TCPA Compliance in Financial Services

OCC, FDIC, and NCUA revised their TCPA examination procedures for banks, significantly increasing the likelihood that TCPA noncompliance will be discovered and penalized.

FDIC Examination Procedure Summary


FDIC Examination Procedure Summary

The Office of the Comptroller of the Currency (OCC) issued bulletin 2023-35, which outlines revised annual bank examination procedures that now includes provisions to ensure compliance with the requirements of the Telephone Consumer Protection Act (TCPA). Banks covered by this new procedure include national banks, community banks, federal savings associations, covered savings associations, federal branches and agencies of foreign banking organizations.

The Procedures ensure that banks engaged in practices such as automated telemarketing and texting, that are subject to the TCPA, have the appropriate policies and procedures in place to verify they are conducted in a compliant manner.

These revised bank examination procedures increase the risk that noncompliance with TCPA, RND, and Consent will be discovered for financial institutions. Thus, it’s more important than ever that bank’s TCPA compliance programs are up to date and will stand up to the OCC scrutiny during their annual examination.

The Bulletin outlines revisions in three new areas including:

  • Revocation of consent,
  • A limited exemption for disseminating fraud alerts, and
  • Safe harbor for use of the FCC reassigned number database.

With this announcement, it is vital for banks who conduct telemarketing, debt collections or any type of automated calling to organize a comprehensive review of their TCPA compliance practices. Developing and maintaining a strong TCPA compliance program mitigates the risk of TCPA class action litigation and enforcement by federal banking regulators such as the OCC, FDIC, NCUA, and FCC. Banks are subject to enforcement actions even in the absence of customer complaints.

Speak to an Expert About Mitigating TCPA Compliance Risk


FDIC Examinations for TCPA Compliance

The TCPA, a U.S. federal law, was established to address consumer apprehensions regarding telemarketing. It specifically focuses on grievances filed with the FCC against entities employing telephone communication for business or solicitation. The TCPA delineates standards for proper telemarketing conduct, encompassing limitations on the utilization of automated telephone dialing service (ATDS) equipment and a prerecorded message unless the entity obtains prior express consent. Moreover, it places the responsibility on financial institutions to maintain lists of customers who have chosen not to receive calls.

The FDIC’s examination objectives include:

  • Determining overall TCPA compliance,
  • Assessing the quality of the organization’s policies, procedures, and internal controls for implementing the TCPA’s various provisions, and
  • Determining corrective action when violations are identified or when the institution’s policies or internal controls are deemed insufficient.

The TCPA provides for statutory penalties of $500 per unlawful call or text, and $1500 for willful violations. When multiplied by thousands of violations, judgements commonly reach millions of dollars.

FDIC Examinations for TCPA Compliance

Request a Demonstration

Definition of an ATDS


Definition of an ATDS

The definition of an ATDS has been debated over the years, especially after the 2021 Supreme Court opinion, that stated only dialers that randomly or sequentially generate telephone numbers should be considered an ATDS. But, with differing opinions and a variety of state based “mini-TCPAs”, no one should expect clear passage by relying on that opinion. Collecting consent before placing any type of automated call or text message is the safest approach.

Prerecorded Messages
Likewise, placing calls using an artificial or prerecorded message are generally subject to the TCPA and entities must follow TCPA guidelines.

Express Written Consent
When leveraging an ATDS or prerecorded message or both, banks must first obtain express written consent. In doing so, you must follow clear procedures such as the agreement must contain a “clear and conspicuous disclosure” stating among other things,

  • you agree to receive telemarketing calls via ATDS or a prerecorded message
  • you have the right to revoke your consent at any time, and
  • agreeing to this is not a condition for purchasing goods

Entities must document what language was used, when consent or revocation of consent was collected, and how it was collected. Memorializing these actions enable you to demonstrate compliance during an inquiry.

Professional Litigants
TCPA litigation presents significant financial risk due to large statutory penalties. Hence, there are a significant number of law firms that specialize in filing putative TCPA class action lawsuits. They pursue action against firms they believe have placed a large number of calls subject to the TCPA without prior express consent. These lawsuits typically seek settlements of millions to tens of millions of dollars.

