Texting has become the norm, not only among today’s consumers, but also for financial institutions, with thousands of financial advisors and insurance agents using text messaging to communicate with their clients. And many millions have opted in to receive SMS communications from finance and insurance companies.
While text messaging presents many advantages both for consumers and financial companies, maintaining compliance in using such medium is proving complex and challenging. To ensure compliance with relevant regulators (FINRA, SEC, MiFID II, TCPA), it is critical for financial organizations to have the proper text messaging policy in place.
A detailed and well-grounded text messaging policy is essential to maximize the full potential of SMS messaging in business. However, there is no “one size fits all “company texting policy that can be implemented across all companies. Thus, it is important that the text messaging policy should reflect both the company’s environment and the expectations of people within the business.
In the following infographic we offer several critical factors that financial companies should consider when creating a text messaging policy.
1. The Purpose of the Policy
Defining the purpose of a text messaging policy is crucial to ensuring full adherence by all relevant parties within the business. Essentially, a text messaging policy sets the standards and best practices that will provide assurance to the customers that their information is being handled properly and securely. Adherence to such policy, in return, would result to better brand perception and compliance.
2. Scope of the Policy
The policy should indicate the scope of text messages that can be sent or received by all members of the organization, and the appropriate use of the medium within the business. Employ an external compliance expert or enlist the expertise of the in-house CIO or CISO to identify the requirements set by various financial regulations that are applicable to the firm, including the use of text messaging for marketing. This aspect should cover specific requirements such as disclosure and confirming the subscribers’ opt-in, and proper acquisition of numbers for text messaging program. It may also indicate how long opt-ins should be archived, how often advisors can message their clients, what time of the day they can only send messages, and if personal text messages should be saved to a separate folder.
3. Responsibilities for Each Role
This part should specify the exact responsibilities that each role must meet when using text messaging within the business. The roles may include the executives and managers, employees and advisors, and IT personnel.
Managers are responsible for ensuring that new users of enterprise text messaging programs have completed the appropriate training first before they are permitted to start using the program. For employees, their responsibilities would most likely focus on ensuring responsible and lawful use of text messaging. IT personnel may be empowered with special responsibilities given their roles in managing the technical infrastructure of text messaging within the workplace.
4. Level of Required Consent
When communicating business-related information via text message, the advisor may require consent from the client before the conversation commences. For instance, clients who have a prior business relationship with an advisor may require a level of consent that is lower than a prospect. It is important to determine the type of consent that is required for each use cases within your business in order to avoid non-compliance risk.
5. Risk/Consequences for Violating the Policy
All the potential risks and consequences that organizations and employees might face when they violate the rules stated in the policy should be understood by all. The risks may come directly from the fines and penalties stipulated in regulations applicable to the firm, along with other penalties that the firm may decide to prescribe.
The following examples of potential risks are for illustration only and are not exhaustive of all possibilities:
- Implementing SMS text messaging services without proper planning may adversely impact upon other information services of the organization, g., reduced bandwidth and performance;
- Insufficient testing may result in systems interoperability problems and exploitation constraints;
- Not planning for training and education can lead to poor use, support and maintenance of SMS text messaging facilities that may adversely impact on client’s privacy and the reputation of the organization;
- Insufficient planning for potential SMS service disruptions may lead to missed client appointments, data losses, and ineffective recovery processes.
6. Monitoring
A text messaging policy should reserve the right of the organization to monitor employee text messages at any time. Explain that any messages employees send using company-owned devices are not private, even if the employee considers them to be personal. If the firm is monitoring regularly using a particular system – for example, a platform that flags keywords or copies every draft of a message – then it should also be disclosed in the policy. This will help deter employees from sending prohibited text messages in the first place.
At TeleMessage, we offer our Mobile Archiver that can help financial services leaders to efficiently manage data and content including enterprise SMS, emails, and web and social media content, with respect to compliance. Our compliant archiving solution is equipped with versioning, and robust governance capabilities that ensure content across all digital channels meet global regulatory requirements.
To learn more about mobile archiving solutions, visit our website today at www.telemessage.com
