By Rob Schneider
The contact center industry is inundated with regulatory requirements, yet maintaining compliance is critical for business success. Ensuring compliance isn’t easy with constant regulatory changes; the main hurdles include how to staff correctly, stay on top of change, and manage the business through various stages of compliance.
Changes in regulations often trigger compliance failures, which can lead to data exposure, fines and fees, security breaches, loss of customers, impact to reputation, and civil action.
“With all the new regulations, we are seeing a tremendous increase in breaches,” said Jeff Brown, director of business development for Compliance Point. “We see multiple breaches every week from the finance, retail, healthcare, and other industries.”
Here are three steps to reduce the stress of managing contact center compliance.
1. Agree That Compliance Is Not a One-Time Deal. Brown believes that the increase in non-compliance often happens because organizations take a “point in time” approach to managing change. With this approach, organizations become compliant once but then fail to maintain updates to stay compliant over time.
“Many organizations think of compliance as an annual fire drill of scrambling to get auditors the information they require,” said Brown. “This can mean that companies are creating documents on the fly for auditors, which isn’t an effective practice.”
This also creates uncertainty around how to properly complete the audit because the type of information requested changes from year to year. Turnover in organizations also creates knowledge vacuums around how compliance requirements are implemented.
Ultimately, as more advanced regulations are added, compliance costs rise, and the time it takes to understand and implement regulations can become too overwhelming for contact centers that take a reactive approach. A better way to remain compliant, manage costs, and create a viable program is a proactive approach where compliance changes are automated and updated continuously.
Real-time compliance monitoring is also key. Consider investing in an automation or platform tool to automate compliance activities, such as assignment of tasks, notifications, and escalations. This way, any tasks that are not handled will be automatically flagged in the system as a non-compliant activity and can be addressed immediately.
“Compliance should be part of the daily process,” said Brown. “It should include a defined framework that everyone understands and follows. This helps engrain the compliance mentality within the culture of the organization and helps everyone understand their role in regard to compliance.”
2. Pay Special Attention to TCPA Compliance Regulations. Updated TCPA legislation started to be enforced in October 2013, but many contact centers have struggled to understand the rules and apply the resources to remain compliant. The volume of class action TCPA cases continues to rise, and the FCC is becoming more aggressive in its lawsuits. On average, there are four to five new lawsuits every day. The common legal issues include, but are not limited to, calling or texting cell phones, prerecorded messages, and DNC violations.
“In many cases, the scope of consent that companies have is not sufficient for the type of calls they are making,” said Nick Whisler, an attorney and legislative chair for PACE. “Other common practical issues are the use of automatic telephone dialing systems (ATDS) to call cell phones, calling re-assigned numbers, and the confusion across telemarketing versus non-telemarketing legislation.”
Calls to cell phones remain a primary area of conflict. The general rule is that organizations cannot use an ATDS or a prerecorded message to call a cell phone without the called party’s prior consent. The current interpretation of an ATDS is any equipment with the capacity to dial telephone numbers without human intervention. There are also stricter specifications if the call being made is for telemarketing purposes. Even if the call has mixed purposes, it is treated as a telemarketing call.
For companies that handle any outbound activities, maintaining TCPA compliance can seem like a full-time job. It is important to strengthen policies and procedures involving high-risk areas such as cell phones and prerecorded messages. In most cases, a specific contact center platform designed for TCPA compliance can assist in maintaining a compliant system.
However, the staff still needs be aware of regulatory changes and work with partners to understand any impact to the system. “It’s critical to have good policies and procedures in place, as well as a fail-safe mechanism to prevent unintended violations,” Whisler added.
3. Build a Network of Trusted Experts. Call centers should not feel pressured to create compliance processes on their own. In fact, many other organizations have been working on best practices and can be essential in creating the right compliance landscape.
For example, some TCPA best practices include consulting with a corporate attorney, honoring the DNC registry, drafting a DNC list policy and procedures document, reviewing compliance of outbound solutions, and implementing TCPA-compliance training programs.
“TCPA is very complex. Most individuals without a legal background have a difficult time interpreting the legislation and how it will affect their call center,” said Geoff Mina, CEO of Connect First. “Working with a team of experts can help mitigate the risk and create a path for contact centers to remain compliant.”
The importance of training programs for employees should not be overlooked. “Contact centers can have the best technology, the most compliant vendors and partners, and management teams that understand the regulations,” said Mina. “But if agents don’t understand the compliance requirements, the company could inadvertently fall outside of procedures and end up in a court battle.” An agent who doesn’t understand what they need to do and what questions they should ask can cause a call center a great deal of trouble, regardless of the tools and systems they have in place.
The same can be said for PCI compliance. Some best practices for PCI compliance include using the tools and resources available on the PCI Security Standards Council website, engaging with contact center technology vendors that understand PCI, taking into account physical layout issues, and evaluating security around work-at-home agents.
“Most importantly, remember to engage your network of experts early in the process,” added Mina. “With the ever-changing world of compliance, building a team before you get into trouble is a good rule of thumb.”
Rob Schneider is vice president of customer service at Connect First, a contact center platform technology provider.
[From Connection Magazine – May/June 2015]