“It has long been an axiom of mine that the little things are infinitely the most important”
– Arthur Conan Doyle
I’ve been auditing a lot of Virtual Office Websites (as well as IDX websites) for MLS rule compliance over the past year and some of the VOW-related “frequently asked questions” seems like a natural subject to cover on my blog.
Why Audit VOW Compliance?
I’ve performed rule compliance audits on dozens of VOWs and haven’t found one yet that was in compliance before initial auditing and issue remediation took place. I’ve got to tell you, at this point I don’t think there’s a rule I haven’t seen broken. Some VOWs were only a bit out of compliance while some made me want to ask, “Did you even READ the rules before creating your VOW?!”
Having rules is kind of meaningless unless there’s a mechanism for compliance and enforcement – otherwise folks don’t play by the rules, and once that horse has left the barn and has been wandering a while, it’s hard to put it back later. MLSs have been tackling listing compliance and other MLS rule compliance more and more in recent years, and the VOW rules are just one more part of the rules to review for compliance.
When to Audit?
There are two options for when to audit a VOW (or IDX site): “complaint based” auditing, and consistent auditing. “Complaint based” auditing alone is a recipe for disaster – I’m sure you can hear it in your ears right now: “The MLS picks on me because I’m a new model online broker!” With an MLS rule audit policy and consistent auditing, all brokerages are treated equally and there is no discrimination or cause for complaint. Ideally the best time for this review is just before or soon after the VOW site is launched – you might want your VOW agreement to include a requirement that you be informed a month ahead of a VOW launching so you can plan for rule compliance testing (there are exceptions to that, but that tangent would be too long for this blog post). Once the initial audit is complete, review is needed when issue remediations are reported and on the deadline set for remediations in your VOW agreement and/or agreed to by both parties. After that, some MLSs may move to a regular re-audit period, while others have well defined systems of random auditing, and some depend on complaints to trigger a re-audit.
Relying on complaint-based re-audits alone can be tricky. Recently I reviewed a VOW for compliance and when issues were pointed out the AVP came back with “But [this other VOW] doesn’t follow those rules.” And yes, it was one that had previously passed compliance auditing but had fallen out of compliance AND the issues at hand were ones that typical ‘users’ would never have noticed so complaint-based auditing hadn’t caught them. Another VOW blatantly was breaking a major VOW rule – betting that no one would complain – and they only fixed it the day before I was scheduled to re-audit the site. Of course, I noticed the issue when I visited the site to do a ‘pre-flight’ a week or two early. Now I’m keeping a close eye on that site. So, these examples show that solely waiting on complaints to re-audit isn’t always a great strategy.
The VOW Agreement
Some MLSs have VOW rules in place – but no VOW agreement. The agreement covers VOW rules and responsibilities, including covering costs, issue remediation / cure period, and data feed termination, as well as all the usual legal miscellaney – assignment, governing law, notices, severability, intellectual property, confidentiality, warranty, authentication details and data transmission, storage, display and retention. VOW agreements need to be comprehensive to be effective – consulting a knowledgable attorney is key, and I’ve worked with several bright legal minds to make sure business issues were all addressed.
Interpreting the VOW Rules
Some of the VOW rules are straightforward to review, like making sure the data has been refreshed properly – that new listings are on the site and listing changes have been reflected in a timely manner.
Other rules seem to have different interpretations market by market. For example, regarding the terms of service click-through: Should the terms be in-line on the page with the click-through, is a link to a separate document sufficient, can the terms simply be linked from the bottom of all pages, or some combination? Is scrolling through the terms required before the user can click through on them? Should the terms be referenced from the confirmation email and how? How do state disclosure laws impact the implementation and what must be audited?
Another area that is tricky to review for compliance is in the area of data protection. Defining the level of testing is important. I can tell you now that automated security testing is insufficient – I’ve found VOWs that looked ‘clean’ using a variety of tools but manual testing revealed issues like users being able to easily impersonate the site administrator (technically, “privilege escalation”) or even allowing visitors to access and even scrape all the listings without even logging in by being just a bit sneaky (technically, “bypass of access control checks”). The level of data “scraping” protection required in a market is also important to determine in advance, and there’s custom programming to be performed during a VOW compliance review to properly test the anti-scraping measures. That can be tricky stuff if the compliance auditor is not highly technical.
Finally there are those rules that take some advance consideration about how to audit, if the MLS even wants to – rules like: “The person answering can respond knowledgeably to inquiries from Registrants about properties within the market area served by that Participant and displayed on the VOW.”
These examples are some of the many VOW rules where the devil is in the details, and many decisions need to be made as much as possible before the first VOW is reviewed for compliance so that all VOWs are treated the same during the review process rather than being held to different standards as decisions are made over time.
Those were just a few example of some of the tricky parts of VOW rule compliance auditing – I feel like I could go on interminably, expanding on each of the examples above and diving into others.
I’d be remiss if I didn’t end this post with a bit of a shameless plug. My company, Clareity Consulting, works with MLSs in two ways regarding VOW rule compliance auditing. The first is to shadow an audit and help set or tune the MLS staff’s internal process – this is for MLSs that don’t need or want some “arms-length” from VOW audits and have a technical staff capable of performing all audit tasks (i.e. writing scraping scripts, skilled in both automated and manual security testing). The second way is a full service auditing approach, where after working with MLS staff and attorneys to pre-determine the many details of rule interpretation, some of which are described above, the MLS staff tells me when a VOW needs to be audited and I handle the whole process from there, doing the initial audit, reporting issues, conferencing with MLS staff, brokers and AVPs, then re-testing issues as they are remediated, and providing documentation to the MLS as remediations progress. There you go, that ends the shameless plug.
Call if you want to chat about VOWs!
Share this post: