10DLC Compliance: Campaign Requirements and Recommendations

Written By Ryan Heffernon

Before launching a 10DLC message program, Invo Text clients must meet compliance requirements to ensure their campaign is approved. These requirements align principally with the CTIA 2023 Messaging Principals & Best Practices, and any campaign that is not in compliance with those requirements will be rejected by cellular carriers. Once rejected, Invo must regather information and make the necessary changes to resubmit for approval.

NOTE: Any reference to the term “rejection” in the following guide refers to
the cellular carriers and not Invo.

Here is an in-depth look at what Invo needs from your financial institution to achieve compliance.

Requirements

To ensure that your 10DLC program is reviewed and approved as quickly as possible, Invo requires the following information.

Link to Terms & Conditions page

  • This page must be a live page on your website, not a PDF.

  • This page does not need to be easily accessible. It does not need to in the navigation of your site, or even linked to anywhere on your site. It simply needs to be an active page with an active URL.

  • These Terms & Conditions ensure compliance with the carrier and industry requirements.

Link to Privacy Policy page

  • Like the Terms & Conditions, this must be a live page on your website, not a PDF.

  • This page does not need to be easily accessible. It does not need to in the navigation of your site, or even linked to anywhere on your site. It simply needs to be an active page with an active URL.

  • This Privacy Policy ensures compliance with the carrier and industry requirements.

Link to Opt-In Process

  • This includes both online and offline processes.

  • Show the opt-in process from the end user’s perspective, not just a document or photo outlining what your financial institution does.

  • If customers will opt-in online, include a link to the form(s) required for opt-in.

  • If customers do not opt-in online, include a link to a hosted image or screenshot of your opt-in process, whether a paper form filled out by customers or a manual process. This must show the end-user’s perspective and cannot simply be a document outlining the process. For example, if customers must fill out a form in a branch, include an image of the exact form.

This page must be a live page on your website, not a PDF. These Terms & Conditions ensure compliance with the carrier and industry requirements.

Recommendations

To ensure that your 10DLC program is reviewed and approved as quickly as possible, Invo also strongly recommends including the following information:

  • Identify campaign use case. Use cases that are prohibited in North America including high-risk financial services (ex. Payday loans, gambling, etc.) will get rejected. Read more about Disallowed Content.

  • Detailed campaign description including the service it will provide to the end user.

  • Additional opt-in information, including identified opt-in methods like your website, text-to-join, or paper forms.

  • Specific message types your financial institution will use, such as confirmation messages, opt-out messages, help messages, and other sample messages.

  • Special attributes of your campaign, which could include age gates, direct lending, to the need for a number pool.

What Will Most Likely Get My Financial Institution’s 10DLC Rejected?

There are a variety of reasons that your 10DLC, but here are the top reasons campaigns get rejected and how to avoid them.

Insufficient Opt-In

If your campaign gets rejected due to an insufficient opt-in, it means that you failed to show how you obtain end-user consent to send messages. Remember to include links or images of the end user’s experience in opting-in, whether on your website or in an in-person form.

Brand Name Mismatch

Campaign rejection on the base of a brand name mismatch means that the registered brand name, or DBA, doesn’t match the name on the brand website or in messages.

Note: You can use a shortened brand name in messages, but it can’t be different enough that it’s not clear who the sender is.

If the brand names are different, explain why in the campaign description.

Insufficient Privacy Policy

Your financial institution’s Privacy Policy must be up to date and clearly articulate that the end user’s personal information will not be shared or sold to third parties for marketing.

Example statement: “No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties." 

If no Privacy Policy exists, a no-sharing disclosed like the one above can be presented upon opt-in within the Call To Action and included at the end of the SMS disclosures.

However, Invo strongly recommends updating your Privacy Policy for 10DLC approval.

If you have further questions about 10DLC compliance,
please contact Invo’s support team.

Ryan Heffernon
Previous

What Is Software Deprecation? A Short Guide.