Safe Harbor
The TCPA holds calling parties strictly liable for calls or texts reaching non-consenting parties, even if it's beyond their control. Lawsuits often arise from calling "wrong numbers" or non-consenting customers. To address this, banks can adopt risk mitigation strategies in their TCPA compliance program.

  • One option is a limited safe harbor for reassigned numbers, where no liability exists if prior consent was obtained, the Reassigned Numbers Database was checked, and an erroneous report led to a call to a reassigned number. However, there's no safe harbor for calls to wrong numbers due to other errors.
  • Banks should consider using third-party vendors for name/number matches and
  • Employing live agents to manually dial numbers if they are uncertain of whether a customer is still associated with the phone number on record.


Full TCPA Compliance Solutions for FDIC-Backed Institutions

̲app offers the most comprehensive financial services compliance bundle as well as standalone solutions. Contact us today to determine the best solution mix for your organization.

DNCSolution helps banks, credit unions, and other financial organizations comply with the TCPA by handling direct marketing compliance with relevant legislation across all channels of communication including, calls, texts, emails, and direct mail. Features include:

  • High-volume Do Not Call scrubbing against all federal, state, wireless, and company-specific databases
  • Scalable technology to handle the requirements of the most complex organizations
  • Compliant mobile marketing campaigns via text
  • Ability to collect and manage opt-out requests for calls and texts to landlines or mobile numbers

Reassigned Numbers Database
RND enables you to verify numbers have not been disconnected prior to calling.

In the past, there was a reliable supply of permanently disconnected landline numbers, but the same cannot be said for wireless or VOIP numbers. With the decline in landline usage and the surge in mobile use, this has posed a significant challenge – enter the Reassigned Numbers Database (RND). The RND tracks landlines, mobile numbers, and VOIP, and any institutions not verifying numbers against the RND are at risk of costly violations.

DNCSolution provides fully integrated access to the RND database as an optional, value-added service. The combination of DNCSolution with the RND ensures your organization will maintain compliance with all federal regulations for calling landlines, wireless, and VOIP numbers.

There is a cottage industry of known plaintiffs who look for opportunities to bring crippling class action and individual lawsuits against marketers and debt collectors. TCPA litigation abuse occurs when individuals or entities purposely engage with companies, often through communication methods covered by the TCPA with the intention of creating a basis for a lawsuit.

̲app offers a database of these known plaintiffs that marketers can scrub against to protect themselves from undue risk.

Consent Management
In our fast-changing digital landscape, global regulators are establishing consent requirements by country and state, with over 80 countries and numerous states implementing privacy laws, such as EU GDPR, Canada, Brazil, Japan, United Kingdom, California, Colorado, Connecticut, Utah, and Virginia.

̲app's Consent Management Platform, MyPreferences, tackles evolving regulations globally and locally. It offers extensive configuration options based on unique use cases, local legislation, and other factors. MyPreferences is purpose-built, providing unmatched functionality, best practices, and connectivity for consent collection throughout the customer journey. Consent data is stored centrally for easy access and distribution across the enterprise.

Consulting Services
̲app has decades of experience working with financial institutions to support their TCPA compliance efforts. By working with our consultants, your company can be confident in its compliance posture and be able to claim the safe harbor defense available under the TCPA. Our experts provide guidance in the following areas:

  • Development and implementation of a Do Not Call Policy
  • Guidance related to lead generation, express written consent, and opt-in management
  • DNC list management and suppression for National, State, and Internal Lists
  • Third-party list access and suppression for Wireless, Litigator, and RND lists
  • Dialer and texting technology configuration
  • Record keeping demonstrating compliance
  • Monitoring and enforcement of compliance
  • Caller ID and call labeling
  • Scripts and required disclosures
  • Calling times and call attempts
  • And many more

about how ̲app can assist with TCPA compliance for your FDIC-backed financial institution.

Full TCPA Compliance Solutions for FDIC-Backed Institutions

Getting started is just a click away