Understanding SMS Compliance Frameworks

Confession: Setting up a compliant SMS program feels complicated.

I see many clients trying to tap into SMS marketing as a new channel because of the incredibly high engagement rates (>90% open rates).

But as high as the opportunity is, the greater the complexity in setting up a compliant SMS program.

It’s a relatively new channel, which means it can be tough to navigate. The reason for that is there are different bodies to comply with and multiple stakeholders:

• Federal laws
• Industry guidelines
• State laws

Federal Laws: TCPA

First, let’s talk about federal laws. This is the Telephone Consumer Protection Act (TCPA), which sets the federal legal framework that governs telemarketing practices, including SMS marketing.

This law requires businesses to obtain consent before sending automated text messages and imposes restrictions on the times during which these messages can be sent, among other rules. It is enforced by the Federal Communications Commission (FCC).

Industry Guidelines: CTIA

Not only must we keep the government happy, but we must also keep carriers happy. Failure to do so results in carrier filtering and blocks, so our SMS never gets delivered. These guidelines are set by the Cellular Telecommunications Industry Association (CTIA).

While these are not legally binding, following these best practices ensures you’re in good standing with carriers and service providers. It also helps prevent any potential legal issues.

State Laws

Some states may have additional regulations that affect SMS marketing. These can include stricter consent requirements, more detailed privacy protections, or specific rules about the types of messages that can be sent. For example, California has stricter laws since the CCPA provides residents with rights over the personal information that businesses collect about them. It includes requirements for the disclosure of what personal information is being collected and for what purpose.

It's crucial for businesses to be aware of these state-specific rules to ensure complete compliance.

Important Note: It’s worth mentioning that there are other frameworks and guidelines, but these are the most pertinent categories. There are also different laws and guidelines globally (e.g., GDPR or the Australian Spam Act). The above are mainly focused on the US market.

Compliance Requirements

Okay, now that you have an understanding of these different frameworks, let’s get into the actual requirements. To make it easy, I’ll break down where they overlap vs. which requirements are unique to TCPA and CTIA.

Required by TCPA + CTIA

1. Consent: Both require prior explicit consent for sending marketing messages. You cannot bundle email and SMS opt-in together. And no, you cannot send them SMS if they simply provide their phone number. I recommend having a separate checkbox for SMS opt-in.
2. Opt-Out Mechanism: Both emphasize the necessity of providing a clear and simple opt-out mechanism in every message (e.g., "Text STOP to unsubscribe").
3. Transparency: Both mandate that the messages sent should not mislead the recipients about the nature of the content and who is sending it.

Required by TCPA Only

1. Time Restrictions: The TCPA only allows you to send an SMS during a reasonable window, which is typically between 8 a.m. and 9 p.m. local time. It’s noteworthy to mention that certain states have a shorter window.
2. Legal Recourse for Consumers: The TCPA gives consumers the right to file lawsuits for unsolicited messages, which can include class action lawsuits against violating entities.

Since TCPA is a federal law that provides a legal framework, there could be potential penalties for non-compliance. For example, there could be fines of up to $1,500 per incident for willful or repeated violations. Need I emphasize the importance of adherence anymore?

Required by CTIA Only

1. Content Standards: CTIA guidelines are very specific about prohibiting certain types of content. For example, S.H.A.F.T. content is prohibited, which stands for Sex, Hate, Alcohol, Firearms, and Tobacco.
2. Marketing Description and Frequency: They require clear communication about the nature of the marketing program and the frequency of messages at the time of opt-in, which helps manage consumer expectations.
3. Carrier Compliance: The CTIA guidelines are also about maintaining compliance with mobile carrier rules because T-Mobile, AT&T, etc., may have different rules. This is pertinent for the technical delivery of SMS campaigns.

As mentioned earlier, CTIA is not a legal body but a trade association that provides best practices and guidelines for SMS marketers. Compliance is critical for preventing blocking by carriers and ensuring your SMS delivers.

Lastly, state-level laws will vary for each state, of course. Ultimately, your SMS marketing program must adhere to all federal laws, state-specific laws, and industry guidelines.

SMS Compliance Checklist

So let’s get to what you’re here for. Here’s a checklist for you to ensure a compliant SMS program:

• [ ] Secure documented consent from subscribers before sending marketing texts.
• [ ] Use a double opt-in for confirmation to strengthen consent.
• [ ] Clearly state your business name in each message (or at least once a month).
• [ ] Inform subscribers if the message is promotional.
• [ ] Provide a simple "Text STOP to unsubscribe" option in every message (or at least once a month).
• [ ] Only send messages between 8 a.m. and 9 p.m. local time.
• [ ] Ensure all practices comply with relevant privacy laws like the CCPA.
• [ ] Adhere to mobile carriers’ and CTIA guidelines to prevent service issues.
• [ ] Implement strong security measures to protect subscriber information.
• [ ] Keep detailed logs of consent and opt-out requests for at least four years.
• [ ] Regularly check your SMS practices and compliance status.
• [ ] Seek advice from legal professionals specializing in telecommunications law regularly.

Summary

Well, well, well… You’ve made it this far. Guess what? The above is where you must absolutely start. Then, whichever SMS provider or sending platform you’re working with, they may have certain requirements. In my experience, if you follow the above, they won’t have any other crazy requirements.

Now, if you’re still struggling with SMS compliance, you can book a free 30-minute consultation call with me in exchange for a testimonial.

Disclaimer: This is for educational purposes only and not to be taken as legal advice. SMS compliance laws are complicated, and you should always consult your lawyer for guidance.