New Illegal Compliance Practice Uncovered – Is Your Vendor Legal?

·

6 min read

The rules and regulations for calling can often be confusing, and that’s why businesses tend to look to the experts. Many of our readers have an entire business model built around that – BPOs help enterprises manage customer outreach, dialers provide customers the right technology to streamline customer contacts, attorneys help businesses evaluate and build best in class compliance strategies, and so on. While vetting practices for vendors is commonly exercised, it usually only goes as far as evaluating technological or financial stability. Evaluating the accuracy and legality of their product, however, is often a much larger task.

Let's Chat About Compliance

Hopefully by now, most readers have mastered their KYC practices. Some red flags are easier to spot than others when acquiring new business. For example, years ago I worked for a contact center platform/dialer, and, on a sales call, my team was asked questions from a prospect, “So, how many of those calls can I get away with? What’s the penalty if I DON’T scrub that lead? How many of these calls do I have to make before I need to worry about hearing from the FTC?” With that line of questioning, the only response I felt comfortable giving my sales team was to instruct the prospect to ask another dialer company because I would NOT do business with them. It is only a matter of time before they face a Civil Investigative Demand from the FTC.

Let’s look at the inverse, though. Let’s suppose that we had told the prospect, “The FTC is nothing to worry about; just throw together some policies that ‘say’ you do the right things, and I’m sure that, IF they come to your door (which they won’t), you can easily brush them off with some documentation and an apology.” How inclined would that prospect have been to sign with us? We told them what they wanted to hear, we helped them save money on compliance technology while, essentially, giving them more leads by allowing them to use my platform to call people they should not. And, hey, we were the experts, so why shouldn’t they take our advice?

I believe the private right of action behind the FCC’s TCPA has created a myopic view of regulatory requirements - perhaps at times so much so that callers ignore the FTC’s TSR. If you followed the news last year, you may have seen Operation Stop SCAM Calls, which clearly demonstrates that the FTC means business. Some of their other actions may have had a little less spot lite, such as the FTC’s lawsuit against XCAST Labs, a prominent provider of call center solutions, voice services, and hosted PBX. In their summary of allegations, the FTC stated, “This case involves billions of illegal robocalls delivered to American consumers using services provided by Defendant XCast Labs”. As a part of settlement proposed last month, XCAST labs would agree to improve its compliance adherence when it comes to telemarketing companies, with a heavy emphasis on a strangely contested topic of Do Not Call usage.

In the proposed order, which you can read here, page 9, section V(A)(2) states “Defendant must immediately terminate or refrain from entering into a relationship with a Customer if a review under Section IV reveals that the Customer: 1) Engages in Telemarketing without a Subscription Account Number for accessing the National Do Not Call Registry;”. The Subscription Account Number (SAN) is something of VERY important note, and 20 years after the creation of the Federal Do Not Call List, continues to shock me when telemarketers have no idea what this is. Without a doubt, “What is a SAN?” is the number one question my sales team receives when they are qualifying new scrub clients. If you, too, are unfamiliar with this term, the simplest way to explain it is that it is a business’s seller registration with the FTC, and it is REQUIRED for scrubbing with the Do Not Call Registry. Every seller needs a SAN for the area codes they call into, and, unfortunately, there are quite often costs around obtaining one. Outside of very limited outsourcing engagements, SAN numbers cannot be shared, and anyone scrubbing without a SAN number is very likely violating federal law.

This isn’t new; the TSR has remained largely unchanged on this topic for quite some time. The FTC has also been clear on this topic in their FAQs, stating “Sellers and telemarketers (on behalf of sellers) must purchase access to the relevant Do Not Call data from the National Registry database. The TSR prohibits participating in any arrangement to share the cost of accessing the National Registry database. A telemarketer may not divide the costs to access the National Registry database among various client sellers; access for each client seller must be purchased separately. Similarly, a telemarketer may not access the National Registry to obtain Do Not Call data and transfer the data to or share it with another telemarketer.”

Despite these VERY clear instructions, we have observed many platforms and scrubbing providers allowing customers access WITHOUT a SAN number. Because ignorance of the law rarely provides a safe harbor, they are putting MANY businesses at risk by exempting or providing illegal scrubbing practices. Businesses who genuinely wish to comply with the law sought an “expert” who is leading them down the wrong path, essentially invalidating their scrubbing compliance strategy.

While nothing in the filing alleges that XCAST allowed scrubbing without a SAN, I do find it curious how much emphasis the FTC put around defining those rules. Perhaps it was simply due to the approximately 2 billion calls alleged to have been made to numbers on the Federal Do Not Call Registry. When you combine that with the proposed settlement’s order to prohibit usage by those without a SAN number, it does make me wonder if they were one of the companies I had been told wasn’t requiring a SAN to scrub. While I am aware of other companies providing scrubbing services without a SAN – very illegal – I am not sure if any companies are “claiming” to scrub and simply skipping that step. Had XCAST been scrubbing on a shared SAN, would this have maybe gone unnoticed, or would they have come under investigation for that prohibited practice instead?

Know Your Vendor, and know that the experts you are seeking are truly “experts.” We all need compliance solutions, and like any critical need, that creates a market for both good and bad actors. But buyer beware: if you are told you don’t need to buy a SAN number or can somehow purchase it from your vendor and include it in your low, low, scrubbing price, you would be well advised to get a second opinion. This doesn’t just apply at the federal level; many states maintain their own DNC registry, and often those, too, carry a cost and/or require special registration.

Contact Center Compliance was among the first to provide easily integrated solutions for all scrubbing needs. Our early entry into the market allowed us to secure the domain name by which we are often more commonly known – DNC.com. Click below to speak with one of our compliance specialists who can show you how we can not only get your compliance strategy back on track, but also help increase call answer rates through better calling practices, SPAM tag remediation, and so much more.