Organizations are facing a unique set of marketing compliance challenges in 2023—difficult market conditions, smaller compliance teams, limited bandwidth, decreased budgets, and more.
In a recent webinar, industry experts Alex Megaris, Partner at Venable LLP, and John Henson, General Counsel at ConsumerAffairs, discussed the top marketing compliance trends from PerformLine’s State of Marketing Compliance Report that are impacting organizations in 2023 and practical strategies for navigating these challenges while remaining compliant.
This blog recaps key conversation topics, including managing compliance with small teams, prioritizing and allocating budgets, the importance of compliance training, leveraging relationships with outside counsel, mitigating risk across marketing channels, regulatory hot topics and expectations, and information sharing across the organization.
- Understanding your business and what it’s doing is crucial to successfully integrate compliance within its operations
- Utilize external resources to automate compliance tasks or gather necessary information for the business to prioritize its compliance initiatives
- Effective communication with your organization is essential for developing relationships and advocating for compliance
Table of Contents
- Managing compliance with small teams
- Prioritizing and allocating compliance budgets
- The importance of compliance training and development
- Leveraging relationships with consultants and outside counsel for compliance
- Mitigating risk across communication channels
- Regulatory hot topics and expectations for 2023
- Information sharing across the organization
- Solve your marketing compliance challenges with PerformLine
Managing compliance with small teams
The most consistent theme for 2023 is that organizations are trying to do more with fewer compliance resources. 74% of organizations report having a team of five or fewer people, and the majority of organizations do not plan to hire additional staff.
How can these small teams keep up with compliance demands?
Understand your business
The number one thing any small compliance team can do? Understand the business, says John.
This may seem obvious, but it’s an area where many people struggle, especially if they’re coming from a larger institution like a bank into a smaller company. Understanding the business is critical to success in a small compliance department.
In larger organizations, it’s easy to get siloed and focus solely on your area of expertise. You may have a thorough understanding of mortgage regulations and the documents that need to be sent out, but when you move to a smaller organization, there’s much more to consider. You need to understand how these regulations impact the business as a whole and which departments they affect.– John Henson
In John’s experience, the best way to learn about the business is to talk to those who have been there for a while. Those people are extremely valuable for understanding why things are being done in a certain way and can provide some historical context.
Sometimes there’s a valid reason for certain practices, and other times, it’s just the way that things have always been done, which isn’t always the best way. In either case, you’ll gain valuable insights that will allow you to move forward with compliance initiatives.
Conduct regular risk assessments
Alex’s best advice for organizations of any size is to conduct risk assessments on a regular basis.
This is not a one-size-fits-all exercise, but risk assessments help prioritize the long list of items on any legal or compliance department’s agenda based on the risks they pose to the business. It also helps focus resources and allocate them proportionately to the consequences of not doing something.– Alex Megaris
When it comes to compliance management systems and the different regulations and risks that organizations face, it’s important to not only understand the statutes, regulations, and consequences, but also the impact to the business from a financial perspective, explains Alex.
Some areas of the business may require more significant resources from a compliance perspective. But, if that area is just a small part of the business and not a priority in the near term, it doesn’t make sense to put a disproportionate amount of resources towards that project.
Instead, resources should be allocated to other areas of the business that are growing faster, touching more people and dollars, and moving faster.
Prioritizing and allocating compliance budgets
Only 41% of respondents said that they expect budgets to increase in 2023, compared to 65% in 2022.
How can companies prioritize and allocate budgets efficiently?
Stay up-to-date on regulatory actions
One practical way to allocate compliance budget is to be attuned to what’s going on in the regulatory environment and in class actions to see where priorities lie and how they’re using their tools to enforce the laws.
Staying up to date on those activities and actions and statements that forecast where the regulators are going, what they’re thinking, and what they’re prioritizing is one easy and cost-efficient way to rank your priorities.– Alex Megaris
That information is increasingly free and easily accessible through professionals who understand how to interpret the various actions that regulators or class action lawyers are bringing (Venable LLP’s Insights is full of compliance resources!).
Understand the nature of applicable regulations
Another way to help prioritize budget, says Alex, is to look at the matrix of the different laws or regulations that you need to incorporate into your compliance.
Some regulations are very clear-cut and have mandatory minimum requirements, while others are more discretionary and require more judgment. Understanding these differences helps prioritize how to use resources effectively.
Align with your finance team
You have to understand the risk to your business and be able to “sell” your finance team on what’s important and how you need the budget to address the compliance risks that are facing your company, says John.
I think realistically, to piggyback off what Alex said earlier about risk assessment and prioritizing and understanding what’s important to the business, you can work with your finance team to understand what your budget is and what they see as some risks as well.– John Henson
This is especially important if the company is growing in a particular area or if there’s additional risk in a certain area from regulatory activity.
To build a successful business case for compliance spend, you have to understand the balance of potential vs. actual risks.
