diff --git a/docs/new-sector-compliance-targets.md b/docs/new-sector-compliance-targets.md new file mode 100644 index 0000000..453629b --- /dev/null +++ b/docs/new-sector-compliance-targets.md @@ -0,0 +1,162 @@ +# New Compliance Sectors — Detectable Signals + Contact Channels + +Companion to the FCC RMD and FMCSA/trucking playbooks. The winning pattern is: +a public government registry + a per-record recurring obligation + an automated +deficiency check + outreach to the operator. This doc covers the three best next +sectors and, critically, **how to reach the license holders besides postal mail.** + +> Honesty note on email: unlike FCC RMD (`contact_email`) and FMCSA (carrier +> email), these three registries are **address/phone-rich but email-poor**. The +> deficiency engine still works; the channel is the hard part. Section 4 solves +> that. + +--- + +## 1. NPPES / Healthcare Providers (NPI) + +**Source:** CMS NPPES monthly full-replacement dissemination file (free bulk CSV, +millions of rows). Cross-joinable with OIG LEIE (exclusions) and the CMS +revalidation list, both free. + +**Email in file:** No. Practice/mailing address, phone, fax only. + +### Detectable from the file +| Signal | Field(s) | Obligation | Service | +|---|---|---|---| +| Stale `Last Update Date` (>1–2 yrs) | Last Update Date | NPPES update within 30 days of any change | NPPES refresh/attestation | +| Deactivated NPI | NPI Deactivation Date / Reactivation Date | Deactivated NPI can't bill | NPI reactivation | +| Old enumeration + never updated | Provider Enumeration Date vs Last Update Date | Likely overdue Medicare revalidation (5-yr) | PECOS revalidation | +| Taxonomy vs license-state mismatch | Taxonomy, License Number, License State | Specialty/license inconsistency | License/taxonomy reconcile | +| No primary taxonomy flagged | taxonomy primary switch | Billing/credentialing errors | Taxonomy cleanup | +| Org (Type 2) missing Authorized Official | Authorized Official block | Incomplete org NPI | Org NPI correction | +| Sole-proprietor flag vs entity-type conflict | Is Sole Proprietor, Entity Type Code | Enrollment/tax classification issue | Enrollment review | + +**Inferable only (not in file):** exact revalidation due date (PECOS), HIPAA +posture, active billing, sanctions (use OIG LEIE join). + +**Best cross-join hook:** NPPES ⨝ OIG LEIE ⨝ CMS revalidation list. + +--- + +## 2. FMC Ocean Transportation Intermediaries (OTI: NVOCC + freight forwarders) + +**Source:** FMC OTI lookup (per-record web lookup; a few thousand licensees). +Closest analog to FCC RMD in size and clock. + +**Email in record:** Inconsistent — sometimes present, often not. Partial coverage. + +### Detectable from the record +| Signal | Field(s) | Obligation | Service | +|---|---|---|---| +| License issue ≥ ~3 yrs ago | issue/license date | **Triennial renewal** (every 3 yrs) | OTI renewal filing | +| Bond below current minimum | financial responsibility | $75k NVOCC / $50k forwarder bond | Bond placement/review | +| Missing proof of bond | financial responsibility status | Required to operate | Bond compliance | +| QI stale/absent | qualifying individual | OTI must have a qualified QI | QI / Form FMC-18 update | +| NVOCC w/o tariff indicator | cross-ref tariff systems | NVOCCs must publish tariffs / SARs | Tariff publication setup | +| Status inactive/revoked/surrendered | license status | Operating lapsed = penalties | Reinstatement | + +**Inferable only:** exact renewal due date, whether tariff actually published +(separate tariff registry), email when absent. + +--- + +## 3. EPA RCRA Hazardous Waste Handlers (via ECHO / RCRAInfo / FRS) + +**Source:** ECHO downloadable files, RCRAInfo public data, Facility Registry +Service. Richest enforcement data of the three. Cross-join with TRI. + +**Email in file:** Largely absent. Facility/owner contact name, phone, mailing +address present. + +### Detectable from the data +| Signal | Field(s) | Obligation | Service | +|---|---|---|---| +| Generator status LQG/SQG/VSQG | handler classification | Biennial report + manifest + training | Generator program | +| Biennial report not filed | RCRAInfo biennial flag | LQG Biennial Report (odd yrs, by Mar 1) | Biennial filing | +| Open/current violation | ECHO CurrViolation/history | Return-to-compliance | Violation remediation | +| SNC / HPV flag | ECHO SNC/SVQ flags | High enforcement priority | Audit prep + corrective | +| Old inspection + LQG | last inspection date | Overdue inspection risk | Self-audit | +| Permit expired/expiring | permit status/expiration | TSDF permit renewal | Permit renewal | +| Stale