CAN-SPAM Act and Sending E-mails to Customers

Issue/Inquiry

The Bank obtains the e-mail address of customers at account opening. It wants to send them communications, some of which will provide updated news about the Bank. Does the Bank need to have a disclosure or do the customers need to “opt in” before the Bank can e-mail them? Should the Bank have a policy regarding such e-mails?

Response Summary

The Bank must comply with the CAN-SPAM Act of 2003 (“CAN-SPAM Act”) when it sends unsolicited e-mail messages that have a primary purpose of commercial marketing, but does not have to do so with respect to messages that have a primary purpose of providing transactional, relationship, or other content-related information. As a matter of best practice, the Bank should have a policy for compliance with the CAN-SPAM Act.

Response Detail

Under the CAN-SPAM Act, an electronic mail message may provide three different types of information:

• Commercial content
• Transactional or relationship content
• Other content (i.e., not commercial, transactional, or relationship)

The term “commercial electronic mail message” is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)”, and does not include “transactional or relationship messages”. 15 USC 7702(2).

A “transactional or relationship message” is an electronic mail message the primary purpose of which is to conduct a commercial transaction that the recipient has agreed to enter into (e.g., facilitate or complete transaction, provide warranty information, provide account balance or other information pertaining to goods or services purchased by the recipient). 15 USC 7702(17).

The inclusion of a reference to a commercial entity or a link to the website of a commercial entity within an electronic mail message does not, by itself, cause such message to be treated as a commercial electronic message if the contents or circumstances of the message indicate a primary purpose other than commercial advertisement or promotion of a commercial product or service. 15 USC 7702(2)(D).

Where an electronic mail message may contain elements of commercial, transactional or relationship, or other content, the primary purpose is determined by what a recipient would conclude it to be, based on a reasonable interpretation of the subject line or body of the message.

If the Bank sends marketing messages to the recipient’s e-mail address without the recipient’s prior consent, such communications will be considered unsolicited. In that case, the following requirements of the federal CAN-SPAM Act must be complied with:

• The “from”, “to”, “reply to”, and routing information, including the originating domain name and e-mail address, must be accurate and identify the Bank as the initiator of the message.
• The subject line must accurate reflect the content of the message.
• The message must be identified as an advertisement.
• The message must include the Bank’s valid physical postal address.

The e-mail message must also include a clear and conspicuous explanation of how the recipient can opt-out from receiving e-mail advertisements from the Bank in the future. The message must be crafted in a way that will be easy for an ordinary person to recognize, read, and understand, and should provide a return e-mail address or another easy Internet-based way for the recipient to communicate their choice to the Bank.

Any opt-out mechanism offered by the Bank must be able to process opt-out requests for at least 30 days after the message is sent out. The Bank must then honor any opt-out request within 10 business days after receiving it. The Bank cannot charge a fee or require any information identifying the recipient other than an e-mail address and cannot make the recipient take any step other than sending a reply e-mail or visiting a single page on an Internet website as a condition for honoring the opt-out request. FTC, BCP Business Center, “CAN-SPAM Act: A Compliance Guide for Business.”

An e-mail message providing information about the operating hours of the Bank would most likely fall under the “other” category if this is a reasonable interpretation of the primary purpose of the message, based on the subject line or body of the message.

If there is a question as to whether a communication is a commercial marketing message or a transactional or relationship message, the Bank should ensure that the communication conforms to the requirements of the CAN-SPAM Act as a matter of best practice in order to avoid the risk of non-compliance.

While the CAN-SPAM Act does not require a financial institution to have a policy in place, it is another matter of best practice for the Bank to establish a policy that expresses the commitment of the Board of Directors to comply with the requirements of the CAN-SPAM Act, delegates an officer to oversee compliance with the policy and report to the Board, provides guidance as to the legal and regulatory requirements, and establishes monitoring and training requirements.

This response is for informational purposes only and is not intended for legal guidance.

This entry was posted on Monday, April 6th, 2020 at 9:30 am.