TCPA Examination Procedures Revised: How Banks Can Mitigate Compliance Risk

On November 1, 2023, the Office of the Comptroller of the Currency, or the OCC, which regulates national banks in the United States published revisions to the interagency examination procedures and rescissions for the Telephone Consumer Protection Act (TCPA). The revised interagency examination procedures address:

• Provisions governing how customers can revoke consent under the TCPA
• Special exemptions from the customer consent provisions of the TCPA for banks using automated communications to notify customers of potential account fraud
• Safe harbors for callers that check a reassigned number database maintained by the Federal Communications Commission

The OCC sent this bulletin out to all CEOs of National Banks and Federal Savings Associations. Pursuant to section 8 of the Federal Deposit Insurance Act, or the FDIC, the Board of Governors of the Federal Reserve System, and the OCC have authority to enforce compliance with any laws or regulations in connection with its regulated banks. This section 8 authority allows the agencies to impose cease-and-desist orders, restitution, and/or civil monetary penalties when they discover violations of the TCPA.

Exemptions for Financial Institutions

A person or entity will not be liable for making any telephone call using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice; to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call and all of the following conditions are met:

Voice calls and text messages:

• Must be sent only to the wireless telephone number provided by the customer of the financial institution
• Must state the name and contact information of the financial institution (for voice calls, these disclosures must be made at the beginning of the call)
• Are strictly limited to those for the following purposes: transactions and events that suggest a risk of fraud or identity theft; possible breaches of the security of customers’ personal information; steps consumers can take to prevent or remedy harm caused by data security breaches; and actions needed to arrange for receipt of pending money transfers
• Must not include any telemarketing, cross-marketing, solicitation, debt collection, or advertising content
• Must be concise, generally one minute or less in length for voice calls (unless more time is needed to obtain customer responses or answer customer questions) or 160 characters or less in length for text messages

Other Requirements

The bulletin also mentions that the above exemption is only applicable to financial institutions that do not initiate more than three messages (whether by voice call or text message) per event over a three-day period for an affected account and they must offer recipients within each message an easy means to opt out of future messages. Voice calls that could be answered by a live person must include an automated, interactive voice- and/or key press-activated opt-out mechanism that enables the caller to make an opt-out request prior to terminating the call.

Voicemails left on answering machines that use prerecorded messages must include a toll-free number that the consumer can call to opt out of future calls and text messages must inform recipients of the ability to opt out by replying “STOP,” and banks should honor these opt-out requests immediately.

Additionally, the bulletin addresses OCC examiners’ objectives and procedures regarding handling TCPA enforcements.

Takeaways

Banks should reevaluate and reassess their compliance with TCPA requirements as the risk is heightened with more agencies issuing these enforcement actions in order to avoid statutory fines of up to $1,500 per violative call/text. CompliancePoint can help your organization execute its marketing campaigns in a manner that is compliant with all elements of the TCPA, TSR, Do Not Call laws, and state telemarketing laws. Contact us at connect@compliancepoint.com to learn more.