InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Attorneys general from 47 states support a robocall proposed rule
On November 12, attorneys general from 47 states (AGs) filed reply comments in response to a public notice seeking comment on the FCC’s proposals to increase accountability and accuracy among filings in the Robocall Mitigation Database (RMD). The AGs expressed their support for the FCC’s proposed rulemaking to enhance the accuracy and accountability of RMD entries, which are used to help combat illegal robocalls. They highlighted issues such as false or incomplete information submitted by providers, which the letter explained undermines enforcement efforts.
The AGs recommended additional procedural measures, including embedding clarifying information in the RMD certification process, requiring timely updates to the Commission Registration System (CORES), and implementing multi-factor authentication and PIN requirements for submissions. They also signaled support for imposing filing fees to discourage bad actors and suggested periodic renewals to maintain current information. Additionally, the AGs advocated for the use of data validation tools to prevent false and inaccurate filings and supported serious penalties for false information. They agreed with the FCC’s proposal for permissive blocking of facially non-compliant providers and emphasized the importance of the RMD as a consumer protection tool.
FCC updates the TCPA for opt-out requests
Recently, the FCC announced the new rules under the Telephone Consumer Protection Act (TCPA) will take effect on April 11, 2025, making it easier for consumers to revoke consent for unwanted robocalls and robotexts. As previously covered by InfoBytes, these rules were adopted in the TCPA Consent Order on February 15 requiring callers and texters to honor opt-out requests promptly. The FCC’s announcement in the Federal Register confirmed the compliance date for the amendments and new rules specified in 47 CFR §§ 64.1200(a)(9)(i)(F), (10), (11) and (d)(3).
FCC to change definition of “prior express written consent” in January 2025 to close “lead generator loophole”
Next year, the FCC’s new rules requiring prior written consent for robocalls and robotexts per seller will go into effect thus closing the “lead generator loophole.” Specifically, on January 27, 2025, the FCC’s amendments to the definition of “prior express written consent” will go into effect. The term “prior express written consent” will now require: (1) “an agreement, in writing”; (2) “that bears the signature of the person called or texted” (italics added); (3) “that clearly and conspicuously authorizes no more than one identified seller to deliver or cause to be delivered to the person called or texted advertisements or telemarketing messages”; and by (4) “using an automatic telephone dialing system or an artificial or prerecorded voice.” Of note:
- The definition will now include text messages in addition to calls.
- Prior express written consent will apply to one seller at a time.
- Written consent must be obtained after providing the consumer with clear and conspicuous disclosure, which the FCC described as “notice that would be apparent to a reasonable consumer.” The FCC provides that such disclosure must inform the consumer executing the consent agreement:
- By signing the agreement, such person authorizes one seller to deliver to them telemarketing calls or texts using an automatic telephone dialing system or an artificial or prerecorded voice; and
- The consumer is not required to agree to enter or sign the agreement (directly or indirectly) as a condition of purchasing any property, goods or services.
- The calls and texts must be “logically and topically associated with the interaction that prompted the consent.”
- The prior express written consent agreement must identify the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.
- The prior express written consent requirement will apply to both residential and business phone lines.
The FCC noted that comparison shopping websites may offer a check box list that allows the consumer to choose the seller of their choice or a clickthrough link to the seller to obtain the consent from the consumer directly.
The FCC released its final rule in January affecting the TCPA with most rules having gone into effect March and July of this year, but the amendment to 47 CFR 64.1200(f)(9) on prior express written consent will go into effect next year.
FCC expands its Privacy and Data Protection Task Force partnerships
On October 21, the FCC announced that its Privacy and Data Protection Task Force formed additional partnerships with the Attorneys General of Massachusetts, Maine, Vermont, Delaware, and Indiana. These new partnerships join existing collaborations with Connecticut, Illinois, New York, Oregon, Pennsylvania, and the District of Columbia. The formal agreements, known as Memoranda of Understanding (MOUs), enable federal and state enforcement leaders to share expertise, resources and coordinate efforts in privacy, data protection and cybersecurity enforcement.
The FCC shared these MOUs affirm the “close and common legal interests in working cooperatively to investigate and, where appropriate, prosecute or otherwise take enforcement action in relation to privacy, data protection, or cybersecurity issues” that it shares with these state attorneys general. The partnership will benefit both the FCC’s Enforcement Bureau and state investigators since they perform similar investigative steps. As the FCC noted, these privacy and data protection partnerships provide critical resources for building cases and coordinating efforts to protect consumers and businesses nationwide.
FCC warns gateway provider not to transmit “illegal” robocalls
On October 18, the FCC issued a public notice to all US-based voice service providers regarding a cease and desist letter that it had sent to a “gateway” telecommunications provider instructing it to halt transmission of apparently unlawful foreign robocalls in the US. The FCC stated that the calls impersonate financial institutions and deceive recipients into providing sensitive information.
The FCC warned the gateway provider that it is unlawful to call cell phone numbers using prerecorded messages without prior express consent or an emergency purpose. It instructed the gateway provider to mitigate the illegal traffic within 48 hours or potentially face permissive and mandatory blocking of all its traffic and removal from the Robocall Mitigation Database, which would compel all intermediate and terminating voice service providers to cease accepting the gateway provider’s calls. In parallel, the FCC instructed US-based voice service providers that if the gateway provider failed to mitigate the apparently illegal traffic in a timely manner, voice service providers may block voice calls or cease to accept traffic from the gateway provider, without liability.
The FCC took these actions after the gateway provider failed to provide evidence of consent for these calls or dispute their illegality. The cease and desist letter detailed five specific calls transmitted by the gateway provider that contained prerecorded messages claiming to be from bank customer support centers and warning of fraudulent transactions. The FCC emphasized that such calls exploit consumer fears and undermine legitimate financial institutions’ efforts to protect their customers.
FCC to vote on AI-generated robocall rules
On July 16, the FCC proposed new consumer protections against AI-generated robocalls and planned to vote on these proposals at the August Open Meeting. If approved by the Commission during the meeting, these rules would clarify practices surrounding AI-generated robocalls and implement new requirements, including: (i) providing a clear definition of what is included in the term “AI-generated calls”; (ii) requiring disclosure by callers using AI-generated calls when obtaining prior express consent; (iii) requiring callers to inform consumers at the start of each call that it is AI-generated; and (iv) ensuring that protections are in place for beneficial AI applications, such as AI tools (that can assist individuals with disabilities) use the telephone network without the threat of TCPA liability.
The proposed protections would build on the FCC’s efforts earlier this year, which determined that AI calls are subject to TCPA regulations (covered by InfoBytes here). The FCC also highlighted other recent actions taken by the Commission to “protect consumers from AI-generated scams and misinformation,” including, among other things, a Declaratory Ruling against voice cloning in robocalls, proposed fines for illegal robocalls and deepfake voice cloning, and inquiries into carrier practices to prevent fraudulent AI robocalls.
FCC suspects robocaller of illegal call traffic
On May 20, the FCC released a notification of suspected illegal traffic against a voice service provider (VSP) for allegedly originating illegal robocall traffic. According to the FCC, it appeared that the VSP claimed to offer financial services by delivering prerecorded messages related to debt consolidation loans, and it claimed to be from one of three financial institutions, two of which contained names that were confusing to unrelated financial institutions. The two unrelated financial institutions posted warnings on their websites notifying consumers of the misuse of their names to make “spam” type calls. The FCC reviewed 13 traceback calls from the approximately 78 million calls the company solicited between November 2023 and February 2024. Upon review, the FCC claimed that the VSP was the originating provider of these calls, and that the VSP did not contest the calls.
The FCC alleged the call traffic was illegal since the prerecorded messages contained advertisements without any consents of the called party, nor was there any emergency purpose for the calls. The FCC noted three potential consequences that may arise, including blocking of upstream, downstream, and intermediate providers. Additionally, the FCC noted that in the event all deficiencies are not cured, the VSP may face removal from the Robocall Mitigation Database (RMD). Notably, intermediate and other VSPs are only permitted to accept traffic from a domestic VSP if that provider was listed in the RMD.
In a public notice, the FCC notified all U.S.-based VSPs of unlawful robocalls related to debt consolidation loans originating the from the VSP in the above notification.
FCC adopts rule on robocalls and robotexts, includes NPR on TCPA applicability
On February 15, the FCC adopted a rule to protect consumers from robocalls and robotexts. According to the rule, robocallers and robotexters must honor do-not-call and consent revocation requests within 10 business days from receipt. In addition, the rule will allow consumers to revoke consent under the TCPA through any unreasonable means and will clarify that the TCPA would not be violated when a one-time text message is sent confirming a consumer’s request that no further text messages be sent if the confirmation text only confirms the opt-out request and does not include marketing information.
The new rule clarified that revocation of consent can be made via automated methods such as interactive voice responses, key press activation on robocalls, responding with “stop” or similar messages to text messages, or using designated website or phone numbers provided by the caller all will constitute reasonable means to revoke consent. If a called party uses any of these designated methods to revoke consent, it will be considered definitively revoked, and future robocalls and robotexts from that caller must cease. The caller cannot claim that the use of such a mechanism by the called party is unreasonable. Any revocation request made through these specified means will be considered “absolute proof” of the called party's reasonable intent to revoke consent. Furthermore, when a consumer uses a method other than those discussed in the rule to revoke consent, “doing so creates a rebuttable presumption that the consumer has revoked consent when the called party satisfies their obligation to produce evidence that such a request has been made, absent evidence to the contrary.”
The Commission also included a notice of proposed rulemaking, seeking comment on “whether the TCPA applies to robocalls and robotexts from wireless providers to their own subscribers and whether consumers should have the ability to revoke consent and stop such communications.” The rule will go into effect 30 days after publication in the Federal Register, except for certain amendments that will not be effective until six months following OMB review.
FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General
On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”
This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.
FTC temporarily halts business opportunity scheme
On December 19, the FTC announced that the U.S. District Court for the Eastern District of Pennsylvania granted a temporary restraining order against a business opportunity scheme for allegedly engaging in deceptive acts. The court’s order barred the defendants from making misrepresentations about any business or money-making opportunity and froze the defendant’s assets. According to the FTC’s complaint, the business opportunity scheme violated the FTC Act’s prohibition of “unfair or deceptive acts or practices in or affecting commerce” and the Telemarketing Sales Rule by, among other things, (i) making misrepresentations regarding earnings from their products and services; (ii) furnishing “success coaches” with marketing materials to be used for new member recruitment, thus providing the means for the commission of deceptive acts or practices; (iii) making misrepresentations regarding profitability to persuade consumers to pay for membership, digital products, and marketing packages; (iv) making misrepresentations regarding material aspects of an investment opportunity; and (v) facilitating outbound calls that deliver prerecorded messages to encourage consumers to purchase its products, also known as robocalls. Beyond the temporary restraining order and asset freeze, the FTC is seeking a permanent injunction and other equitable relief.