You are currently viewing Governance failure costs £45,000
Telesales can be effective at promoting your business but you need good governance in place to make it work for you.

Governance failure costs £45,000

Telesales can be effective at promoting your business but you need good governance in place to make it work for you.
Telesales can be effective at promoting your business but you need governance structures in place to make it work for you.

A breakdown of internal governance processes has led to the Information Commissioner’s Office (ICO) issuing a civil monetary penalty (fine) on Tameside Energy Services Ltd, a Manchester based company claiming to offer a range of energy improvements and making heavy use of cold-call sales tactics.

Showing a growing tendency to fine private companies, the ICO reported that Tameside Energy Services was responsible for over 1000 complaints from customers over failures to remove people from their contact lists and a failure to properly check the Telephone Preference Services (TPS) lists before making cold calls.

In the statement announcing the fine, Simon Entwisle, Director of Operations for the ICO said:

This is not the first and will not be the last monetary penalty issued by the ICO for unwanted marketing calls. These companies need to listen – bombarding the public with cold calls will not be tolerated. Were it not for the company’s poor financial position, this monetary penalty would have been £90,000.

We are continuing our work with the industry, government and other regulators, including OFCOM, to co-ordinate our efforts to tackle this problem. We would like to see the law changed to make it simpler for us to punish companies responsible for repeated and continuous breaches of the law.

The lack of organisation governance appears to be part of a larger problem with this company. However if they had spent a trivial sum of money on implementing a governance process, they would have saved ten times that amount of money in fines.

It seems to go without saying that cold calling is largely unpopular and it is likely that as issues like this get more coverage, more people will know to complain. The ICO has even set up a reporting tool (available online) to make it easier to report nuisance calls.

Cold calling needs good governance

However, lots of companies still use cold calling telesales and it can be a very effective way to get new business. So, the question is, how do you make sure it works for your company rather than open you up to potentially massive fines?

The simple answer is governance.

In this example, the existence of a governance team would have driven compliance – both with removal requests and TPS checks – and prevented both customer annoyance and the ICO fine.

Whatever your line of business, whatever size your organisation, you need to address governance, risk and compliance. It doesn’t matter if this is one department, three or a dozen. It doesn’t even matter if this is part of your security team, audit team or even sales teams. The only thing that matters is that you have it.

Risk management is not just about preventing people stealing your assets, it is also about ensuring you have proper governance processes to stop your own business cannibalising itself. Sales methods are there to grow your business, not to have you fined.

The sad truth is that if your sales methods need to bypass these checks to make money for your business, something is fundamentally wrong. Good governance would identify this in advance and help you regain control.

Don’t cut corners with your risk management, governance or compliance. Ever.

Taz Wake - Halkyn Security

Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.