Master Marketing Compliance for SMS and Digital Marketing Campaigns
Compliance is a critical aspect of digital marketing, but is often overlooked and misunderstood by marketers—especially when it comes to SMS communications.
Though SMS campaigns boast open rates over 4x that of email marketing, they are still subject to compliance rules and regulations.
Navigating the rules of marketing compliance can be daunting, with ever-evolving rules, differing state laws, and complexities of certain requirements. Luckily, Verse is an expert on compliance in marketing.
In this blog, we’ve compiled a comprehensive list of frequently asked questions about compliance in marketing. Let’s delve into 20 essential questions you need to answer to ensure your SMS campaigns are not just engaging, but compliant with Federal Communications Commission (FCC) guidelines:
Table of Contents
ToggleLegal questions
What laws govern SMS marketing in the U.S.?
There are two main federal laws that regulate text messaging in the United States: the Telephone Consumer Protection Act (TCPA) and CAN-SPAM Act.
The Telephone Consumer Protection Act (TCPA) of 1991 is a federal law that regulates telemarketing calls, faxes, and text messages. The TCPA:
- Prohibits the use of autodialers, artificial or prerecorded voice messages, and text messages without prior express written consent from the recipient.
- Requires businesses to obtain written consent before sending text messages and clearly disclose that the recipient will receive future text messages.
- Requires that every text message includes a clear way to opt-out.
The CAN-SPAM Act of 2003 regulates commercial email and text messaging. It requires that all commercial messages clearly identify:
- That the message is an advertisement or solicitation.
- The sender’s valid physical address.
- A clear ability to opt-out.
It’s also important to make note of the national Do Not Call registry, as well as state Do Not Call registries, and regularly scrub contact lists against them to ensure you are not contacting consumers on these lists.
Who makes the rules for marketing communications in the U.S.?
- The Federal Communications Commission (FCC) regulates radio, television, wire, satellite and cable communications in the U.S. and its territories.
- The Federal Trade Commission (FTC) published the CAN-SPAM Act to combat unsolicited email messages and is permitted to write new text message marketing regulations within these guidelines. However, through the TCPA, the FCC remains chiefly responsible for governing SMS communications.
- The Cellular Telecommunications Industry Association (CTIA) represents mobile carriers and aligns with TCPA laws to protect consumers from unwanted text messages. While the CTIA is not technically a governing body, it can discontinue and block the texting services of businesses that refuse to comply. They have established best practices for SMS marketing, including guidelines for opt-ins and opt-outs, as well as rules for how businesses can use text messaging.
- The Campaign Registry (TCR) is chosen by carriers and has control over message and call deliverability. To be 10DLC enabled, all companies must register with TCR.
How do I boost my Trust Score?
When a brand registers with TCR, the registry assigns them a Trust Score. Trust Scores are numerical values ranging from 0 to 100, with a higher score signifying greater deliverability. These scores determine the routing, delivery speed, and cost of your messages.
For example, a Trust Score score of 90 and above is considered excellent and can result in faster message delivery and lower costs. A score above 70 is considered good, while scores of 50 are lower are poor, and scores under 23 will result in low to no deliverability.
TCR evaluates your Trust Score during the registration process. Though the algorithm is not fully understood, it encompasses three things:
- Company size, with larger companies seen as more trustworthy.
- Years in operation, with older companies having an advantage.
- Send history, meaning that a history of violations or spam messages will result in a lower score.
There are several things that brands can do to boost their score, including:
- Leaving no data discrepancies in your A2P registration, including address, business registration number, tax ID, and brand name.
- Use your legally-registered brand name only.
- Using the business Employer Identification Number (EIN), and ensuring it matches with business registration.
- Ensuring all messaging content is compliant. Do not send unsolicited messages, use deceptive language, or send spam.
Are there any state-specific regulations for marketing messages?
Yes—and because many businesses operate in more than one state, that means they also need to adhere to local laws—even if they are not physically located in the same state as the consumer. Some laws are applicable to people within a state, regardless of whether they are state residents. With this in mind, businesses should err on the side of caution.
Certain states, including Arizona, California, Colorado, Florida, New Jersey, New York, Utah, Washington, and Wisconsin, do have state-specific legislation. Specific state laws may include:
- Designated time zones where calling and texting are not permitted
- Self-identification requirements
- Limits on data collection
- Express written consent requirements
See our full list of individual state laws/requirements here.
Just as it’s important to comply with the FCC and TCPA, companies must also comply with individual state laws in order to ensure their communications are respectful and they do not rack up additional fines.
Technical Terms
What does A2P mean?
A2P stands for Application-to-Person messaging, which is defined as any kind of message traffic in which a person is receiving messages from an application rather than another individual, and which is not expected to receive a reply. A2P messages include marketing communications, automated reminders and notifications, chatbots, and one-time passwords or codes.
When you register a brand, it must include your A2P brand. Your company must pay a registration fee to TCR and receive a TCR score.
What are long and short codes?
Phone numbers are typically referred to as standard, 10-digit “long codes” (10DLC) that can send and receive calls and texts, or short codes, five to six digit numbers that send text messages only.
