Telemarketing rules ringing off the hook: faced with ever-increasing state and federal rules and regulations, C-suite executives and risk managers dwell most on their “big three”: the Do-Not-Call list, privacy and outsourcing
John Williams
It’s no secret that telemarketers aren’t exactly welcome. They call during dinnertime, they want to sell consumers products or services they often don’t need, and these days they’re getting through even though millions of people have registered with the Do-Not-Call list.
While some consumers may feel powerless to stop pesky callers, the industry insists complying with new rules is a priority.
Two years ago, for example, few companies had compliance officers, says Tim Searcy, CEO of the American Teleservices Association in Indianapolis. But because of new federal and state laws, most companies have compliance officers.
He hopes that telemarketing companies will “look at compliance not as something that has to be done, but something that they want to do.” He also says that the telemarketing industry could follow lessons from the insurance industry, which is built around a culture of compliance.
“The issue that compliance officers are struggling with the most is DNC legislation,” says Joseph Sanscrainte, director of regulatory affairs and general counsel for Glen Cove, N.Y.-based Call Compliance Inc., which offers “teleblock” technology that allows outbound callers to screen outbound calls against federal and state DNC lists and, as appropriate, block them as they are being made. The federal DNC law went into effect June 27, 2003. Within 72 hours, 10 million consumers had signed up. As of mid-2005, 97 million numbers were registered. According to Searcy, this represents more than 60 million people.
“There are people with more than one phone line, and a lot of people also registered their cell phones, under the misconception that these could be called by telemarketers, which is not the case,” he says.
Compliance with the DNC lists is crucial, because the fine is $11,000 per violation.
To date, the Federal Trade Commission has received more than 500,000 complaints. However, this is only the tip of the iceberg, according to Sanscrainte. “While the DNC law went into effect in 2003, the FTC and Federal Communications Commission are only now beginning to gear up to heavily enforce the rules,” he says. “As such, while there have been some enforcement actions in the past, we expect to see even more in the future.”
In investigating complaints, the FTC and FCC look for what the FCC calls “fail-safe Do-Not-Call compliance mechanisms.” That is, it is not enough to just have some procedures in place to scrub numbers. “You need an extra layer of protection that acts as a failsafe against potential for human error,” says Sanscrainte.
Companies must also comply with relevant state laws. For Steve Maclaskey, president of Kristel Marketing in Blakeslee, Pa., the biggest challenge his company faces is making sure it doesn’t violate state or federal Do-Not-Call laws. “If we’re not calling people on the DNC lists, that prevents 90 percent to 99 percent of our problems,” says Maclaskey, whose company encourages people to visit resorts. When Pennsylvania’s DNC law went into effect three years ago, Kristel Marketing had already been “cleaning” its leads.
However, the company still found itself in violation of the new state law. “Since that time, we have created a program designed to come into compliance, and we haven’t had any problem since then with the law,” he says.
Maclaskey also encourages companies to have their own private DNC lists that go beyond federal and state lists. For example, if a person recently placed their number on a DNC list, that number won’t show up for a couple of months. But telemarketers may reach the client in the interim.
“The operators need to explain the delay and put that person on a private DNC list,” he says.
In addition, if an outbound call ends before someone answers, and if the designated recipient of the call uses caller ID, he or she may call back to see what the call was about.
“As such, you need well-trained, professional operators who can explain what the call was about and, if the person is not interested, to make sure to put them on your own DNC list,” adds Maclaskey.
PRIVATE DATA DEMAND
According to Larry Ponemon, chairman of the Ponemon Institute, privacy and information security, such as protecting against identity theft, are issues that are of much greater concern to people these days than in years past.
Earlier this year, millions of people were affected after hackers managed to steal credit-card data from data warehouses.
“Because of technological advances, risk exposures are increasing much faster than companies are responding with risk management strategies,” says Ponemon, whose Elk Rapids, Mich., firm works with large corporations and the federal government.
That is, security and privacy breaches are often not factored into a company’s risk management model, but they need to be. The reason is that, while they are expensive in terms of having to notify consumers of a potential or actual problem, larger losses lurk beneath the surface.
“The real cost is the loss of customers who no longer want to do business with you, believing that you are incapable of protecting their private information,” he says.
