I. BACKGROUND
The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) issued rules governing telemarketing, including implementation of a national “do not call” list to limit telephone solicitations of individuals who have registered their telephone numbers on the list. The FTC and FCC have enforced the “do not call” list against entities over which they have jurisdiction since October 1, 2003. While the FTC does not have jurisdiction over financial institutions, the FCC rule applies to financial institutions and their interaction with customers.
II. DO NOT CALL LIST
The “do not call” registry provisions prohibit any telemarketer from initiating, or any seller from causing a telemarketer to initiate, an outbound telephone call to a person when (a) that person previously has stated that he or she does not wish to receive such a call made by or on behalf of the seller whose goods or services are being offered or (b) that person’s telephone number is on the “do not call” registry maintained by the Commission, of persons who do not wish to receive outbound telephone calls to induce the purchase of goods or services unless the seller (i) has obtained the express agreement, in writing, of such person to place calls to that person. Such written agreement must clearly evidence such person’s authorization that calls made by or on behalf of a specific party may be placed to that person, and must include the telephone number to which the calls may be placed and the signature (which may include an electronic or digital form of signature) of that person; or (ii) has an “established business relationship” with such person, and that person has not stated that he or she does not wish to receive outbound telephone calls made by or on behalf of the seller whose goods or services are being offered.
As noted above, exempted from the national “do not call” requirements are calls from sellers with whom the consumer has an “established business relationship.” This means that a seller (or telemarketer) may call a telephone number contained within the “do not call” list if the seller has an “established business relationship” with the individual whose number is listed (unless that consumer has asked to be placed on that seller’s company-specific “do not call” list). For purposes of the exemption, “established business relationship” means a relationship between a seller and a consumer based on: (a) the consumer’s purchase, rental or lease of the seller’s goods or services or a financial transaction between the consumer and seller, within the 18 months immediately preceding the date of the telemarketing call; or (b) the consumer’s inquiry or application regarding a product or service offered by the seller, within the three 3 months immediately preceding the date of a telemarketing call.
III. PROHIBITION ON FAXING UNSOLICITED COMMERCIAL ADVERTISEMENTS
Financial institutions should also be aware of the FCC’s rule regarding faxes containing unsolicited commercial advertisements (i.e., any fax advertising the commercial availability or quality of any property, goods or services). The rule, effective January 1, 2005, makes it illegal to fax unsolicited commercial advertisements to homes and businesses without first obtaining written permission from the recipient. The “Do Not Fax” provisions of the rule were originally designed to become effective on August 25, 2003, but were delayed for 16 months in response to complaints from business groups.
Under previous law, permission to send faxes to a person was required, but an “established business relationship” was deemed to constitute permission. The amended rule, effective January 1, 2005, does not recognize the “established business relationship” exception and requires the written permission (an “opt-in” approach) of the recipient prior to faxing documents containing “any material advertising the commercial availability or quality of any property, goods, or services.”
In extending to January 1, 2005, the effective date of the FCC rules requiring written consent before sending fax advertisements, entities would have more time to comply with the rules and to obtain written consent and signatures from parties to whom they wish to fax. The extension kept in effect, until January 1, 2005, the exemption that allows entities to send unsolicited fax advertisements to individuals and business with which they have “established business relationships” (i.e., a purchase or transaction within the last 18 months or an inquiry or application regarding products or services within the last three months). Until January 1, 2005, entities transmitting faxes do not have to obtain the express written consent, including signatures, from recipients with whom they have established business relationships. Regardless of the extension, however, fax transmitters still must obtain prior express permission from fax recipients with whom they do not have established business relationships.
The FCC rule allows electronic or digital signatures as evidence of consent, but after the effective date of the rule (January 1, 2005), a fax may not be sent to seek consent. The rule does appear to allow consent forms to be returned by either mail, fax or e-mail. Consent should remain effective until the recipient of the faxes repeals their consent, or until the fax number changes and consent must be obtained for each fax line to which a person or company wishes to be faxed. Even if a person specifically contacts a business requesting materials to be faxed to them, written permission will need to be obtained prior to faxing.
IV. ABANDONED CALL REQUIREMENTS
It is a violation of FTC and FCC rules to abandon any outbound telephone call. An outbound telephone call is deemed to be “abandoned” if a person answers it and the telemarketer does not connect the call to a sales representative within two seconds of the person’s completed greeting.
