TCPA – Sue The Spammers

The following is a US Government document explaining the TCPA.

Telephone Consumer Protection Act Introduction

The Federal Communications Commission (FCC) has issued regulations that establish a national “Do-Not-Call” registry and other modifications to the Telephone Consumer Protection Action of 1991 (TCPA)

1. The FCC regulations impose financial penalties on all commercial telemarketers for calling phone numbers on the “Do-Not-Call” registry. For those numbers not on the registry, the regulations set a maximum rate on the number of abandoned calls and require telemarketers to transmit caller ID information. The regulations also modify the FCC’s unsolicited facsimile advertising requirements, which in turn were modified by the Junk Fax Prevention Act of 2005 and became effective on July 9, 2005. The FCC regulations were, generally, effective as of October 1, 2003.

The FCC regulation expanded coverage of the national “Do-Not-Call”2 registry by including banks, insurance companies, credit unions, and savings associations. The Federal Trade Commission’s (FTC) telemarketing regulations parallel the FCC regulations3 and apply to all other business entities, including third parties acting as agent or on behalf of a financial institution. Key Definitions: “Abandoned Call” A telephone call that is not transferred to a live sales agent within two seconds of the recipient’s completed greeting. “Automatic Telephone Dialing System and Autodialer” Equipment that has the capacity to store or produce telephone numbers to be called using a random or sequential number generator and the capability to dial such numbers. “Established Business Relationship” A prior or existing relationship between a person or entity and a residential subscriber based on the subscriber’s purchase or transaction with the entity within the 18 months immediately preceding the date of the telephone call or on the basis of the subscriber’s inquiry or application regarding products or services offered by the entity within the three months immediately preceding the date of the call, and neither party has previously terminated the relationship. An individual may reasonably expect that an affiliate is included in an established business relationship based on products offered or the identity of the affiliate. 1 47 USC 227; The Federal Communications Commission final regulations were published in the Federal Register on July 25, 2003 (68 FR 44144).

2 The Federal Trade Commission (FTC) maintains the registry adopted by the FCC. 3 The Federal Trade Commission final regulations were published in the Federal Register on January 29, 2003. (68 FR 4580) “Residential Subscriber” An individual who has contracted with a common carrier to provide telephone exchange service at a personal residence. “Seller” The person or entity on whose behalf a telephone call or message is initiated for the purpose of encouraging purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person. “Telemarketer” The person or entity that initiates a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person. “Telemarketing” The initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person. “Telephone Solicitation” The initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person. Telephone solicitation does not include a call or message to any person with that person’s permission, to any person with whom the caller has an established business relationship, or on behalf of a tax-exempt nonprofit organization. “Unsolicited Advertisement” Any material that advertises the commercial availability or quality of any property, goods, or services, which is transmitted to any person without that person’s prior express invitation or permission. General Requirements of TCPA The FCC regulations that implement the Telephone Consumer Protection Act of 1991 provide consumers with options to avoid unwanted telephone solicitations. The regulations address the following:

• The FCC’s adoption of a national “Do-Not-Call” registry that expands coverage to entities regulated by the FTC.4 • Under the FCC’s rules, no seller or entity telemarketing on behalf of the seller can initiate a telephone solicitation to a residential telephone subscriber who has registered his or her telephone number on the national “Do-Not-Call” registry. A safe harbor exists for an inadvertent violation of this requirement if the telemarketer can demonstrate that the violation was an error and that its routine practices include: 1. Written procedures. 4 By doing so, the FCC asserts its considerably broader jurisdiction over telemarketing than the FTC. Specifically, telemarketing by in-house employees of banks, savings associations, and credit unions, as well as other areas of commerce, are covered by the FCC’s authority. FDIC Consumer Compliance Examination Manual — March 2016 VIII–5.

1 VIII. Privacy — Telephone Consumer Protection Act

2. Training of personnel.

3. Maintenance of a list of telephone numbers excluded from contact.

4. Use of a version of the national “Do-Not Call” registry obtained no more than three months prior to the date any call is made (with records to document compliance).

5. Process to ensure that it does not sell, rent, lease, purchase, or use the do-not-call database in any manner except in compliance with regulations. [47 CFR 64.1200(c)(2)(i)]

• Companies must maintain company-specific do-not-call lists reflecting the names of customers with established business relationships who have requested to be excluded from telemarketing. Such requests must be honored for five years. [47 CFR 64.1200(d)(6)]

• Telemarketing calls can only be made between the hours of 8 a.m. and 9 p.m. (local time at the called party’s location). [47 CFR 64.1200(c)(1)]

• All telemarketers must comply with limits on “abandoned calls” and employ other consumer-friendly practices when using automated telephone-dialing equipment. A telemarketer must abandon no more than 3 percent of calls answered by a person and must deliver a prerecorded identification message when abandoning a call. Two or more telephone lines of a multi-line business are not to be called simultaneously. Telemarketers must not disconnect an unanswered telemarketing call prior to at least 15 seconds or four rings. All businesses that use autodialers to sell services must maintain records documenting compliance with call abandonment rules. [47 CFR 64.1200(a)(4, 5 and 6)]

• All prerecorded messages, whether delivered by automated dialing equipment or not, must identify the name of the entity responsible for initiating the call, along with the telephone number of that entity that can be used during normal business hours to ask not to be called again. [47 CFR 64.1200(b)]

• All telemarketers must transmit caller ID information, when available, and must refrain from blocking any such transmission(s) to the consumer. [47 CFR 64.1601(e)]5

• Unsolicited fax transmissions must be preceded by the advertiser’s receipt of the express written permission and signature of the intended recipient, unless there is an “existing business relationship.” However, the express permission cannot be conveyed through the use of a “negative option.” Businesses that advertise by fax are required to maintain records demonstrating that recipients have provided express permission to send fax advertisements or that there is an existing business relationship. [47 CFR 64.1200(a)(3) and 47 USC 227 as amended by the Junk Fax Prevention Act of 2005

• Tax-exempt nonprofit organizations are not required to comply with the do-not-call provisions of the TCPA. [47 CFR 64.1200(d)(7)] Examination Objectives: 1. Assess the quality of a financial institution’s compliance program for implementing TCPA by reviewing the appropriate policies, procedures, and other internal controls. 2. Determine the reliance that can be placed on a financial institution’s audit or compliance review in monitoring the institution’s compliance with TCPA.

3. Determine a financial institution’s compliance with TCPA. 4. Initiate effective corrective actions when violations of law are identified, or when policies or internal controls are deficient. Examination Procedures Initial Procedures

1. Through discussions with appropriate management officials, determine whether or not management has considered the applicability of TCPA and what, if any, steps have been taken to ensure current and future compliance.

2. Through discussions with appropriate management officials, ascertain whether the financial institution is subject to TCPA by determining whether it or a third-party telemarketing firm engages in any form of telephone solicitation. Stop here if the financial institution itself does not engage directly (or indirectly through a third-party telemarketing firm) in any form of telephone solicitation via telephone or facsimile machine. The financial institution is not subject to TCPA, and no further examination for TCPA is necessary.

3. Determine, through a review of available information, whether the financial institution’s internal controls are adequate to ensure compliance with TCPA. Consider the following:

• Organization chart to determine who is responsible for the financial institution’s compliance with TCPA;

• Process flow charts to determine how the financial institution’s TCPA compliance is planned for, The rule sets forth the technical information that must be made available (subject to differing technologies). The FCC stated that Caller ID evaluated, and achieved; information should also increase accountability and provide an important • Policies and procedures that address: resource for the FCC and FTC in pursuing enforcement actions against TCPA violators. (68 FR 44166, July 25, 2003) VIII–5.2 FDIC Consumer Compliance Examination Manual — March 2016 5 VIII. Privacy — Telephone Consumer Protection Act a. Recording a telephone subscriber’s request not to receive calls from a particular financial institution and the maintenance of those recordings for five years. b. Placement of the telephone subscriber’s name, if given, and telephone number on the financial institution’s do-not-call list. c. Maintenance of the list of telephone numbers that the financial institution may not contact. d. Compliance with the national do-not-call rules. e. Use of a telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine. • Training of the financial institution’s personnel engaged in telemarketing as to the existence and use of the financial institution’s do-not-call list and the national do-not-call rules; [47 CFR 64.1200(d)(2)]

• Process for recording a telephone subscriber’s request not to receive calls and to place the subscriber’s name, if provided, and telephone number on a do-not-call list; [47 CFR 64.1200(d)(3)]

• Process used to access the national do-not-call database; [47 CFR 64.1200(c)(2)(i)(D)]

• Process to ensure that the financial institution (and any third-party engaged in making telemarketing calls on behalf of the financial institution) does not sell, rent, lease, purchase, or use the national do-not-call database for any purpose except for compliance with the TCPA; [47 CFR 64.1200(c)(2)(i)(E)]

• Process to ensure that telemarketers making telemarketing calls are providing the called party with the name of the individual caller, the name of the financial institution on whose behalf the call is being made, and a telephone number (that is not a 900 number or a long distance number) or address at which the financial institution may be contacted; [47 CRF 64.1200(d)(4)] and

