Steven Harroun to address the Receivables Management Association of Canada 2018 Annual Conference

Toronto, Ontario
November 14-15, 2018

Steven Harroun, Chief Compliance and Enforcement Officer
Canadian Radio-television and Telecommunications Commission

Check against delivery

Introduction

Hello everyone and thank you for making me a part of your program. And for providing this chance to bring you up to date on the enforcement and compliance aspects of our work at the Canadian Radio-television and Telecommunications Commission (CRTC).

It’s not every day that I can talk to people from sectors as wide-ranging as banking, utilities, telecommunications, law firms and collection agencies at a single event. So, I welcome the opportunity to meet with such a diverse group of people involved in the accounts receivable management industry.

In preparing for this talk, I read about the growing use of new technologies in your business – including artificial intelligence to better predict human behaviour¹. Given the pervasiveness of technologies in your work, I can understand your interest in the government’s regulation of the telecommunications sector.

I know there’s sometimes a perception that we are on opposing teams when it comes to administering federal laws to safeguard Canadians’ privacy and online safety – when my team comes down as ‘the heavy’ on businesses that flout those laws. Yet, I believe people in your business and mine actually share related objectives and have collective interests.

According to your Association’s website, some of your top priorities are to:

• “Enhance public and government perception of the Canadian accounts receivable industry; and,
• Encourage the development of industry standards and support education.”

My objectives as the CRTC’s Chief Compliance and Enforcement Officer echo that in many ways.

I attend meetings such as this one all across the country to enhance industry and public awareness of the consumer protection role we play in the telecommunications sector. Also to encourage industry to adopt the rules of the road when it comes to regulations aimed at telemarketing and spam through educational efforts such as this presentation.

Key legislation

I suspect some of you have likely seen me give presentations on this topic before, so I don’t want to sound like a broken record

So, without belabouring the point, there are two key Acts that you need to be aware of – and comply with.

One is the Telecommunications Act. Roughly a decade ago, the Government of Canada amended the legislation to allow the Commission to establish the Unsolicited Telecommunications Rules including the National Do Not Call List – or DNCL. This framework gives consumers a choice about whether they wish to receive telemarketing calls. The rules set out responsibilities for Canada’s telemarketers and provide a mechanism to filter out consumers who do not want to receive unsolicited calls. Canadians need to actively ‘opt out’ of receiving telemarketers’ calls by registering their number on the list.

Since the Do Not Call List was implemented in 2008, Canadians have registered over 13 million numbers on the DNCL. By doing so, they are making it clear that they do not want be solicited. It is our job to make sure their choice is respected.

The second Act, Canada’s Anti-spam Legislation, performs a similar function in the electronic commerce space. CASL, as we call it, balances protecting Canadians’ online privacy while ensuring that businesses can compete in the global marketplace.

CASL gives the Commission the authority to regulate commercial messages sent to email and other electronic accounts, as well as text messages sent to cellphones. It also applies to the alteration of transmission data in electronic messages and the installation of computer programs on another person’s computer system.

In the case of anti-spam protection, consumers need to ‘opt in’ and give their consent to be contacted with commercial electronic messages.

Our objective with all of these measures is to ensure that Canadians have adequate and reliable protection when using the communication system. Because, more than just being annoying, the damaging and deceptive effects of these unsolicited communications undermine citizens’ trust in their communications networks. These unwanted communications also heighten peoples’ legitimate concerns about protecting their privacy.

Heeding Canadians’ complaints

The reason I meet with groups like yours is to ensure industry leaders are aware of current rules. Our primary goal is to make sure businesses are compliant.

I need to point out that these laws didn’t come out of the blue. Parliament acted in direct response to Canadians’ complaints about being badgered by unsolicited calls and emails.

As consumers yourselves, I am sure you had your own frustrating experiences with someone calling at the dinner hour who insists they need to fix your computer or a text message warning you to immediately pay the money you supposedly owe to the Canada Revenue Agency.

Complaints related to CASL have been consistent in the four years since the legislation came into force.

If a picture is worth a thousand words, consider the slide behind me. Email remains the source of most grievances. However, we have seen the steady increase in complaints related to unsolicited SMS text messages year over year.

And look at what most of those complaints are about: Consent – or the lack thereof.

Remember, Canada’s anti-spam legislation is an “opt-in” regime. This means that a consumer must agree to receive the message before you start sending digital solicitations. The law requires that businesses get consent before contacting Canadians.

The consent can be either express or implied. Express consent is where someone has clearly agreed to receive an electronic message from you – either in writing or orally.

Implied consent requires having a prior business relationship with a consumer – a tangible transaction in the past.

Either way, the onus is on the sender to ensure they comply with CASL by having established consent or by obtaining express consent.

The fact that 92% of the complaints we receive revolve around spam tells me that not enough businesses are getting proper consent. Since 2014, the CRTC has received almost 1.5 million complaints. That works out to an average of five to six thousand complaints per week.

