OCC Publishes Revised Examination Procedures Addressing Telephone Consumer Protection Act

Amy Hanna Keeney, Emory Powers, Louis Ursini III
Adams and Reese LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Adams and Reese LLP

On November 1, 2023, the Office of the Comptroller of the Currency (OCC) published a revised interagency examination procedure to address updates to the federal Telephone Consumer Protection Act (TCPA).

Although TCPA compliance is not a new requirement for financial institutions, these revised procedures suggest the OCC may be taking a more active role in TCPA enforcement amid a larger nationwide crackdown announced by the Federal Trade Commission.[1] 

Among the more notable changes, the OCC’s examination procedures incorporate the following TCPA revisions:

Automated Calls for Fraud

The revised procedures specifically provide financial institutions with carve-out exceptions for automated phone calls and texts sent to inform customers of potential account fraud, personal data breaches, or actions necessary to remedy harms caused by a security breach. 

To comply, these messages must:

  • Be sent only to the number provided by the customer;
  • State the name and contact information of the financial institution;
  • Not include telemarketing, solicitation, debt collection, or advertising content;
  • Be concise, with a suggested length of one minute or less for a voice call and 160 characters or less for a text message;
  • Be limited to three messages over a three-day period, per affected account, for each fraud or breach event; and
  • Offer customers an easy and clear opportunity to opt-out of future messages, which must be honored immediately.

Utilizing the Reassigned Numbers Database

The revised procedures also include a Safe Harbor provision for entities that make it a common practice to subscribe to and cross reference the Reassigned Numbers Database[2] before placing autodialed or prerecorded calls.

While financial institutions are not required to search the Reassigned Numbers Database, they are now incentivized to utilize the Database as a safeguard from potential TCPA liabilities.

For example, if a customer previously consented to receive automated calls from a financial center, but their phone number has since been reassigned to a different subscriber, the financial center may be liable under the TCPA for autodialing that same number and reaching the new, non-consenting subscriber.

The Safe Harbor provision eliminates this liability so long as the financial institution can demonstrate that it searched the phone number in the Reassigned Numbers Database and received a “no” response, indicating that the number was not permanently disconnected after consent by the first customer was given.[3]

What This Means for Financial Institutions

Going forward, each financial institution should expect its federal regulator — even if that is not the OCC — to examine its policies and practices for communicating with its customers via automated phone calls and texts. This includes examination of the financial institution’s internal TCPA compliance policies, training, and incident-monitoring procedures.  

If your financial institution offers mobile banking or partners with a consumer-facing fintech to provide banking services, a TCPA compliance program is a crucial form of risk mitigation.

Failure to have and maintain a robust TCPA compliance program can expose financial institutions to fines or, worse, a formal enforcement action. 

Updating your institution’s TCPA compliance procedures and policies will prove to be a valuable investment as the OCC begins what may be a more active period in TCPA enforcement.

Footnotes

[1] FTC, Law Enforcers Nationwide Announce Enforcement Sweep to Stem the Tide of Illegal Telemarketing Calls to U.S. Consumers | Federal Trade Commission.

[2] More information on the Reassigned Numbers Database can be found at Reassigned Numbers Database | Federal Communications Commission (fcc.gov) and Reassigned Numbers Database | RND.

[3] The Reassigned Numbers Database may provide one of three responses to any query. A response of “no data” or “yes” means the Safe Harbor provision does not apply because the number searched has been permanently disconnected at some point after consent was given, or there is insufficient data to provide a response. A response of “no” means the Safe Harbor provision may apply because the number searched was not permanently disconnected after consent was given.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Adams and Reese LLP | Attorney Advertising

Written by:

Adams and Reese LLP
Adams and Reese LLP
Contact
more
less

Adams and Reese LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide