The TCPA Threat: Practical Compliance Considerations for the Modern-day Banker

Notice 2016-14

Communication is vital in any relationship, including an institution’s relationship with its customer. Modern technology provides institutions with useful tools to facilitate these communications, including, for example, text messaging, email, social media, and autodialed calls. While it is important for institutions to capitalize on the multiple channels available to communicate with existing and potential customers, it’s equally as important to understand the regulatory framework under which these communications are governed.  

Enter the Telephone Consumer Protection Act (TCPA). The TCPA, which became law in 1991, was originally established to address unsolicited calls to landlines and then-modern cell phones. Twenty five years after its inception, the TCPA – prescribed primarily in implementing regulations, guidance and orders issued by the Federal Communications Commission – has taken on a new life in an attempt to govern current technology. Recent changes to TCPA law (issued in 2013 and 2015) have generated renewed attention and growing concern surrounding effective but compliant communications with customers. Rightfully so, as penalties for non-compliance – ranging from $500 to $1,500 per violation (per call) – can truly break the bank. Given the repercussions of non-compliance, it is critical for all bankers to understand the TCPA and how the law interacts with the institution’s business practices. At that point, the institution will be in a position to determine whether to communicate with customers using channels that avoid the TCPA or to submit to TCPA compliance. 

If your institution uses or is considering using one of the following mechanisms to communicate with customers, these communications will be governed by the Telephone Consumer Protection Act (TCPA):

  • Text messages
  • Calls to landlines or cell phones using an autodialer
  • Calls to landlines or cell phones using a pre-recorded or artificial voice

Prior to communicating with consumers using one of these channels, the institution must obtain the consumer’s consent. Dependent upon the nature of the communication, one of two types of consent is required – (1) prior express consent or (2) prior express written consent.  If the contact does not include a telemarketing/advertising message, an institution must obtain prior express consent from the consumer. Contacts of this nature would include, for example, debt collection, checking account notifications (e.g. insufficient funds alerts), or informational contacts with potential customers. In contrast, if the contact includes telemarketing or advertising content, a consumer’s prior express written consent will be required.

Obtaining a consumer’s prior express (non-written) consent is a relatively simple process. Interpretative Orders issued by the FCC have stated that obtaining a cell phone number from a consumer is sufficient to provide such consent. Thus, assuming the institution has obtained a cell phone number from a customer in the course of the banking relationship (e.g. in the Account Signature Card), the institution has the ability to contact that customer for non-telemarketing/advertising purposes using the above-described mechanisms. No additional disclosures are required to be provided by the institution and, furthermore, no contractual agreement between the institution and consumer is required by law. Put simply, documents should not need to be modified. 

In contrast, if an institution wishes to contact a consumer using an above-listed mechanism for telemarketing/advertising purposes, prior express written consent must be obtained. This level of consent requires all of the following:

  • Written agreement
  • Signature of person called 
  • The following “clear and conspicuous” disclosure:
    • “By executing this agreement, such person authorizes the seller to deliver or cause to be delivered to the signatory telemarketing calls using an automatic telephone dialing system or an artificial or pre-recorded voice; and
    • The person is not required to sign the agreement (directly or indirectly), or agree to enter into such an agreement as a condition of purchasing any property, goods, or services.”
  • Telephone number authorized to receive such messages

The TCPA does not prescribe how to capture a consumer’s written consent. As a best practice, however, an institution should consider using a standalone agreement to obtain this consent in light of both legal and practical considerations. To that end, it is prudent for an institution to work with legal counsel to tailor the consent agreement to the institution’s particular circumstances and to, furthermore, delineate proper use.

In addition to obtaining consent, there are a number of additional considerations for an institution when determining whether and how to communicate with consumers under TCPA, regardless of the nature of the contact. First, consumers have the opportunity to opt-out of receiving any communications at “any time” using “any reasonable means”. This requires the institution to have systems in place to quickly manage a customer’s opt-out request regardless of how and to whom the opt-out request originated. In turn, these systems must be capable of tracking which institution customers have consented and the type of consent (written or non-written) given, as applicable. Practically speaking, an institution will not have 100% consent from all customers and systems must be capable of managing to that reality. Furthermore, these systems must “talk” to those who are responsible for originating calls; otherwise, violating TCPA and incurring a steep fine is just a matter of time. 

Finally, there are several notable exemptions from TCPA. Relevant to bankers, contacts that alert customers to a data security breach or identity theft or notifications of suspected or actual fraudulent activity on a customer’s account are exempt. Additionally, contacts related to a customer’s money transfer are also exempt. In order to take advantage of these exemptions, however, an institution must adhere to certain requirements including, for example, a limitation on the number of customer contacts, content requirements, and formatting requirements for text messages. In the non-telemarketing context, complying with exemption requirements may, in fact, be more onerous than obtaining a phone number to meet prior express consent requirements under TCPA.

As your institution continues to innovate by identifying creative ways to connect with new or existing customers, it’s critical to consider the TCPA. Understanding the law, along with the practical impacts, should help guide business decisions and will certainly facilitate compliance. 

*This article does not address other laws that may apply to an institution’s communications with customers such as “do not call” registry requirements and the Fair Debt Collection Practices Act, as applicable.

WBA wishes to thank Atty. Lauren C. Capitini, Boardman & Clark, llp. for this article. 

By, Eric Skrum