Carters Professional Corporation

CHARITY LAW BULLETIN No.344

 
June 25, 2014
Printer Friendly PDF
Editor: Terrance S. Carter
 

CRTC RELEASES INFORMATION BULLETIN ON COMPLIANCE PROGRAMS FOR CASL

By Ryan Prendergast*

A.     INTRODUCTION

On June 19, 2014, the Canadian Radio-television and Telecommunications Commission (CRTC) published a new bulletin concerning Canada’s anti-spam legislation (CASL). Compliance and Enforcement Bulletin CRTC 2014-326[1] (the “Bulletin”) provides guidelines from the CRTC to help businesses develop corporate compliance programs.

The Bulletin provides “general guidance and best practices” for businesses, but will also be of assistance to charities and non-profit organizations where their activities include the sending of “commercial electronic messages” (CEM) as set out in CASL.[2] This Charity Law Bulletin provides a summary of some of the guidance and best practices contained in the Bulletin which may have some application to charities and non-profit organizations.

Although the Bulletin provides advice preparing a compliance program for both the CRTC Unsolicited Telecommunications Rules (referring to the Do Not Call List) and for CASL, the focus of this Charity Law Bulletin will be on the advice the Bulletin contains with regard to establishing a compliance program for CASL. Charities and non-profit organizations conducting activities that the Unsolicited Telecommunications Rules apply to are encouraged to refer directly to the Bulletin for additional guidance.

B.     PREPARING A COMPLIANCE PROGRAM

As noted in previous Charity Law Bulletins and Charity Law Updates, violations of CASL may result in significant penalties. A charity or non-profit organization may have to pay a monetary fine if it is found not to have complied with CASL. As well, section 31 of CASL states that the directors and officers of corporations may be liable if they “directed, authorized, assented to, acquiesced in or participated in the commission of the violation”.

In this regard, the only defence under CASL for a violation is where the organization can demonstrate that it exercised due diligence. As such, the Bulletin states that implementing a compliance program may “(i) reduce the likelihood of businesses violating… CASL, and (ii) help business establish a due diligence defence in the case of a violation…” However, it is important to note that the Bulletin also indicates that “the pre-existence of a corporate compliance program may not be sufficient as a complete defence”. As such, while having a compliance program, including a CASL policy, will be of assistance to charities or non-profit organizations involved in sending CEMs, the mere adoption of such a program will not always be sufficient to protect the organization where a breach of CASL occurs.

The Bulletin also notes that it should not be read as “prescriptive”, as it does not constitute legal advice, nor is it intended by the CRTC to be exhaustive. As well, the CRTC, although in reference to businesses, notes that “small and medium-sized business do not have the resources that large corporations have”. One would assume that this comment applies equally to smaller charities and non-profit organizations who may not have the same capacity as larger organizations, given the disparity of size and resources in the not-for-profit sector.

1.      Elements Identified by CRTC as Components of a Compliance Program

The following components of a compliance program are identified in the Bulletin:

·         Senior management involvement;

·         Risk Assessment;

·         Written corporate compliance policy;

·         Record keeping;

·         Training program;

·         Auditing and monitoring;

·         Complaint-handling system; and

·         Corrective action.

The Bulletin provides illustrative examples concerning how each of these elements may vary depending upon the size of the organization. For example, concerning the involvement of senior management, it is suggested that “a member of the senior management could be named as the business’s chief compliance officer” so that this person can be the individual responsible for the organization on CASL. With regard to smaller organizations, the Bulletin suggests that the organization could “identify a point person who is responsible and accountable for compliance”.

2.      Summary of Program Components

      a)      Maintaining and Reviewing an Up-to-date Policy

As discussed in previous Charity Law Updates, part of a demonstrating due diligence under CASL may involve developing a policy in order to educate employees or volunteers concerning the obligations of the charity or non-profit organization under the legislation.

In this regard, the Bulletin provides some helpful guidance concerning what issues the policy might address. These include, for example:

·         Establishing internal procedures for compliance;

·         Addressing related training that covers the policy and internal procedures;

·         Establish auditing and monitoring mechanisms;

·         Establish procedures for dealing with third-parties;

·         Address record keeping; or

·         Provide a feedback mechanism for employees to persons responsible for compliance.