Granted, there can be false positives. Not all complaints are validated, of course. But even when there is no violation, this is your customer’s view of your business.

It’s also possible some firms do not realize that any email, text message or other electronic message that is commercial in nature must comply with CASL. The same goes for picking up the phone to make calls soliciting products or service: they are captured by the Rules as well. Unfortunately for them, ignorance is not a defence.

What these complaints tell us is that businesses are possibly not keeping their contact lists up to date. More than just getting Canadians’ permission, you need to have an accurate and up-to-date record of consent.

Under CASL, you need to be sure that, if someone has recently unsubscribed, that person is removed from your contact list within 10 days of receiving the unsubscribe request.

Likewise, your do not call lists need to be kept current. The Unsolicited Telemarketing Rules – or UTRs – along with the DNCL rules stipulate that if someone has asked you to stop calling them for solicitation purposes, you have 14 days to ensure their name and telephone number has been added to your internal do not call list. The Rules also stipulate that telemarketers must register with the National Do Not Call List, which is free. Additionally, they have to purchase a subscription for the area codes they intend to call.

Even if you use a third party to solicit calls on your behalf, you still need to register with the DNCL Operator and provide your subscription to the third party to use when making calls. More specifically, you have to purchase the list from the DNCL Operator. Purchasing a list from someone else is a violation.

Any businesses contravening these rules will pay a price for non-compliance if they are caught. When violations occur, we have a number of tools at our disposal to ensure the rules are respected and consumers’ rights protected. And, believe me, compliance is better than enforcement.

To date, the Commission has imposed over $9 million in penalties for Do Not Call List violations. And, in the short time since CASL came into force, enforcement efforts have resulted in payments of over $568,000 further to undertakings and penalties totaling over $2 million.

Compliance continuum

However, we don’t want to let things get to that stage. Our priority is to promote compliance, as I am today, to prevent businesses from running into trouble with the law. So, we’ve placed a premium on providing businesses with all the information needed to comply.

In addition to presentations like this one, we provide information bulletins and Frequently Asked Questions. We also publish material on our website to provide guidance – like the one we recently issued on section 9 of CASL. Section 9, if you’re not aware, establishes that intermediaries and service providers may be liable for violations that they enable or facilitate. I encourage you to visit our website regularly, as we continually update it to provide greater clarity to businesses. We also use social media for outreach and education.

Another important activity is monitoring complaints we receive. We collect and analyze data to identify trends and potential threats. Based on the evidence, we sometimes proceed to investigations. This can include on-site inspections or searches which, in some cases, lead to enforcement.

When conducting investigations, our first step is to gather the appropriate information. We can issue requests for information to companies and individuals, in order to gather evidence and data to verify compliance.

If we find problems – under both CASL and the UTRs – we have a number of options to enforce compliance.

These include:

• A Warning Letter, which brings to the attention of the business a minor violation requiring corrective action.
• A Citation, which identifies alleged violations and sets out the specific corrective action to be taken within a certain time frame. The names of individuals and organizations that receive a Citation are published on the CRTC’s website.
• A Notice of Violation, which also is published on our website and is served on an entity that has committed a violation. It may be accompanied by an administrative monetary penalty.

Whenever possible, we take advantage of alternative case resolution options. In some instances, those subject to investigation can enter into an undertaking under CASL or a negotiated settlement under the Unsolicited Telemarketing Rules to address non-compliance.

As part of those settlements, the party might need to implement a corporate compliance program. It could be required to report on its activities or, for instance, publish a corrective notice in a newspaper or on a website. In other cases, they may have to pay a specified amount.

Our objective under all these scenarios is to come to a mutually agreed upon outcome that ensures compliance and is in the best interests of all the parties – most especially Canadian consumers.

However, if people won’t engage with us or voluntarily comply, then my team can take harsher action.

Depending on the nature of the violation, the CRTC has authority under CASL to impose up to $1 million per violation for individuals. And up to $10 million per violation for any other entity, such as a corporation.

While it might look as though the penalties are lower under the Unsolicited Telemarketing Rules, they, too, can be very costly for individuals and businesses that don’t comply.

The Administrative Monetary Penalties rise from up to $1,500 per violation for a person to as much as $15,000 per violation for a corporation. Consider that each call is considered a violation and then add up the fines per call – sometimes in the hundreds of thousands or more – and it can come to a hefty total.

Our framework includes factors to consider that reflect the egregiousness of the activity. The outcome corresponds to the degree of negligence or contravention. We save the highest penalties for the most flagrant violations.

Whatever the choice, our goal is always to ensure compliance with the law and prevent recidivism.

And no one should doubt our determination in that department.

As you may know, Commission staff signed an undertaking under CASL with two Quebec-based companies last May for sending text messages related to 514-BILLETS, whose business involves ticket resales for sporting and cultural events. They did so without the recipients’ consent, without information identifying the person who sent the messages, and without information enabling the recipients to contact the sender.

