. I’m your host, Jordan Eisner.

We’ve got a timely podcast topic today as we discuss the impact of the FCC’s new Lead-Generation Rules. But before we dive in, I want to remind everyone, or all of our listeners to subscribe to our channel if you haven’t done so already.

So today I’m joined by Steve Gniadek and Tony Jarnigan. Steve is a director in CompliancePoint’s Marketing Compliance Group, and he’s going to be celebrating his 20th anniversary with the company. Is it next month, Steve?

Steve Gniadek: It is next month, in February.

Jordan Eisner: Mr. Compliance, right? That’s what we call you.

Steve Gniadek: That’s the first I’ve heard of that.

Jordan Eisner: But before he was Mr. Compliance, he was Mr. Baseball in Pittsfield, Massachusetts. He’s going to be upset with me for saying that. Was that what you were, Mr. Baseball? County MVP, what was it?

Steve Gniadek: I don’t know. I’m just from Western Massachusetts. I’ll leave it at that.

Jordan Eisner: All right. And with him is Tony, who’s a consultant on Steve’s team and was actually a client of CompliancePoint when he was at Disney Vacation Club prior to joining us. And Tony, how long have you been with us now?

Tony Jarnigan: Coming up on two years.

Jordan Eisner: Okay, good deal.

Steve Gniadek: Let me add real quick, his role at Disney Vacation Club was in compliance. So he’s got a lengthy background in compliance with these regulations as well.

Jordan Eisner: So we’re talking with two experts on this. So my understanding is, Tony, we’re going to be mainly talking with you, asking you some of these questions. And Steve’s going to add color where he wants to and maybe not where he doesn’t want to.

So like I said, we’re going to be talking through the recent rule change with the FCC regarding lead generators and the consent required to use them. So Tony, let’s start there.

First, just kind of walk us through the rule change.

Tony Jarnigan: So to think about this very broadly in context, the rule change is really just one prong of sort of a multi-pronged effort by the FCC to stop unwanted phone calls, texts, and pre-recorded messages. So this is the number one complaint that they and the FTC get is people complaining about getting calls and texts that they don’t want. They never heard of the company. They don’t expect to or want to hear from the company necessarily.

A major way that the FCC sees this is happening is through the practice of some lead generators, usually on comparison shopping sites where consumers supply their contact information. And in most cases, they’re not even sure who they’re going to hear from.

The consent language can be something like you’ll hear from a certain number or any number of our partners, and then there’s a hyperlink. And then I’d have to click on that hyperlink and be taken to another page that can list hundreds if not thousands of sellers that I might get calls, texts, or pre-recorded messages from.

And there’s usually disclosure language at the top of that voluminous list that says something like, this is a list of our partners or sellers you may hear from. And by the way, you may even hear from entities that are not even identified here. And also exacerbating the whole thing is that I may end up hearing or being contacted by sellers that are not even related to the product or service that I was looking for in the first place.

So as an example, I’m looking to get a car loan. I may end up hearing from loan consolidation companies, or I’m looking for homeowners insurance, and I may end up getting calls and texts and pre-recorded messages from companies that are doing different sorts of home improvement.

So with this rule change, the FCC says it wants to make it clear that consent must be one seller to one consumer, and the seller must be logically and topically related to the content of the website on which the consent is obtained.

Steve Gniadek: And I have seen, and I’ve just run this through a test because we do review some of these lead gen websites and look at those marketing partner links. And there have been at least a couple where I’ve clicked that marketing partner’s links, and I’m not exaggerating here, about 5,000 different company names. It really causes an issue, and they’re nowhere near being related to each other.

Like Tony mentioned, it could be home warranties, but then I’m getting calls from solar panels and insurance and just all sorts of different unrelated companies and industries. So we’re really trying to crack down on that.

Jordan Eisner: Yeah, I remember one I think back in the day was you were trying to get coupons for diapers, not you in particular, but the individual, and then was getting calls about master’s degrees or something like that.

Steve Gniadek: Yeah, and another big one I think has really kicked off this is years ago too, is there were a lot of job posting websites, right? That you’d go and you’d post information, you’re looking for a job, but somewhere buried in some consent language was you were agreeing to hear from certain schools about furthering their education. And I think that kind of kicked this off too, because someone’s going to look for a job, they’re not necessarily looking to spend more money and get another type of degree. So things like that.

