InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC changes TCPA enforcement under TRACED Act
On May 1, the FCC issued an order announcing the Commission will no longer send entities outside its jurisdiction warnings prior to commencing an enforcement action related to TCPA robocall violations. Specifically, the order, as mandated under Section 3 of the TRACED Act (covered by InfoBytes here), (i) removes provisions that previously required the FCC to issue a warning prior to imposing penalties for making robocalls; (ii) increases the maximum fine that the FCC can assess for robocall violations to $10,000 per intentional unlawful call, in addition to a forfeiture penalty amount; and (iii) extends the statute of limitations to four years for the FCC to investigate and take enforcement action against an entity that violates the TCPA. The order takes effect 30 days after publication in the Federal Register.
CFPB asks FCC to allow financial institutions to make certain Covid-19-related calls
On April 27, the CFPB sent a letter to the FCC in support of a petition filed at the end of March by several financial trade associations, which seeks an expedited ruling to allow financial institutions to make certain automated calls concerning Covid-19 relief options without violating the TCPA. The CFPB specifically encouraged the FCC to allow a limited number of automated Covid-19-related calls from financial institutions that would alert customers of offers of forbearance, payment deferrals, fee waivers, extensions or relaxations of repayment terms, loan modifications, and other resources related to loans secured by homes or vehicles. “Allowing financial institutions to make automated calls is one more way to maximize the outreach to ensure consumers receive important and timely information,” CFPB Director Kathy Kraninger noted, cautioning, however, that financial institutions must still comply with other legal requirements with respect to their communications with customers, including the Bureau’s mortgage servicing rules and Dodd-Frank’s prohibition on unfair, deceptive, or abusive acts or practices.
2nd Circuit joins 9th Circuit in broadening the definition of an autodialer under TCPA
On April 7, the U.S. Court of Appeals for the Second Circuit vacated a district court’s order granting summary judgment in favor of a defendant in a TCPA action. The decision results from a lawsuit filed by a plaintiff who claimed to have received more than 300 unsolicited text messages from the defendant through the use of an autodialer after the plaintiff texted a code to receive free admission to a party. The defendant countered that the programs used to send the text messages were not autodialers because they “required too much human intervention when dialing,” and therefore did not fall under the TCPA. The district court granted the defendant’s motion for summary judgment, agreeing that the defendant’s programs were not autodialers because a human being determined when the text messages are sent.
On appeal, the 2nd Circuit concluded that while human beings do play some role in the defendant’s systems, “[c]licking ‘send’ does not require enough human intervention to turn an automatic dialing system into an non-automatic one.” According to the appellate court, “[a]s the FCC additionally clarified in 2012, the statutory definition of an [autodialer] ‘covers any equipment that has the specified capacity to generate numbers and dial them without human intervention regardless of whether the numbers called are randomly or sequentially generated or come from calling lists.’” (Emphasis in the original.) “The FCC’s interpretation of the statute is consistent with our own, for only an interpretation that permits an [autodialer] to store numbers—no matter how produced—will also allow for the [autodialer] to dial from non-random, non-sequential ‘calling lists.’ . . . What matters is that the system can store those numbers and make calls using them.”
The 2nd Circuit’s opinion is consistent with the 9th Circuit’s holding in Marks v. Crunch San Diego, LLC (covered by InfoBytes here). However, these two opinions conflict with holdings by the 3rd, 7th, and 11th Circuits, which have held that autodialers require the use of randomly or sequentially generated phone numbers, consistent with the D.C. Circuit’s holding that struck down the FCC’s definition of an autodialer in ACA International v. FCC (covered by a Buckley Special Alert).
FTC and FCC warn VoIP service providers about illegal Covid-19 robocalls
On April 3, the FTC and the FCC sent letters to three Voice over Internet Protocol (VoIP) service providers, warning the companies to stop sending spam robocall campaigns promoting Covid-19 related scams. According to the agencies, “routing and transmitting illegal robocalls, including Coronavirus-related scam calls, is illegal and may lead to federal law enforcement.” The agencies sent a separate letter to a telecommunications trade association thanking the group for its assistance in identifying the campaigns and relaying a warning that the FCC will authorize U.S. providers to begin blocking calls from the three companies if they do not comply with the agencies’ request within 48 hours after the release of the letter.
