Ultimate Guide to TCPA Compliance and A2P 10DLC Regulations

The Ultimate Guide to TCPA Compliance and A2P 10DLC Regulations

NOTE: We recently held a webinar to educate you about TCPA compliance and what adjustments you need to make in your business to remain compliant and continue to grow through these changes. We recorded the call, and you can access it here. No opt-in required.

It’s no secret that outbound text messaging and cold calling have been some of the hottest acquisition strategies for real estate investors over the last 2 - 3 years.

If you haven’t been following the news around SMS (text message) marketing and cold calling, there is some serious legislation being passed, and new protocols being implemented by carriers that you need to be aware of.

If you do not take time to educate yourself, you could be facing a massive drop in response rate (best case) and very large fines and lawsuits (worst case).

In this article, you will find everything you need to know to stay compliant while navigating the new rules of outbound marketing as a real estate investor.

Why Has Text Message Marketing And Cold Calling Gotten So Popular With Investors?

It’s estimated that 2.7 trillion text messages will be sent by businesses by the year 2022.

So what is it that makes text message marketing such a desirable channel for B2C communication?

It’s a channel with very high engagement:


• SMS text messages have a 98% average open rate
• 90% of texts are opened within the first 3 minutes
• The average response rate to SMS text messages is 45%

Even though SMS is a super popular channel for businesses to communicate with customers, there is a lot of room for improvement to the consumer experience.

TCPA Compliance - improve consumer experience

• 63% of consumers said they expect optin is required for all messages they receive
• 92% said information in business communications is often or sometimes not useful
• 93% want to specify message frequence

Moving forward, respecting consumer preferences is key.

Unwanted text messages erode consumer trust, harm deliverability and impacts all businesses and the upcoming changes to the long and short code ecosystem aim to improve trust and the ROI of each message.

And as we mentioned...major changes are coming to how you can and cannot use text message marketing and cold calling in your business.

Later in this article, we’re going to dig into what those mandatory changes are and how they will impact your business, but before we do, let us take a moment to say we are NOT lawyers and are in no way giving legal advice.

We encourage you to go talk to your local attorney to make sure you are staying compliant with the new laws and regulations.

Having said that, sometimes in order to understand where we are, we need to take a closer look at where we came from.

Let’s take a look at the evolution of the Telephone Consumer Protection Act (TCPA) laws up to this point, and then we’ll dig into what you need to know about how they’re changing to protect your business moving forward.

The History of TCPA Compliance

In 1991 there was a congressional hearing in which Senator Fritz Holling said the following of telemarketing calls:

Senator Fritz Holling on TCPA Compliance

And things have only been getting worse.

Americans were hit with just under 46 billion robocalls in 2020.

Let’s take a look first at some of the key differences between 1991 and now:

comparing 1991 vs now regarding TCPA compliance

In 1991:
• Only 3% of people owned cell phones
• 90% of people relied exclusively on landlines
• Zero text messages had been sent
• Fax machines used expensive thermal paper
• Cell phones had high usage charges
• Autodialers were used for random or sequential dialing to
call every number in a specific area code

Now (2021):
• 95% of people own cell phones
• Only 45% still have landlines
• Trillions of texts are sent
• With the rise of internet faxes, transmitting and receiving faxes is efficient and considerably less expensive
• Unlimited data, talk and SMS plans saturate the market
• Autodialers take numbers from groomed call lists scrubbed through multiple filters to ensure compliance and the technology now predicts and optimizes call center agent time

Back in 1991, there were 3 major concerns that drove the implementation of the TCPA:

Concern number 1: Automated dialers.

New technology made it easy for marketers to make automated and/or sequential outbound dials which created a dramatic increase in calls.

Concern number 2: Invasion of privacy.

The constant ringing of the phone (which often interrupted things like family dinners) was considered an invasion of privacy.

Concern number 3: Cost shifting.

Fax ads and calls to cell phones shifted the cost to the recipient as they had to pay for paper and ink. And at the time, cell phone users paid for their incoming calls.

