ACMA has started its TCP Code enforcement drive with a series of formal warnings, the mildest weapon in its formidable armory. The Authority is obviously testing the water, to see whether the industry will take its warnings seriously. If not, we know what to expect. Chairman Chapman wrote last year:
The ACMA will be taking a much tougher and more directive stance on telco compliance—turning up the heat. You will see more investigations, directions and court cases.
Here’s an outline of the formal warnings so far.
The record to date
10 April 2013 ACMA warned Activ8me for failing to make available Critical Information Summaries for its plans.
10 April 2013 ACMA warned Sure Telecom for not providing Critical Information Summaries.
12 April 2013 ACMA warned AAPT Ltd for privacy failures that occurred under the old TCP Code. But the new Code is empowered to deal with earlier breaches, and ACMA did so.
3 May 2013 ACMA warned Southern Cross Telco for a privacy breach, were bills were emailed to the wrong customer.
17 May 2013 ACMA warned Clear Networks for an inadequate Financial Hardship Policy.
21 May 2013 ACMA warned iTalk for failing to make available Critical Information Summaries.
How do you turn a minor breach into a formal warning?
Getting a warning is easy … just ignore the TCP Code. But turning a minor issue into a formal warning takes a little more. You need to fail to act promptly in response to an informal approach from ACMA.
The Authority’s approach in cases of non-compliance has been to notify the telco and ask for action. If that doesn’t happen pronto, ACMA will escalate the issue … even if it was initially relatively minor.
The ACMA expects industry compliance with the TCP Code,’ said ACMA Chairman, Chris Chapman. ‘Where we see non-compliance and bring that to a provider’s attention, we expect a rapid response. In most cases, that has been forthcoming. Where it is not, we will not hesitate to use our formal enforcement powers.
Never ignore or overlook a communication from ACMA or ACCC
Assuming that you’re not a cowboy, the most likely ways to ‘ignore’ a regulator are:
- Not having current contact details recorded with ASIC, TIO and on your website.
- Not having timely, effective procedures for mail to be passed on from a registered office (eg your accountants) to you.
- Not training your staff that any contact from any regulator must be reported to management immediately.
- Not treating regulator correspondence as top priority. (This can happen because regulator language is sometimes unclear,)
- Once a regulator has made initial contact, not proactively touching base with them regularly until they confirm the issue is resolved.
In an increasingly risky regulatory environment, the last thing you need is for a small deal to become a big deal because you put an ACMA letter aside until you are back from holiday in Bali.