The challenge for companies involved in telemarketing is to provide a level of service that customers expect, while at the same time guaranteeing privacy of information. “However, no one has yet created the ideal privacy answer,” admits ATA’s Searcy. “While part of the problem is unethical people seeking access to this information, the larger problem is lack of internal policies and procedures designed to counteract the potential for employee error.”
“Close coordination between the call-center vendor and the client is critical to carry out privacy directives,” states Reid Houser, compliance officer for the Omaha, Neb.-based outsourced customer interaction services provider, Sitel. “As with any legally regulated area, compliance with privacy laws must be documented, visible and consistent.” He suggests developing a privacy policy, publishing it and monitoring it to make sure it is being followed.
“Train your personnel on the policy and on the law, and let them know how important what they do every day is to helping their employer remain compliant,” Houser says. He offers five specific recommendations:
* Do not allow telephone service representatives to have access to e-mail and, if possible and appropriate, pens, pencils and paper.
* Build secure, password-protected databases.
* Avoid having any confidential information entered onto the call center’s computer system, rather than the client’s system.
* Do not permit hard copies with confidential consumer information to be made or retained by the call center.
* Require call-center employees to destroy any notes or consumer information after they have entered that information onto the client’s computer system.
Searcy adds an additional recommendation: “One useful solution that should be considered involves encoding or encrypting private information so it can’t be stolen via intratransaction,” he says.
Finally, make sure employees cannot access all customer information from one location. If one employee does end up having access to all information, this should show up in an audit.
COSTS AND BENEFITS OF OUTSOURCING NOT CLEAR CUT
There is no argument that overseas call-center operations are less expensive to manage than domestic operations, at least from a price perspective. For instance, the 2003 Asian Call Centre Industry Benchmark Study conduced by Callcentres.net found that the average cost to make a call in India is 29 cents, 37 cents in the Philippines and Thailand, and 52 cents in China. This compares to about $2 a call in the United States. On average, a call-center employee in India earns between $5,000 to $10,000 a year, compared to $20,000 to $35,000 for a U.S. worker.
While the upfront price abroad is cheaper, actual costs are sometimes higher due to the risks associated with employing people thousands of miles away, having to pay for “accent neutralization” programs, trying to manage people with diverse cultural backgrounds, coping with the growing shortage of experienced workers and supervisors in countries that are “hot” because of cheap wages, and dealing with the constant turnover of workers and supervisors as shortages and competition grow.
There is a potentially more serious problem that is not as obvious. A 2004 study by Kelly Services of consumers who had placed a call to a company call center within the last 30 days found that 65 percent said it would negatively affect their buying behavior if they found out that the call center was located in a foreign country.
Most respondents cited the importance of keeping jobs stateside in order to hold unemployment rates low. Others cited concern for private information being shared with people outside of the United States.
In response, in 2004, 27 bills were introduced in 19 state legislatures, and two bills were introduced at the federal level, seeking the addition of “location disclosure” and/or financial data privacy protection related to offshore call centers. Most bills would require call-center representatives to disclose where they are physically located and would require specific permission from consumers before their private financial information could be shared with people overseas.
One bill, introduced by Sen. Hillary Clinton, D-N.Y., prohibits private information, including name, address or phone number, from leaving the borders of the United States, says ATA’s Searcy.
While companies involved in telemarketing need to follow these legislative efforts closely, subsequent laws are not a sure thing. One reason is that the bills face hurdles associated with international trade treaties between the United States and foreign countries, which might render the legislative attempts futile.
In addition, it’s not as much of a political hot button as it was last year.
“‘Location disclosure’ legislation was popular during the 2004 presidential election,” notes Searcy. “It hasn’t gone any further, though, but it will probably get hot again in the next presidential race.”
While none of the bills because law in 2004, they are still active in the legislative process in 2005.
Some states are also considering “redirect” legislation. That is, if customers do not want to talk to someone offshore, the call center would be required to reroute the calls back to the United States. “Such laws could pose some substantial problems related to compliance,” cautions Searcy.
Regardless of whether you are creating a relationship with a domestic or an overseas call center, there are several things you should do to protect yourself.
“Engage in due diligence with the call-center provider,” suggests William B. Bierce, an attorney with the New York law firm Bierce & Kenerson. His firm advises clients on purchasing call-center services and call-center legal issues. “Get to know them well,” he says. “See if there have been any enforcement actions against them by the FTC or FCC or by state regulators.”
