SMS Compliance: A Complete Guide for Financial Firms

New regs could require family offices to register as investment advisors
April 28, 2021
FINRA Requests Information from Member Firms Related to the Sale of Complex Products by May 9, 2022
March 22, 2022
Show all

SMS Compliance: A Complete Guide for Financial Firms

Patrina Corporation SMS Compliant Archiving

SMS compliance has become a challenge in the financial industry. This is because Text messaging has gained popularity over the years as a necessary tool for business communication.

Most financial firms prohibit employees from conducting business via text because of the inherent risk associated with it. Supervising and recording text messages can be difficult, and their inability to do so increases their exposure to compliance risk.

Nonetheless, prohibiting the use of text messaging in this global economy puts such firms at a disadvantage, as clients are more willing to communicate quickly via SMS than any other platform.

In addition, prohibiting your employees from not using SMS doesn’t reduce your risk. It might increase your SMS compliance risk instead, as employees may be doing so secretly making it more difficult to supervise and record.

In this guide, we will be explaining:

Understanding SMS Compliance: Why Financial Firms Should Care

Did you know that the average response time for an SMS is 90 seconds?

And that 64% of customers think businesses should contact them often via SMS?

This is because communicating via text messaging is easy, and convenient.


The average resposne time for an SMS is 90 seconds


However, this convenience comes at a cost for businesses using text messaging – exposure to compliance risks.

When it comes to SMS compliance, federal laws and regulations prohibit sending messages to consumers or customers without their consent.

These laws such as the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act were enacted to protect consumers from receiving unsolicited and spammy commercials.

These regulations are more targeted towards businesses that use SMS as a marketing channel.

Some financial firms might allow advisors to use SMS for marketing. Others might not, but rather use text messaging for enhancing the flow of business communications.

Whatever is the case, SMS compliance is still crucial. Because for financial firms, you don’t only have the FCC to combat with when it comes to text messaging, but also the big dogs – FINRA and SEC.

Both Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have specific rules that mandate firms to manage and supervise text messaging when it is being used for business-related interactions.

Most compliance departments in the financial firms are still negligent with SMS compliance, and this can expose those firms to regulatory, legal, and business reputation risk.

Want to see how Patrina Archive + MyRepChat can keep your text messages compliant?

Impacts Of Non-Compliant Text Messaging

Exposure to Regulatory Risk

Non-compliant messaging can expose firms to regulatory risk. FINRA and the SEC require firms to supervise and archive electronic communications used for business purposes.

In light of emerging communication and technology, FINRA in 2017 introduced Regulatory Notice 17-18. This notice provided further guidance to member firms on how they can manage social media and text message communications.

In addition, the SEA Rules 17a-3 and 17a-4 alongside FINRA’s rule 4511 require that firms that need to communicate with social media or text message or permit their associates to communicate via those channels must ensure that they can retain such communications.

You can see why negligence on a firm’s part to retain such communications increases their risk.


Exposure to Legal Risk

In the event of a litigation or e-discovery event, text messages can be requested by the court. Failure to provide such at that time may expose a firm to legal consequences for failure to produce relevant data or data spoliation.

Inasmuch text messages unlike other digital communications such as email have been difficult to supervise and archive, in light of many 3rd party platforms, firms must take advantage of such to reduce their compliance risk.


Business-Reputation Risk

Non-compliant text messaging can put your business reputation at risk.

Reputational risk refers to the loss resulting from damages to the firm’s reputation. This could be in terms of loss in revenue, regulatory cost, increased operating cost, or damage to shareholder value.

Whether you are found guilty or not of non-compliance is not the issue at hand. The mere fact that a firm has been involved in such circumstances may reduce the level of corporate trust and respect a firm has in its community.


Fines and Suspensions

As a penalty for non-compliance, firms can be fined, and individuals involved can be suspended for a month or more.

There are numerous cases of firms and individuals that have been fined by FINRA for non-compliant text messaging.

Some cases are related to advisors going against their firm’s policy of not using text messages.

This is why we recommend that instead of having a policy against the use of text messages, which leaves employees under the shadows to do so, have a policy that encourages text messages and use the platforms at your disposal to archive and retain your messages.

Other cases have been related to firms having a text messaging policy in place but failed to retain such communications.


Finra fines non-compliant text-messaging

Taking Steps to Reduce The Risk

For financial firms to reduce the risk associated with text messaging, having a policy that encourages text messaging, and taking proactive measures to archive those messages amongst others are the most crucial.

