A single non-compliant SMS sent to a DND-registered number, or a commercial message sent without a valid TCPA / FCC-registered template and sender ID, is a regulatory event — not a campaign metric failure. The Telephone Consumer Protection Act (TCPA), FCC rules, and CTIA messaging guidelines govern every promotional and transactional SMS a bank sends to a borrower. Violations produce regulatory complaints, TCPA / FCC enforcement notices, and in aggregate, the kind of Ombudsman and telecom regulator attention that no institution wants. The Email & SMS Campaign Agent AI runs a compliance gate on every outgoing message — not as a post-campaign audit, but as a real-time pre-send check that prevents non-compliant messages from being sent at all.
The TCPA / FCC regulatory framework: what it governs and what it requires
TCPA and FCC rules, together with CTIA messaging guidelines and carrier 10DLC registration requirements, require that every commercial SMS sent in the US meets four conditions simultaneously. First, the sending entity must use TCPA-compliant short codes, toll-free numbers, or 10DLC-registered long codes registered with mobile carriers. Second, every message must comply with carrier-approved template and content rules — non-compliant messages are blocked at the carrier level. Third, the sender ID must match the registered entity and message category (transactional or promotional). Fourth, promotional messages may not be sent to numbers on the National Do Not Call Registry without prior express written consent, and must honour opt-out requests immediately.
Transactional messages — messages that are sent in response to a specific customer action or that contain legally required disclosures — are exempt from DND restrictions and can be sent to all recipients. But the classification of a message as transactional or promotional is regulated, not self-declared. A message that includes an offer or a CTA to a product the borrower did not initiate is promotional, regardless of how the institution labels it internally.
"A message that the institution labels 'transactional' but that contains a promotional offer is a promotional message under TCPA / FCC regulation — and will be treated as one by carriers and regulators."
The pre-send compliance gate: 12 checks on every message
TCPA / FCC Compliance Gate — Pre-Send Audit · T11 (ACH Bounce) · Shanthi Devi · Nov 5, 2025
12 compliance checks · All pass required · Message type: Transactional · Sender ID: IBFINC
12Checks total
12Passed
0Failed
ClearedSend approved
Group 1 — Sender and entity registration (checks 1–3)
✅Check 1: Sender entity registered on carrier 10DLC / toll-free platformEntity ID: FIN-2021-XXXXXXXXXX · Active registration · No pending compliance actions · Verified against carrier registry Nov 5, 2025 ✓
✅Check 2: Sender ID (header) carrier-registered and matches message categorySender ID "IBFINC" is registered as Transactional-Financial · T11 is classified Transactional · Header-category match confirmed ✓
✅Check 3: Message template carrier-approved — template ID matchedTemplate ID: TXN-ACH-BOUNCE-001 · Carrier-approved · Variables: [Name], [Amount], [ACH / Zelle-link] · Template match verified · Operator will not block ✓
Group 2 — Recipient consent and DND status (checks 4–7)
✅Check 4: DND status verified for this mobile number (NCPR lookup)Shanthi Devi · +91-9XXXXXXXXXX · NCPR status: Not registered in DND · No preference restrictions applicable for Transactional category ✓
✅Check 5: CCPA / state privacy laws consent recorded — borrower has consented to transactional communicationsConsent record ID: CST-2024-XXXX · Scope: Transactional (loan account notifications) · Date: Aug 2024 (at loan origination) · Not expired · CCPA / state privacy-compliant ✓
✅Check 6: Promotional consent verified if message category is promotionalT11 is Transactional — promotional consent check not required · If message were promotional: borrower has SC category opt-in on NCPR ✓ (noted for cross-sell sends)
✅Check 7: Opt-out history checked — has borrower previously unsubscribed from this message categoryNo unsubscribe record for Transactional category · If unsubscribed: Transactional messages are not suppressible under TCPA / FCC (they are legally required communications) · Noted ✓
Group 3 — Message content classification (checks 8–10)
✅Check 8: Message content matches declared category (Transactional vs Promotional)Content scan: message contains bounce notification, monthly payment amount, retry schedule, ACH / Zelle link for same loan. No new product offer. No rate quote for new product. Classification: Transactional confirmed ✓
✅Check 9: Message does not contain prohibited content (TCPA / FCC and Fed / OCC FPC)Content scan: no threatening language · No third-party contact instruction · No inaccurate legal representation · No collection outside permitted context · FPC-clean ✓
✅Check 10: Message length within channel limits (SMS: 160 chars per segment)Message length: 148 characters (within single-segment limit) · No multi-part SMS required · Operator delivery probability: high ✓
Group 4 — Timing and frequency compliance (checks 11–12)
✅Check 11: Send time within permitted hours — TCPA / FCC: no promotional SMS before 9 AM or after 9 PMSend time: 14:36 (2:36 PM) · Within 09:00–21:00 window · Transactional messages have no time restriction but good practice applied ✓
✅Check 12: Message frequency within policy — no more than 3 promotional messages per borrower per day across all campaignsShanthi Devi promotional messages today: 0 · Transactional messages today: 1 (this will be 2) · No frequency cap breach · Message cleared ✓
The consent management workflow: from loan origination to every subsequent message
Loan origination · Consent collection
Explicit, granular consent collected at loan origination — separate consent for transactional and promotional
At loan origination, the borrower signs a loan agreement that includes a CCPA / state privacy laws-compliant consent notice. The consent is granular: separate consent is collected for transactional communications (loan account updates, monthly payment notifications, regulatory disclosures — required for the loan to function), and for promotional communications (product offers, cross-sell, marketing). Consent is stored in the consent management system with a timestamp, the consent version (the exact text the borrower agreed to), and the channel scope (SMS, email, WhatsApp). Consent for transactional communications is mandatory for loan disbursement. Promotional consent is optional and clearly marked as such.
