On July 10, 2015, the Federal Communications Commission (FCC) released a 105 page omnibus declaratory ruling and order (“Order”) under the Telephone Consumer Protection Act (“TCPA”) that, among other things, permits banks and other financial institutions to call consumers on their wireless telephones using autodialer equipment and pre-recorded messages (“robocalls”) and also send texts without prior written consent in certain limited circumstances. See Paragraphs 127-139 of the Order. The Order was effective upon its release.
In general, banks, retailers, and others must obtain a consumer’s prior written consent to receive autodialed or prerecorded voice telemarketing calls (including texts) to wireless numbers. The American Bankers Association petitioned the FCC for an exception to this requirement in four cases where the bank already has possession of the consumer’s wireless number:
- where transactions or events suggest a risk of fraud/identity theft (e.g., the credit card number of a New York resident appears to be used in a purchase of electronics in Chicago);
- where there appears to be a potential breach of security of the customer’s personal information (e.g., retailer X may have been breached and your card number was apparently affected);
- where the bank wants to convey steps consumers can take to prevent or remedy harm in the event of a security breach; and/or
- where the consumer is awaiting receipt of a pending money transfer.
The FCC described the first three categories of notices as “intended to address exigent circumstances in which a quick, timely communication with a consumer could prevent considerable consumer harms from occurring or, in the case of the remediation calls, could help quickly mitigate the extent of harm that will occur.” With respect to money transfers, the FCC found that they “can be especially time-sensitive in emergency situations where consumers may need immediate notification that they have received money from another party.”
The FCC granted all four exemptions, subject to some very strict conditions:
1) voice calls and text messages must be sent, if at all, only to the wireless telephone number provided by the customer of the financial institution;
2) voice calls and text messages must state the name and contact information of the financial institution (for voice calls, these disclosures must be made at the beginning of the call);
3) voice calls and text messages are strictly limited to purposes described in the [four categories above] and must not include any telemarketing, cross-marketing, solicitation, debt collection, or advertising content;
4) voice calls and text messages must be concise, generally one minute or less in length for voice calls (unless more time is needed to obtain customer responses or answer customer questions) and 160 characters or less in length for text messages;
5) a financial institution may initiate no more than three messages (whether by voice call or text message) per event over a three-day period for an affected account;
6) a financial institution must offer recipients within each message an easy means to opt out of future such messages:
- voice calls that could be answered by a live person must include an automated, interactive voice and/or key press-activated opt-out mechanism that enables the call recipient to make an opt-out request prior to terminating the call,
- voice calls that could answered by an answering machine or voice mail service must include a toll-free number that the consumer can call to opt out of future calls,
- text messages must inform recipients of the ability to opt out by replying “STOP,” which will be the exclusive means by which consumers may opt out of such messages; and,
7) a financial institution must honor opt-out requests immediately.
Perhaps most importantly, the FCC extended the exemptions only to robocalls and texts that “are not charged to the recipient, including not being counted against any plan limits that apply to the recipient (e.g., number of voice minutes, number of text messages).”
In complying with the limitation on three calls over three days per event per account, the FCC provided a few clarifications:
- The content of the three messages over a three-day period will be different
- If a customer has more than one affected account at one financial institution, the total number of exempted calls is limited to three calls per event per affected account, not three calls total per three-day period
- If the account is not affected by a data security breach or identity theft alert, then there are no exemptions and the bank may not use that account for additional calls
- Any messages beyond the three calls per event per account over a three-day period requires prior written the consent of the customer.”
Financial institutions will want to review promptly their procedures for compliance with the Order. The FCC enforces the TCPA, but a consumer has a private right of action against a company that violates the law and can recover the greater of $500 or actual monetary loss for each violation, with the possibility of treble damages for each willful or knowing violation.