We have outlined 4 steps that you can take to manage risk.


Develop a text message policy guide

Don’t leave anything to assumptions. Let your policy communicate all your intentions about the use of text messages and the extent to which you permit advisors to use text messages in business communications.

  • Develop your policy around your company values
  • Communicate the extent to which employees can communicate via text. What and what information they can or cannot reveal.
  • Determine the type of devices advisors can use. Their device? Your firms’ device?
  • What type of data will be archived, and how will communication be archived? If advisors will need to enable a specific technology on their phone to archive text messages, communicate it in your policy
  • Include the need to obtain and record consent from clients.
  • Encourage and help advisors to make a clear distinction between personal and business communications, so personal communications are not archived alongside.
  • Provide principles and templates for appropriate text responses.
  • Include and explain the consequences of violating the policy.



Determine your firm’s device ownership scenario

Who has control over the device used for text messaging? Your firm? Employees? It’s important to determine this from the onset.

There are 3 categories of device ownership.

  • Bring Your Own Device (BYOD)
  • Choose Your Own Device (CYOD)
  • Company Owned Personally Enabled (COPE)

Each type has its advantages and shortcomings. Therefore it’s at your discretion to identify which type is most suitable for your firm.  Keep in mind that they can be combined.

Bring Your Own Device (BYOD)

This allows advisors to use their personally owned devices in the workplace to conduct business, including using them to access the firms’ privileged information and applications.

BYOD is becoming very popular, as it offers a great deal of flexibility.

The major drawback of BYOD is security concerns. Managing and supervising sensitive company information poses a challenge. However, you can mitigate this by using text messaging capture technology that can be enabled on their personal devices.

Company Owned Personally Enabled (COPE)

For COPE, the firm provides an employee with a device for text messaging. Although the employee can also use this device for personal matters, the firm has total control over the management and supervision of data and the device.

This type of policy is usually adopted by big firms that require more control and supervision over complex compliance, security, and legal requirements.

Choose Your Own Device (CYOD)

This type is more of a hybrid of BYOD and COPE. A firm provides a set of predetermined devices that employees can choose from for business communications.

By offering a limited selection of devices, firms can manage and supervise applications that can be installed and as such data from business communications.



Determine if your firm needs a Mobile Device Management (MDM) Solution

Also known as Enterprise Mobile Management (EMM), MDM is security software used to manage and supervise mobile devices that have access to critical business information.

An MDM can be used with a BYOD, CYOD, or COPE model, and across multiple carriers and operating systems.

MDM is highly effective when it comes to enforcing your policy. Depending on how it’s configured, you can prevent employees from accessing or using certain functionalities.

Despite its efficiency and attractiveness though, it’s a complex technology that must be managed accurately.

If you’re considering using MDM, look for one that can be integrated into your comprehensive archiving solution, so you can archive your text messages alongside other communications from email, social media, and other data.

Patrina’s comprehensive archiving systems can easily integrate with your MDM.


Supervise, Monitor and Archive Text Messages Data

To supervise, monitor, and archive data easily, you need a comprehensive archiving solution that allows you to retain text messages alongside other data.

This way, you’ll be able to track communications across different platforms. A communication might begin with social media, get to email, and is concluded with text messages.

Retaining business communications in one place ensures that data can easily be retrieved when needed.

Whether you are employing the BYOD, CYOD, or COPE model, Patrina’s comprehensive archiving solution can easily retain and retrieve your communications keeping you complaint-ready at all times.

Want to see how Patrina Archive + MyRepChat can keep your text messages compliant?

SMS Rules: Important Things to Keep in Mind

When using SMS for business communications, financial firms should keep in mind the following rules.

Obtain Permission From Clients Before You Start Texting

You need to obtain a client’s consent to receive text messages. This is known as SMS opt-in. Consent is crucial for maintaining compliance with federal text message regulations. Not doing this might label you as a spammer, and expose you to regulatory and legal risk.

Set Expectations About Your Services

When you text a client for the first time, explain in detail your services, and the type and frequency of SMS they would be receiving. Tell them concisely that all text messages would be recorded, monitored, and archived. Explain to them why doing so is important. Setting expectations upfront is important, as clients know what they are receiving and would appreciate the transparency.

