TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

Ultimate TCPA Compliance Checklist & Guide for

Guides Business Messaging

TCPA Product Solutions Resources Pricing Talk to sales Sched

Compliance
Checklist &
Guide for
Business
Messaging
Aug 02, 2020 - 15
min read time

What is TCPA? Comprehensive

TCPA compliance checklist and
guide to TCPA regulations and
violations for calls and text
messages.

Jump to TCPA Compliance Checklist and

Introduction
1. What is TCPA? What Does
TCPA Stand for?
2. Guide to TCPA Customer
Communications and Consent
3. The Three Types of Consent
(Implied, Express and Express
Written)
Guide: Everything Your Business or
Organization Needs to Know
Text messages are a highly effective way to communicate with contacts and
customers. In fact, 67% of people would rather text than talk.
What many businesses and organizations may not know is how the regulation applies
to text messaging.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 1 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

4. TCPA Violations: Text messages are subject to the same regulations and restrictions as telemarketing
calls.
5. Group Text Messaging
TCPA litigation has become hot stuff since 2015, so we’re providing businesses with the
knowledge they need to stay TCPA compliant.

In This Guide You'll Learn:

1. What is TCPA? What Does TCPA Stand for?

2. TCPA Compliance Guide

3. TCPA Compliance Checklist

4. TCPA Consent Standards

5. Text Messaging Consent Standards

6. Three Types of Consent

7. TCPA Consent Exceptions

8. Calls-to-Action (CTAs)

9. Opt-in and Opt-out Requirements

10. TCPA Violations

11. CTIA SHAFT Guidelines

12. Maintaining a Do Not Contact List

Chapter 1

What is TCPA? What

Does TCPA Stand for?
What is TCPA? What Does TCPA
Stand for?

TCPA Compliance Checklist

TCPA Compliance Guide

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 2 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

What is TCPA? What Does TCPA Stand for?

TCPA stands for the telephone consumer protection act. The TCPA is a set of laws and
regulations enacted in 1991 to protect consumers’ privacy and reduce abusive
telecommunications.

The TCPA outlines various violations and offers a guide to businesses on how to contact
consumers

TCPA Compliance Checklist

• Conversational messages require implied consent.

• Information messages require express consent.

• Promotional messages require express written consent.

• Don't purchase lists of phone numbers containing contacts who haven't

opted in.

• Don't use spammy technology like shortcodes, artificial voices, or

recordings.

• When possible use a business messaging service that offers local 10DLC
messaging.

• Don't text or call a contact before 8 am or after 9 pm, local time.

• Don't text or call anyone on the National DNC Registry.

• Maintain a "Do Not Contact" list for all of your business contacts.

• List your business name, message frequency, and applicable messaging

rates when contacts opt-in.

• Provide contacts with an "opt-out" like "STOP".

• If calling, disconnect if no one answers after 15 seconds or 4 rings,

whichever comes first.

• Don't send messages pertaining to alcohol to non-age-verified numbers.

• Don't send messages with anything that's graphic, hateful, violent, or

confidential.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 3 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

• Stay aware of updates to messaging regulations.

Disclaimer: Please note that our advice is for informational purposes only. It’s not
meant to substitute for advice from qualified legal counsel.

TCPA Compliance Guide

There are several important things you and your business need to know about TCPA
compliance before sending text messages or making phone calls:

1. Get express written consent.

2. Keep messages conversational.

3. Use texting services that support local 10-digit long codes (10DLC).

4. Include clear CTAs, terms of service, and privacy policies.

5. Support "STOP" for opt-out.

6. Maintain records for opt-in and opt-out with a DNC (do not contact) list.

1. Get Express Written Consent.

There are three types of consent based on the three different types of conversations
typically had with contacts and customers.

To send automated marketing or promotional messages you need express written

consent. If you don’t have proper express written consent, then you must put contact
phone number in your DNC (Do Not Contact) list.

2. Keep Messages Conversational.

Message delivery and response rates go up when you have personalized, thoughtful
conversations. Don’t get spammy and talk like a robot - carriers, regulators, and your
contacts will appreciate it.

3. Use Texting Services that Support Local 10-Digit Long Codes (10DLC).
Older five and six-digit shortcodes are a thing of the past and many carriers like AT&T
aren’t supporting them.

These numbers and send pathways aren’t always verified and they only support one-
way mass texting.

