Effectiveness of actions to reduce harm from nuisance calls in Scotland

Research commissioned to analyse the impact of actions set out in the Nuisance Calls Commission action plan, and to examine the outcomes of past interventions.

Annex B: Regulatory actions

B.1 The institutional and legal framework

B.1.1 The roles of the regulators

The functions of the main regulators relevant to nuisance calls and texts are summarised in Figure 32. Other sectoral regulators also have lesser roles; for instance:

  • Ofgem has moderated the calling activities of energy companies (such as Scottish Power [100] ).
  • The Advertising Standards Authority ( ASA) has ruled against companies sending unsolicited texts (such as Data Supplier [101] ).
  • The Financial Conduct Authority ( FCA) identifies companies to avoid [102] , warns about the use of its CLI [103] and publicises companies making potentially fraudulent cold calls (such as William Howarth [104] ).

The Information Commissioner’s Office ( ICO) and Ofcom are well known in relation to nuisance calls; the Claims Management Regulation Unit ( CMRU) is rather less well known. It currently sits in the Ministry of Justice but is due to be transferred to FCA.

The Telephone Preference Service ( TPS) is not a regulator. It is responsible for keeping the register of telephone numbers that should not receive unsolicited live direct marketing calls. This year overall responsibility for TPS passed from Ofcom to ICO.

Figure 32: The roles of the main regulators

Regulator Main legislative basis Main relevant responsibilities
ICO Privacy and Electronic Communications Regulations Preventing the transmission of unsolicited live direct marketing calls, recorded direct marketing calls, direct marketing texts, and direct marketing emails
Ofcom Communications Act Preventing misuse of telecommunications, in which it gives priority to preventing silent and abandoned calls, and monitoring use of telecommunications
CMRU Compensation (Claims Management Services) Regulations Preventing illegal activities by companies that contact consumers to offer claims services (especially about financial mis-selling and injuries)

As the lead regulators in this area, since 2013 Ofcom and ICO have published an annual Joint Action Plan, setting out the main actions taken in the past year and plans for the next year. This is available at The Joint Action Plan usefully includes relevant statistics, for example on complaints, but does not discuss the effectiveness of any specific actions. ICO has proposed [105] , but not yet carried out, a study of the effectiveness of the lower evidence threshold for enforcement against an alleged offender that came into force in April 2015.

B.1.2 Recent and forthcoming developments in regulation

Ofcom has been concerned about silent and abandoned calls for over ten years. Since then regulatory measures have become progressively stricter, as illustrated by Figure 33. Changes said at the time to be most important are in bold. However, new measures take time to have results and old investigations take time to be concluded, so comparisons between years are difficult. Overall, it may be that the regulatory regime has held its own, in the sense that levels of nuisance calling have remained relatively steady.

Figure 33: Recent and forthcoming developments in regulation

Date Regulator Action
Forthcoming ICO Cold calling relating to pensions to be outlawed
Forthcoming ICO Direct Marketing Code of Practice to be made compulsory (under Digital Economy Act 2017 Section 96)
Forthcoming ICO Company Directors to be personally responsible for payment of fines
In force Oct 2018 Ofcom Revised General Conditions will require network blocking of calls with clearly impossible CLI, CLIs to be valid, callable numbers, and provision of CLI display to all customers without extra charge
25/05/2018 GDPR and the new European e-privacy regulation take effect
28/05/2017 Ofcom Introduced guidelines setting the process under which network access would be blocked to prevent misuse or fraud
01/03/2017 Ofcom Introduced guidelines describing as “misuse” any silent or abandoned calls
30/12/2016 ICO Took over the management of TPS from Ofcom
16/05/2016 ICO Required direct marketing calls to provide CLIs
06/04/2015 ICO Freed from the requirement to show that nuisance calls and texts produce “substantial damage or substantial distress” before acting
29/12/2014 CMRU Acquired powers to issue fines of up to 20% of company annual turnover
01/10/2014 CMRU Required companies to be compliant with all DMA guidance notes
10/07/2014 Ofcom Allowed to share information about nuisance calls and texts with ICO and the Insolvency Service
24/10/2013 ICO Introduced guidelines for consent to receiving direct marketing calls and texts normally to be limited in time and (except for live calls) granted specifically to the company in question
13/06/2013 CMRU Started to name companies under investigation or subject to recent enforcement action
14/11/2012 ICO Started to name companies under investigation or subject to recent enforcement action
26/05/2011 ICO Acquired powers to issue fines of up to £500,000 and to obtain information about calls and texts due to third parties
01/02/2011 Ofcom Introduced rules against the repetition of silent calls on the same day
15/09/2010 Ofcom Acquired powers to issue fines of up to £2,000,000 (formerly £50,000)

European legislation coming into force next year will still need to be observed in the UK. The content of the General Data Protection Regulation ( GDPR) is already final but its implications for nuisance calling will depend on the interpretation of “consent”; the Article 29 Working Party is expected to report on this by the end of 2017. At the time of writing, the new e-privacy regulation was still being discussed in the European Parliament and subject to amendment. However, its articles relevant to nuisance calls (12 to 16) appeared fairly stable. The biggest change from the current rules is the following text in Article 14, on incoming call blocking:

Providers of number-based interpersonal communications services shall deploy state of the art measures to limit the reception of malicious or nuisance calls by end-users and shall also provide the called end-user with the following possibilities, free of charge:

(a) to block incoming calls from specific numbers or from anonymous sources;

(b) to stop automatic call forwarding by a third party to the end-user's terminal equipment.

