Pages

Topics

Thursday, September 17, 2020

Essentials of Telemarketing Policy

QUESTION 
You recently answered a question about a company not having a Do Not Call list. The answer you gave became the basis of a meeting about how to manage our telemarketing procedures. We have updated our policies and procedures and commenced the training of our internal sales force and external telemarketing firm. I can’t thank you enough for your timely advice.

But a subject came up in our meeting that I would like to discuss. In updating our policies and procedures, we could not find a list of chapter and section titles. We want to list them and then provide our requirements in the procedures. So, we decided to send this question to you with the hope that you will provide some of the elements needed in policy and procedures on telemarketing.

Our question is, then, what are some essential elements of the telemarketing policy and procedures?

ANSWER 
I wrote about telemarketing violations last week in connection with the Do Not Call Registry and procedures as these relate to the Telemarketing Sales Rule. Given that you are currently following up on your telemarketing strategies and updating your policy document, I will offer some elements that should go into it.

You should contact us for a Telemarketing Tune-up, because a policy approach is only a foundational framework. Our audit is quick and cost-effective. It provides findings, recommendations, and a risk rating. Your telemarketing procedures should be evaluated for regulatory compliance. That is what the Telemarketing Tune-up does. If you are actively involved in telemarketing initiatives, you should get this audit done as soon as possible.

With respect to essential elements of a telemarketing policy, I would recommend that you have chapters and sections for the following subjects. My suggestions are not comprehensive because telemarketing strategies vary, and your policy should adequately reflect the variance. However, as a serviceable set of guidelines, I think you should consider these outlined elements fundamental to a solid telemarketing policy.

Permissible Hours
You should not be making telephone calls to consumers before 8 A.M. or after 9 P.M. local time at the call’s destination, unless the person being called has specifically agreed to let you call at another time.

Do Not Call Lists
This section would require on-going training and monitoring. For instance, among other things, you need to maintain a list of consumers who ask not to receive telemarketing solicitations, consumers whose names appear on the national Do Not Call list, tracking for honoring the requests of consumers who ask not to receive telemarketing solicitations, implementing a process to prevent telephone solicitations to any telephone number on your Do Not Call list or the national Do Not Call list, training, and keeping a version of the national Do Not Call Registry, obtained from the Registry no more than three months prior to the date any call is made, and maintain records documenting this process. Furthermore, you should be auditing contact with consumers to ensure you do not sell, rent, lease, purchase, or use the national Do Not Call database, or any part of it, for any purpose except compliance with the rules and to prevent telephone solicitations to telephone numbers registered on the national database.

Oral disclosures for Outbound Telephone Calls
Make it a requirement to disclose the following information truthfully, promptly, and in a clear and conspicuous manner, in any outbound telephone call to a potential new customer: your institution’s identity, the purpose of the call (viz., to originate mortgage loans), and that you originate mortgage loans. I suggest you contact us for compliance support in this area, as we are one of the few compliance firms in the country that provides Call Calibration, which is a methodology to audit and report on calls between a financial institution and consumers.

Artificial or Prerecorded Voice Calls
Be very careful in using this telemarketing strategy! You should not use artificial or prerecorded voice calls to a consumers’ homes (or business) unless you already have a business relationship with the persons being called. Be sure that any artificial or prerecorded voice message releases the line of the person being called within five seconds of notice that the called party has hung up. Your call should have a call identifier. Also, the beginning of any prerecorded message must clearly state your identity, and during or after any prerecorded message, you must state your telephone number.

Call Abandonment
You should not abandon more than 3 percent of calls answered by a person. Additionally, you must deliver a prerecorded identification message when abandoning a call.

Caller Identification
Always transmit caller identification (i.e., caller ID) information, when available, and do not block this information ever.

Facsimile Machines
Do not send unsolicited advertisements to facsimile machines. If you do send any fax, be sure to identify your institution as the sender.

Disclosures for Telephone and Direct Mail Solicitations
Yet another area that calls for Call Calibration! This is an area fraught with litigious minefields. Be sure to disclose the following information, orally or in writing, before a customer pays for any services offered in a telephone or direct mail solicitation: the total costs to receive the services offered; all conditions that must be satisfied to receive the services offered; if you have a policy of not making refunds, provide a statement of your policy; if you mention a refund policy, provide a statement of the key terms and conditions of the policy.

Misrepresentations
You should not misrepresent, directly or by implication, many forms of information, such as the total costs to receive any services offered; all conditions that must be satisfied to receive the services being offered; any features of your services; and any aspect of your refund policies. Steer away from ever saying that you are affiliated with, or endorsed by, any government or other organization. Be careful, too, about misrepresenting prize promotions, such as not disclosing any aspect of a prize promotion, not including (among other things) the odds of being able to receive a prize, misleading about the nature or value of the prize, or misstating that a purchase or payment is required to win a prize or to participate in a prize promotion. Consider Call Calibration when conducting telemarketing campaigns involved prize promotions.

Verifiable Authorization
You should obtain express verifiable authorization before submitting a check, draft, or other form of payment from a person’s account as the result of your telemarketing efforts in one of three ways: in writing; by tape-recording an oral authorization that contains references to the date of the draft or other form of payment, its amount, your name, your telephone number for consumer inquiries, and the date of the authorization; and by providing written confirmation of the transaction, including the date of the draft or other form of payment, its amount, your institution’s name and telephone number for consumer inquiries, and the date of the customer’s oral authorization

False or Misleading Statements
I would insert a separate section for this policy element, even though it includes aspects of the section on Misrepresentation outlined above. Use this section to set forth definitions of false and misleading statements and provide examples of each.

Assisting in Violations
Include a section that states how your institution will not assist anyone else in deceptive or abusive telemarketing acts or practices when you know or should know the other person is violating the FTC or FCC rules. Such an affirmation is important, and will be looked upon favorably by regulators during an audit.

Abusive Acts or Practices
This is a thorny area filled with problematic pitfalls and potential litigation. Threats, intimidation, or the use of profane or obscene language is only the start. It may seem obvious that you should not request or receive payment of any fee before a loan is originated if you have guaranteed or represented a high likelihood of success in obtaining the loan. But there is far more involved in these telemarketing hurdles. For instance, you should not initiate a telephone call, other than a call for emergency purposes or with the prior express consent of the called party, using an automatic dialing system or an artificial or recorded voice, to emergency lines, health care facilities, radio common carriers, or any number for which the called party is charged for the call. Expanding abusive acts further, you should not (1) use an automatic dialing system to make calls that simultaneously engage two or more lines of a multi-line business; (2) disconnect an unanswered telemarketing call prior to at least 15 seconds or four rings; (3) guarantee or assure customers regarding the likelihood of loan approval; (4) cause any telephone to ring or engage any person in telephone conversation repeatedly or continuously with the intent to annoy, abuse, or harass; and (5) initiate an outbound telephone call to a person when that person previously has stated he or she does not wish to receive an outbound telephone call from your institution. Use Call Calibration to monitor for abusive acts or practices.

Recordkeeping (24 Months)
Be sure to include a section on recordkeeping. All substantially different advertising materials must be kept for 24 months. Keep the name and last known address of each customer, the loan made, the date the loan was closed, and the amount paid by the customer in connection with the loan. Keep also the name, any fictitious name used, the last known home address and telephone number, and the job title(s) for all current and former employees directly involved in telephone sales. If you permit employees to use fictitious names, you must be able to trace each fictitious name to only one employee. And, maintain all verifiable authorizations required under the rules. With respect to prize offers, keep the name and last known address of each prize recipient and the prize awarded for prizes having a value of $25 or more.

Recordkeeping (60 Months)
Keep all Do Not Call requests for 60 months, including any consumer requests to not receive solicitations.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Thursday, September 10, 2020

Telemarketing Violations

QUESTION
We received today a notice from the FTC that says we are in violation of the Telemarketing Sales Rule. They cite us for not complying with the Do Not Call requirements. We do most of our loan originations online, and we use telemarketers to create business leads for us. 

One glaring problem is that we did not maintain a Do Not Call list. But there are other issues, too. 

Now we have 30 days to respond to the FTC or face penalties. We’re now scrambling to show that our telemarketing complies with the FTC’s guidelines. 

I know you get a lot of mail, but time is running out. We need your help. 

What should we be doing to comply with the Do Not Call requirement? 

Should we be monitoring the Do Not Call Registry? 

What happens if we have telemarketing procedures but still make a mistake by calling somebody on the Do Not Call list?

ANSWER
I have prioritized your question. Although we do receive a great deal of mail, some questions are more time-sensitive than others, and yours needs an immediate response. 