Government Regulations

All of these concerns were large enough that the government decided to step in to regulate who, how, what and when a business can call, fax (and now text) an individual. The TCPA was just the beginning of measures that were put in place to protect the privacy of consumers.

goverment regulations regarding TCPA compliance control

Let’s take a closer look at the ongoing measures put into place by the government surrounding this issue:

1991: TCPA (Telephone Customer Protection Act): Unless the recipient has given express written consent:

• Prohibits solicitors from calling residences before 8 a.m. or after 9 pm, local time. (STATE SPECEFIC RULES)
• Requires solicitors maintain a company-specific "do-not-call" (DNC) list of consumers who asked not to be called; the DNC request must be honored for 5 years.
• Requires solicitors honor the National Do Not Call Registry.
Requires solicitors provide their name, the name of the person or entity on whose behalf the call is being made, and a telephone number or address at which that person or entity may be contacted.
• Prohibits solicitations to residences that use an artificial voice or a recording.
• Prohibits any call made using automated telephone equipment or an artificial or prerecorded voice to an emergency line (e.g., "911"), a hospital emergency number, a physician's office, a hospital/health care facility/elderly room, a cellular telephone, or any service for which the recipient is charged for the call.
• Prohibits autodialed calls that engage two or more lines of a multi-line business.
• Prohibits unsolicited advertising faxes.
In the event of a violation of the TCPA, a subscriber may (1) sue for up to $500 for each violation or recover actual monetary loss, whichever is greater, (2) seek an injunction, or (3) both.
• In the event of a willful violation of the TCPA, a subscriber may sue for up to three time the damages, i.e. $1,500, for each violation.

2003: Telemarketing and Consumer Fraud and Abuse Act - This included the creation of the National Do Not Call (DNC) Registry as well as the FTC Telemarketing Sales Rules that prohibits deceptive telemarketing acts or practices; namely anything a consumer would consider coercive or an invasion of privacy.

2009: Truth in Caller ID Act - prohibits manipulation of caller ID information or “spoofing”.

All of the aforementioned measures had little to no impact on the consumer experience, so in 2020, the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) was put in place.


Increased the statute of limitations
Increased financial penalties
Implemented business registration and tracking

Now, let’s take a closer look at the national Do Not Call Registry.

What You Need to Know About the National Do Not Call Registry

In order to understand how this impacts your real estate investing business, let’s take a closer look at the National Do No Call Registry.

Within the DNC, there are 3 types of organizations or functions; seller, telemarketer/service provider or exempt organizations.

A seller may also be a telemarketer if it is calling on its own behalf or if it retails one or more telemarketers to place calls for it.

You, as an investor, will want to register as a “seller”.

Every seller should subscribe to specific area codes, pay appropriate fees and agree to certification requirements in order to receive a Subscription Account Number (SAN).

The DNC Registry requirements are as follows:

• Annual subscription by area code
• You must maintain an in-house DNC list and sync it with the nation registry at least once every 31 days. (The national DNC is updated daily at 8AM)
• Data for up to five area codes is free. Beginning October 1st, 2020, the annual fee is $66 per area code of data (after 5) for up to a maximum annual fee of $18,044
• Companies that have provided the required identification and certification and paid the appropriate fees will be allowed to check a small number of telephone numbers (10 or less) at a time via interactive internet pages. This will permit small volume callers to comply with DNC requirements of TSR (Telemarketing Sales Rules) without having to download potentially large lists of all registered telephone numbers within a particular area.

What happens to companies that don’t pay for access to the registry?

Any company that is a seller and/or telemarketer could be liable for placing any telemarketing calls (even to numbers NOT on the registry) unless the seller has accessed the registry and paid any required fees. Violators may be subject to fines of up to $43,792 per violation. (Each call may be considered a separate violation.)

Now, let’s take a look at the Telemarketing Sales Rules (TSR).