Also, make sure they have proper bonding in the states where they operate and call. And, of course, make sure they operate with DNC list compliance.
Bierce also recommends a comprehensive contract that is unique to your situation. “A boilerplate one may not work,” he states. The contract should include details related to responsibilities for complying with U.S. telemarketing regulations, indemnification provisions if compliance is not met, specific procedures for data collection, use of technology for maintaining compliance with requirements such as the DNC list, an auditing program, procedures for contract cancellation if necessary, and a business-continuity plan in ease of disruption (such as from a natural disaster).
“It is also a good idea to provide rewards to call centers for risk-based levels of effort,” emphasizes Bierce. “That is, beyond rewarding them for performance-based business outcomes, reward them for compliance!”
RELATED ARTICLE: Step-by-step strategies.
For risk captains looking to navigate the shoals of the telemarketing industry, here are a few pointers.
First, subscribe to the American Teleservices Association’s Regulatory Guide (www.ataconnect.org). It provides up-to-the-minute information on what it takes to be in compliance.
“There are a lot of state regulations that limit calling hours, as well as guidelines for calling customers with whom you have existing business relationships,” says Tim Searcy, CEO of the ATA, which tracks 1,000 different state and federal regulations pertaining to call centers.
Joseph Sanscrainte, director of regulatory affairs for vendor Call Compliance Inc., calls the guide “the best central repository for all telemarketing rules and regulations across the United States.”
The guide is particularly helpful because conflicting state and federal rules often overlap, and because fines range from $500 to $11,000 per incident.
Second, says Searcy, call-center managers need to know how best to interpret the laws on the books. Until case law sets a precedent, the governing bodies don’t provide specific information on how the laws will be interpreted or enforced.
“As such, you need to keep up on cases where firms have actually been fined,” says Searcy. “These cases contain information that provides clear roadmaps for everyone else to avoid being fined.”
Third, be diligent. There are thousands of documents for the various state and federal rules and regulations, says Searcy. As these rules change, it is important for call centers to show that they are keeping up with new rules and training their employees to follow them.
Finally, inspect what you except. Create an audit program. “We encourage compliance officers to build checklists for the purpose of auditing their contact centers, to make sure they are in compliance with the laws,” says Searcy.
When the FTC starts to poke around, “the best thing you can do is show your documented procedures and proof that you have been auditing yourselves and making progress,” he says.
While fines, the loss of customer confidence and the erosion of loyalty are major concerns for marketing companies, it is also important to realize that there is the potential for criminal proceedings.
“It is to the point these days where everything businesspeople do can potentially be subject to criminal proceedings if they don’t utilize the utmost levels of reasonable performance,” says Larry Ponemon, a Mich.-based identity theft expert.
–John Williams
RELATED ARTICLE: What to do in a do-not-call world.
There are several steps call centers can take to remain in compliance with Do-Not-Call regulations, according to Reid Houser, compliance officer for Omaha, Neb.-based Sitel, a global provider of outsourced customer interaction services.
First, establish DNC policies in conjunction with your firm’s legal counsel consistent with applicable federal and state DNC laws and regulations.
Second, set up internal DNC procedures and monitoring systems to carry out these DNC policies. These could include the following:
* Develop procedures to take into account the special exemptions to federal and state DNC regulations.
* Develop, implement and review exception reports. “The exception reports can be set up for hourly, daily, monthly, quarterly and annual notification to the compliance officer and IT personnel,” says Houser.
* Provide immediate notice to the responsible management and employees in the event of an infraction, and monitor accountability and remedial-action functions.
* “‘Seed’ calling lists with bogus numbers to see if your DNC system correctly scrubs them off,” Houser adds.
Next, provide and/or arrange for DNC-related training to your business leaders, account managers, IT employees, team leaders, telephone service representatives and others involved with DNC compliance.
Finally, continue to monitor and improve the internal DNC processes and procedures, and maintain open communications with the IT department and upper management about DNC-related issues.
–John Williams
JOHN WILLIAMS, an Indiana-based freelance writer, is a frequent contributor to Risk & Insurance[R]. He can be reached at riskletters@lrp.com.
COPYRIGHT 2005 Axon Group
COPYRIGHT 2005 Gale Group