When looking into compliance, you may come across the term A2P 10DLC. While 10DLC stands for 10-digit long code phone numbers, A2P 10DLC is the new American standard that permits businesses to send A2P messages with these numbers when they are properly registered.
In the past, 10DLC were intended for Person-to-Person (P2P) traffic only, causing businesses to be constrained by limited throughput and heightened filtering. With A2P 10DLC, trusted companies now experience increased deliverability and throughput, but do require additional registration to build trust with carriers.
Short codes, on the other hand, are vetted by carriers for their intended use, and are subject to minimal filtering. This makes them a popular choice for high-volume A2P messaging. Short codes can send 100 message segments per second by default, and are well-suited for marketing communications.
Best Practices and Opt-Ins
Do I need recipients’ consent before sending marketing messages?
Yes, businesses must obtain recipients’ consent before engaging them in marketing campaigns. In order to comply with federal and state law, it’s best to gain consent in the form of explicit opt-in consent.
This approach not only demonstrates respect for the recipients’ privacy but also enhances transparency in business practices, ultimately leading to more meaningful and effective marketing campaigns.
How do I create an opt-in form?
When it comes to creating an opt-in for marketing campaigns, it’s best to keep things clear, simple, and straightforward. There are a few different ways that customers can opt in:
- Implied consent: is often given when customers fill out a form—think entering your email address to download an ebook. Though you did not explicitly state that you want to receive marketing emails, you voluntarily opted in by providing your email.
- Explicit consent: is given when you ask for permission to send someone emails and they agree. This ensures the recipient has manually opted in, usually by clicking a checkbox or giving written consent.
- Double opt-in: is the best way to obtain consent, although it adds an extra step for customers. This method requires customers to enter their email and/or phone and then verify these methods of contact before they are opted in.
- For SMS marketing specifically, companies can prompt customers to opt in by texting a keyword to the company’s shortcode number, and then verify that they opt in to promotional texts.
No matter what type of opt-in you choose, you must incorporate the following information:
- Business name. (For example, “By checking this box, I agree to receive texts from Verse at this number.”)
- If opting in to texts, include a disclaimer that message and data rates may apply.
- Opt-out information. This may be included in the opt-in form itself, or in your first text or email to the recipient.
- A link to your company’s terms and privacy policies. Note that mobile carriers will deny SMS campaigns if your terms state that your business shares data.
- Why you will be contacting customers. For example, “By subscribing, you agree to receive promotional emails (or texts) from Verse.”
How do I create an opt-out?
When consumers first subscribe, it’s imperative that businesses provide an opt-out, which is a text message a customer can reply with or a link they can click to tell a business they no longer want to receive their messages.
Whether it’s an email unsubscribe or a SMS opt-out, both options should remove customers from your contact database and cease further communication through that channel.
Both the TCPA and CTIA require marketers to provide subscribers with an opt-out. An opt-out SMS is a text message a customer sends to tell a business they no longer want to receive promotional messages. Under the CTIA, customers must be able to opt out by using any of the keywords: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT.
Email unsubscribes usually have a link at the bottom that automatically removes users from receiving further promotional emails.
In order to respect customers, it’s imperative to honor all unsubscribe requests promptly. Ensure your system is immediately processing unsubscribe requests. If a customer opts out of text or email messaging, do not wait to remove them from the database.
Do we need to maintain records of consent for SMS marketing recipients?
It’s safest to maintain each contact’s consent for at least four years from the date it was given. Four years is the federal statute of limitations for bringing an action under the Telephone Consumer Protection Act (TCPA).
Are there regulations on when we can text those who have opted in?
Yes. Federal law allows businesses to make telemarketing calls between 8am and 9pm in the recipient’s local time zone; however, each state also has restrictions on when telemarketers can call and/or text consumers. Usually, designated hours fall between 8am-8pm, but it differs state by state. Some states also ban telemarketing on Sundays.
Aside from legal restrictions, it’s important to respect and value customers’ time and preferences by refraining from contacting them at off hours.
How do we ensure compliance with Do Not Call (DNC) registries?
It’s best practice to regularly scrub contact lists against Do Not Call (DNC) registries to ensure that you are not in violation of any state or federal laws surrounding the DNC.
Regularly scrubbing contact lists against DNC registries helps businesses avoid the risk of contacting individuals who have explicitly requested not to receive marketing communications.
By removing these individuals from their contact lists, companies demonstrate respect for consumers’ privacy preferences and avoid potential legal issues. Additionally, maintaining clean and compliant mailing lists can enhance the effectiveness of marketing campaigns by focusing on individuals who are open to receiving communications, ultimately leading to better outcomes for both the business and the consumer.
Are there restrictions on the frequency of marketing text messages we can send to recipients?
Some state laws limit communications to three texts about the same subject within 24 hours. Mobile phone carriers will also flag frequent communications, so it’s safest to stay under three texts per every 24 hours.
How do we ensure data privacy in SMS marketing campaigns?
Protecting recipient data in SMS marketing campaigns involves implementing robust security measures to prevent unauthorized access and ensuring compliance with data protection regulations.
