Overview
Text messaging via short message services (“SMS”) has become a standard channel for client communication across the financial services industry. In a recent YCharts survey, roughly one-third of advised investors now prefer to receive communications via SMS text message. Additionally, it appears that about two-thirds of clients prefer text messages for quick updates, with texts read within minutes of delivery. In response, broker-dealers and registered investment advisers (“RIAs”) are increasingly adopting SMS as a client communication tool to enhance speed, accessibility, and responsiveness. Ultimately, whether the goal is to send appointment reminders, share updates, or facilitate quick check-ins, SMS offers the speed and accessibility that clients increasingly expect.
However, this shift carries significant regulatory, privacy, and operational risk. Because SMS communications rely on personal mobile numbers and often involve sensitive information, they also trigger specific legal and privacy obligations for broker-dealers and RIAs. Both the Financial Industry Regulatory Authority (“FINRA”) and the U.S. Securities and Exchange Commission (“SEC”) have repeatedly emphasized that the use of electronic communications, including text messaging, must be approved, supervised, archived, and properly disclosed just like email or written correspondence.
Federal Law Disclosure Requirements
In addition to FINRA and SEC expectations, firms must comply with the Telephone Consumer Protection Act (“TCPA”), the federal law that governs the use of automated and non-automated text messaging for commercial purposes. The TCPA requires businesses to obtain express, informed consent before sending SMS messages to clients.
This means clients must understand exactly what they are signing up for, including what types of messages they will receive, how often messages may be sent, any potential costs, and how they can opt out at any time. A firm that sends SMS communications without proper disclosure and consent risks not only reputational harm, but also substantial statutory damages, class actions, and regulatory complaints.
A compliant SMS disclosure does not just meet a federal legal obligation; it ensures clients know what to expect and can manage their communication preferences. To comply with these obligations, broker-dealers and investment advisers must not only implement a clear SMS disclosure, typically posted on their website and included in digital onboarding workflows, but also maintain an updated privacy policy that explains how SMS data is used and protected.
Regulatory Compliance
SMS Disclosure Statement – To meet the expectations of both FINRA and the SEC and comply with the TCPA, firms must adopt a clear, compliant SMS disclosure statement. This disclosure informs clients about how SMS will be used, the types of communications they can expect, their right to opt out, and how message data is managed.
A well-drafted disclosure is necessary to ensure informed consent is obtained, which is a key factor under both TCPA and regulatory supervision obligations. Without it, firms risk violating consumer protection laws, creating supervision gaps, and failing to provide adequate notice regarding data use, each of which regulators increasingly scrutinize during examinations.
Update to Privacy Policy – SMS messaging introduces new data-handling responsibilities that firms must address in their Regulation S-P privacy policy. Because mobile numbers constitute personally identifiable information (“PII”), clients must understand what is and what is not appropriate to send via text. To this end, where SMS content contains sensitive financial or personal information, firms must clearly explain how mobile numbers are collected; how SMS communications are stored and archived; whether third-party vendors assist in capturing or retaining SMS content, and any limitations on secure transmission, as SMS is not encrypted end-to-end.
Also, it should be noted that privacy policies must be updated whenever the firm changes communication technology or vendors. Regulators increasingly expect firms to demonstrate that their disclosure practices keep pace with operational realities. By ensuring the privacy policies cover SMS communications, firms reduce regulatory and litigation risk, enhance transparency, and strengthen client trust.
Conclusion
The increased use of text messaging in the financial industry reflects modern client expectations for fast, convenient communication. However, it also introduces heightened regulatory and operational risk. Broker-dealers and RIAs must implement clear SMS disclosures and maintain updated privacy policies to ensure compliance with federal communications laws and with SEC and FINRA rules governing supervision, recordkeeping, and data protection.
Practical Takeaways
The practical takeaways for firms in the financial industry include:
- Implementing a compliant SMS disclosure before allowing any text messaging.
- Capturing, archiving, and supervising all text communications consistent with SEC Rule 204-2, and FINRA Rule 3110.
- Update the Regulation S-P privacy policy to describe SMS data collection, storage, vendor access, and limitations on secure transmission.
- Provide regular training to personnel on approved texting methods and the prohibition on off-channel communications.
By proactively addressing these areas, firms can safely modernize their communication practices while maintaining compliance with evolving regulatory expectations.