SMS Compliance FAQ
Though regulatory compliance can be complex and daunting, it’s absolutely necessary for risk mitigation in SMS and phone communication.
This FAQ covers key definitions and commonly-asked questions related to compliance to help professionals:
- Better understand related laws such as the TCPA
- Improve deliverability of texts and calls
- Maintain legal compliance and customer trust
SMS compliance refers to compliance with federal and state regulations that govern texting communications, such as the Telephone Consumer Protection Act (TCPA).
What laws govern business SMS in the U.S.?
There are two main federal laws that regulate text messaging in the United States: the Telephone Consumer Protection Act (TCPA) and CAN-SPAM Act.
Who makes the rules for marketing communications in the U.S.?
Marketing communications are governed by several bodies, including The Federal Communications Commission (FCC), and the Federal Trade Commission (FTC). The Cellular Telecommunications Industry Association (CTIA) is not technically a governing body, but represents mobile carriers and protects consumers from unwanted text messages.
How do I comply with the TCPA?
Compliance with the Telephone Consumer Protection Act (TCPA) includes but is not limited to obtaining written consent before calling or texting consumers, providing clear opt-outs, and protecting consumer data.
What does the TCPA mean for texting?
When it comes to texting, the TCPA requires businesses to obtain prior express written consent before texting consumers, and provide functional opt-outs, and protect consumer data.
What is Revocation of Consent?
The Revocation of Consent rule expands opt-out requirements under the TCPA, including the ability to revoke consent through any reasonable means, requirement to honor revocation requests within 10 business days of receipt, and permission to send a one-time clarification message.
Trust Scores are assigned when a brand registers with The Campaign Registry (TCR), which is chosen by carriers and has control over message and call deliverability. Trust Scores are numerical values ranging from 0 to 100, and these determine the routing, delivery speed, and cost of your messages.
How do I boost my Trust Score?
To boost a Trust Score, brands should leave no data discrepancies in A2P registration, use legally-registered brand names, use the business Employer Identification Number (EIN) that matches with business registration, and ensure all messaging is compliant.
Are there any state-specific regulations for business SMS?
Yes, there are state-specific regulations around text messaging, nicknamed “mini-TCPAs”. If a business operates in more than one state, that means they also need to adhere to local laws—even if they are not physically located in the same state as the consumer.
A2P stands for Application-to-Person messaging, which is defined as any kind of message traffic in which a person is receiving automated messages. A2P messages include marketing communications, automated reminders and notifications, chatbots, and one-time passwords or codes.
10DLC is short for 10-digit “long codes”, phone numbers that can send and receive calls and texts. A2P 10DLC is the new American standard that permits businesses to send A2P messages with these numbers when they are properly registered.
Do I need opt-ins before texting customers?
Yes, in compliance with the TCPA, businesses must obtain recipients’ consent before texting them. In order to comply with federal and state law, it’s best to gain consent in the form of explicit opt-in consent.
To create an opt-in, you need to make it very clear what the consumer is consenting to. This is often done through a form on your website. Double opt-ins are the most robust, and require contact verification before opting the customer in.
Both the TCPA and CTIA require businesses to provide subscribers with an opt-out. An opt-out SMS is a text message a customer sends to tell a business they no longer want to receive promotional messages. Under the CTIA, customers must be able to opt out by using any of the keywords: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT.
Are there regulations on when a business can text customers?
Yes. Federal law allows businesses to make telemarketing calls between 8am and 9pm in the recipient’s local time zone; however, each state also has restrictions on when telemarketers can call and/or text consumers.
How do we ensure compliance with Do Not Call (DNC) registries?
The Do Not Call registry is a list of numbers that businesses cannot call. It’s best practice to regularly scrub contact lists against Do Not Call (DNC) registries to ensure that you are not in violation of any state or federal laws surrounding the DNC.
Are there restrictions on the frequency of text messages businesses can send?
Some state laws limit communications to three texts about the same subject within 24 hours. Mobile phone carriers will also flag frequent communications, so it’s safest to stay under three texts per every 24 hours.
What phrases or messages should businesses avoid when texting?
Always avoid deceptive or exaggerated claims and do not ask for personal information. Businesses should avoid common spam words, but many spam words are considered spammy only when used in a particular context. Ensuring your messages are transparent and straightforward will help them avoid spam filters.
What are the consequences of non-compliance?
Non-compliance can expose companies to fines, legal action, damage to reputation, and loss of trust with customers. The fines imposed on non-compliant businesses can vary significantly based on factors such as the volume of non-compliant texts sent and the geographic location of the recipient(s). Legal repercussions of non-compliance with FCC and state regulations can be complex and time-consuming, potentially leading to costly litigation and penalties.
What is the Homebuyers Privacy Protection Act?
The Homebuyers Privacy Protection Act bans mortgage trigger leads: the sale of consumer data by a credit reporting agency (CRA) when a borrower applies for a mortgage.