This piece originally appeared in the July 2022 edition of MReport magazine, online now [1].
Mortgage markets are cooling following two years of record low interest rates and unprecedented demand spurred on by pandemic-driven buying. According to Fannie Mae, inflation, rising interest rates, and slow global economic growth will continue contributing to a “meaningful slowdown” in home sales for the second and third quarters of 2022.
In response, mortgage marketers are beginning to lean more heavily on lead providers to maintain steady volume for retail and consumer direct channels.
However, with increasing concerns about data privacy from consumers and legislators alike, adding new lead sources and scaling existing partnerships creates inherent marketing compliance risk for mortgage lenders.
To paraphrase, fortune favors the prepared; lenders must have sound data management strategies in place to ensure consumer privacy and regulatory compliance within their outbound marketing and lead generation campaigns. In doing so, marketers can avoid both legal issues and damage to brand reputation.
Expanding Legislation to Address Consumer Concerns
It’s no secret consumers are growing increasingly concerned about who has access to their personal data and how it is being used. A KPMG study on corporate data responsibility and consumer trust found:
- 86% of the U.S. general population says data privacy is a growing concern
- 68% are concerned about the level of data collected by businesses
- 40% don’t trust companies to ethically use their data
In the U.S., there is no comprehensive federal legislation addressing online consumer privacy concerns. However, a growing number of states have enacted laws to safeguard consumer privacy.
If consumer sentiment is not reason enough for companies to revisit their data privacy practices, new state-level regulations should provide extra motivation.
Connecticut most recently passed new legislation regulating the ability for businesses to target consumers, and places limits the processing, storing, possession, and sale of consumer personal data. Connecticut joins California, Florida, Vermont, Virginia, Colorado, Utah, and South Carolina as states with consumer privacy laws on the books. While the laws share many similarities, they each include nuances that require attention.
These state laws incorporate provisions first enacted in the European Union’s General Data Protection Regulation (GDPR). While GDPR serves as a framework to build from, the existing Federal laws, rules, and acts (e.g., TCPA, TSR, National DNC to name just three), coupled with the conveyor belt of state privacy laws, now means that managing to GDPR compliance as a proxy is no longer good enough. When it comes to acquiring consumer data, like click traffic, call transfers, and leads, brands must complete additional due diligence to confirm their partners are also adhering to privacy laws. What’s more, case law continues to show us that contracted indemnification and limited liability, along with insurance, though traditional business staples, do not protect lenders, and in some cases named executives, from the reach and penalties of these laws.
For example, marketers who communicate with customers and prospects via calls and texts must follow strict compliance requirements established by Telephone Consumer Protection Act (TCPA). The TCPA requires companies obtain prior express written consent from consumers before calling or texting mobile phones when using automated dialers.
The TCPA is one of the most heavily litigated consumer protection statutes in the country. Legal precedent has already been set in cases related to TCPA where class action plaintiff lawyers successfully filed suit against lead generators, mortgage lenders, and banks, arguing vicarious liability.
Outbound telemarketing calls to both first-party and third-party generation leads are subject to TCPA restrictions. Therefore, it is critical for companies calling consumers to have a clear, well documented compliance program.
Well-intentioned marketers can avoid these trappings by revisiting their data privacy policies to ensure they are in compliance with TCPA and similar regulation. (Pro tip: the FCC and FTC allow for a safe harbor defense regarding violations of the National Do Not Call Registry. Worth repeating, fortune favors the prepared.)
Good data privacy practices should consider all angles of local, state, and federal compliance as well as a documented data governance policy. As consumers and legislators become increasingly focused on regulating the controls surrounding consumer data, new state regulations will continue to play a significant role influencing online mortgage marketing.
Lenders should also expect more dialogue around consumer’s rights, ownership and transparency of data collection and use.
Where Lead Generation Goes Wrong
Responsible marketers collect personal information to enhance their customer’s experiences and securely manage the data using the highest compliance standards. Honoring consumer privacy and understanding consumer preferences are critical components of providing exceptional customer experiences.
Unfortunately, in today’s fastmoving and hyper-competitive online mortgage lending industry, the door has been opened for some unscrupulous marketers who deploy aggressive, non-compliant tactics to generate prospective leads. Some use false claims of bait-and-switch mortgage rates, or try to incent consumers with freebies, while others run deceptive ads implying government secured loans. Mortgage lenders can unknowingly receive consumer data through these tactics.
Despite the lender community not condoning or engaging in these tactics, third-party marketers, and deceptive consumer engagement methods can impact brand integrity. The FTC has made it clear through its enforcement efforts that risk applies to all companies in the chain including lead generators, affiliates, publishers, call centers, and dialing technologies as well as the lenders and banks themselves. The FTC does not accept plausible deniability as a defense, and indemnification only gets you so far. Trust but verify.
Working With Digital Media and Lead-Gen Partners
Mortgage lenders utilizing lead generation programs must ensure every lead is compliant to their legal standards prior to contacting the consumer to avoid legal risk and reputation damage.
Brands must know how, when, and where a lead was generated, and verify the consumer provided consent and intent prior to contacting a lead.
Transparency is key when choosing a reputable lead generation partner. To protect brand integrity, it is important to work with ethical and transparent agencies. The following guide can help marketers assess potential lead partners and their commitment to privacy and compliance best practices:
- How does the lead provider view and manage risk related to state and Federal compliance and consumer privacy? Is it central to their business culture and decision making, or does the lead provider simply point to contractual obligations? Ideally, lead partners should go deeper and offer practical applications of policies and procedures.
- Research what the market says about the organization. Check references, industry awards, and more importantly, third-party certifications related to compliance and privacy. Certifications can attest to a vendor’s true compliance stance versus simply taking their word at face value.
- Does the lead provider invest in people, process, and technologies to enable compliance? Do they have dedicated teams focused on consumer privacy, data security, and compliance? Do they regularly audit for adherence? Are there tools in place, or data partners to help build a proactive and defensible privacy position?
- How is data sourced? How does a lead provider drive calls, and where do original consumer phone numbers and data originate from? Do they dial consumers from online or mobile lead forms? Can they ensure trace call data to the original lead form and show consumer consent?
- Employ compliance partners and lead validation solutions. To gain insight into the quality and behavior of purchased leads, partners like Jornaya can provide a wider view of prospective mortgage customer journeys and ensure real-time TCPA compliance and transparency before you contact the prospective borrower.
In summary: know your vendors! Compliance is not a onetime, check-the-box formality. Mortgage lenders are already accustomed to a myriad of lending regulations, and in reality, marketing regulations have caught up. Marketers must embrace regular audits, monitoring, and testing. With secure data management practices in place, marketers can leverage customer data with confidence.