FCC orders phone companies to deploy STIR/SHAKEN framework
On March 31, the FCC adopted new rules that will require phone companies in the U.S. to deploy STIR/SHAKEN caller ID authentication framework by June 30, 2021. As previously covered by InfoBytes, the STIR/SHAKEN framework addresses “unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” FCC Chairman Ajit Pai endorsed the value of widespread implementation, stating the framework will “reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies identify—and even block—calls with illegal spoofed caller ID information before those calls reach their subscribers.” The new rules also contain a further notice of proposed rulemaking, which seeks comments on additional efforts to promote caller ID authentication and implement certain sections of the TRACED Act. Among other things, the TRACED Act—signed into law last December (covered by InfoBytes here)—mandated compliance with STIR/SHAKEN for all voice service providers.
FCC ruling provides TCPA exception for emergency Covid-19 communications
On March 20, the FCC issued a declaratory ruling which “confirm[s] that the [Covid-19] pandemic constitutes an ‘emergency’ under the…[(TCPA)].” Accordingly, “hospitals, health care providers, state and local health officials, and other government officials may lawfully communicate information about [Covid-19] as well as mitigation measures without violating federal law.” The “emergency purposes” exception to the TCPA means that these callers “may lawfully make automated calls and send automated text messages to wireless telephone numbers” in order to effectively communicate with the public regarding the “imminent health risk” caused by Covid-19. The content of the communications “must be solely informational, made necessary because of the [Covid-19] outbreak, and directly related to the imminent health or safety risk arising” from the pandemic. Excluded from this emergency exception to the TCPA are debt collection calls, advertising calls, and automated telemarketing calls, which continue to require the prior express consent of the called party.
Supreme Court to review TCPA debt collection exemption
On January 10, the U.S. Supreme Court announced it had granted a petition for a writ of certiorari filed by the U.S. government in Barr v. American Association of Political Consultants Inc.—a Telephone Consumer Protection Act (TCPA) case concerning an exemption that allows debt collectors to use an autodialer to contact individuals on their cell phones without obtaining prior consent to do so when collecting debts guaranteed by the federal government. As previously covered by InfoBytes, the 4th Circuit agreed with the plaintiffs (a group of several political consultants) that the government-debt exemption contravenes the First Amendment’s Free Speech Clause, and found that the challenged exemption was a content-based restriction on free speech that did not hold up to strict scrutiny review. “Under the debt-collection exemption, the relationship between the federal government and the debtor is only relevant to the subject matter of the call. In other words, the debt-collection exemption applies to a phone call made to the debtor because the call is about the debt, not because of any relationship between the federal government and the debtor,” the appellate court opined. However, the panel sided with the FCC to sever the debt collection exemption from the automated call ban instead of rendering the entire ban unconstitutional, as requested by the plaintiffs. “First and foremost, the explicit directives of the Supreme Court and Congress strongly support a severance of the debt-collection exemption from the automated call ban,” the panel stated. “Furthermore, the ban can operate effectively in the absence of the debt-collection exemption, which is clearly an outlier among the statutory exemptions.” The petitioners—Attorney General William Barr and the FCC—now ask the Court to review whether the government-debt exception to the TCPA’s automated-call restriction is a violation of the First Amendment. Oral arguments are set for April 22.
Trump signs bill to combat robocalls
On December 30, President Trump signed S. 151—the “Telephone Robocall Abuse Criminal Enforcement and Deterrence Act” (TRACED Act, Public Law 116-105)—which, among other things, grants the FCC authority to promulgate rules to combat illegal robocalls and requires voice service providers to develop call authentication technologies. The TRACED Act, Public Law No. 116-105, also directs the FCC to issue regulations to ensure that banks and other callers have effective redress options if their calls are erroneously blocked by call-blocking services.