Jordan Eisner: Well, and I think so from that standpoint as a consumer, it sounds terrible. You’re wanting one thing and getting all these calls from undisclosed partners. But at the same time, this is a lifeblood for a lot of organizations too. Not the mass 5,000 list callers of that sort of thing, but lead generation for organizations and how they find customers that way. And so middle ground always needs to be struck on this, but that’s part of the heartburn for the lead industry on these changes that we’re going to get into and why we’re having this podcast today.

So good overview. Thanks, Tony. Thanks, Steve.

Steve Gniadek: Just let me add one more thing there too. Even if it is industry-related, I can give you a real-life example here. We work with a client in the mortgage space who is buying leads from one of those mortgage lead gen sites. And a lot of those types of sites will get the lead information. They’ll push it out, maybe even not to thousands of companies, but even let’s just say 10 different mortgage companies, then each one of those mortgage companies might call 30 to 40 times in a month. That adds up. And we have seen results where someone, a consumer was called over 300 times in a 30-day period regarding different mortgages.

The issue is also, consumers get frustrated after, as you can imagine, after that last call, which would have been their 300th call, well, they’ll complain and they’ll say one company has called them 300 times when it might have been 10 different companies calling them 30 times.

So, you’re trying to find those calls to one person and that really catches the attention of the regulator. So, you definitely need to be careful with that as well.

Jordan Eisner: Yeah. And I know it was looking at mid-2024 for when the rule was going to go in place, but they just expanded that, right? So is it early 2025, Tony?

Tony Jarnigan: Well, great point. The regulator then initially provided a six-month timeframe for the industry to become compliant. And by the way, that was pretty significant in and of itself as implementation periods for rule changes are typically much shorter. So it was felt that the six months timeframe illustrated that they understood that this is a pretty significant change.

Then, a bigger point, after the measure was voted on and passed last month, December 13th, to be exact, they came out a couple of days later with their final order within a few days and it provided for the 12-month implementation period that you referred to. And they’ve opened the process back up to comments where impacted entities can make their case as to why they don’t agree with it or how they’ll be impacted.

The FCC appears to have been persuaded by arguments that small businesses will unfairly endure the heaviest impact. And so they want to continue to hear comments about that for a while. Looks like that’s going on now and it’ll end at the end of January.

So their order said that they will continue to monitor the impact that the rule has on small businesses and they’re seeking comments, as I said, on how they can refine the one to one consent rule to mitigate burdens on small businesses. It doesn’t sound like they’re necessarily interested in undoing anything, but they just want to continue to refine.

So the 12 month period would begin once the final rule is published in the Federal Register. If nothing changes as a result of this new commentary period and then the way it’s written now, we think that it will be published probably sometime in February after the comment period ends. So making the effective date sometime in February, March 2025.

But if the rule language changes again, it could be later, but currently no earlier than 2025.

And also I would just point it real quickly. We already hearing that some groups are planning an appeal of the order. So things could be in a bit of a flux. The early 2025 timeframe assumes that things go as the FCC expects them to go, I’d say.

Jordany Eisner: Okay, which maybe is seldom the case. It’s sort of like airline loyalty programs, right? Where they come out with some hard stance and then everybody revolts and they amend it a little bit, changes that way. I’m getting that vibe here.

So for our listeners, how do they know if these rules apply to their organization?

Tony Jarnigan: Well to me, this is one of the most curious parts of the whole thing. So the FCC believes this new rule will go such a long way in curbing unwanted phone calls. But at the end of the day, it only applies or appears to apply to those who deliver a call or a text using an automated telephone dialing system or an ATDS, which includes under the FCC’s definition, live calls as well as pre-recorded messages.

Yet, as we know, after the industry favorable Facebook decision by the Supreme Court, there’s not a whole lot of systems out there, if any, that would be considered an ATDS. So we’re not sure at the end of the day what ultimate impact it will have.

The FCC has said those that, has even said that those manually who manually dial, they’re probably being those who use a non-ATDS platform, are still okay. But we don’t know if this means that they can still use the hyperlinks to get consent or what. So this is a bit of a $64,000 question in our view and some other views.

Steve Gniadek: And just to add there too though, what I really think is going to happen too is this is just another tool in the toolbox for some of these professional plaintiffs and litigants out there that they’re going after. They’re going to start filling out lead forms. And the assumption is based that it is an ATDS or an automated platform in some way or another. Therefore, you would be required to defend yourselves and evidence.

So there is still risk there, even though the rule may not apply. Even if you’re manually dialing on a desk phone, you’re still going to have professional plaintiffs come after those forms and you’re going to have to defend yourselves.