• Internal checklists, worksheets, and other relevant documents. 4. Review applicable audit and compliance review material, including work papers, checklists, and reports, to determine whether:

• The procedures address the TCPA provisions applicable to the institution;

• Effective corrective action occurred in response to previously identified deficiencies;

• The audits and compliance reviews performed were reasonable and accurate; • Deficiencies, their causes, and the effective corrective actions are consistently reported to management or the members of the board of directors; and

• The frequency of the compliance review is satisfactory. 5. Review a sample of complaints to determine whether or not any potential violations of TCPA exist. 6. Based on the review of complaints that pertain to aspects of TCPA, revise the scope of examination focusing on the areas of particular risk. The verification procedures to be employed depend upon the adequacy of the institution’s compliance program and level of risk identified. Verification Procedures 1. Obtain a list of marketing or promotional programs for products and services that the financial institution promoted with telemarketing either directly or through a third-party vendor. 2. Obtain a sample of data, or through testing or managements demonstration, for at least one program, determine whether: Do-Not-Call List • The institution or its third-party vendor verified whether the subscriber’s telephone number was listed on the national “Do-Not Call” registry. [47 CFR 64.1200(c)(2)]

• If the telephone subscriber is on the national “Do-Not Call” registry and a telemarketing call is made, the existence of an established business relationship between the subscriber and the financial institution can be confirmed [47 CFR 64.1200(f)(3)] or the safe harbor conditions have been met. [47 CFR 64.1200(d)] • Through testing or management’s demonstration, verify that the financial institution has a process to determine whether it has an established business relationship with a telephone subscriber. [47 CFR 64.1200(f)(3)]

• A telephone subscriber’s desire to be placed on a company-specific do-not-call list was honored for five years. [47 CFR 64.1200(d)(6)] • The institution or its third-party vendor employs a version of the national “Do-Not Call” registry or portions of the database for areas called that was obtained no more than three months prior to the call date (three-month process). [47 CFR 64.1200(c)(2)(i)(D)] • The institution or its third-party vendor maintains records to support the three-month process. [47 CFR 64.1200(c)(2)(i)(D)]

• The telephone call was made between the hours of 8 a.m. and 9 p.m. local time for the called party’s location. [47 CFR 64.1200(c)(1)] FDIC Consumer Compliance Examination Manual — March 2016 VIII–5.3 VIII. Privacy — Telephone Consumer Protection Act Automated Dialing and Abandoned Calls • Any calls that were made using artificial or prerecorded voice messages to a residential telephone number met the requirements in 47 CFR 64.1200(a)(6)(i).

• The name, telephone number, and purpose of the call were provided to the subscriber if the call was abandoned. [47 CFR 64.1200(a)(6)]

• The institution or its third-party vendor maintains appropriate documentation of abandoned calls, sufficient to determine whether they exceed the 3 percent limit in the 30-day period reviewed. [47 CFR 64.1200(a)(6)]

• The institution or its third-party vendor transmits caller identification information. [47 CFR 64.1601(e)] 3. Ensure that the financial institution does not participate in any purchase-sharing arrangement for access to the national “Do-Not Call” registry. [47 CFR 64.1200(c)(2)(i)(E)] 4. Observe call center operations, if appropriate, to verify abandoned call practices regarding ring duration and two-second transfer rule. [47 CFR 64.1200(a)(6)] Conclusions 1. Summarize all findings, supervisory concerns, and regulatory violations.

2. For the violation(s), determine the root cause by identifying weaknesses in internal controls, audit and compliance reviews, training, management oversight, or other factors; also, determine whether the violation(s) are repetitive or systemic.

3. Identify action needed to correct violations and weaknesses in the institution’s compliance program. 4. Discuss findings with the institution’s management, and obtain a commitment for corrective action.

5. Record violations according to agency policy to facilitate analysis and reporting. References Federal Trade Commission Resources Do-Not-Call Registration at FTC Website Telephone Disclosure and Dispute Resolution Act of 1992 Telemarketing and Consumer Fraud and Abuse Prevention Act Telecommunication Act of 1996 Do-Not-Call Implementation Act Do-Not-Call Registry Act of 2003 Federal Communications Commission Resources Do-Not-Call Registry Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 Job Aids Telephone Consumer Protection Act Worksheet This worksheet can be used to review audit work papers, to evaluate bank policies, to perform transaction testing, and to train as appropriate. Complete only those aspects of the worksheet that specifically relate to the issue being reviewed, evaluated, or tested, and retain those completed sections in the work papers.