Let’s use TCPA as an example. I can always say that our risk is statutory damages multiplied by the number of people we call—look at this giant number. And that is probably the least helpful thing you can do because at some point, you’re just trading on fear, uncertainty, and doubt.
Your business team will see right through that, and therefore you’ve now hurt your case as opposed to helping it. So, you have to be able to balance damages and what the realistic risk is there. And I think that’s one of the hardest things to do, really understand that balance of potential versus actual risks. But if you can do that, it’s helpful.
I would also say again, and I keep beating this drum, that having those relationships with your finance team is invaluable. You should be having those conversations year-round and not just at budget time.– John Henson
The importance of compliance training and development
Another note from the report is that there has been a decrease in spending on training and development consulting and some legal services.
What are the risks of businesses that aren’t prioritizing training and development?
Staying informed to reduce risk
It can be challenging for smaller compliance teams to keep up with regulatory changes while managing daily tasks and to comprehend the business and its changes without regular training.
I’m not going to lie and say that I’ve never been in a situation where we were going down a path, then we go talk to the business, and they say, ‘oh yeah, we’re not doing that anymore. We’re doing this now.’ And you’re like, what just happened? So you’ve got to stay abreast.– John Henson
But, by not prioritizing compliance training and development, you’re facing additional risk by not being current.
John also argues that there are too many resources available for people in compliance to not be encouraging training. It doesn’t have to be formal—there are plenty of law firms doing webinars and sharing resources for individuals to stay on top of what’s happening.
We are compliance professionals, and part of that is self-development. If you’re not willing to do that and spend that time, or if your company doesn’t see the value in it, you’ll have to take the reins and do it yourself, which is easier now than it has ever been.– John Henson
Creating a culture of compliance
Training and development are one of the most efficient spends in terms of preventing non-compliance, says Alex. And training should not just be for the compliance team—compliance is important for the entire organization and should be embedded within the culture.
When you think about most organizations, they have small compliance departments. They don’t have compliance personnel embedded in the various business units or sales teams like a bank might.
You really need to rely on the business units and the people themselves to self-identify or flag potential issues. In any compliance program, those people are the first line of defense. Compliance comes second.
So if they’re not equipped to identify even a yellow flag, then everything falls on compliance resources and outside counsel—which is the most expensive way to manage compliance.
I think not having regular training for the people outside of compliance, so that they’re aware of yellow and red flags, is a mistake.– Alex Megaris
Noncompliance is expensive to clean up and can be difficult to quantify. By taking a more proactive approach to compliance, organizations can significantly mitigate risk and protect their brand.
Get an outside perspective
It’s important to have an external partner talk to the business. Sometimes, what you say as an internal partner can fall on deaf ears, says John.
Having an outside attorney reiterate what you’ve been saying to your compliance team can be world-changing for the business.
The example that I always use is my kids. I can tell my kids, ‘don’t do that, don’t do that, don’t do that.’ And once another adult that they respect comes in and says, ‘Hey, you probably shouldn’t do that,’ they’re like, ‘you know what? I’m gonna stop doing that.’ It’s the same thing with the business, right?– John Henson
Alex adds that outside attorneys can also provide examples of how other companies are doing things. They can put it into context by sharing what can go wrong and the lengths other organizations are going to stay out of the news.
Leveraging relationships with consultants and outside counsel for compliance
As compliance spending is decreasing for legal and consulting services, how can organizations make the most of their relationship with consultants and outside counsel?
Be open and honest
Alex suggests that organizations should have open and honest conversations with their advisors and see what the options are to help alleviate budgetary pressures. This could involve fixed fees, especially for compliance projects, which tend to lend themselves well to that kind of arrangement.
I want to emphasize that there’s more flexibility than you might think when it comes to fee arrangements. Don’t be afraid to ask your outside advisors about what options are available.– Alex Megaris
Ask for training
Alex also suggests asking your outside advisors for some free training.
We love to go to our clients and do presentations for their legal and compliance departments at no cost. This allows us to interact in person and provide more value. You should definitely take advantage of this opportunity.– Alex Megaris
Utilize free content and resources
Some outside advisors provide a lot of free content—make sure you know about those resources and ask if they can provide tailored updates.
I have some clients who want me to provide my spin on the content instead of just receiving it when it’s released. I’m happy to do that since I’m already writing the blogs. It helps connect the client to what’s going on in their business and the latest developments.– Alex Megaris
Mitigating risk across communication channels
58% of organizations lack compliance monitoring on at least one marketing channel they’re using to communicate with consumers—how do you prioritize communication methods for compliance?
Focus on UDAAP
Unfair, deceptive, or abusive acts and practices (UDAAP) is a top priority for John and his team. Compliance is much easier to achieve if your compliance team has a good internal framework for how they think about UDAAP and how they can communicate it to the rest of the organization in a simple way.
There’s nothing better than being [in] internal compliance and having someone repeat back what you said later saying, ‘We were gonna do this, but we remembered that X, Y, and Z.’ That’s the best thing ever.– John Henson
Understanding targeting strategies on social media
John prioritizes social media and how they decide who to market to for specific marketing channels.