Highlights of the TRACED Act include:
- STIR/SHAKEN implementation. Within 18 months of enactment, the FCC must require voice service providers to implement “STIR/SHAKEN” caller ID authentication framework protocols at no additional charge to consumers. Providers will be required to adopt call authentication technologies to enable telephone carriers to verify the authenticity of the calling party’s calls. (Previously covered by InfoBytes here.)
- Increased enforcement authority. The FCC will be able to levy civil penalties of up to $10,000 per violation, with additional penalties of as much as $10,000 for intentional violations. The TRACED Act also extends the window for the FCC to take enforcement action against intentional violations to four years.
- FCC requirements. The TRACED Act directs the FCC to (i) initiate a rulemaking to protect subscribers from receiving unwanted calls or texts from callers who use unauthenticated numbers; (ii) initiate a proceeding to protect parties from “one-ring” scams “in which a caller makes a call and allows the call to ring the called party for a short duration, in order to prompt the called party to return the call, thereby subjecting the called party to charges”; (iii) submit annual robocall reports to Congress; and (iv) establish a working group to issue best practices to prevent hospitals from receiving illegal robocalls.
- Agency collaboration. The TRACED Act directs the DOJ and the FTC to convene an interagency working group comprised of relevant federal departments and agencies, such as the Department of Commerce, Department of State, Department of Homeland Security, FTC, and CFPB, which must consult with state attorneys general and other non-federal entities, to identify and report to Congress on recommendations and methods for improving, preventing, and prosecuting robocall violations.
- Criminal prosecutions. The TRACED Act encourages the DOJ to bring more criminal prosecutions against robocallers.
Earlier on December 20, the FCC issued a public notice seeking industry input on current practices for blocking unwanted calls as part of a study required by last June’s declaratory ruling and proposed rulemaking (covered by InfoBytes here; Federal Register notice here). The FCC will use the information collected in an upcoming report on the current state of call blocking efforts. Comments will be accepted until January 29, and reply comments are due on or before February 28.
FCC seeks comment on whether an opt-out clarification text violates TCPA
On November 7, the FCC released a public notice seeking comment on a petition filed by a financial institution requesting a declaratory ruling on whether a company can send a follow-up clarification text message in response to an opt-out message from a consumer without violating the TCPA. More specifically, in connection with informational texts that the consumer previously consented to receive, the institution desires to “discern the scope of that opt-out,” because “[s]ome customers want to opt-out of all texts; others merely want to opt-out of the specific category of text message alert they received most recently.” The institution notes it filed the petition “in an abundance of caution” in light of the highly technical nature of TCPA compliance, and that it believes the FCC’s 2012 ruling in SoundBite Communications, Inc. Petition for Expedited Declaratory Ruling is clear that a sender may clarify in an opt-out confirmation message the scope of the consumer’s request without violating the TCPA as long as the message does not contain marketing or promotional content or seek to encourage or persuade the recipient to reconsider the opt-out.
Comments on the FCC’s public notice are due by December 9, with reply comments by December 24.
California addresses robocall spoofing
On October 2, the California governor signed SB 208, the “Consumer Call Protection Act of 2019,” which requires telecommunications service providers (TSPs) to implement specified technological protocols to verify and authenticate caller identification for calls carried over an internet protocol network. Specifically, the bill requires TSPs to implement “Secure Telephone Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols or alternative technology that provides comparable or superior capability by January 1, 2021. The bill also authorizes the California Public Utilities Commission and the Attorney General to enforce certain parts of 47 U.S.C. 227, making it unlawful for any person within the U.S. to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.
As previously covered by InfoBytes, in June 2019, the FCC adopted a Notice of Proposed Rulemaking (NPRM) requiring voice providers to implement the “SHAKEN/STIR” caller ID authentication framework. The FCC argued that once “SHAKEN/STIR” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.”