4. Include Clear CTAs, Terms of Service, and Privacy Policies.

Every call-to-action (CTA) you use in your messages should be clear.

Include your campaign purpose, message frequency, terms and conditions, privacy
policy, and info about message and data rates.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 4 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

5. Support “STOP” For Opt-out.

The first message you send to new contacts must be an opt-in message that clearly
states how to opt-out of future communication.

6. Maintain Records for Opt-in and Opt-out with a DNC (Do Not Contact) list.
To protect yourself from liability you need to maintain up-to-date records of who has
and hasn’t opted into communication with your business

Chapter 2

Guide to TCPA Customer

Communications and
Consent
Guide to TCPA Customer
Communications and Consent

To Text Your Customers You Need 3

Things:

Conversational Text Messaging

Consent:

Informational Text Messaging

Consent:

Promotional Text Messaging

Consent:

Text Message Conversations and

Their Required Consent:

Guide to TCPA Customer Communications and Consent

Bottom line: you need consent for your business or organization to call and send text
messages. This isn’t negotiable.

If you don’t get the right level of consent at the right time for the right kind of
conversation, you could get into serious trouble with the law.

In short, unless a contact gives you prior express written consent, the TCPA, and FCC
rules ban both robocalls calls and robo-texts with artificial or prerecorded voice
and/or messages from autodialers.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 5 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

Consent varies based on the various types of conversations you have with your
customers (Conversational, Informational, Promotional, etc.) and on the nature of the
conversation (Transactional or Promotional).

Technology and automation also play an important factor. Getting the right kind of
consent depends on the content of the message and who or what sends it first.

Generally, you need three things before you start texting your customers.

To Text Your Customers You Need 3 Things:

1. General Customer Consent You need to obtain your customer’s consent to

send them conversational, informational, and transactional messages.

2. Express Written Consent To send customers automated marketing and

promotional messages you need their express written consent.

3. Any-Time Opt-Out Your customers need to be able to revoke their consent,

opt-out and stop receiving text messages from your business at any time
they choose.

Conversational Text Messaging Consent:

Conversational text messaging is a one-on-one two-way conversation between you

and your existing customers or known contacts with an existing business relationship.

If a customer texts your business first and you respond quickly with a single message,
then it is likely conversational.

As long as you respond with relevant information, then you don’t need verbal or written
permission.

This is called implied consent. It’s based on the already established relationship you
have with your customer or contact.

Informational Text Messaging Consent:

Informational messaging takes place when a contact gives your business their phone
number and asks to be contacted in the future.

Informational text messaging includes appointment reminders, welcome texts, and

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 6 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

other alerts and notifications.

These messages are all in this category because the message content fulfills your
contacts’ original request.

For informational text messaging, your customer does need to agree to receive texts
specifically for informational purposes.

This is called express permission. Contacts may grant you this permission via text opt-
in, on a form, on a website, verbally or with written permission.

Express consent may also be orally recorded for all non-commercial, informational
texts from tax-exempt nonprofits, political campaigns, and other non-commercial
entities.

Promotional Text Messaging Consent:

Promotional text messages are messages that directly promote, market, and sell your
business, product, or service. Before your business sends any promotional text
messages, you need express written consent.

Contacts may sign a form, check a box online, etc. to receive promotional text
messages. The important part is that you have this consent in writing.

If you already ask customers to sign forms or submit their contact information, then
consider adding a field to account for this level of consent.

Text Message Conversations and Their Required Consent:

First
Conversation
Consent Message Text Message Content
Type
Sender

Conversational Contact
Implied Two-way Responses to a specific,
Text or
Consent Conversation inbound customer request
Messaging Customer

Express Contact, One-way Inbound and outbound

Informational
Consent Customer Alert or Two- messages containing
Text
(Oral or or Way relevant customer
Messaging
Written) Business Conversation information

Automated, Out-bound messages that

One-way promote your business,
Promotional Express
Campaign product or service Prompts
Text Written Business
with customer to buy something,
Messaging Consent
Promotional go somewhere or take some
Offer sort of action

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 7 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

Political Text Express Political One-way Inbound Content Related

Messaging Consent Group Alert or Two- Expressly to Political Action
(Oral or Way
Written) Conversation

Nonprofit
Express One-way
Tax Exempt or Group
Consent Alert or Two- Inbound Content Expressly
Nonprofit Text Acting on
(Oral or Way Related to Organization
Messaging Their
Written) Conversation
Behalf

Note: This table gives examples of the types of text message conversations and
required consent. This does not qualify as legal advice. It isn’t a substitute for legal
advice from qualified professionals.

