While the Federal Communications Commission (FCC) has kept companies busy with a flurry of newly proposed (and enacted) legislation over the last few months, their partner, the Federal Trade Commission (FTC), has been busy as well. The FTC has been making changes to the weighty Telemarketing Sales Rule (TSR), adopting amendments to be more congruent with FCC regulation and in some cases, laws at the state level.  

The FTC is an independent federal administrative agency and a rule-making authority. The FTC makes rulemaking for the Commission more agile than other agencies, engaging in a rulemaking process called “notice and comment,” meaning they publish a public notice with the rule, then seek comment. 

The TSR, issued under the Telemarketing and Consumer Fraud and Abuse Prevent Act (Telemarketing Act), is governed by the FTC and covers most inbound and outbound telephone calls within the U.S., with many exceptions (non-profits, etc.) and a plethora of stipulations.  

The FCC’s Telephone Consumer Protection Act (TCPA) has been “the statute” and a heavy hand for governing telemarketing robocalls and texts and is arguably the most recognized legislation in this space.  

How does the TSR compare to the TCPA? 

From a calling perspective, the TCPA deals with “how” you make the calls, whereas the TSR is the “content” of the call. 

The TCPA and TSR both have Private Rights of Action but with very different stipulations. For example, the TCPA tends to be more consumer/individual leaning, while the TSR minimums for fines are much higher. 

Another important difference to note is that the Federal Do Not Call Registry is managed by the FTC, under TSR compliance. 

New Amendments Under The TSR 

The FTC recently adopted amendments to the TSR with modifications intended to curb deceptive or abusive telemarketing practices and improve TSR effectiveness. With the last TSR amendment in 2015, this legislation is an attempt to get caught up with the current state of telemarketing. 

So, what’s new? 

For one, the amendments bring Artificial Intelligence (AI) calls under the FTC’s TSR purview, where they are treated as “prerecorded messages.” 

Secondly, as published in the Federal Register on April 16, 2024, the adopted “2022 Notice of Proposed Rulemaking (NPRM)” makes the following amendments: 

  • Requires telemarketers and sellers to maintain additional records of their telemarketing transactions 
  • Prohibits material misrepresentations and false or misleading statements in business to business (B2B) telemarketing calls 
  • Adds a new definition for the term “previous donor”  

These amendments were made effective on May 16, 2024, with compliance required by October 15, 2024 (see 16 CFR 310.5(a)(2)). 

Thirdly, a new TSR Notice of Proposed Rule Making (NPRM) published on April 16, 2024 (with open comments accepted through June 17, 2024), is focused on addressing tech support scam calls. Unfortunately, over the past few years, these scams have been one of the most prevalent scams in the nation, disproportionately affecting older adults, causing widespread deception and injury, and are a “significant menace for both consumers and businesses” (see TSR NPRM Federal Register). 

The good news about the TSR amendments 

  • Business is now recognized as an entity to be protected at the Federal level. Several states are already protecting business. 
  • B2B calls must be legit. Since the FTC is protecting against unfair practices, B2B calls must not be deceptive or misrepresent material information. 

The not-so-good news about the TSR amendments 

One word: recordkeeping. It’s not a bad thing, there’s just a lot more of it: 

  • New rules apply to consumer only, not B2B 
  • Addresses inbound and outbound calls, including upsells 
  • Redefines “previous donor” (charitable solicitations), to within a 2-year period 
  • Records retention increased from 2 years to 5 years from end of contract 

More specific recordkeeping stipulations 

  • Internal DNC restrictions on the use of internal DNC lists, compiled specifically for compliance: 
    • Name of person, phone number in IDNC, Company IDNC was directed to, Telemarketer, IDNC date, goods/services offered, or charitable request 
  • DNC Registry access (name of entity accessing registry, date, SAN used, applicable campaign) 
  • Call records must include (to be recorded in UTC time, in E.164 format for international numbers): 
    • Telemarketer (company) name 
    • Seller (company) name 
    • Good, service or charitable purpose 
    • Whether it is was an inbound vs outbound call 
    • Whether it was a B2C or B2B call 
    • If it is a prerecorded message 
    • CDR (calling number, called number, date, time, call duration) 
    • Script and prerecorded message (if used)  
    • Caller ID name and phone number displayed (if transmitted), proof of authorized use, and authorized time period 
    • Call disposition
  • Consent* (verifiable authorization):
    • Consumer’s name/phone number
    • Copy of consent requested, as it was provided to person providing consent
    • Purpose of consent 
    • Copy of consent provided, with date
  • Safe Harbor 
    • Not liable for incomplete/inaccurate records, if you can prove established/implemented procedures, trained personnel, compliance audits and enforcement, and acknowledgment of inadvertent errors (corrected within 30 days of discovery) 

*The FTC “wanted to make clear that common practices previously employed by telemarketers or sellers, such as maintaining a list of IP address and timestamps as proof of consent, are insufficient to demonstrate that a consumer has, in fact, provided consent to receive robocalls or receive telemarketing calls when the consumer has registered her phone number on the DNC Registry.” For consent captured via a web page, a screen print of consent capture will satisfy the consent requirement if it accurately reflects what a consumer submitted in providing consent (see TSR Final Rule – Section 310.5(1)(8) – Records of Consent). 