VIII–5.4 FDIC Consumer Compliance Examination Manual —

March 2016 VIII. Privacy — Telephone Consumer Protection Act Examination Worksheet—Telephone Consumer Protection Act Yes No 1. Does the financial institution or any third party vendor engage in telemarketing activities on the financial institutions behalf? If No, stop here. If Yes, continue to question #2. For the questions below, every “No” answer indicates a potential violation of the regulation and/or an internal control deficiency that must be explained fully in the work papers. Delivery Restrictions (47 CFR 64.1200)) 2. The financial institution engaged in telemarketing is registered on the FTC’s Web site as a seller.

3. Each financial institution affiliate engaged in telemarketing also is registered on the FTC’s Web site and does not rely on the financial institution’s registration.

4. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from initiating any telephone call using an automatic telephone dialing system or an artificial or prerecorded voice: a) To any emergency telephone line, including any 911 line and any emergency line of a hospital, medical physician or service office, health care facility, poison control center, or fire protection or law enforcement agency; b) To the telephone line of any guest room or patient room of a hospital, health care facility, elderly home, or similar establishment; or ABC c) To any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call.

5. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using a telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine without an established business relationship or express written permission from the recipient. [47 USC 227 as amended by the Junk Fax Prevention Act of 2005]

6. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using an automatic telephone dialing system in such a way that two or more telephone lines of a multi-line business are engaged simultaneously. [47 CFR 64.1200(a)(4)]

7. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from disconnecting an unanswered telemarketing call prior to at least 15 seconds or four rings. [47 CFR 64.1200(a)(5)]

8. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from abandoning more than 3 percent of all telemarketing calls that are answered live by a person, measured over a 30-day period. [47 CFR 64.1200(a)(6)]

9. For an abandoned call, the information provided is limited to the name and telephone number of the business, entity, or individual on whose behalf the call was placed and that the call was made for “telemarketing purposes.” [47 CFR 64.1200(a)(6)]

10. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) refrains from using any technology to dial any telephone number for determining whether the line is a facsimile or voice line. [47 CFR 64.1200(a)(7)]

11. If the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) uses an automatic or prerecorded telephone message, determine whether: [47 CFR 64.1200(b)] FDIC Consumer Compliance Examination Manual — March 2016 VIII–5.5 VIII. Privacy — Telephone Consumer Protection Act Examination Worksheet—Telephone Consumer Protection Act Yes No • At the beginning of the message, the business, individual, or other entity initiating the call is clearly identified.

• The name of the business responsible for initiating the call is stated.

• The name of the business responsible for initiating the call is registered with the appropriate regulatory authority.

• During the message, the telephone number for the business responsible for initiating the call is provided.

• The number provided is available during regular business hours.

12. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) initiates all calls to residential subscribers between the hours of 8 a.m. and 9 p.m. (local time of the called party’s location). [47 CFR 64.1200(c)(1)]

13. Prior to initiating any call, the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) checks the national “Do-Not Call” registry to verify that the residential telephone subscriber’s number is not listed. [47 CFR 64.1200(c)(2)]

14. If the financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) calls a subscriber whose number appears on the “Do-Not Call” registry, does it meet one of the following criteria:

• It can demonstrate that the violation is the result of an error and that its routine business practices meet the minimum standards set forth in the regulation [47 CFR 64.1200(c)(2)(i)]

• It has the subscriber’s prior express invitation or permission evidenced by a signed, written agreement that includes a telephone number to which the calls may be placed. [47 CFR 64.1200(c)(2)(ii)]

• It has a personal relationship with the recipient of the call. [47 CFR 64.1200(c)(2)(iii)]

15. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) has a process to provide the called party with the following information:

• The name of the individual caller.

• The name of the person or entity on whose behalf the call is being made.

• A telephone number or address at which the entity may be contacted. [47 CFR 64.1200(d)(4)]

16. The financial institution has a process in place that considers whether an established business relationship should extend to an affiliate. [47 CFR 64.1200(f)(ii)]

17. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) maintains a do-not-call record listing callers’ requests not to receive further telemarketing calls. [47 CFR 64.1200(d)(6)]

18. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) honors a caller’s request not to receive telemarketing calls for five years from the time the request is made. [47 CFR 64.1200(d)(6)

19. The financial institution (or third-party engaged in making telemarketing calls on the financial institution’s behalf) transmits caller identification information. [47 CFR 64.1601(e)] VIII–5.6 FDIC Consumer Compliance Examination Manual — March 2016