I urge you to contact my firm to do a Telemarketing Tune-up soon, so that (1) you get a due diligence review with a risk rating, showing strengths and weaknesses in your telemarketing program, and (2) you can show your regulator that you are taking affirmative steps toward conducting an independent review.

The Telemarketing Sales Rule (“TSR”) has a Do Not Call Safe Harbor. However, to use it, you need to comply with a set of guidelines. If you or your telemarketer can establish that, as part of its routine business practice, you meet certain requirements, you will not be subject to civil penalties or sanctions for erroneously calling a consumer who has asked not to be called, or for calling a number on the National Registry.

The following is a list of those requirements.

-You or the telemarketer has established and implemented written procedures to honor consumers’ requests that they not be called.

-You or the telemarketer has trained its personnel, and any entity assisting in its compliance, in these procedures.

-You, the telemarketer, or someone else acting on your behalf (or a charitable organization) has maintained and recorded an entity-specific Do Not Call list.

-You or the telemarketer uses and maintains records documenting a process to prevent calls to any telephone number on an entity-specific Do Not Call list or the National Do Not Call Registry, provided that the process involves using a version of the National Registry downloaded no more than 31 days before the date any call is made.

-You, the telemarketer, or someone else acting on your behalf (or a charitable organization) monitors and enforces compliance with the entity’s written Do Not Call procedures.

-The call is a result of an error. (For the meaning of “error,” see below.)

You should continually monitor the Do Not Call Registry! You should not call consumers if, among other things, they have placed their number on the National Registry, or not given written and signed permission to call, or you have no established business relationship with the consumers, or if they have asked to get no more calls from you or the telemarketer contacting them on your behalf.

If you don’t constantly monitor and comply with the National Registry, you and the telemarketer may be liable for a TSR violation. If an investigation reveals that neither you nor the telemarketer had written Do Not Call procedures in place, both of you will be liable for the TSR violation. If you had written Do Not Call procedures, but the telemarketer ignored them, the telemarketer will be liable for the TSR violation. Still, you also might be liable, unless you could demonstrate that you actively monitored and enforced Do Not Call compliance and otherwise implemented your written procedures. Ultimately, you are responsible for keeping a current entity-specific Do Not Call list, either through a telemarketing service you hire or your own efforts.

With respect to your question about what would happen if you have procedures but still make a mistake by calling somebody on the Do Not Call list, the Federal Trade Commission might view it as an “error,” if and only if you or the telemarketer has and implements written Do Not Call procedures. Generally, this action will not be liable for a TSR violation if a subsequent call is the result of an error.

But – and this is important – you may be subject to an enforcement investigation, which would focus on the effectiveness of the procedures in place, how they are implemented, and if all personnel are trained in Do Not Call procedures. If there is a high incidence of “errors,” it may be determined that the procedures are inadequate to comply with the TSR’s Do Not Call requirements, the Safe Harbor is not fulfilled, and the calls violate the TSR. On the other hand, if there is a low incidence of “errors,” there may not be a TSR violation. The determination of whether an excusable “error” occurs is based on the facts of each case.

Here’s a rule of thumb: to ensure that adequate Do Not Call procedures are implemented, test periodically for quality control and effectiveness.

Your situation is not unique. Many financial institutions regularly face the prospect of telemarketing violations. Indeed, any company that engages in telemarketing or uses a telemarketer should get the Telemarketing Tune-up done as soon as possible. 

You might also want to require your telemarketer to do the Telemarketing Tune-up as a condition for doing business with you.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group

Thursday, September 3, 2020

Management Oversight: Evaluation Methods

QUESTION
Our Board of Directors has asked our internal audit group to provide an evaluation of our management. Some members of our management are resisting, saying that they do not need to be bothered with oversight.

We decided to retain an independent internal audit for this purpose, and your firm’s name was mentioned. We are contacting you to discuss this matter. In the meantime, I wonder if you would share with all of us some insight into how financial institutions should evaluate management oversight from a self-assessment point of view.

We have two questions.

First, what should evaluation of management oversight consider?

And second, what questions should we ask as part of a self-assessment?

ANSWER
Quis custodiet ipsos custodes?[i]

Who will guard the guards themselves?

This Latin phrase comes from the Satires, a collection of satirical poems by the 2nd-century Roman poet Decimus Junius Juvenalis, better known as Juvenal. 