Other areas covered in the new TSR amendments:

  • Customer record requirements 
    • Name, last known phone number/physical address/email address, goods/services purchased, date of purchase/shipment of goods/services provided, amount paid 
  • Established Business Relationship (EBR) requirements 
    • Name, last known phone number, date inquiry/application submitted about seller’s goods/services, goods/services inquired about 
  • Previous donor requirements 
    • Name, last known phone number, date of last donation 
  • Employee information (directly involved in telephone sales/solicitations) 
    • Name or provided name (alternate name) traceable to employee, last known home address/phone number, job title 
  • Service Providers (employee records for outbound) 
    • Contracts, date signed, effective time period, retain for 5 years from the date of the contract 
  • Marketing and Advertising materials (substantially different versions, keep 5 years) 
  • Prize recipient data requirements 

There is significantly more information in these TSR amendments. To reiterate, compliance is required by October 15, 2024 (this includes the grace period, as the law was effective May 16th). It’s important for companies to address processes now due to time constraints.  

What can you do to prepare? 

  • Audit your existing data capture and storage processes: Much of this TSR required information is likely already captured, but it might be stored in various systems and locations. Document what data is stored where.
  • Evaluate and act on the data gaps: Determine what data is missing to be compliant. For example, you may be capturing consent, but not the newly required “purpose” for consent. Define a plan to begin capturing the necessary data as soon as possible and store it in a logical and accessible place.
  • Centralize and organize compliance data: Not enough emphasis can be placed on this step. Not only should compliance data be centralized for ease of use, but it should be organized in a manner that can readily be provided as proof of compliance. Ideally, you’ll have a defined and centralized “source of record” (SOR) for this data. If you have ever had to accommodate a compliance inquiry, you can appreciate the amount of work behind providing a sufficient response that will hold up in court. 

When dealing with regulatory inquiries, being able to send a single file with all necessary information goes a very long way, because the goal is to make it as easy as possible for the regulator to understand. 

How Gryphon Can Help 

You don’t need to navigate these hurdles alone — Gryphon.ai is here to help. The Gryphon.ai suite of products can support businesses in complying with the new TSR provisions. Here’s how: 

Automated Compliance Monitoring and Record-Keeping 

The new TSR amendments require extensive record-keeping, including detailed records of telemarketing log detail, call records, consent proof, and more, with a retention period increased to five years. 

Gryphon.ai Solution: 

  • Call Compliance: By storing call data, including call details (date, time, duration), seller name, and call dispositions (when provided), Gryphon.ai can help ensure compliance records are kept accurately and are easily accessible for regulatory audits. 
  • Consent: As a well-known industry leader in this area, Gryphon.ai provides robust compliance support for storage of verifiable consumer consent. 

Centralized Data Management and Reporting 

Businesses should audit existing data capture and storage processes, centralize compliance data, and be able to provide comprehensive records to regulators efficiently. 

Gryphon.ai Solution: 

  • Centralized Data Platform: The Gryphon ONE platform integrates with existing CRM and telephony systems to centralize all telemarketing and compliance data. This ensures that all required information is stored in one accessible location, making it easier to manage and retrieve data for compliance inquiries. 
  • Gryphon Compliance Dashboard: Offers a user-friendly interface for managing and organizing compliance data, with powerful reporting tools that can help retrieve calling and certification logs for compliance inquiries. 

Summary 

While the new TSR requirements can seem daunting, Gryphon’s products are well-equipped to support businesses in meeting the new TSR provisions through automated compliance blocking, automated recordkeeping, and centralized data management. These capabilities ensure that businesses can handle the increased recordkeeping demands, while maintaining a high standard of compliance efficiently and effectively. 

Regulatory Round Up: Q3 2024

The third quarter of 2024 kept the telemarketing industry buzzing with regulatory updates. Here is a recap of the newest regulatory changes in the Telephone Consumer Protection Act (TCPA), Do…

How to Prepare for New Lead Generation Requirements Effective January 2025

While 2025 may seem far away, preparation time to accommodate the Federal Communication Commission’s (FCC) new requirements targeting and eliminating unlawful text messages and robocalls (aka the lead generator loophole…

12 Risks of Call Center Agent Conversations

Call centers make hundreds of telemarketing calls per day. That’s hundreds of opportunities for agents to unknowingly violate federal, state, and local telemarketing regulations and conversation compliance. While call center…