ComplianceRisks evaluationStrengthening Marketing Compliance during COVID-19

Data Privacy

In July 2019, the US Federal Trade Commission (FTC) determined that Facebook, Inc. would pay a record-breaking USD 5 billion penalty in addition to other measures, such as new restrictions and changing its corporate structure. This penalty was intended to hold the company accountable for violating a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.

Marketing to Children and Parental Consent

In September 2019, Google LLC and its subsidiary YouTube, LLC received a USD 170 million penalty to settle allegations by the FTC that YouTube illegally collected personal information from children without their parents’ consent. The settlement requires Google and YouTube to pay USD 136 million to the FTC and USD 34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA) Rule. The USD 136 million penalty was by far the largest amount the FTC had ever obtained in a COPPA case since Congress enacted the law in 1998.

Truth In Advertising

In January 2017, Uber was directed to pay USD 20 million and alter its business practices following an FTC complaint that that company misled drivers on how much they would make driving for Uber. According to the complaint, the FTC stated that Uber had inflated its hourly drivers’ earnings in online advertisements to attract drivers to its platform. However, once Drivers received their paychecks, they discovered their actual earnings were significantly less than what Uber advertised.

CONSUMER PROTECTION

• Overview of European Commission’s New Deal for Consumers (New Deal). The Omnibus Directive 2019/2161 is part of the European Union’s ‘New Deal for Consumers’ initiative aimed at amending four legal acts, namely Council Directive 93/13/EEC (unfair contract terms), Directive 98/6/EC (price indications), Directive 2005/29/EC (unfair commercial practices) and Directive 2011/83/EU (consumer rights – “Consumer Rights Directive”) in order to improve and modernise consumer protection legislation and to strengthen their enforceability. EU Member States must transpose the Omnibus Directive into national law by November 28, 2021 and must apply said national law as of May 28, 2022. Could also include a brief discussion on the EU General Data Protection Regulation (“GDPR”). Discuss obligations for companies with EU customers and framework as a model for Asia. [Example: Mayer Brown GDPR compliance program (personal perspective)]. 

TRUTH IN ADVERTISING

• Substantiating claims made on all marketing collateral, advertising, and packaging to protect consumers from fraud. [Example #1: MLM companies using COVID 19 to boost sales of oil and vitamin products and FTC response. Example #2: confidential tech company and packaging claims].

PRICING PITFALLS

• Discuss pitfalls. If governments or courts think your prices are too low, you can be accused of predatory pricing; if your prices are too high, you’ll be charged with price gouging; and if your prices are the same as your competitors, you can be charged with price-fixing or collusion. [Example: confidential tech company discounted pricing policy (personal perspective)]. 

 The COVID-19 pandemic, and the ensuing government interventions to flatten the curve, have caused a flux of operational issues for many businesses globally. Those dependent on travel (such as the hospitality and leisure sector) and retail establishments with high fixed-costs reliant on in-store sales are navigating a particularly challenging year. In the midst of this crisis, businesses need to ensure that their Compliance programs adapt accordingly. This includes the Sales and Marketing functions which, if overlooked, can lead to significant risks.

Marketing Compliance relates to internal controls       

While Compliance risks span across functions, Marketing may not be top-of-mind when assessing potential liability. Marketing Compliance relates to internal controls that affect how a company secures new business, manages its branding and how it promotes itself to customers. Specific regulations are highly dependent on where the company is located, where the customers are based, and what industry the company operates in. In brief, Marketing Compliance is particularly important in highly regulated industries and in companies where Marketing teams may not be aware of what is at stake.

 As one high-profile example, several global investment banks previously hired the children of influential government officials for the express purpose of securing new business. As part of this, they created a separate channel to progress unqualified applicants through the hiring process and subsequently tracked the business awarded because of these hires. In doing so, they ran afoul of the US Foreign Corrupt Practices Act (FCPA) and this resulted in hundreds of millions of dollars in fines and other penalties imposed by the US Department of Justice, the Securities and Exchange Commission and the Federal Reserve.

 

 Another example fraught with risk involves executives purchasing lavish gifts or paying fees to outside consultancies to secure business meetings. In some instances, to develop guanxi or curry favor with the political elite, companies have provided expensive gifts, business travel or other services amounting to tens of thousands of dollars or more.

Alternatively, they may have been asked to pay a fee to a consultancy with ties to government leaders to secure work. In one New York Times investigative report, this practice was found to be pervasive, considered part of doing work in that country, and continued for years.

CMOs need to have oversight on branding and promotional activities

Beyond the risks of winning new work, CMOs need to have oversight on branding and promotional activities. Companies tend to rely heavily on social media as part of their digital marketing strategy. Social media alone presents a set of legal risks including privacy laws, content ownership, intellectual property infringement, workplace harassment and discrimination, defamation, insider trading, and compliance with marketing and advertising regulations.

What is needed is for CMOs to work closely with executive teams, including Heads of Legal, Risk, and Compliance to ensure that they have a robust program in place to manage and mitigate potential Sales and Marketing risks. When it comes to corporate reputation, every functional leader should be in regular communication with Legal and Compliance teams to avoid potential issues that have the ability to materially impact the bottom line.

Risks that companies should be circumspect in addressing:

Based on our experience with organizations across various industry sectors, we can share a couple of additional risks that companies should be circumspect in addressing:

Data Privacy

Marketers need to remain closely tied to customer experience, including ensuring the privacy of retail customers. In one B2C company, a customer claimed that their data privacy had been violated because app information had been sent to the company’s server in another region without their permission.

This escalated into legal action where Marketing had to work closely with Compliance and Legal to provide documentation for discovery and then to manage the impact on the brand. In another instance, the Marketing division at another company had to fully cleanse its database, comprising thousands of contacts, to ensure compliance with both the EU General Data Protection Regulation (GDPR) and Hong Kong’s Personal Data (Privacy) Ordinance (PDPO).

Pricing

In launching a retail product in a new market, a B2C company had to review the discounts offered on its website as well as its giveaway and sweepstakes campaigns to ensure compliance with the country’s specific consumer protection and anti-bribery regulations. Pricing risk also relates back to how companies secure new business.

Depending on context, if governments or courts think your prices are too low, it could be construed as predatory pricing; if your prices are too high, it could be construed as price gouging; and if your prices are the same as your competitors, you could be charged with price-fixing or collusion.

With the above in mind, there are specific steps companies can put into place to optimize how they handle Marketing Compliance risks:

1. Conduct a Self-Audit

   Review your current risks against your Compliance and internal controls policies. Have you recently updated your Compliance programs to adjust to the new normal?

2. Retain a Compliance Specialist

   Look internally across your organization or seek assistance from a specialist firm to establish or review your existing program. Perhaps they may uncover areas for improvement you may not have identified.  

3. Review and Update Policies and Procedures

   This should be part of a regular review process. Are your Compliance protocols up to the relevant ISO standards?

4. Maintain Transparent Communication

   Is everyone on your team aware of the latest policies? Have you implemented and updated Compliance training?

5. Monitor Marketing & Sales Communications

   This is particularly important where remote work remains in effect. If you are maintaining the status quo, you may have less accountability than in your usual office environment.

6. Update your Whistleblower Policy

   Keep an ear out for complaints about Marketing & Sales practices. Are employees able to access your whistleblower policy and hotline?

Marketing Compliance should remain top-of-mind but it need not be overly complex. By ensuring that you have the right programs in place and a robust program with clearly defined risk and controls processes, you will enhance your ability to better manage unforeseen issues that may arise and safeguard your company’s reputation.

CONTRIBUTORS 

Gerard Escaler | Asia Pacific, Partner.