In Plato’s Republic, there is a considerable disquisition on how to control persons in positions of power whose actions may lead to abuse of authority.[ii] 

Juvenal was referring to the notion that wives cannot be trusted, so keeping them under guard is a good strategy for monitoring them. However, pessimistically, Juvenal is suggesting that keeping them under guard is not a solution because the guards themselves cannot be trusted. 

Plato was more optimistic about human nature. He thought that people in power could be trusted to behave properly and that it is "absurd" that they should require oversight. Indeed, Glaucon, Socrates’ interlocutor, states: “Yes, it would be ridiculous that a guardian should need a guard.”[iii]

There is nothing absurd about management oversight in a financial institution. Whether the initiative is undertaken as a self-assessment or an internal audit, management should receive a great deal of oversight. 

Doing an evaluation is needed, but will it be effective? It would seem that Juvenal’s view – “who will guard the guards themselves” – leads to evaluation; but Plato’s view – it is “ridiculous that a guardian should need a guard” – leads to resistance.

Management oversight is how a financial institution determines that strategic policies and objectives are being met through an evaluation of policies, plans, programs, and projects carried out by people charged with the authority to achieve expected results. These results should be accomplished in compliance with applicable policies, laws, regulations, and ethical standards. A Board stands “over” management hierarchically, and, as such, focuses its “sight” on management actions.

When Lenders Compliance Group conducts an independent internal audit, we include a review of many factors involved in management oversight. Our philosophy is that our evaluation of oversight functions are meant to look at a process, program, or project “from above,” as an independent agent (as it were) for the Board’s governance role. The Board generally is not involved in day-to-day management, but an oversight evaluation can provide mission-critical information about whether the Board’s many obligations are being duly implemented.

I am going to provide a set of factors that my firm takes into consideration when we are retained for an internal audit, which necessarily includes management oversight. 

If you only need an evaluation of management oversight, keep your costs down and use our Management Tune-up®, which is a targeted, cost-effective, mini-audit that provides an extensive report and risk rating. 

If interested, click HERE and we’ll send you information about it.

Concerning your first question about evaluating management oversight, we consider a host of factors and conditions. The following list provides a few important considerations.

- Extent of Board oversight and involvement in assuring compliance with consumer protection and fair lending laws and regulations.

- Training of directors and senior management regarding compliance and fair lending issues.

- Rationale for implementing new policies or procedures or modifying existing ones.

- Any negative comments on rejected loan applications during loan committee or any other meeting (such records must be traced to the specific loan file to assure that no unlawful disparate treatment or discrimination was involved in the denial).

- Consideration of new loan or deposit products and strategies for their implementation.

- Consideration of new software or software vendors.

- Consideration of third parties for compliance audits.

- Approval of, and rationale for, branch openings and closings.

- Whether the Board documented a review of the prior report that included, as applicable (i.e., a discussion of recommendations for policy changes, an adoption of those revisions, and a report regarding corrective action and subsequent testing for identified violations).

Your second question involves the questions you want to ask when conducting a self-assessment for management oversight. I am glad you want this information because asking the right questions is the key to getting useful answers. Keep in mind that your review should use collected materials as well as discussions with management. 

I will put these questions in the context of compliance because that is (and should be) the cornerstone of this review. Be sure you have the remit to determine if management oversight is strong, adequate, or weak. I think you should consider the following questions.

- What is the business strategy, and what is the compliance implications of that strategy (for example, elevated risk due to rapidly growing subprime lending, cutting-edge e-banking activities, and so forth)?

- What particular compliance-related area(s) does management feel are weak or in need of review?

- Have the Board and senior management worked to foster a positive climate for compliance?

- Has management allocated the appropriate level of resources to compliance?

- Does the institution have a designated compliance officer and/or compliance committee? (If not, is the absence of an officer or committee significant in light of the institution’s resources and risk profile?)

- Has management ensured that the compliance officer(s) and/or compliance committee has/have the level of authority and accountability to effectively administer the institution’s compliance management program?

- Has management responded correctly and promptly to consumer complaints?

- Has management responded deliberatively to deficiencies noted and suggestions made at previous examinations and audits?

- How does management stay abreast of changes in regulatory requirements and other compliance issues? (Is this method effective in light of the institution’s resources and risk profile?)

- How does management ensure that the institution’s staff stays abreast of changes?

- How does management ensure that compliance is considered part of new product and service development, marketing, and advertising?