Chapter 3

The Three Types of

Consent (Implied,
Express and Express
Written)
Consent

Implied Consent:

Express Consent:

Express Written Consent:

TCPA Consent Exceptions

Text Message Call-to-Action (CTA)

Best Practices:

Customer Opt-in

Customer Opt-out

Texting URLs and Shortlinks with a

URL Shortener

Consent

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 8 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

At MessageDesk we have rules for importing contacts. Consent doesn’t just apply to
new contacts. It applies to all of your contacts - even the ones you import. Before you
import a list, make sure you’ve got the right form of consent from every contact.

Implied Consent:

If it’s “reasonable to believe” that you have permission to text a contact then you have
implied consent.

Think of implied consent as getting more casual or inferred permission whereas

express consent is getting formal permission.

If a contact reaches out to your business and texts you first, then it’s reasonable to
assume you have permission to text the contact back, but only specifically regarding
their message.

The same holds true for email. If a contact emails your business, and their signature
includes their phone number, then you can reasonably assume they’ve given you
permission to call them.

Meeting someone in person and getting their business card also gives you permission
to contact them by the means listed on their card.

Keep in mind that this doesn’t grant you permission to send them promotional
messages regarding your product, good or service.

However, if the contact asked specifically for that information, then you have express
consent.

Express Consent:

The TCPA doesn’t specifically define express consent. It simply states that express
consent is a written or oral agreement that clearly indicates consent to receive texts or
calls at a particular phone number. Informational text messages fall into this category.

If a contact knowingly provides your business with a phone number as part of the
normal course of business, then you have implied express consent to message them.

But this only holds if the content of the message you send the contact relates to the
original reason they gave your business their number.

If a contact gave you their number and they expect to receive a confirmation of their
appointment or receive pertinent information regarding their account, then your
business has the right to contact them via implied express consent.

If you have a prior established business relationship with a contact, then in most
cases you also have prior express consent.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 9 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

Express Written Consent:

This is written, recorded permission that a contact gives your business either on paper
or electronically. Your business will need express written consent from a contact if you
plan on contacting them regarding anything that’s promotional.

If the intent of your message is to sell or market your goods, product, or service, you
need express written consent.

The thing to remember is that express written consent isn’t implied or assumed. You
risk violating the TCPA until you’ve got written proof that they agree to receive texts for
promotional purposes.

In this case, “written consent” doesn’t have to mean written by hand. You just need a
record of it.

Digital agreements work great for express written consent since the FCC expanded the
definition to include web forms, written verbal agreements, or opt-in via text message
keyword.

Finally, don’t bury written consent in a long web form full written in legalese. The
recipient should clearly understand the terms of opting-in.

TCPA Consent Exceptions

Prior Established Business Relationships (EBR)

Texting or talking with an existing customer mean your business has a prior established
business relationship.

If a contact asked for information regarding your business within the past 3 months or
they’ve made a purchase or transaction with your business in the past 18 months, you
have an established business relationship with that contact.

An established business relationship with a contact gives your business prior express
consent to call or text with them.

Tax-Exempt Nonprofits

Tax-exempt Nonprofits are non-commercial. They don’t sell goods or services. As long
as their communications with contacts remain non-commercial, they can operate
under the assumption of express consent to call and text contacts.

Health Care

Health care messages sent on behalf of someone covered under a healthcare plan as
defined by the HIPAA Privacy Rules are exempt from normal TCPA consent standards.

Emergency Purposes

Calls and text messages for emergency purposes are for obvious reasons exempt from

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 10 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

normal TCPA consent standards.

Text Message Calls-to-Action (CTAs)

A “Call-to-Action” or CTA is a link or button you include in your text message asking
your customer to do something.

This could be an opt-in or opt-out to a text message campaign, a link to a website or

web property, a link to a calendar, a link to go pay their open invoices, and more.

The purpose of a CTA is to tell your customer what’s going on and to direct them.

Specifically, an opt-in CTA ensures that your customer agrees to receive a text
message and that they understand the terms and conditions associated with your text
message policy.

No matter what, every CTA you use in your text messages needs to be clear. It should
indicate to the customer what will happen if they click through.