A seller or telemarketer will not be liable for violating the provisions described immediately above if it can demonstrate that, as part of the seller’s or telemarketer’s routine business practice: (a) it has established and implemented written procedures to comply with the rules requirements; (b) it has trained its personnel and any entity assisting in its compliance, in the procedures established pursuant to the rule; (c) the seller, or a telemarketer or another person acting on behalf of the seller, has maintained and recorded a list of telephone numbers the seller may not contact, in compliance with the requirements of the rule; (d) the seller or a telemarketer uses a process to prevent telemarketing to any telephone number on the “do not call” registry obtained from the Commission no more than three (3) months prior to the date any call is made, and maintains records documenting this process; (e) the seller or telemarketer or another person acting on behalf of the seller, monitors and enforces compliance with the procedures established pursuant to the rule; and (f) any subsequent call otherwise violating the requirements of the rule is the result of error.
The seller or telemarketer will not be liable for violating the “do not call” requirements if: (a) the seller or telemarketer employs technology that ensures abandonment of no more than 3% of all calls answered by a person, measured per day per calling campaign; (b) the seller or telemarketer, for each telemarketing call placed allows the telephone to ring for at least 15 seconds or 4 rings before disconnecting an unanswered call; (c) whenever a sales representative is not available to speak with the person answering the call within two seconds after the person’s completed greeting, the seller or telemarketer promptly plays a recorded message that states the name and telephone number of the seller on whose behalf the call was placed; and (d) the seller or telemarketer retains records establishing compliance with the requirements of the rule.
V. FEE STRUCTURE
The FTC established a fee structure to access its national “no not call” registry, effective October 1, 2003. The fee structure and related requirements discussed below applies to businesses covered by either the FTC’s telemarketing rule or the FCC’s telemarketing rule.
1. Annual Fees
The annual fee is $25 per area code for a seller to access telephone numbers listed in the registry, up to a maximum annual fee of $7,375. There is no charge for the first five area codes.
2. Seller Must Pay Access Fees
The FTC believes that since “sellers are the ultimate beneficiaries of telemarketing campaigns,” sellers – not telemarketers – should be required to pay the access fee. Thus, it is a violation of the telemarketing sales rule for a seller to make an outbound telemarketing call to any person whose telephone number is within a given area code unless the seller has paid the fee to access telephone numbers within the area code that are listed on the national “do not call” registry. A seller, however, is not required to purchase the list if it calls only individuals with whom it has an established business relationship, or from whom the seller has obtained the express written consent to call, and the seller does not access the registry for any other purpose. Upon payment of the fee, a seller will be given a unique account number to gain access to the registry and will be permitted to share the account number with a telemarketer working on its behalf. A telemarketer does not have to pay to have access to the registry unless it also acts as a “seller” or wants to have independent access to the registry.
3. Affiliates
Separate divisions, subsidiaries or affiliates acting as a seller in a telemarketing campaign must pay an annual fee for access to the national “do not call” registry if “(1) the entity is separately incorporated or, for a non-corporate entity such as a partnership, is a similarly distinct legal entity; and (2) the entity has or markets under a different name.” If the only name difference consists of a geographic distinction (e.g., ABC of Texas, Inc. vs. ABC of Nebraska, Inc.) the affiliated entity will not have to pay separately to have access to the national “do not call” registry.
VI. PENALTIES FOR VIOLATIONS
Although both the FTC and FCC have similar regulations prohibiting sellers or telemarketers from calling persons who have stated that they do not wish to be called, there are differences in the enforcement between the two rules. Each rule may be enforced by the Commission or by individual states. In addition to injunctions, each violation can result in a court’s assessment of civil penalties up to $11,000 per violation, or an order to pay redress or disgorgement under the FTC Act. The statutory provisions underlying the FCC rule by contrast, have primarily been enforced by consumers. These statutes provide a private right of action for a customer who receives more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the FCC’s regulation. Such a consumer can recover the greater of $500 or actual damages.
VII. TELEPHONE CONSUMER PROTECTION ACT (TCPA)
A. Introduction
The Telephone Consumer Protection Act (TCPA) and it’s implementing regulation establish requirements for all entities, including financial institutions, that conduct “telemarketing” either directly or through a third party. Under the TCPA, “telemarketing” is defined as the initiation of a telephone call or message to any person for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services. The law covers such calls and messages even if made to existing customers.