Tony Jarnigan: Exactly right. So there’s still professional plaintiffs who are salivating waiting for this to take effect.

Jordan Eisner: So if I’m an organization that purchases leads then from lead gents, what steps should I take to ensure I’m following the new rules?

Tony Jarnigan: Well, the conservative approach would be to ensure that you’re only purchasing leads where the consumer has affirmatively opted in to hearing from you specifically, right? So more than likely, that means that your leads are going to get more expensive. But all players need to adhere to the FCC’s vision, which is that they perceive situations where consumers are presumably presented with comparative shopping information about sellers and then affirmatively opts in to hear from a specific seller with clear and conspicuous consent language.

If the consumer wishes to hear from an additional seller, they would have to opt in and provide separate consent for that engagement.

Very important here. You know, if you’re the lead purchaser, you’re the seller, right? You’re the low-hanging fruit. I’d say if you were focused on keeping copious records before, I’d suggest your record-keeping practices should really kick into overdrive with this new rule.

You’ll want to be able to prove language that was used at the time you gained consent, that consent was provided to you specifically, and of course, the date that the consent was provided.

Steve Gniadek: Yeah, and a big factor in that is, like you just alluded to, is reviewing these lead sources and forms prior to placing calls. You know, don’t rely on a vendor saying, yes, we’ve got great express written consent, and it’s specific to you. Well, you know, we know that there are those vendors that they might not understand the rules as good as someone else, so they might think express written consent disclosure language was good, whereas it really wasn’t.

And then there’s also sub-vendors of sub-vendors, so we could be talking, you know, hundreds, if not thousands, of other sources, which we know is difficult to monitor and force all of those. But at the very least, you know, look at your largest volume lead sources that you’re buying leads from and make sure that you are reviewing those forms to ensure that you do, in fact, have the proper express written consent to keep yourself safe.

Jordan Eisner: And you used monitor and enforce there, Steve, and I know we use that a lot here at CompliancePoint, and I know it’s in the regulations, but expand on that just a little bit for an organization buying leads, right? How can they monitor and enforce, right, with their Legion partners?

Steve Gniadek: You know, again, one is, like I just said, review the forms before you start placing calls. Make sure it has the proper clear and conspicuous disclosure language that, you know, it’s calling out your company specifically or, you know, with a checkbox where they’ve selected. Just review those, keep track of those through records like Tony mentioned earlier to make sure this is what this page looked like at the time this consent was provided.

And then just continue to watch those on a, you know, quarterly basis or if those lead forms change at all, make sure you get new copies of it and just make sure your record keeping is solid and that you’re, you know, keeping records of the monitoring enforcement process too.

It’s more than just taking a quick look at it. You should be documenting it and know what it looks like at the time.

Jordan Eisner: And I guess the enforce comes with, if they’re not doing these things, you know, checking quarterly, right, they’re putting your company at risk. You got to be ready to move to a different partner or at least not use that partner.

Steve Gniadek: Or even, you know, if they made a change that didn’t seem acceptable to you or you felt like it could put you at risk, ask them if they’re willing to change it or fix it. You know, a lot of times, I think it’ll be different now, but in the past, a lot of times those lead gens, unless they were getting complaints from all of their clients, weren’t real acceptable to making changes. But yes, you have to be willing that if you feel that these would not be good leads for you to place calls to, and it’s putting your company at risk, you need to be willing to part ways with that particular lead vendor.

Jordan Eisner: So what about the organizations that generate and sell leads?

Tony Jarnigan: Well, here too, I think that, you know, the process should be the same in terms of the focus, right? The FCC has made it clear in their comments or their dicta that they intend to hold everyone in the chain responsible for compliance.

So you know, lead generators too, regardless of how the sellers are dialing, I think, need to make sure that they’re revisiting their platform and matching consumers with sellers one to one, getting consent for specific sellers rather than trying to get consent for multiple sellers and especially for those not topically or logically related, you know, through hyperlinks.

But like Steve said, you know, making sure that, you know, you get those platforms reviewed.

Steve Gniadek: And it might be more beneficial for some of these lead generators too that, I mean, unfortunately for the buyers, Tony had mentioned earlier, these leads might get more expensive, which they could because they are more targeted. I mean, these consumers are going to a website and potentially specifically selecting maybe two of five companies that they want to hear from. They’ve said, yes, I want to hear from your company specifically, which is a requirement, but it might be a better quality lead than, you know, prior to this rule change.

