QUESTION
Our regulator has referred our company to the FTC. The problem began with a consumer complaint about the telemarketer. We had unwittingly hired a company that does robocalls. We didn’t even know they did robocalls. We thought they were doing live telemarketing for us.
That company is now facing FTC action because they impersonated themselves as providing debt reduction. We are now apparently swept up in this situation, even though we did not hire the company for debt reduction marketing.
We just terminated the robocall company. But the damage is done. Now our regulator and the FTC are doing an investigation. They are digging into every marketing program, complaint, telemarketing strategy, marketing script, policy, procedure, and media initiative.
If we had known how much of this impersonating is going on, we could have avoided this robocall company or at least made sure our third-party vendor approval process would have included procedures to evaluate such risks.
Maybe you could share some information about these impersonators so that others do not fall into a mess like ours.
How much impersonation is happening by marketers?
What can my institution do to protect itself?
ANSWER
Impersonation is amongst the highest complaints to the Federal Trade Commission (FTC). Technically, this type of contact with the public is called “imposter calls.” One of the access points the FTC utilizes for collecting data on imposter calls is the National Do Not Call Registry, known by its acronym “DNC.”
The DNC, active for fourteen years, lets the public add their phone number to their database, thereby choosing not to receive telemarketing calls. It has nearly 250 million phone numbers registered.[i] You might be interested to know that complaints relating to imposter calls top the list, weighing in at almost 287,000 complaints in FY 2022.[ii]
The imposters run the gamut, from posing as Social Security Administration representatives to the IRS, to legitimate business entities and their affiliates. As to robocalls, which are prerecorded messages, the FTC received 1.8 million complaints in FY 2022. Complaints older than five years are purged biannually. The five states with the most complaints are Delaware, Ohio, Arizona, Maryland, and Virginia.[iii]
Drilling down a bit, imposter robocalls constituted 209,000 complaints. The scammers take advantage of Voice over Internet Protocol (VoIP), a technology more and more in use these days, because VoIP allows them to make a high volume of calls.
Since you had retained a telemarketing firm, you should know that telemarketers and sellers must remove numbers added to the DNC Registry from their call lists at least every 31 days.[iv] But how does your institution know that this is being done? My guess is that you simply do not know if the telemarketer is complying with the requirement to remove numbers. However, there are means and methods available to determine if a certain level of compliance is taking place.
Now, as to the broader question of your predicament, if a company violates the Do Not Call rules, consumers can report the call to the FTC online or by calling a toll-free number.[v] Law enforcement officials review these complaints, as well as consumer registration and telemarketer access information, through a resource called the Consumer Sentinel Network[vi], which is an online database maintained by the FTC.[vii]
Unfortunately for your institution, your regulator has brought its concerns to the FTC, and the FTC is currently working to investigate. Ultimately, as you surmise, you should have due diligence protocol to ensure vendor management includes a thorough review of the risks associated with using telemarketers. Get your vendor management policies and procedures in shape, and keep them current with cites to the FTC’s daily complaint data.
In the situation you find yourself in, those imposter robocalls are impersonating debt reduction enterprises. But you can’t wiggle away from the investigation because your firm has actually retained the telemarketers, albeit for a different purpose.
You do not say if there was a consumer complaint to the FTC about your institution itself. However, if you have a record of using telemarketers, or even if you have used the telemarketer just once, part of the FTC investigation might include a probe into how pervasive the telemarketer has conducted illicit activity. You are likely not the only institution caught up in the investigation. Implementing strong vendor management compliance is possibly the best way to avoid this debacle from happening again.
Jonathan Foxx, Ph.D., MBA
Lenders Compliance Group
[i] Do
Not Call, Data Book 2022, Federal Trade Commission, November 2022.
[ii] Ibid.
FY 2022 Complaints by Topic, National Do Not Call Registry, Compliant
Figures for the Year
[iii]
The FTC offers interactive data dashboards and data files. These can be
accessed online at www.ftc.gov/reports/national-do-not-call-registry-data-book-fiscal-year-2022.
[iv] Organizations
can access the DNC Registry at www.telemarketing.donotcall.gov.
[v] For the online consumer complaint line, visit www.donotcall.gov. Consumer calls are
handled at 888-382-1222.
[vi] Daily
complaint data is available at www.ftc.gov/data.
[vii] About
Sentinel, visit www.ftc.gov/sentinel.
Law enforcement personnel may join Sentinel at www.register.consumersentinel.gov.