TCPA claims, which can cost millions of dollars, are on the up, but many companies remain under-insured or uninsured where it comes to this risk.
“Most companies hit with TCPA lawsuits are either uninsured or under-insured,” Harold Field, CRC office president, told Insurance Business. “Some industries like debt collection, telemarketing, [and] financial institutions are more aware of the exposures and have the protection of an insurance policy against these claims.”
TCPA claims arise when businesses get in touch with individuals who are on the ‘do not call register’, with automated dialing accounting for a vast chunk of violations. TCPA violations can cost as much as $500 per violation, or $1,500 per legal violation, and can prove fertile ground for class action lawyers.
The best defense may be avoiding any offense in the first place, but with many firms looking to outsourcing, those that believe they may be in the clear could find themselves in choppy waters if partner businesses are not following the letter of the law.
While some businesses in most-at-risk industries have cottoned on to the risk and are actively seeking insurance coverage, TCPA violations can occur across sectors.
A ‘free cruise’ campaign saw Caribbean Cruise Line told to pay out what was at the time a record breaking $76 million in 2016.
“This litigation touches every industry, and all insureds are exposed directly or indirectly to TCPA litigation,” Field said.
In March, a group of state attorney generals won judgments to end a robocall operation based out of Texas, with the court ordering monetary penalties totaling $245 million.
Some of the largest TCPA payouts, according to CRC, include:
Speaking to Insurance Business in June, Field pointed to a substantial uptick in TCPA claims each month so far in 2023. May alone saw 225 suits, an increase of 98% from April.
TCPA lawsuits have a more than half (52%) chance of turning into a class action, which is more than any other kind of lawsuit under Consumer Fraud Protection Law, according to CRC.
Meanwhile, with the average TCPA class action settlement costing $6.6 million, these can prove costly for businesses that find themselves on the wrong side of the law.
Furthermore, while there are no public statistics available on defense costs, Field estimated that these could be as much as $2 million on a $6.6 million settlement.
A 2021 State Supreme Court Ruling on auto-dialers, known as Facebook v Duguid, was expected to cut down on TCPA cases. However, its effect has been muted and the ruling “is not holding up well in the District Courts”, according to Field.
The State Court ruled that a device must be capable of either storing or producing a telephone number using a random or sequential number generator to qualify as an automatic telephone dialing system (ATDS).
ATDS systems are “at the root” of most TCPA claims, according to Field.
“Defendants have been denied dismissal repeatedly at the pleadings stage when citing Facebook v Duguid,” Field said. “So, while TCPA litigation may have slightly decreased, it is clear this did not close the door on the frequency of TCPA litigation.”
In state courts, some decisions have taken an unusual turn. In February, a North Carolina judge ruled that cellphones were not encompassed by the TCPA. A similar decision has also been seen in Texas.
It is unlikely that this approach will gain any “meaningful traction”, according to Field, particularly given it is at odds with federal guidance.
“Fundamentally, [the ruling] directly contradicts FCC regulation and guidance, which is just one of many obstacles should this ruling reach the Supreme Court,” Field said. “That said, it does call the greater debate into question as to a much-needed update to the language used in the TCPA.”
Cover for TCPA claims is typically accessed through errors and omissions (E&O) and professional liability policies. However, insurance market appetite for this is limited, with carriers falling “all over the map”, according to Field.
“There are only a handful of carriers willing to provide the cover, and it’s based on varying underwriting parameters,” Field said. “There is no consistency in the marketplace on the quality of coverage.
“There are very few carriers that will provide full limits for both defense and indemnity, while others will sublimit both or only offer defense.”
Historically, CGL and umbrella policies were the “go-to”, according to Field, but almost all now have TCPA exclusions. Many D&O carriers now also include specific exclusions, while many include a violation of privacy clause that strips out cover.
“That said, there are a small handful of D&O carriers that will provide a defense-only sublimit for TCPA claims,” Field said. “This is generally case-by-case and D&O carriers are less likely to do so for companies with an inherent TCPA exposure, like debt collectors for instance.”
While cyber policies could present another “logical fit” for such cases, according to Field, most cyber insurers have taken an early stance to block cover for TCPA claims.
“A good broker who truly understands the exposure can help an insured navigate the marketplace and tailor-fit the best coverage option for each client,” said Field. “When express TCPA coverage is not available, which may be the case, then a good broker will seek options where exclusionary language is removed or adjusted to increase the chance of obtaining coverage in a claim scenario.”
Major companies in the insurance business are themselves at risk of TCPA violations and class actions, particularly those that have looked to outsource contact functions. Allstate and Oh Insurance Agency agreed to pay $10.5 million to settle a suit in 2019. That same year, Nationwide agreed a settlement of $5 million. The companies denied any wrongdoing, according to contemporary reports.
“If there’s a violation, it passes through, no matter what the contractual obligation is, or whether or not the insurance company has been identified - they are responsible if that organization is calling on their behalf,” said Clay McNaught, Gryphon.ai COO.
Gryphon is a tech compliance firm that has looked to integrate ‘do not call’ lists into its client companies’ systems to cut down on the risk of reaching out to anyone on the ‘do not call register’.
“We’re starting to see an uptick in compliance executives… some of the organizations that work with insurers – you’re starting to see a compliance practice built within those organizations, because it’s alleviating risk,” McNaught said. “And we know based upon the current environment that the risk is there, and the risk is going to be increasing.”