→ Transactional consent: mandatory at origination · Promotional consent: optional · Both recorded with version and timestamp · CCPA / state privacy-compliant
Every send · Pre-send consent check
Consent is verified at send time — not at campaign creation time
Consent can change between campaign creation and message send. A borrower who was eligible for promotional messages at the time the campaign was built may have opted out in the intervening period. The Email & SMS Campaign AI checks consent status at the moment of send — not at the moment the campaign was configured. If consent has been withdrawn, the message is suppressed automatically regardless of what the campaign configuration says. This real-time consent check is the most important compliance gate — it prevents the scenario where a campaign built legitimately sends a non-compliant message to a borrower whose consent lapsed.
→ Consent verified at send time, not campaign build time · Withdrawal respected immediately · No override without compliance officer authorisation
Opt-out handling · Any channel
Opt-out from any channel immediately updates all channels — no silo
A borrower who replies STOP to an SMS is immediately opted out of promotional SMS. But the Email & SMS Campaign AI also cross-updates: if the borrower has opted out of promotional SMS, the opt-out is applied to promotional email and WhatsApp as well — unless the borrower has separately consented to those channels. The same logic applies in reverse: an email unsubscribe updates the SMS and WhatsApp promotional consent. Opt-outs are honoured within 24 hours per TCPA / FCC regulation; the Email & SMS Campaign AI applies them within 60 seconds.
→ Opt-out from any channel: cross-channel update within 60 seconds · TCPA / FCC requires 24 hours · Zero promotional messages after opt-out
Annual consent refresh · CCPA / state privacy laws requirement
Promotional consent refreshed annually — T34 trigger fires automatically at 12-month mark
The CCPA / state privacy laws requires that consent be kept current and relevant. The Email & SMS Campaign AI tracks the date of each borrower's promotional consent and fires T34 (consent update required) at the 12-month mark — a clear, non-manipulative consent renewal request that explains what data is used for what purpose and gives the borrower an easy mechanism to update their preferences. Borrowers who do not renew promotional consent are moved to transactional-only communication. No promotional messages are sent to lapsed promotional consent until renewal.
→ T34 fires at 12-month consent anniversary · Clear renewal request · Non-manipulative · Lapsed consent: transactional-only until renewed
12Pre-send compliance checks — sender registration, template registration, DND status, privacy-law consent, content classification, timing, frequency
60 secOpt-out applied across all channels — TCPA / FCC requires 24 hours · Email & SMS AI applies within 60 seconds · No promotional message after opt-out
Send-timeConsent verified at send time — not campaign build time · Prevents lapsed-consent sends when consent changes between campaign creation and dispatch
24 monthsCompliance audit trail maintained — every send logged with check results · Regulatory inquiry produces complete send record within minutes
A compliance gate is not a speed bump — it is the mechanism that keeps the institution's communication programme legal
Every one of the 18,841 messages fired by the Email & SMS Campaign AI in the first 14 days of November passed 12 compliance checks before it was sent. The 12 checks add approximately 200 milliseconds to each send — an overhead that is invisible to the borrower and prevents the message from becoming a TCPA / FCC violation, an Ombudsman complaint, or a regulatory notice. An institution that does not run these checks is not running a faster campaign — it is running an unchecked one. When the TCPA / FCC enquiry arrives, or when the Ombudsman asks for evidence that opt-out instructions were followed, the audit trail produced by the compliance gate is the only document that proves the institution operated lawfully. The Email & SMS Campaign Agent AI's compliance gate is not a constraint on campaign velocity — it is the infrastructure that makes the campaign programme sustainable at scale, without legal risk accumulating behind every send.
