What About TCPA Compliance for RCS?

RCS and TCPA Compliance: US-Specific Requirements

TCPA (Telephone Consumer Protection Act) governs RCS messaging in the US. Compliance is critical.

TCPA Requirements for RCS

Prior Express Written Consent:

• Required for marketing messages
• Must be in writing (electronic signature OK)
• Must include clear disclosure that customer agrees to receive messages
• Must identify the business sending messages
• Must describe message frequency

Opt-Out Handling:

• Must honor STOP keyword requests within 10 days (best practice: 24 hours)
• Must process opt-outs across all campaigns and systems
• Must send confirmation of opt-out
• Cannot charge for opt-out

Do-Not-Call Lists:

• Must maintain internal suppression lists
• Must scrub against national DNC registry (for some message types)
• Must honor DNC requests for 5 years

Calling Time Restrictions:

• Cannot send marketing messages between 9 PM and 8 AM (recipient's local time)
• Some states have stricter rules

Acceptable Consent Methods

Web form:

• Clear disclosure: "I agree to receive marketing messages from Business via RCS at the phone number provided. Message frequency varies. Message and data rates may apply. Reply STOP to opt out."
• Unchecked checkbox (user must actively check)
• Submit button labeled appropriately

SMS keyword:

• Customer texts keyword to short code
• Receives confirmation with opt-out instructions
• Must reply to confirm (double opt-in)

Paper form:

• Signature with disclosure
• Clear identification of business
• Message frequency disclosure

In-store:

• Tablet or paper signup
• Same disclosure requirements
• Document with timestamp

Documentation Requirements

For each opt-in, document:

• Phone number
• Date and time of consent
• Method of consent (web, SMS, in-store, etc.)
• IP address (if web)
• Exact disclosure shown
• Consent record (screenshot, database record, signed form)

Retention: Minimum 4 years (some recommend 5+ years)

Opt-Out Processing

When someone opts out:

1. Add to suppression list immediately
2. Sync suppression list across all systems
3. Send confirmation: "You've been unsubscribed. Reply HELP for help."
4. Stop all marketing messages
5. Document the opt-out (timestamp, method, phone number)
6. Retain opt-out record for 5 years

Suppression list sync:

• Daily sync between RCS platform and CRM
• Real-time sync for opt-outs
• Weekly sync with email suppression
• Quarterly review and cleanup

Penalties for Non-Compliance

TCPA violations:

• $500 per unsolicited message
• $1,500 per message if willful violation
• Class action lawsuits common
• No cap on total damages

Real-world examples:

• Small business: $50K-$500K settlements
• Large enterprise: $10M-$100M+ settlements
• Class actions: Can exceed $1 billion

Best Practices

• Use double opt-in for highest compliance
• Include clear opt-out instructions in every message
• Honor opt-outs within 24 hours (not 10 days)
• Document everything
• Train team on TCPA requirements
• Audit consent records quarterly
• Work with legal counsel

Common TCPA Mistakes

• Accepting consent without proper disclosure
• Not honoring opt-outs promptly
• Missing suppression list sync
• Sending messages outside allowed hours
• Not documenting consent properly

The Bottom Line

TCPA compliance is mandatory for RCS in the US. Use proper consent mechanisms, honor opt-outs immediately, document everything, and maintain clean suppression lists.

The fines are real and substantial. Invest in compliance upfront to avoid millions in penalties later.