As a result, even if a financial institution makes telemarketing calls only to its existing customers, it is covered by the TCPA and must comply with its requirements. These requirements include adopting a written policy for maintaining a do-not-call (DNC) list, and providing that policy to any person that requests it (even if that person is not a customer of the institution). In addition, the institution must train all personnel engaged in any respect of telemarketing to ensure that they are familiar with the existence and use of the DNC list.
Generally, federal law gives consumers three options regarding telemarketing. They may: (a) place their number on the national DNC list; (b) make DNC requests of individual companies on a case-by-case basis; or (c) register on the national list, but provide specific companies with express permission to call them.
The general rule is that telemarketers must obtain and use the national DNC database. The “DNC” rules provide some relief from this requirement for businesses that restrict their calls to consumers who either (1) have invited or given permission in advance, (2) have an “established business relationship” with the caller, or (3) have a “personal relationship with the caller.
The “personal relationship” exception referred to above covers businesses and persons that the marketer knows. It includes individuals who are personally known to the telemarketer making the call and would include family members, friends and acquaintances. The test is whether a reasonable consumer would expect calls from such a person because they have a close, or, at least, first hand relationship. Since these types of calls are not prohibited, they do not trigger the need to access and use the national DNC database.
The “established business relationship” exception covers individuals and businesses that have made an inquiry of your financial institution. The test for whether there has been a sufficient inquiry that would create an established business relationship is whether it is of a nature to create an expectation on the part of the consumer that a particular company will call them. Inquiries regarding business hours or location are not sufficient. Asking about a company’s products or services, or submitting an application are sufficient. An established business relationship lasts 18 months from the date of the last payment or transaction with the company and/or 3 months from any inquiry or application. Even if you fall into one of the exceptions listed above, you still have duties under the telemarketing rules. Financial institutions that make sales calls to consumers (even those with whom they have an “established business relationship”) must (1) have a written policy, available on demand; (2) provide training for staff; (3) record and maintain “DNC” requests; and (4) identify sellers and telemarketers. If the financial institution customer asks to be placed on the internal, company-specific DNC list, you must comply and cease further contact.
B. Prior Express Written Consent
The Federal Communications Commission (FCC) has issued new rules under the Telephone Consumer Protection Act (TCPA) relating to telemarketing calls and texts. Effective October 16, 2013, financial institutions utilizing telemarketing campaigns must obtain “prior express written consent” prior to making a telemarketing call to a wireless number (either consumer or business) using an automated dialing system or an artificial or pre-recorded voice, or before calling a residential line using such a voice to deliver the message. FCC interpretations indicate that text messages are “calls” under the TCPA so prior express written consent is required for both calls and texts.
“Prior express written consent” means that there must be a written agreement, signed by the person receiving the call or text, with a “clear and conspicuous disclosure” that specifically authorizes the seller to send telemarketing communications using an automatic telephone dialing system or an artificial or pre-recorded voice. In addition, the disclosure must specifically note that the person is not required to sign the agreement as a condition of purchasing any property, goods or services. The person consenting to receive telemarketing communications must also provide authorization for the specific telephone number that may be contacted. As a result of these changes, typical industry “opt-in” language to receive telemarketing measures will no longer be sufficient for TCPA compliance.
The signature on the agreement may be electronic or digital and an individual may “sign” the consent by various methods, including a website form, email, keypad touch, or voice recording. The authorized calling party under the agreement should be clearly identified as the burden in on the financial institution do demonstrate that clear and conspicuous disclosure was provided and that unambiguous consent was obtained in the event question regarding consent should arise.
The new FCC rule effectively eliminates the ability of financial institutions to rely on a “prior established business relationship” for some pre-recorded “robocalls” for telemarketing to residential lines. Financial institutions now need explicit signed consent even from their current customers.
Certain categories of calls placed to residential lines still do not require any form of prior express consent, including non-telemarketing informational calls and political and nonprofit entity calls. Autodialed or prerecorded calls that wireless carriers make to their customers free of charge also do not require any form of prior express consent. However, the existing prior express consent requirements for other non-telemarketing calls to wireless numbers remain.
Violations of the TCPA and the new “consent rule” carry hefty penalties. Under the TCPA, a consumer may seek statutory damages ranging from $500 to $1,500 for each, individual non-complying robocall or SMS message, with no cap on the amount of total damages.
C. FCC Declaratory Ruling and Order
The Federal Communications Commission (FCC) has released a declaratory ruling and order that, in part, will allow financial institutions to send urgent fraud, data breach, and money transfer alerts in a convenient, timely way.
According to the order, financial institutions may send automated, free texts and voice messages without first obtaining the recipient’s prior express consent if the messages concern proposed transactions that present a risk of fraud or identity theft; possible breaches of customers’ personal information; steps customers can take to prevent or remedy harm caused by a data breach; or actions needed to complete a pending money transfer.
The FCC order placed limitations on financial institutions’ use of these alerts. Specifically, each automated communication covered by the exemption must include a mechanism by which the recipient may opt-out of future communications concerning the same account and category of communication. Also, a financial institution may initiate no more than three messages (whether by voice call or text message) per event over a three-day period for an affected account.
The FCC order determined that revocations of prior express written consent are permitted and may be communicated by a consumer in “any reasonable manner that clearly expresses his or her desire not to receive further calls.” The order also places the burden on the caller to prove that it obtained the necessary prior express consent. In addition, the order clarifies that, if a caller obtains prior express consent to make a telemarketing call to a residential number (i.e., a land line), the caller can continue to rely on that consent after the number is ported to a wireless phone.
The FCC order further states that the TCPA requires the consent of the current subscriber of the called number, not the intended recipient of the call. The order provides that liability should not attach to the first call to a reassigned number; the caller is liable for any calls thereafter.
The order refuses to find that the “called party” who is required to give consent to autodialed calls is the “intended recipient” of such calls, rather than the party to which the call is made. Instead, the order finds that: (1) callers can address the reassigned number problem by requiring consumers, as a term of their contracts with the callers, to give notice when a number is reassigned; and (2) that the caller will be permitted to make one inadvertent call to a reassigned number before TCPA liability will attach.
NOTE: The FCC order confirms that equipment has the “potential ability” to store or produce and dial random or sequential numbers satisfies the definition of autodialer. To elaborate, “dialing equipment generally has the capacity to store or produce, and dial random or sequential numbers (and thus meets the TCPA’s definition of ‘autodialer’) even if it is not presently used for that purpose, including when the caller is calling a set list of consumers.”
D. Clarification of Auto Dialers - Reassigned Numbers and Revocation of Consent
1. Introduction
Subsequent to the 2015 FCC Declaratory Ruling and Order, the DC Circuit Court of Appeals issued a decision on a challenge to the ruling and order interpreting the TCPA.
The court decision struck down two of the most harmful aspects of the FCC’s 2015 order: the FCC’s expansive interpretation of an “auto-dialer” and the FCC’s assignment of liability for calling a reassigned number. The court sustained the FCC’s conclusion that a consumer may revoke consent through “any reasonable means.” However, the FCC concluded that a caller and call recipient may contractually agree to specific revocation mechanisms.
Significantly, the court did not replace the FCC’s interpretations of the definition of an auto-dialer or treatment of reassigned numbers with its own. Instead, the court vacated the FCC’s interpretations, leaving it to the Commission to issue new interpretations.
In the short term, the court decision could present compliance and litigation challenges to banks. By striking down the FCC’s interpretation of the definition of an “auto-dialer” the court has created uncertainty regarding what equipment qualifies as an “auto-dialer.” Similarly, by invalidating the FCC’s safe harbor for the first call attempt made to a phone number that has been reassigned, the court has removed the limited protection from liability for calling a reassigned number that has been afforded by this safe harbor.
It is likely, in the long-term, that the FCC will revise its TCPA rules to facilitate efficient communications to customers and to address these issues in a more effective manner.
2. Background
a. Auto Dialers
The TCPA prohibits, with limited exceptions, calls and text messages to cell phones using an “automatic telephone dialing system” – commonly known as an “auto-dialer” – without the prior express consent of the called party. In July 2015, the FCC issued an Order that interpreted the TCPA in ways that limit the ability of banks to contact their customers using efficient means. Specifically, that Order held that:
b. Reassigned Numbers
The TCPA prohibits, with exceptions, auto-dialed calls to a wireless number “without the prior express consent of the called party.” In its 2015 Order, the FCC held that the term “called party” means the current subscriber to the number or the “non-describer customary user” of that number. Thus, under the FCC’s interpretation, a caller must have the consent of the person to whom the number is currently assigned; it does not matter if the caller has the consent of the intended recipient of the call – i.e., the person to whom the number had previously been assigned. However, because “callers lack guaranteed methods to discover all reassignments immediately after they occur,” the Commission provided a safe harbor for the first call attempt made to a number for which the caller had consent to place autodialed calls that had been reassigned to another consumer, undenounced to the caller.