Protecting recipient data in SMS marketing campaigns is paramount to maintain transparency and credibility with customers. This entails utilizing encryption techniques to safeguard sensitive information transmitted through text messages and implementing secure storage protocols.
Furthermore, compliance with data protection regulations such as California’s CCPA is essential to ensure that recipient data is handled responsibly and ethically. By adhering to these regulations, businesses can safeguard against potential legal penalties and reputation damage that could arise from mishandling customer information.
How do we maintain compliance?
Compliance is not a touch-and-go endeavor; it’s ever-changing and must not only be integrated into your systems, but constantly monitored and updated.
Companies must stay informed on every new regulation and update their systems to reflect it.
Carrier policies are constantly updated, so companies must ensure they are not being labeled as spam. In addition, companies should monitor delivery rates, error rates, and opt-out rates to ensure their messages are being delivered.
It’s also important to constantly scrub your lists against DNC registries and identify serial TCPA litigators. TCPA plaintiffs and serial litigators are an ever-present issue to watch out for; these people maliciously take advantage of the TCPA for financial gain. Companies must use a tool like the DNC Litigator Scrub to identify and remove these serial plaintiffs from their databases or risk legal and financial trouble.
For this reason, compliance is often outsourced to companies that can track deliverability rates, monitor regulations, and regularly scrub contact lists.
Things to Avoid
What should I avoid writing in text message marketing?
Avoid using all caps or overusing emojis in promotional texts. It’s also best practice to avoid certain types of language that carriers will flag as spam, think: “free”, “urgent”, “cash”, and “not spam.”
The CTIA prohibits companies from texting content on the topics of sex, hate, alcohol, firearms, and tobacco. For companies that sell alcohol or tobacco, age-gating is required for consumers opting in to SMS marketing.
What are the consequences of non-compliance?
Non-compliance with FCC and state regulations in the realm of text messaging marketing can have severe consequences for businesses. Failing to adhere to these regulations can expose companies to fines, legal action, damage to reputation, and loss of trust with customers.
The fines imposed on non-compliant businesses can vary significantly based on factors such as the volume of non-compliant texts sent and the geographic location of the recipient(s). These fines can quickly add up, creating a substantial financial burden for businesses found in violation of the regulations.
Legal repercussions of non-compliance with FCC and state regulations can be complex and time-consuming, potentially leading to costly litigation and penalties. Beyond the financial implications, the damage to a company’s reputation can be even more detrimental in the long run. Customers value transparency, honesty, and respect for their privacy, and any breach of these principles can erode trust and loyalty.
Can we purchase contact lists for our marketing campaigns?
Purchased contacts do not qualify as opted-in. In alignment with best practice, do not call, text, or email purchased mailing lists. Purchasing lists may violate consent requirements and lead to non-compliance. Cold calling, emailing, or texting those who have not consented is often perceived as invasive and can damage your brand reputation.
Here are a few examples of contacts that do not qualify as opted-in:
- Contacts purchased or obtained through third-party lists
- Contacts who submitted a form on another brand’s website
- Contacts from lead/prospect providers or data enrichment tools
- Contacts who have engaged in one-on-one emails, who have not consented to bulk communications
Outsourcing Compliance
Why do companies outsource text messaging services?
As you’ve likely gleaned from this article, compliance is multi-layered, while failure to comply can be extremely costly for companies. Rather than attempting to navigate this on their own, many businesses choose to outsource their SMS marketing efforts.
At Verse, we handle compliance for our customers. We understand the ins and outs of compliance and will always ensure that any communications we make on behalf of our clients are 100% compliant.
Companies do not have any visibility into when their texts or emails are blocked—but we do. Where companies may be strangers, Verse maintains great relationships with the regulators of text messaging: the CTIA, FTC, FCC, and DNC registry.
Our team of experts is dedicated to meeting the requirements of all the regulations we’ve outlined through:
- Taking care of your business’ A2P registration to improve SMS deliverability.
- Helping you obtain and boost your TCR score.
- Monitoring your error and opt-out rates 24/7.
- Utilizing STIR/SHAKEN, or shaken and stir, a method mandated by the FCC, we ensure your calls are verified and never labeled as spam.
- Scanning your campaign and lead lists against DNC registries to ensure compliance, and to identify and scrub all serial TCPA litigators and professional plaintiffs.
- Providing local inbound numbers and customizable hours of operation allow you to reach out to leads at a time that is compliant as well as convenient, increasing the chances of engagement.
- Helping our customers with their opt-in forms.
- Updating our systems with new ways that your customers imply opt-out.
- Staying updated on new regulations so your communications are always compliant.
By using Verse, you can be confident that your marketing campaigns are in line with TCPA, the FCC, the CTIA— all of the regulations we’ve outlined in this guide. Not only does this protect your business from any potential legal issues, but it also shows your customers that you value their privacy and respect their preferences.
What are the best text message marketing services?
There’s only one answer, and that’s Verse. Our AI-powered platform is highly customizable, fully managed, and, most importantly, fully compliant. Unlike other AI services or chatbots, Verse combines the power of AI with human empathy, and will connect contacts to human reps exactly when they need to be. Learn more about how we can help you with efficient, compliant customer conversations that convert.