 

The Bulletin also stresses that a policy should be “easily accessible to employees, including managers”. As well, the policy should be reviewed regularly to ensure that it is up to date. It is not clear whether “accessible” means easy to find, or easy to understand in this context. However, if employees are not able to find the policy, or not able to follow it once they do, the policy will not likely be seen by the CRTC as an aid in establishing due diligence.

      b)      Proving Compliance

As a review, charities or non-profit organizations that send a CEM must be able to demonstrate that they have consent, either express or implied, to do so. While an organization may have obtained express consent in the past, if there is no record of that express consent available, then the organization may as well have had no consent. In this regard, the Bulletin also includes some suggestions concerning the types of records, either physical or electronic, that an organization may want to have on hand in establishing a compliance program. With respect to the types of records that an organization may want to keep concerning CASL, the Bulletin includes the following:

·         CEM policies and procedures;

·         All unsubscribe requests and actions;

·         Evidence of express consent;

·         CEM consent logs;

·         CEM scripts;

·         Actioning unsubscribe requests for CEMs;

·         Staff training documents; and

·         Official financial records.

 

Some elements appear repetitive, such as keeping records of “unsubscribe requests and actions” and “actioning unsubscribe requests”. These suggestions emphasize, however, the need to maintain records that demonstrate compliance with CASL. For example, unsubscribe requests need to be made effective within 10 days in accordance with CASL. In this regard, it would be prudent for charities and non-profit organizations that need to comply to keep records that indicate that these requests are actioned within the timeline prescribed in the legislation. This comment would apply equally to other obligations under CASL.

      c)      Continuous Monitoring and Improvement

The record keeping practices suggested in the Bulletin recommend keeping records of training documents. In this regard, although a policy is one helpful element of establishing due diligence, it will also be important to make sure that employees and volunteers are trained on all other aspects of the compliance program being implemented.

The Bulletin recommends not only developing a training program, but that it should include “refresher training, regarding the corporate compliance policy for current and new employees, including managers”. It is also suggested in the Bulletin that those who complete the training sign a “written acknowledgement that they understand the corporate compliance policy, and these written acknowledgements should be recorded and maintained”.

There are also recommendations in the Bulletin with respect to auditing and monitoring the compliance program. This is a helpful suggestion, and although not every organization may have the resources to undertake this type of review, at a minimum some system of monitoring mechanism should form part of the compliance program. It should be noted that the Bulletin suggests that the “results of all audits should be recorded, maintained, and communicated to senior management”. Keeping records of this kind will help demonstrate that not only does the organization have a compliance program, which may include a policy, but that the compliance program is regularly reviewed to see that employees and volunteers are following it.

Lastly, the Bulletin also recommends a mechanism for handling complaints and for implementing discipline where the compliance program is not followed. A complaints mechanism, while useful, may not necessarily relate to compliance. CASL itself does not require that organizations that send CEMs respond to complaints, but only that they action unsubscribe requests. In this regard, the Bulletin helpfully indicates that a mechanism for dealing with complaints “should not be confused with the requirements in… CASL regarding the withdrawal of consent”. However, one positive aspect of having a complaints mechanism, which the Bulletin does not address, is that responding to complaints may mean that the complainant is less likely to complain directly to the CRTC. This likely would help to reduce the incidence of any enforcement action being brought by the CRTC against the organization.

C.     CONCLUSION

Few charities and non-profit organizations expected that CASL was something for which they may need to implement a compliance program or policy. The Bulletin, while helpful, does raise how onerous demonstrating compliance with CASL may be for those organizations that need to do so. CASL, though, may not apply to an individual charity or non-profit organization unless that organization is sending a CEM. As well, many registered charities will rely on the exemption under CASL for CEMs that have a primary purpose of raising funds. However, for those charities that send CEMs in relation to commercial activities that are not exempt, implementing a compliance program is a prudent measure in establishing due diligence so that inadvertent breaches of CASL do not result in penalties or liability exposure for board members.

* Ryan M. Prendergast, B.A., LL.B., is an associate of Carters Profession Corporation..

[1] Canadian Radio-television and Telecommunications Commission, Compliance and Enforcement Bulletin CRTC 2014-326 “Guidelines to help businesses develop corporate compliance programs” dated June 19, 2014. Online at: http://www.crtc.gc.ca/eng/archive/2014/2014-326.htm.

[2] For more information on CASL and general guidance, see Charity Law Bulletin No. 328 “Here Comes Canada’s Anti-Spam Legislation: Is Your Organization Prepared?” dated January 29, 2014 at: http://www.carters.ca/pub/bulletin/charity/2014/chylb328.htm. See also our website at: http://www.carters.ca/CASL.php

 

DISCLAIMER: This Charity Law Bulletin is a summary of current legal issues provided as an information service by Carters Professional Corporation. It is current only as of the date of the Bulletin and does not reflect subsequent changes in the law. The Charity Law Bulletin is distributed with the understanding that it does not constitute legal advice or establish the solicitor/client relationship by way of any information contained herein. The contents are intended for general information purposes only and under no circumstances can be relied upon for legal decision-making. Readers are advised to consult with a qualified lawyer and obtain a written opinion concerning the specifics of their particular situation.
© 2014 Carters Professional Corporation