This was our first SMS case and, happily, we were able to reach an agreement and enter into an undertaking. The undertaking included payments totaling $100,000 – $75,000 of it in the form of rebates to customers who received the commercial text messages without their consent. The companies also changed their business practices, bringing in compliance programs at their operations and appointing an officer responsible for organizational compliance. This is a textbook example of fixing a problem with smaller penalties but still ensuring compliance, an approach that benefits all parties.

We also have imposed penalties on those who have violated the Unsolicited Telecommunication Rules – a problem we saw in Toronto back in 2016. Five real estate brokerages based in the Greater Toronto Area were subject to penalties totalling $230,000 for violations of the rules.

Liability

Something else many businesses don’t seem to realize is that you’re not off the hook if you hire another company to make calls or send commercial emails on your behalf.

Just so there is no doubt: Whether you are a realtor, banker, lawyer or retailer – and whether you act on your own or use the services of a third party acting on your behalf – anyone who contacts consumers to sell a product or a service is considered to be making a telemarketing call. So be sure to do your due diligence if you want to avoid violations under your corporate banner.

The legislation is crystal clear: the rules require the client of the telemarketer to be registered and subscribed to the DNCL prior to initiating calls. A registration that must be refreshed every year.

Under CASL, directors, officers, agents and mandataries of a corporation can be liable if they directed or participated in the commission of the violation. That means that, whether a person has actually placed the call or sent out a commercial electronic message, allowing a violation by others by failing to act can leave you liable.

All of this underscores how important it is for your business to have written contracts in place with third parties that ensure they are in compliance with the legislation. It also demands that businesses monitor the measures third parties put in place governing how their services are used.

The easiest way to do that is have written corporate compliance policies or procedures in place consistent with both the Telecommunications Act and CASL. But don’t just have those policies in place: monitor, follow-up and do your due diligence to ensure they are adhered to.

To-do list

I realize that, as business leaders, CRTC regulations aren’t top of mind. In fact, I regularly have people tell me ‘I have 10 minutes at most to devote to this on an average day, so what are the most important things I need to know?’

Well, we’ve put together Compliance tips to help you stay on the right track.

Knowing the number one thing Canadian’s complain to us about is having not given consent to receive messages or being called even when their numbers are on the Do Not Call List, our first tip is pretty obvious. Obtain consent before sending commercial messages and make sure you’re registered and subscribe to the Do Not Call List prior to making telemarketing calls.

The second tip is to keep an accurate and up-to-date contact lists and act promptly on unsubscribe requests, in the case of CASL. Likewise, if you’re making telemarketing calls, make sure you scrub your internal DNCL so you do not contact people who have requested you leave them alone.

The third tip is to audit and monitor your own performance and that of any third parties you hire. In turn, this requires that you regularly review your policies and procedures and ensure that your staff is up to speed on the latest requirements.

One of the most important things to do is to maintain an accurate record keeping system in case we ask for documents. This forms part of your due diligence defence. So, track all call scripts and call logs, keep a copy of the registration and subscriptions to the DNCL, and keep a policy of your scrubbing procedures.

Finally, if in doubt, just get in touch and we will be happy to provide information and help. You can find all kinds of information on your own on our website. But our door is open.

We have a client services team that’s ready and eager to work with you. Our support centres are open from 8:30am to 4:30pm local time Monday to Friday. There’s a free 1-800 number to call. We’re also available online to answer your questions or provide information on alternative dispute resolution for telecommunications issues.

Conclusion

We are not simply dictating rules from on high. We really do want to help you out. I mean that sincerely.

From my experience, most companies want to comply. By virtue of your attendance at this session, you too are clearly committed to learning what you need to do to uphold the laws and regulations the CRTC enforces.

So, my goal today isn’t to threaten people or imply that anyone here is less than a sterling corporate leader.

I also know that you have an important job to do and that you need to capitalize on all available tools to carry out your work. I read recently that half of corporate bankruptcies are caused by bad receivable management. Clearly, good receivable management is essential to the success of firms.

And governments, too, as your Association’s membership list underscores. Whether its revenue from sales or taxes, ensuring that everybody pays their due is vital to the proper functioning of the economy and society at large.

So, rest assured that neither I nor the CRTC have issues with legitimate business practices. We – and Canadian consumers – just want to make sure you abide by Canadian laws.

I would argue that good account receivable management should help your businesses to stay on the right side of federal regulations – which, in turn, will help to build public trust and confidence in the work that you do.

And we all want to earn and keep the respect of the customers and citizens we serve, because that is ultimately good for business.

I hope I have convinced you that it’s in your businesses’ best interest to satisfy Canadians’ expectations when it comes to protecting their privacy. I also hope you will serve as role models for companies that do not yet achieve these high standards.

I want to thank you again for your time and interest in learning about this important topic. Don’t be shy. Come see me. I will be happy to chat with you and address questions you may have while I am here today.

Footnote 1: Source: FICO Survey: 70% of APAC Banks Will Use AI in Collections and Recovery by 2019