Telemarketing Sales Rules

According to the TSR, it is illegal for a telemarketer to:

• Ask you to pay with cash-to-cash money transfer (like those from Monogram and Western Union)
• Ask you to pay by giving the PIN from a cash reload card like MoneyPak and Vanilla Reload
• Ask for your bank account info to create a type of check that you never see or sign. (These checks are called “remotely created payment orders”.)

What’s more, telemarketers must transmit their telephone number and if possible, their name to your caller ID service. This protects your privacy, increases accountability on the telemarketer’s part and helps in law enforcement efforts.

Telemarketers are also required to connect their call to a sales representative within 2 seconds of a consumer’s greeting. So if you’re using an autodialer tool like MojoDialer, make sure you are on top of connecting to a live representative right away.

Now let’s see how autodialers are defined.

Automated Telephone Dialing System (ATDS)


Originally, an ATDS was defined as anything that can generate or store phone numbers (which included cell phones), but it was later determined that was too broad a definition.

On April 1st, 2021, the supreme court adopted a narrower autodialer definition.

The ruling determined that in order to be classified as an autodialer, it must be able to generate random or sequential numbers.

(Note* Thereby, REI BlackBook and Profit Dial are not considered autodialers.)

This is also good news for 3rd party apps like MojoDialer and CallTools.

There are a few key things you need to observe in order to stay compliant.

• Do not use an auto-dialer if you do not have the required consent for marketing or non-markeing calls
• Do not use pre-recorded or artificial voice messages without first obtaining the prior express consent of call recipients
• Enable processes for customers to easily opt out of communications they do not wish to receive
• Continue to maintain an internal DNC list for all customers who have opted-out of your marketing communications
• Scrub your call lists against the national and state DNC lists (Note*: 221 million Americans are currently registered with the DNC list)
• Comply with time of day and other restrictions of telemarketing sales rules
• Provide caller ID in all messages to customers or consumers
• Do not send communications containing false or misleading messages to consumers
• Do not use ringless voicemails or text messages for cold marketing (however these are a great option for follow up sequences with prior express written consent).

Now that we better understand the history of TCPA compliance, let’s talk about some of the upcoming changes you need to be aware of.

What’s New In TCPA Compliance?

In December of 2019, President Trump signed the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act into law and consists of the following:

• Eliminates requirements for citations in case of certain TCPA violations
• Adds potential for penalties of up to $10,000 per intentional unlawful robocall in addition to forfeiture penalty may otherwise be proposed under relevant provisions of the Communications Act of 1934
• Increased the statute of limitations to four years within which the FCC (Federal Communications Commission) can propose a fine for spoofing and intentional robocall violations

Furthermore, in order to help enforce these measures and combat “spoofing” on public telephone networks, two different technologies are being put into place; STIR and SHAKEN.

TCPA Compliance - how Stir/Shaken works

The most important thing to understand about these technologies is that the carriers are having to assume responsibility for the validation of a call or text message.

There are 3 different ways (read: levels) of attestation to do this:

tcpa-compliance: a graphic explaining SHAKEN attestation

1. Full Attestation: “This is my customer. I gave them this telephone number. This call originated on my network.”

The signing provider:

• Is responsible for origination of the call onto the IP based service provider voice network
• Has direct authenticated relationship with the customer and can identify the customer
• Has established verified association with telephone number used for call

2. Partial Attestation: “This is my customer. This call originated on my network. However, I did not give them this telephone number.”

The signing provider:

• Is responsible for origination of call onto the IP based service provider voice network
• Has direct, authenticated relationship with customer and can identify the customer
• Has NOT established verified association with telephone number used for call

3. Gateway Attestation: “This call originated outside my network”.

The signing provider:

• Has no relationship to the initiator of the call (EG International gateways)

Now, let’s talk about the 3 different SMS sender types you can register with the DNC as in order to remain compliant.

The 3 SMS Sender Types

When it comes to text message marketing, there are 3 key US sender types: shortcodes, toll-free numbers and Local A2P 10DLC.

Short Codes

Short codes are when a consumer texts a specific keyword to a 6 digit number in order to receive information or optin to a business’s marketing communication.