The Court set aside the FCC’s treatment of reassigned numbers.
c. Revocation of Consent
In its 2015 Order, the FCC imposed a requirement that individuals who have consented to receive auto-dialed calls from a party must be permitted to revoke that consent by “any reasonable means” the customer chooses. The FCC’s requirement has prevented banks and other callers from designating certain communications channels where revocations could be efficiently processed.
While upholding the FCC’s conclusion that a consumer may revoke consent through “any reasonable means,” it does allow for the mechanism by which consent is to be revoked to be contractually agreed to by the parties.
E. Do Not Call Policy
Mr. Ryan A. Swanberg, a self-styled “consumer rights advocate” located in Apple Valley, Minnesota, is using the threat of litigation regarding alleged violations of the FCC’s “DNC” regulations and the Telephone Consumer Protection Act (TCPA) to prompt financial “settlements” with financial institutions that he has targeted. The amounts demanded by Mr. Swanberg range between $1,500 and $5,000.
Mr. Swanberg usually contacts a targeted institution via e-mail, requesting that his phone number be placed on the institution’s internal “DNC” database. The e-mail also requests that he be sent written verification that the number has been placed on the “DNC” list, along with a copy of the institution’s “DNC” policy. Mr. Swanberg’s e-mail generally demands that these documents be sent to him within five days via U.S. Mail.
If the target institution does not comply with these demands within the five day period, Mr. Swanberg sends a letter – designated as a “Rule 408 Settlement Communication” – threatening to file suit in Minnesota if a settlement is not forthcoming. His letter usually attaches a copy of the proposed complaint, along with other materials. The thrust of the letter and the complaint is that the institution has violated FCC regulations by failing to provide a copy of its “DNC” policy and the requested verification “on demand.” Mr. Swanberg takes the position that the FCC regulations obligate an institution to respond within five days.
News reports indicate that Mr. Swanberg has previously targeted other industries with similar ploys based upon the “DNC” regulations. Based upon the number of complaints that have been reported to the American Bankers Association, the NBA and other state bankers’ associations, it appears that Mr. Swanberg is now shifting his attention to banks and other financial institutions.
The success of Mr. Swanberg’s strategy is based on the assumption that his targets are more likely to settle than spend the money to litigate a relatively small claim, especially if the target is located outside of Minnesota. Generally, if an institution engages in telemarketing or phone selling, they are required to maintain an internal “DNC” policy and produce it “on demand.” While the FCC has not formally opined on what constitutes “on demand,” Commission orders suggest that Mr. Swanberg’s position that the policy must be produced within five days is probably unreasonable. However, a punctual response is required, and the institution’s policy should be produced with as little delay as possible. If an institution does not engage in telemarketing, it is not required to maintain a “DNC” policy.
The best defense in responding to Mr. Swanberg and others who may attempt to imitate his approach is to be prepared to respond to his requests. If your institution engages in telemarketing or other phone sales (including calls to existing customers to sell or cross market products), you are subject to the regulations and should provide a copy of your institution’s “DNC” policy without delay. Having a “DNC” policy in place is important, and promptly providing it to anyone who requests it is your best protection. If your institution has a Web site, it may be a good idea to make it available there.
Banks should note that in addition to requiring a written “DNC” policy, the regulations require that personnel engaged in any aspect of telemarketing (broadly defined to mean calls made for the purpose of selling products and services) must be informed and trained in the existence and use of the “DNC” list. Banks should understand that the DNC list we’re addressing here is a list a bank would maintain containing the names of those persons who have contacted the bank requesting that the bank not call them at home. It is a company specific list, and, as such, is different than the national “DNC” registry, which is a list of persons who do not want to receive telephone solicitation calls from anyone.
If your institution does not telemarket, you are not obligated to maintain an internal “DNC” policy. In this circumstance, a prompt response stating that your institution does not telemarket is appropriate. Based on information received from financial institutions in other states, however, this course of action may or may not prevent a suit from being filed.