Further changes may come about if pressure for them is successful. Over the past five years, many groups and individuals have called for regulatory changes to reduce nuisance calls. Two campaigning organisations deserve particular mention:

  • Starting in June 2012 [106] , Which? [107] led a campaign against nuisance calls and texts which led among other things to a Task Force in 2014 on Consent and Lead Generation (in the context of nuisance calls and texts). A summary by Which? of implementation status shows that most of the recommendations made by the Task Force have been carried out, with the main outstanding priority being Director Level Accountability for nuisance calls. Which? now also supports putting live telemarketing on the same footing as recorded telemarketing, that is, illegal without prior consent.
  • The Fair Telecoms Campaign ( FTC) has made nuisance calls a key issue, with a focus on getting sectoral regulators (such as those for claims management, financial services, energy or communications) to outlaw telemarketing in their own sectors. Copious relevant briefing materials can be found on its website. It, too, presses for live telemarketing to be illegal without prior consent.

B.2 Regulation in practice

B.2.1 Investigations and enforcement

The numbers and lengths of investigations by the three regulators can be compared, to some extent. In Figure 34 we have aimed to use consistent time periods, between the start of an investigation (determined by the initial contact with the company under investigation or the initial concentrated monitoring of the calls or texts) and the end of the investigation (determined by the serving of a notice about the most rigorous form of enforcement from the investigation, before any appeal or deferral of payment).

Figure 34: Numbers and lengths of regulatory investigations

Regulator Period [108] Number of investigations Number of investigations resulting in fine Mean length of investigation (days) Mean length of investigation resulting in fine (days)
ICO 2014-2017 356 42 180 292 [109]
Ofcom 2011-2017 Not available 8 609 543
CMRU 2015-2017 30 8 339 [110] 339

On their own, differences between the average lengths of investigations for the regulators mean little [111] . The point is that these investigations take considerable time, so that any penalty occurs long after the offence. This is well known to reduce deterrent effects, which are strongest when penalties are quick and likely. The regulators are set up to prefer offering advice to fining, which they see as a last resort. For example, Ofcom considers that the advice that it offered to nine companies during six months of 2016 led to the prevention of millions of nuisance calls.

This preference for offering advice can be exploited easily by criminal companies that can initially appear just to be careless. Moreover, careless companies may need repeated advice.

More detailed figures, for each regulator and each financial year, follow in Figure 35, Figure 36 and Figure 37. These show how many investigations result in more rigorous demands than advice.

Figure 35: Enforcement by CMRU

Period Number of investigations Number of investigations resulting in fine Number of investigations resulting in cancellation of authorisation Number of audits Number of audits resulting in warning Proportion of investigations or audits resulting in less formal requests
2016-2017 26 5 3 111 40 65%
2015-2016 15 3 1 111 48 59%
2014-2015 10 0 [112] 0 102 30 73%
2013-2014 5 0 0 45 5 90%

Figure 36: Enforcement by ICO

Period Number of investigations Number of investigations resulting in fine Number of investigations resulting in enforcement notice Number of investigations resulting in action requirement or notice of intent Number of investigations resulting in improvement plan or undertaking Proportion of investigations or audits resulting in less formal requests
2016-2017 138 16 3 1 0 86%
2015-2016 125 20 3 2 4 77%
2014-2015 93 6 8 0 1 84%

Figure 37: Enforcement by Ofcom

Period Number of investigations Number of investigations resulting in fine Number of investigations resulting in enforcement notice Number of investigations resulting in action requirement or notice of intent Number of investigations resulting in improvement plan or undertaking Proportion of investigations or audits resulting in less formal requests
2016-2017 Not available 0 Not available Not available Not available Not available
2015-2016 98 1 Not available Not available Not available 99%
2014-2015 47 4 Not available Not available Not available 91%
2013-2014 20 1 Not available Not available Not available 95%
2012-2013 Not available 2 Not available Not available Not available Not available
2011-2012 Not available 0 Not available Not available Not available Not available

The claims management regulation review that was conducted in 2016 suggested [113] :

  • The CMRU should seek to make wider use of warrants and seizure powers (as an alternative to giving the notice needed before an on-site audit).
  • The CMRU should encourage compliance through greater use of regulatory roadshows, workshops, and training support.
  • The CMRU should use a broader range of existing enforcement measures, such as smaller fines or mandatory training.
  • The CMRU should consider whether smaller fines or mandatory training may have a complementary effect (presumably to larger fines imposed after prolonged investigations) as a credible deterrent by showing that the regulator will not tolerate persistent or deliberate rule breaches.
  • The CMRU should publish all appropriate information on enforcement activity, including against unauthorised firms.