Calls-to-Action and other text messages coming from your company shouldn’t contain
deceptive language. Don’t obscure opt-in and opt-out details in your terms and
conditions.

Text Message Call-to-Action (CTA) Best Practices:

1. Explain what your product or service is. Contacts need to know what
they’re signing up for. Are they getting information or promotional offers?
Specify what you’re offering so there aren’t any surprises regarding
consent.

2. Show the telephone number(s) or short code(s) your messages come from
If you use a 10-digit long code, this can inform your contact where you’re
sending messages from.

3. Identify the name of your business, organization, or firm. Your contact

should know exactly who or what is sending them a message.

4. Clarify how to opt-in and out of communications. It should be clear to your

contact that they can opt-out by texting a keyword like “STOP”.

5. Note the frequency of messages they’ll receive. Including the approximate

number of messages, the customer should expect to receive is a best
practice. It sets expectations and prevents against complaints.

6. Be transparent about fees or charges that result from messaging your

business. Despite the popularity of unlimited texting, some users may have
to pay a small fee to receive text messages. Your business needs to inform
them of these potential charges.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 11 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

7. List any other applicable terms and conditions like contact information and
privacy policies.

Customer Opt-in

Business text messaging apps like MessageDesk already support the opt-in
mechanisms you need to stay compliant with the TCPA.
Messaging platforms like MessageDesk only allow you to send promotional texts after
your contacts have opted-in to receive them.

Having the right opt-in procedures limits liability by reducing the chance that a contact
receives an unwanted message. It also helps prevent messages from being sent to a
phone number that doesn’t belong to the contact who provided that phone number.

How Contacts Can Opt-in to Your Text Messages:

• Enter their telephone number and agree to the terms of service on your
website.

• Respond or send a keyword as a message from their mobile device.

• Start a text message conversation with your business.

• Sign up at a point-of-sale (POS) or other text message sender at your

business.

• Saying “yes” and opting-in via interactive voice response (IVR) technology.

Customer Opt-out

You need to offer your contacts the choice to opt-out of communications with your
business at any time. This message should state how and what words will opt a contact
out of communication.

Most every business text messaging platform uses the word “STOP” to opt contacts out.
The wording for all opt-out instructions needs to be unambiguous and support normal
language and variances like, stop, end, unsubscribe, cancel, quit, “please opt me out”,
etc.

Contact Opt-out Best Practices:

• Contacts should be able to opt-out of your messages at any time.

• Opt-out via phone call, email, or text should be available.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 12 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

• A contact’s opt-out request should generate one final opt-out confirmation

message per campaign and notify the contact that they’ve successfully
opted-out.

• Don’t send any messages after the opt-out confirmation message.

Texting URLs and Shortlinks with a URL Shortener

Links are an inherent part of how businesses communicate with contacts and
customers.

They’re great for when you want to ask a customer for a review, collect an open
invoice, schedule an appointment, or provide customer service.

However, texting a whole bunch of short links to large groups of people may prompt
some red flags at the carrier or message provider level.

Shortened URLs like http://bit.ly/2aBiTav are a strong indicator to text message

providers that the link may be spammy.

With long URLs like https://mesagedesk.com, contacts know exactly where the link will
take them. With shortened links, a contact may not know where it’s sending them.

We don’t recommend sending shortened URLs to large groups of people. However,

using shortened URLs for individual messages, like invoice collection, is ok.

Bitly and Google’s Firebase Dynamic Links are great tools for shortening URLs and
creating shortlinks.

All invoice reminder text messages sent from MessageDesk populate automatically as
shortlinks.

Chapter 4

TCPA Violations:
TCPA Violations:

1. Sending Unsolicited Texts or

Making Unsolicited Calls to
Residential Phone Numbers

2. Not Gaining the Proper Consent

3. Not Allowing Contacts to Opt-out

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 13 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

4. Calling People Listed on the

National Do Not Call Registry

Things Your Business Can’t Text –

SHAFT

TCPA Violations:

Damages associated with TCPA violations range from $500 to $1,500 per violation.
Since 2015, it’s not uncommon to see federal courts award tens of millions of dollars
through class action settlements for TCPA violations.

In short, sending any unwanted texts or phone calls using a dialing system to your
contacts’ cell phone is a TCPA violation.

If your business doesn't have the right level of consent to send the right kind of
message, then you’re violating the TCPA. Below is a list of TCPA violations.