Jordan Eisner: Okay. And so, you know, our listeners know we all work for CompliancePoint and we have a long track record of helping organizations comply with what you would maybe deem Legion rules. But Steve, maybe this is more so for you since you’ve got 20 years at CompliancePoint. As opposed to saying, you know, how we can help, I think it’s going to mirror a lot of what we just talked about helping companies do it, but maybe some examples, right, of organizations we’ve worked with to help monitor and force against their Legion partners or even Legion organizations that we’ve worked with to help them look, I’d say, the most presentable to their clients, right, and their, you know, organizations that are buying leads from them.

So what are some things we’ve done at CompliancePoint that might interest our listeners if they’re, you know, seeking support with these new rules and how to comply with them?

Steve Gniadek: Yeah, I feel like I’m kind of repeating myself here, but I think it is an area where a lot of these lead buyers actually don’t dive into the deep end as much as they should and really get into the weeds. And it could be as simple as looking at these Legion forms and the URLs and where the consumer is going to get that information.

You know, our experience here is a lot of times we get disclosure language from a client or someone that they want us to review a form and we’ll take a look at it, but they’ll send us initially just disclosure language, which might look fine, but we always have to go back to them and say, well, can we see it in the context that it’s actually being used? And when we get the URL or a screenshot of where that form is being presented, the disclosure language is so small and in fine print out that it’s hard to read, it’s not clear and conspicuous.

I think a lot of these buyers might just be relying on the vendors to say, yes, these are good and they’re okay. You’re putting yourself at a great risk by doing that because they may not have an understanding. I mean, there’s always that balance, right?

You have to try to make sure marketing and sales is happy, but you also need to make sure compliance and legal is happy too to help reduce that risk of getting a large enforcement action fined against you. So you need to really get involved and you need to not rely on others. You’re responsible. You need to make sure that these leads are valid leads and it has all the requirements and document that.

When we go through our process and we’ll review lead sites, we’ll take screenshots and save the URL and then offer commentary such as that the disclosure language was too small and needs to be increased font size or not made gray, but make it stand out and be the same size font as other verbiage on the page.

Jordan Eisner: Yeah, I think our value add comes in from how to do it, right? The best way to monitor, right? The cadence at which to check in, right? How to provide the feedback. Or just bandwidth, right?

Sometimes with these organizations and their compliance departments, a lot of times we see our understaffed, right? And so having an external resource that can be monitoring and providing these results for you and could be part of your organization’s collective monitoring enforcement program, right?

If you’ve got outbound telemarketing activities, right? That is one of the elements of safe harbor, right? Or the FTC, FCC, whichever both to prove that you’ve got a document and monitoring enforcement program.

Steve Gniadek: And just to go back, it’s kind of related to what we were just previously talking about as well, but the willingness to move on from a lead gen if they’re not willing to cooperate. One, they might not want to change, but even before that, they might not even want to show you those lead forms, which I never understood. A lot of the lead-generating partners might feel like that’s their secret sauce and they don’t want to give away their trade secrets. But at the same time, these are published pages where consumers are going to enter their information to generate these leads to receive calls about products and services. You know, we really need to be able to review those. Otherwise, they don’t really have a safe approach here.

Tony Jarnigan: And just to piggyback on that too, I think this can’t be repeated enough.  In terms of what CompliancePoint can do, we can review those URLs and lead forms for any listeners to ensure that valid express written consents being captured under the new rule. As Steve said, this is something we’ve been doing for a long time under the existing or old rule, however you want to look at it, in terms of the lead capture process, the consent language used, whether it contains all required elements, whether it’s clear and conspicuous, appears above the call to action button, and all those sorts of things, all things of that nature. So we can help any listeners with that stuff.

Jordan Eisner: Thank you for that, Tony.

Well, I think that about does it. This has been very insightful. I appreciate both of your time and willingness to jump on this. And thank you as well to our listeners.

And be sure to check back for more content on probably this topic, I would imagine throughout the year, other marketing compliance topics, but also data privacy, data security, anything in that realm.

So if you’re interested in learning more about CompliancePoint, whether it be those monitoring enforcement services or lead gen auditors, consent language auditors, you name it in that realm, check us out online, CompliancePoint.com. Inquire with us at connect@CompliancePoint.com or reach out to Steve, Tony, myself, right? We’re all on LinkedIn. Reach out to us that way. We’d be happy to start a conversation.

Thanks everyone.

Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.