Use Clear Call To Actions (CTAs)

It’s best practice to use clear CTAs when sending text messages to clients. Whatever action you want them to take must be communicated in unambiguous terms.

Only Text Relevant Information

When communicating with clients via text messages, it’s important to distinguish between personal and business communication. Only text clients with relevant business and financial information. Don’t send messages with anything that’s graphic, violent, hateful, or confidential. Keep this in mind whether you’re sending individual or group messages.

Offer Clients a Way to Opt-Out

If it ever gets to a time where a client wants to stop communicating via text messages, you should provide them an opportunity to opt-out, especially for automated messages. Maintain a record of opt-outs and never message clients that have opted out.

TCPA Compliance Checklist

In addition to the above SMS rules, keep in mind the following TCPA guidelines (Some of which we have talked about already).

  • Obtain express written consent (especially for automated or marketing messages).
  • Clearly communicate CTAs, terms and conditions, and privacy policy.
  • Keep messages conversational.
  • Use texting services that support local 10-digit long codes (10DLC).
  • Include your business name in all messages
  • Only message clients during business hours
  • Give Clients the opportunity to opt-out
  • Don’t text any client on the National Do Not Call Registry and honor opt-outs

Patrina’s Archive + MyRepChat Text Message Capture For Compliant Text Messages



Are you looking to keep your text messages compliant, and avoid getting fined by FINRA?

MyRepChat is a compliant text messaging solution that helps to reduce the risk associated with using text for your business communications.

Designed by an advisor for a BYOD environment, you’re certain that your firm’s critical data is protected and retained while you save the costs associated with the COPE or CYOD models.

Why Choose Patrina + MyRepChat Text Archiving For SMS Compliance?

Do you want to leave it to your employee to determine what’s personal or what’s business?

We don’t think so.

Advisors using their personal numbers to text professionally can pose more risk to your firm than you ever imagined. Aside from the risk of exposing otherwise confidential information, recording and archiving those communications can prove difficult.

Moreso, instead of trying to break your clients’ texting habits, using a platform like MyRepChat keeps your employees compliant while fostering efficient business interactions with your clients.

If your firm has home office personnel, they can relax knowing truly well that they are compliant.

Packed with all the features you need and more, MyRepchat allows you to:

  • Text and send group messages: clients’ birthdays, anniversaries, events, appointments, and more. Clients don’t have to worry about downloading any app before they can chat with you. Want to text clients from your office phone number? No problem.
  • Have your own digital assistant: Spend more time on what’s important to you – your business. You can automate and schedule messages, as well as create recurring messages for efficient communication.
  • Easily Import Your Contacts: contacts can be imported from your CRM or mobile phone with just a few clicks.
  • Store all text messages and data including words, documents, links, and emojis directly to your Patrina archive. You don’t have to log in to another website. MyRepChat delivers your data to you.
  • All text messages are encrypted in transit and at rest. Your data is protected.
  • Customize your workflow to fit your specific requirements. With MyRepChat, you’re in total control.

The Best Time To Be SMS Compliant Is Now

Text messaging as an efficient way for business communications has come to stay in the financial industry.

At Patrina, we say get on board but do so compliantly.

In this guide, we showed you how to develop your text message policy, and communicate your intentions. We went further to provide you with action steps that you can take to manage the risk associated with using SMS for business. We capped it all by showing you why Patrina Archive and MyRepChat can keep your text messages compliant.

If you are curious about how Patrina + MyRepChat can help your firm text clients compliantly, have a peek here.

Found this guide helpful? Share it with fellow advisors, so we can all text compliantly

FAQ: Frequently asked questions About SMS Compliance
  • What is SMS compliance?

According to the TCPA, customers must give a business “express written consent” before a business sends them automated and marketing messages. This is the first step to SMS compliance.

For financial firms, SMS Compliance means that firms using SMS for business interactions must record, supervise and archive such communications.

  • Is text blasting legal?

Text blasting, also known as mass texting is not illegal in the U.S. However, clients must have given firms their permission to receive text messages.

  • SMS Compliance: Which is best? Opt-in or Opt-Out?

In SMS compliance, both opt-in and opt-out are crucial considerations. Opt-in means a client has given their permission to receive text messages. Opt-out means a client no longer wishes to receive messages. The TCPA mandates that firms wishing to use text messaging in their business can only send messages to clients when they have opted-in for those messages. Firms shouldn’t send messages to clients who have expressed their willingness to opt-out.