1. Sending Unsolicited Texts or Making Unsolicited Calls to Residential

Phone Numbers

For your business to call residential numbers, you need an “established business
relationship” (EBR).

If you haven’t done business with the contact in the last 3-18 months, then you don’t
have an established business relationship.

This makes texting and calling via automated campaigns where that contact hasn’t
opted-in a TCPA violation.

2. Not Gaining the Proper Consent

Based on the content of your message, you will need prior implied, express or express
written consent before your business calls or texts a contact. If a contact has not opted
in and consented to messaging you are in violation of the TCPA.

3. Not Allowing Contacts to Opt-out

If you have received consent to message a contact, you still need a means for them to
opt-out of all future messaging from your company. Most business messaging
providers already have “STOP” keywords in place.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 14 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

4. Calling People Listed on the National Do Not Call Registry

It’s illegal for your business to text or call anyone who has opted-out of
communications, especially those registering on the federal Do Not Call Registry.

Things Your Business Can’t Text – SHAFT

Business communications are a regulated channel. Obviously, various types of content

come with additional restrictions.

In an effort to keep the messaging experience positive for everyone across all networks
the CTIA (an association of mobile carriers and industry advocates) has put forth
guidelines regarding sex, hate, alcohol, firearms, and tobacco (SHAFT).

The alcohol and legal cannabis/marijuana industries are of particular concern with
SHAFT.

If your business provides either of these goods or services you still need to comply with
SHAFT standards.

In most cases, this means having robust age-gates and normal opt-in and opt-out
capabilities.

CTIA SHAFT Guidelines:

• Content regarding controlled substances and adult content must be age-

gated.

• You can’t disperse content with depictions or endorsements of violence or

hate.

• Don’t send messages containing profanity or hate speech.

• Endorsements of illegal drugs are forbidden.

Chapter 5

Group Text Messaging

Group Text Messaging

Maintaining a DNC (Do Not Contact)

List

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 15 of 17
TCPA Compliance Checklist & Guide for Business Messaging 12/29/21, 1:45 PM

Group Text Messaging

Depending on the type of business text messaging service your business uses, group
messaging might be possible. If you can send group text messages using your provider,
keep in mind the following recommendations:

• Make sure the service has strong anti-abuse controls and mechanisms in
place to accommodate sending many messages - most do.

• Check that the service specifically gives group members the ability to opt-
out of the group at any time.

• Finally, make sure the messaging service has features that prevent
contacts from getting caught in recursive or cyclical group messages that
involve more than one group. Opting a contact out of one group may not
opt them out of the other and so on.

Maintaining a DNC (Do Not Contact) List

It’s important that your business knows who they can and can’t call and text. To keep
the record straight, you need a DNC or “Do Not Contact” list.

Many business text messaging apps have systems in place to help you keep track of
this.

Documenting and saving opt-in and opt-out records with your messaging permissions
helps if you’re ever faced with a complaint.

https://messagedesk.com/resources/guides/tcpa-compliance/ Page 16 of 17
TCPA Compliance Checklist & Guide for Business Messaging
MESSAGING SOLUTIONS
List Growth & Forms
Scheduling & Appointments
Reviews, Polls & Surveys
Text-to-Donate
Text-to-Pay
Support & Service
Marketing & Sales
RESOURCES
Blog
Guides
Customer Stories
Webinars & Videos
Learning Center
Integrations
Powered by MessageDesk Terms Privacy
© 2021
https://messagedesk.com/resources/guides/tcpa-compliance/
MESSAGING FEATURES
One-on-One & Team
Messaging
Group Text Without Reply All
Automated Text Messages
Website Contact Forms
TOOLS
Free Message Templates
Pricing Calculator
Competitor Comparison
Google Review Link
Generator
Use
Agreement
12/29/21, 1:45 PM
MESSAGING MADE FOR YOU MESSAGING BY
ORGANIZATION SIZE
Service & Trade-Based
Businesses Solo Owner-Operators &
Independent Contractors
Medical, Dental & Clinical
Offices Office Staff, Teams &
Multiple Locations
HR Departments & Staffing
Agencies Workplaces & Enterprises
Law Offices, CPAs &
Bookkeeping Firms
Nonprofits & Charitable
Organizations
ABOUT MESSAGEDESK CONNECT WITH US
Product Overview Create a free account
About Request a demo
Team Talk to sales
RCS Strategic Partnership Support
Contact
Roadmap
Page 17 of 17