How to be compliant when texting your account holders
How to be compliant when texting your account holders

Customer outreach and communication platforms are increasing in popularity for businesses across all industries. In general, they assist companies in managing, analyzing, and optimizing their customer journey for the most ROI. These platforms make it easy for banks and credit unions to reach their account holders at a personalized and unique level, allowing better engagement and improved customer satisfaction.

The use of SMS for business is gaining more popularity as new research has found that:

  • 98% of customers will read incoming messages.

  • 86% of businesses report that texting generates engagement 6 to 8 times higher than email.

  • 75% of customers will redeem offers sent via SMS.

Despite the great benefits that businesses get from adopting these technologies, community financial institutions must adhere to regulatory requirements and practice standard text messaging etiquette to keep their relationships with account holders beneficial.

The laws and regulations associated with how and when account holders can be contacted can be confusing as well as intimidating. SMS marketing messages are governed by regulations and failure to follow them can result in costly penalties and damage to brand reputation.

Let’s look at some of the laws that govern business text messaging, and how financial institutions can easily maintain compliance while texting their customers.


What is the TCPA?

When looking into text message compliance laws, you will most often be faced with The Telephone Consumer Protection Act (TCPA). The TCPA was signed into law in 1991 as a response to a growing rise in unregulated and harassing telemarketing calls and faxes.

Overseen by the Federal Communications Commission (FCC), TCPA restricts telephone solicitations (i.e. telemarketing) and the use of automated phone equipment. While originally designed for calls and faxes, TCPA also includes restrictions on any business that communicates with consumers via text.

As the primary legislation responsible for enforcing business mobile outreach, failure to follow TCPA regulations runs the risk of heavy fines and lawsuits.


What is the DNC?

The Federal Trade Commission’s Telemarketing Sales Rule (TSR) established the National Do Not Call Registry (DNC) in 2003 in an effort to let individuals have some control over the sales and marketing calls that they receive.

The DNC acts as an addition to TCPA, preventing brands from contacting customers who are listed on this registry. Companies, and especially telemarketers, are required to ensure they are not calling or messaging anyone who is registered on the DNC. Failure to follow this regulation can result in lawsuits. Exceptions include an established business relationship, some sort of inquiry, or written consent from the individual.


How to Be Compliant with TCPA.

Texting compliance may seem like a daunting task, but in reality, it just requires that your institution follow a few guidelines. To maintain compliance, the following TCPA requirements should be included in your business texting strategy.

Obtain express written consent.

Sending texts to your account holders first requires their express written consent that must be documented and saved. This can be either an online or paper form stating the account holder is subscribing to receive communication — or account holders can text a keyword from their phones that serves as consent to join your SMS database. While they don’t need to sign a formalized document to provide consent, the consent statement must be clear and conspicuous so the account holder knows exactly what they are signing up for.

Be careful how you import/export contacts. Consent given to receive communication in one channel doesn’t mean blanket consent across all channels. It is not advisable to purchase lists of phone numbers with contacts who have not expressly opted into your company communications.

Provide important company information.

Once an account holder expressly consents to receiving messages, you need to follow up with a comprehensive disclosure message including your company name, the purpose of messaging, the frequency of messages and data rate notices, as well as instructions for both requesting help and opting out.

You should also provide easy access to the legal terms and conditions of your SMS communications policy, as well as a phone number and email address where you, or the financial institution can be easily reached. Links to your website or downloadable content can be placed within your disclosure text to give account holders access to all the necessary information and opt out options.

Respect the Do Not Call Registry and give customers ways to opt out.

TCPA stipulates that businesses are not allowed to contact people listed on the National Do Not Call Registry. Additionally, you must always provide a clear way for people to opt out of receiving your messages should they wish. Many banks and credit unions will set up response capabilities that allow customers to text the word “STOP” or “UNSUBSCRIBE” to cease all text communications. Account holders who have opted out from receiving messages should be kept in a company DNC list for at least 5 years.

Only communicate during business hours.

Under the TCPA, your institution can only contact customers during certain hours of the day — specifically, 8am – 9pm. Be sure to monitor time zones and follow these outreach parameters.

Stay informed.

To maintain the safest compliance posture, always stay current on regulatory updates that affect how your institution is legally required to interact with account holders through text and phone.


The risks of non-compliance

Early on in the development of SMS marketing, there were no safeguards in place to prevent businesses from simply purchasing contact information and potentially spamming customers. Consequently, several agencies (like the FCC) were formed to protect the privacy of consumers and ensure that businesses behave appropriately when sending SMS messages. By following SMS compliance requirements, you can ensure that your financial institution is protected against lawsuits.

Noncompliance with TCPA regulations — whether failing to obtain consent, disclose marketing terms, or protect consumer privacy — can subject your bank or credit union to costly fines. Penalties can reach as much as $500 for each text or phone call; that’s a staggering amount if you consider that some companies send out millions of business messages per month.


Be vigilant with your campaigns

Text messaging is one of the most powerful ways to reach your account holders and engage with them on a channel they prefer. With countless opportunities to upsell, provide seamless onboarding, deliver exceptional customer support, and more, business texting is the foundation of an effective ROI-proven outreach strategy — as long as you maintain compliance.

By following the guidelines above, and partnering with a company adept at this type of program, your financial institution can easily text your account holders with the confidence that you’ll always be doing so compliantly.

There are vendors out there that have messaging platforms designed with regulations from TCPA, CASL, CAN-SPAM, and more in mind — so safe texting and compliance are built in. Some, like Statflo, are also certified with top security regulations like SOC-II and come with built-in features like smart filtering to block inappropriate language and content, as well as DNC management tools to handle opt-outs automatically.

You may also look for a partnership that includes a dedicated customer success manager and coaching tips so your staff always fully understands legal and best practices — and can make sure your business texting strategy follows industry standards and local and national regulations.


About Statflo:

Statflo provides the leading compliant one-to-one business messaging platform that enables financial institutions to have productive, two-way conversations with their customers over text messaging. With seamless integrations to existing CRM/core systems, full consumer context, and rich shareable content, consumer-facing teams have all the tools they need in a single platform to engage, retain, and grow their consumer base. Learn more.


What’s Kasasa?

Kasasa® is an award-winning financial technology and marketing services company dedicated to helping both community financial institutions and consumers experience what it means to “Be Proud of Your Money.” We’re known for providing reward checking accounts consumers love, the first-ever loan with Take-Backs™, relationship-powered referral programs, and ongoing expert consulting services to community financial institutions.

By working exclusively with community banks and credit unions, Kasasa is helping to strengthen local economies across the nation, building a virtuous cycle of keeping consumers’ dollars where they can do the most good. Our mission is to power a network of financial institutions in all 50 states offering products and services that are clearly beneficial for the consumer and the institutions offering them.

For more information, please visit, or visit Twitter, Facebook, or LinkedIn.