SQG re-notification | notification date | SQG re-notify (~4 yrs, state-dependent) | Re-notification | +| NAICS implies waste, no RCRA ID | FRS NAICS w/o RCRA link | Should be registered as generator | Generator registration | +| EPCRA/Tier II non-filer | facility + chemical thresholds | Tier II annual report (by Mar 1) | Tier II / SPCC filing | + +**Inferable only:** SPCC plan existence, actual chemical inventory, contact email. + +**Cross-join opportunity:** ECHO ⨝ TRI ⨝ FRS NAICS to find facilities that +should be reporting but aren't. + +--- + +## 4. How to Contact License Holders (Besides Postal Mail) + +The registries above give us name + entity + address + phone (+ sometimes fax). +Ranked options to reach them on cheaper/faster channels: + +### A. Email append (turn address/phone into email) +- **B2B email-append vendors** (e.g. data providers that match company name + + address → business email): bulk match files, pay per match. Best for NPPES org + records and EPA facilities (real businesses). +- **Domain inference + verification:** derive likely domain from business name / + website, generate `info@`, `first.last@`, etc., then run an email-verification + API (SMTP/MX validation) to keep only deliverable addresses. Cheap, scalable, + works well where the entity has a website. +- **Website-scrape enrichment:** for each entity, find the website (search by + name+city), scrape contact/`mailto:` and `/contact` pages for published + business email. High accuracy when a site exists. +- **People/B2B data APIs** keyed on the **Authorized Official / Qualifying + Individual / facility contact name** we already have from the registry. + +### B. Phone (we already have it in all three) +- **Cold call** the listed phone — these registries reliably include phone. +- **Ringless voicemail / voicemail drop** to the listed number. +- **SMS** to numbers that resolve to mobile (carrier-lookup the phone first; + honor TCPA/DNC — we already run DNC compliance services, so scrub against the + NDNC and keep consent records). This is the channel we must be most careful on. + +### C. Fax (underrated for NPPES + EPA) +- NPPES and many EPA records include **fax**. Compliance/medical/industrial + audiences still read fax. Cheap blast, low competition, novelty cut-through. + +### D. Web / digital, no contact info needed +- **Free public lookup tool** (like `/tools/dot-compliance-check`): e.g. + `/tools/npi-compliance-check`, `/tools/oti-renewal-check`, + `/tools/rcra-compliance-check`. Drives inbound; the provider searches their own + NPI/license/EPA ID and self-identifies. Pair with SEO + paid search on + "NPI revalidation", "FMC license renewal", "RCRA biennial report". +- **Retargeting / lookalike audiences:** upload the matched-email or hashed + contact list to ad platforms for display/social retargeting even without + reaching the inbox. +- **LinkedIn / Sales Navigator outreach** keyed on the Authorized Official / QI + name (especially good for FMC OTIs and EPA facility EHS managers). + +### E. Channel-fit by sector +| Sector | Phone | Fax | Email-append quality | Web/SEO inbound | +|---|---|---|---|---| +| NPPES (NPI) | ✅ strong | ✅ good | Medium (org > individual) | ✅ "NPI revalidation" | +| FMC OTI | ✅ strong | ⚠️ some | Medium-high (have websites) | ✅ "FMC license renewal" | +| EPA RCRA | ✅ strong | ⚠️ some | High (real businesses + EHS contact) | ✅ "RCRA biennial report" | + +### Compliance guardrails for these channels +- **TCPA/DNC:** scrub all phone/SMS against DNC, prefer manual-dial or established + business relationship, keep consent/records. (We already sell DNC compliance — + practice what we preach.) +- **CAN-SPAM:** appended emails must carry unsubscribe + physical address (our + Listmonk templates already do). +- **State telemarketing & fax (TCPA/JFPA):** fax blasting has its own rules; treat + as opt-out-respecting and B2B-only. + +--- + +## Recommendation / Sequencing + +1. **FMC OTI first** — cleanest RMD analog (small set, 3-yr clock, bond math), + some email already present, businesses with websites = easy email-append. +2. **EPA RCRA** — best deficiency richness + highest fine fear = best conversion; + reach via email-append + phone + free lookup tool. +3. **NPPES** — biggest volume, but email-poor and individual-heavy; lead with a + free NPI revalidation lookup tool + fax + org-targeted email-append. + +> If email-native outreach (like FCC RMD) is the hard requirement, the better +> targets are state license boards (contractors/CSLB, insurance producers, NMLS, +> cannabis/ABC) that publish licensee email directly. Worth a separate survey.