Short codes were never meant for 2-way text communication and shared shortcodes are really where a great deal of the abuse started to happen.

With shared short codes, as a consumer, you wouldn’t know who was sending info from the same shortcode number.

Maybe you would opt out of one marketer’s list but would still receive communications from another on the same number.

This created a lot of confusion.

So much so, that they will be done away with entirely by June 1st, 2021.

You can still have your own unique dedicated short code though.

They tend to cost somewhere in the neighborhood of $4800 quarterly and take 12-16 weeks to get registered and up and running.

Toll-Free Numbers

Toll-free numbers (or 800 numbers) are generally intended for business communication.

There’s an expectation and an understanding that when you receive any kind of communication from an 800 number, it’s going to be businesses related.

Aside from the shared short-codes going away soon, there really aren’t a lot of changes that will be taking place with these two sender types.

The real changes are going to be coming to the A2P 10DLC numbers category.

tcpa compliance and a shift among US sender types

So what does A2P 10DLC actually stand for?

A2P = Application to peer.

So any type of software being used to send communication directly to a consumer.

10DLC stands for 10 digit long code, which is what your regular phone number is categorized as.

So A2P 10DLC is when you use any kind of software application to send business communications directly to a consumer or potential customer from a regular, local 10 digit phone number.

So now that you understand all of this, how do you stay compliant with the TPCA laws?

How to Stay Complaint

Now that you understand all of the things NOT to do, let’s talk about the requirements of every business sending marketing communications of A2P 10DLC.

A graphic explaining the requirements for all businesses sending communications over A2P 10DLC with regard to TCPA compliance

There are two different types of registrations required: one-time and per campaign.

One time requirements: register your company.

You are required to register once with information about your business

• Company name
• Point of contact
• Industry
• Website
• Tax ID/EIN
• This determines your trust score and impacts the maximum throughput and daily message caps: (Higher trust score = higher throughput.)

a graph illustration how the trust score impacts your throughput within the new TCPA Compliance laws.

Per-Campaign requirements: register your campaign

When you send messages you must specify what you are sending:
• Use case
• Provide a description
• Add two sample messages
• Message content and attributes
• This determines associated fees and volume and impacts carrier and campaign fees throughout and daily messages.

How to Register for Your Subscription Account Number (SAN)

The first thing you will want to do is register for your Subscription Account Number (SAN).

In order to register, simply go to the National Do Not Call Registry website and follow these instructions.

Step 1

From your web browser go to www.telemarketing.donotcall.gov.


Step 2

Complete the Organization Information screen.


Step 3

Choose “Seller”.


Step 4

Choose “Submit”.


Step 5

If you do agree, select “Yes, I agree” then “Certify”


Step 6

Record your Organization ID Number and Passwords
Note: Genie requires both a SAN number and Organization ID number to receive lists.


Step 7

Login to your email and activate your account by following instructions within email.

Step 8

Select “Manage/Renew Subscriptions”.


Step 9

Log in using your Organization ID and Password provided.
Select “Representative”.


Step 10

Select “Subscribe to Area Codes”.


Step 11

Choose area codes to subscribe to.


Step 12

Select "Area Codes" and click "Continue".


Step 13

It can take up to 1 business day for you to receive your SAN Number.

Wait until you receive your SAN Number to continue onto Step Fifteen.


Step 14

Once you’ve received your SAN, click "View Area Codes".


If you have any difficulty during the process, select “Contact Help Desk”.


Now that you’re all finished with the registration process and have received a SAN, you are ready to place your order.

In Conclusion...

TCPA Compliance is an ever-evolving animal and here at REI BlackBook, we’ve taken it upon ourselves to make ourselves a valuable resource and to keep investors informed of everything they need to know to protect themselves and their businesses.

One of the places we communicate most closely with our community is inside of the REI BlackBook Connect Facebook group. This is a highly engaged community of active investors who are all committed to learning from and supporting one another.

If you are not already a part of our Facebook group, click here to join today.