Are we doing a look-alike audience on Facebook? Are we retargeting our prior customers? You know, all those questions have to be asked and have to be understood by the compliance team because that is an area of definite interest of mine as well as our regulators.– John Henson
Don’t isolate marketing channels
According to Alex, it is difficult to pinpoint a specific message as the source of UDAAP because all messages must be accurate and not misleading. Marketing is intended to be interconnected, with messages in various formats prompting consumers to act. Regulators consider everything that a consumer is exposed to during the purchase journey, and thus all disclosures must be adequate.
You can’t look at one media or channel in isolation. Although with email marketing, it’s pretty well-known how to craft a compliant message with CAN-SPAM and other regulations. However, with newer channels like social media, it’s harder to predict where potential pitfalls may be. But everything has to be looked at together.– Alex Megaris
Regulatory hot topics and expectations for 2023
John and Alex both predict consumer reviews to be a big focus in 2023.
Customer reviews are important because regulators are learning how businesses use them, but may have gone too far in assuming what the average customer understands and how they use review information, explains Alex. It’s critical to be transparent if you want to harness the power of customer feedback as a cheap and organic way to promote your products.
Earlier cases brought by the FTC that I worked on were cutting-edge because businesses used to cherry-pick positive reviews on their websites. With technology allowing for tens of thousands of reviews for every transaction or interaction, businesses should present a comprehensive view of customer feedback that includes both negative and positive reviews.
They should also have objective criteria for deciding what to publish on their website. Moderation is necessary, but it’s not practical to have someone manually go through all the reviews. Technology like PerformLine can help with crawling and finding things that need to be taken down or put up.– Alex Megaris
Dark patterns—everything is UDAAP
John also believes that more dark pattern information will be released this year. But what’s interesting about dark patterns and even consumer reviews, says John, is that everything is UDAAP.
At Consumer Affairs, we emphasize that everything is UDAAP. You have to understand what we’re telling people. You have to understand how consumers are seeing it. And what you think is best for the business is not best for the business if it causes you to have problems.
I’ve said it before, but tell the customer what you’re gonna do and then do that. That’s how you avoid your problems. You tell them exactly what’s gonna happen, and then that happens. And if anything falls outside of that, that’s gonna cause you problems, regardless of reviews or dark patterns.– John Henson
Alex agrees with John about dark patterns—it’s only illegal if it’s deceptive or unfair.
The design world is constantly striving to improve the digital experience, but it must adhere to the law. Regulators are beginning to take a more holistic approach, but there is a significant gap between the rhetoric and the actual cases brought to court. The key is to look at design features through the lens of what is considered deception or unfairness under the law.
One of the big cases of dark patterns was against a credit bureau that advertised free credit scores, but actually sold monitoring products with monthly fees.
The digital ads were essentially promoting free credit scores, which is a desirable offer for consumers. When users clicked on the ad, they were taken to a page where they were subscribed to a credit monitoring service rather than just receiving their “free” credit score.
You could see how that could easily happen where you have different people in a marketing team—the ones that are responsible for the ads that are being served, and the ones that are responsible for taking those people that end up on the website and moving them through the various web pages.– Alex Megaris
There has been discussion about other tactics that involve pressuring consumers to make a purchase, such as countdown clocks and “shame confirming” (i.e. language that says X number of people already bought this, etc.), but it remains to be seen how these tactics will be viewed under scrutiny and if regulators will take action.
Regardless, Alex always tells her clients that if they’re going to build a website or an app, have at least one person with a compliance or legal lens look at it, rather than just having the user experience team build these apps and websites for you.
The whole point of regulations is for disclosures to add friction, meanwhile, a designer’s job is to optimize and remove friction, so the two are fundamentally at odds with each other.
Information sharing across the organization
As part of understanding the business and communicating compliance across the organization, how can you share regulatory updates that affect the business with the appropriate teams?
John explains that he has a standard email that he’ll send out consisting of three to four bullet points outlining what the recipient needs to know, followed by further discussion. Depending on the topic, he’ll create a PowerPoint presentation with specific screenshots or examples of current practices and suggestions on how to change in the future.
I want our team to be aware of the potential problems and to have some ideas around them. It’s important to know your executive team and your audience in general and how they digest information. You don’t want to be the person who only presents problems, especially when you work in-house, as that can negate any goodwill you’ve built up.– John Henson
The key is to be proactive in compliance and educate stakeholders before potential compliance issues arise and explain recommended outcomes and directions, even if immediate action isn’t necessary for all businesses.
This approach can help everyone get on the same page and prevent surprises, which is especially important in a year where companies don’t want unexpected costs or regulatory and brand compliance problems.
Solve your marketing compliance challenges with PerformLine
No matter what marketing compliance challenges you face in 2023, PerformLine has a solution that’s customizable, automated, and scalable. Learn more.