SMS Marketing
RGM° · Training
TCPA and Compliance Fundamentals
Mandatory; $500-$1,500 per violation. TCPA basics, consent, disclosure, opt-out, penalties, international.
Why TCPA
TCPA (Telephone Consumer Protection Act) penalties are $500–$1,500 per violating message. Class action lawsuits common. Non-compliance can produce 7-figure liability for high-volume senders. Compliance is mandatory.
TCPA basics
- 1991 law expanded for SMS / mobile.
- Express written consent required for marketing SMS.
- Opt-out must be honored within 10 business days.
- Time-of-day restrictions (8am–9pm recipient time zone).
- State variations (Florida, Washington have specific rules).
Consent
- Express written consent (clear, conspicuous).
- Specific to marketing SMS (not general "agree to TOS").
- Consumer identifies brand.
- Date of consent documented.
- Records retained.
- Double opt-in recommended for safety.
- Consent for transactional vs marketing different.
Disclosure
- Brand identified in every message.
- Message frequency stated.
- Carrier fees disclaimed ("Msg&data rates may apply").
- Opt-out method in every message ("Reply STOP to opt out").
- Help message accessible ("Reply HELP").
Opt-out
- STOP, UNSUBSCRIBE, CANCEL, END, QUIT honored.
- Confirmation message acceptable.
- 10 business days max to comply.
- Opt-out applies across all marketing programs.
- Documentation of opt-outs retained.
Penalties
- $500 per violation (negligent).
- $1,500 per violation (willful).
- Class action lawsuits common.
- Settlements regularly multi-million.
- State penalties additional.
- Reputational damage.
International
- EU GDPR for marketing SMS.
- UK PECR.
- Canada CASL.
- Australia Spam Act.
- Country-specific consent rules.
- Localized disclosure language.
Advanced
- Express written consent on every signup path.
- Records retention (5+ years).
- Opt-out automation within 10 days.
- Time-of-day restrictions by time zone.
- Legal review of consent flows.
- State-specific compliance.
- International market compliance.
- Annual TCPA audit.
- Incident response plan.
- Cross-functional ownership (legal + marketing + ops).
Mistakes
- General TOS consent treated as express written consent.
- Opt-out automation broken.
- Time-of-day restrictions ignored.
- State variations not addressed.
- International compliance gaps.
- Records retention insufficient.
- Legal review skipped.
- Annual audit absent.
- Incident response plan missing.
- Cross-functional ownership unclear.
Checklist
- Express written consent on every signup
- Records retention 5+ years
- Opt-out automation within 10 days
- Time-of-day restrictions
- Legal review of consent flows
- State-specific compliance
- International compliance
- Annual TCPA audit
- Incident response plan
- Cross-functional ownership
Sources and further reading
- TCPA (47 USC 227) regulatory text
- FCC TCPA guidance
- GDPR / CASL / PECR international compliance
- Klaviyo TCPA documentation
- Attentive TCPA documentation
- Postscript TCPA documentation
- RGM Marketing Operations compliance module
- MMA SMS guidelines
- TCPA Today legal blog
- TCPA Defense Force
- Marketing Brew SMS compliance coverage
- Twilio TCPA resources
Part of the SMS Marketing series.