B.2.2 Publicising miscreants

Ofcom publishes very little information about investigations that result in fines, and no information about those that do not (as Figure 37 indicates). Its main justification for this seems to be section 393 of the Communications Act 2003, which prevents Ofcom from releasing information about businesses that it has obtained using its powers. Requests made under the Freedom of Information Act 2000 might well be refused, as, for example, was a request about the most recent investigation to result in a fine [114] . In its response to that request (mainly for a nonconfidential version of a notification to Verso Group), Ofcom stated:

“In previous investigations into persistent misuse, Ofcom published a non-confidential version of the notifications made under section 128 of the Communications Act 2003 that are issued to companies subject to an investigation. Ofcom reviewed this practice earlier this year, after we issued the section 128 notification to Verso Group but before publishing a nonconfidential version. Ofcom no longer publishes details until we have concluded our investigation.”

However, there is a precedent for Ofcom to name and shame careless and criminal companies: to help in controlling premium rate services it publishes two lists (identifying individuals as well as companies):

  • The ‘under assessment list’ identifies those that Ofcom is assessing to determine whether they have used telephone numbers in a way that has caused serious or repeated harm to consumers. Inclusion on the list might happen after a decision is made by a relevant consumer protection authority.
  • The ‘number refusal list’ identifies those that Ofcom is satisfied have used telephone numbers in a way that has caused serious or repeated harm to consumers and that should not be allocated further telephone numbers. Inclusion on the list would last for a period depending on the seriousness of the past use.

In its statement introducing these lists, Ofcom gave a list of the main types of scam that might undermine consumer confidence in telephone numbers, which included [115] :

  • Criminal offences involving number abuse, such as fraud.
  • False or misleading advertising of call rates.
  • Contraventions of the Numbering Plan, such as revenue sharing on 070 numbers.
  • Fax-back and ‘missed call’ call-back scams.
  • Inducements to consumers to make lengthy calls to high tariff numbers in order to qualify for ‘prizes’ that are never received, are different from advertised or not winnable in practice.
  • Artificial delays on high rate numbers to create revenue for the called party.

Ofcom also noted [116] :

“This list is not exhaustive, and we intend to apply the CPT [Consumer Protection Test] to other types of harmful behaviour that we might identify as involving the use of telephone numbers as they arise. In order that the test may better evolve over time, it will normally be triggered by rulings made under particular legislation and consumer protection instruments, rather than being linked to certain specific offences. In line with our general duties, we will approach this task on the basis of the need to be transparent, and this may extend to, for example, publishing findings or summaries via our website.”

This suggests that Ofcom could be more open about which companies it is investigating for misuse resulting in nuisance calls. Consumers could be protected better during investigations that take time to be concluded.

B.2.3 Imposing fines

The large fines make headlines, but the other fines have often been quite small, as implied by Figure 38.

Figure 38: Ranges of fines

Regulator Period Number of investigations resulting in fine Mean fine (£) Median fine (£) Minimum fine (£) Maximum fine (£)
CMRU 2015-2017 8 268,481 155,923 3,000 850,000
ICO 2014-2017 42 96,881 77,500 5,000 350,000
Ofcom 2011-2017 8 221,000 40,000 8,000 750,000

As Figure 36 indicates, the number of fines imposed by ICO has risen sharply since the removal of the requirement to show “substantial damage or substantial distress”. However, range of fines does not seem to have changed greatly.

The fines are frequently left unpaid. Figure 39 shows fines collection status for ICO, some months after the end of the relevant financial year (2015-2016) [117] .

Figure 39: Success in the collection of fines by ICO, 2015-2016

Number of fines Number of fines remaining unpaid Number of fines on companies now in liquidation Number of fines under appeal Number of fines being paid in instalments Number of fines paid Number of fines not yet due for payment
20 8 3 2 3 2 2

In the following financial year (2016-2017) fines amounting to £1,923,000 were levied; £559,300 of them had been paid by the end of that year [118] . Companies under investigation tend to go out of business before they can be fined or before they can be forced to pay their fines; their directors then sometimes appear elsewhere.

Ofcom’s collection rate for fines relating to nuisance calls is said to be high, in part because larger fines are generally payable by larger companies who have a reputation worth protecting and therefore pay up. In addition, Ofcom is reluctant to impose fines on companies that have gone into liquidation or that they have other reasons to expect not to pay.

B.2.4 Ensuring the suppression of traffic

Ofcom, through the Phone-paid Services Authority ( PSA), has long recognised that one treatment of premium rate services that have harmed consumers is blocking them: the operators that carry the calls, and that would otherwise pass on the revenues from the calls to the premium rate service providers, instead are directed to suspend access to the services. It has now started to apply a similar treatment to nuisance callers: it has requested that operators block traffic from certain numbers. Having tried out the treatment, Ofcom has now formalised the procedure [119] . This approach is apparently very effective, but labour-intensive and seen as heavy-handed. It may be needed for (and effective against) operators who do not take part in the MoU group.


Back to top