Can anyone confirm the following?

- Does Can-Spam e-mail apply to current customers as well or just former customers?

- What exactly is the penalty? I have seen two different. $40,654 or $16,000?

Thanks

Will it also apply to Non-USA residents?

Thanks

Finally, Are there any examples of a bank e-mail that is considered a "Commercial Message" and is in compliance with Can-Span?

Thanks!

Dani:

I used your listed website for most of my guidance. However:

- Other website guidance list lower penalties as I stated above. So is the $40,654 the correct and updated penalty?
- Nothing specific for Non-USA residents
- Only listed what was considered a Commercial E-Mail message... I was wondering if there is an example of a e-mail that is in compliance with Can-Spam.

If you work for a financial institution, invest the time it takes to read the act (Public Law 108–187). You will find that it divides the world of electronic messaging two ways: closed proprietary systems vs. open public systems, and commercial vs. transactional message content. The type of recipient has no bearing on coverage.

Messages using ordinary internet-based public email are subject to CAN-SPAM and any other type of message is exempt. The second division (applying only to the public messages) is between "commercial electronic mail messages" and "transactional or relationship messages." Both of these terms are defined in the act.

Commercial electronic mail messages include any promotion of any type of product or service (including the offerings of the banking industry) to any type of recipient. This type of message must comply fully with the act.

Transactional or relationship messages include information or announcements relating to products or services the message's sender is already providing to the recipient. This could include such things as announcements of new branches, statements of accounts, fee schedule changes, etc. This type of message is exempt from most of the act.

The FTC's "Compliance Guide For Business" provides much information that will help you get into compliance and maintain that position.

The act imposes an assortment of penalties. Amounts are based on the nature of violations.

Penalty discussions are always nonsensical to me. Your primary regulator can impose any penalties on the bank that they wish too, regardless of individual law limits.

CAN-SPAM applies to any commercial e-mail sent within the US. If you are sending overseas, many countries have their own spam laws with which you would have to comply.

There are plenty of articles and checklists available if you Google it.

Tagging on to what Richard said....

A compliant commercial message is more than just message content. Compliance includes setting up the opt-out systems prescribed by the act. The example in the link provided identifies an example of a commercial message. The best way to determine is a message you are sending is compliant is to compare your message and systems to the "checklist" items in the link (any deceptive language, opt-out method, identification that the message is an advertisement, etc).

Thanks Everyone for your help!

I know Randy, and I agree, but these are "push-back" questions from management and the business lines...

Also, and forgive me Randy, but I just want to confirm again - So if for example, we sent a "Commercial" E-Mail to a customer in New Zealand for a product in the US., then the E-mail needs to be compliant with the Unsolicited Electronic Messages Act of 2007
http://www.legislation.govt.nz/act/public/2007/0007/latest/DLM405134.html and not Can-Spam... or both?

Thanks for all your help

1. Updated FTC penalty matrix: https://www.ftc.gov/system/files/documen...s_published.pdf

2. You would have to engage an international commerce attorney.

By virtue of its definitions, C-S applies to any commercial email message sent to any "computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States." I'm no attorney, but can't see a blanket exemption in language this general. If you are sending messages that otherwise meet the definition of a commercial email message, you intend for them to affect commerce.

Foreign laws may also apply, but first and foremost, you're facing US law that says you can't send the message unless it meets the enumerated CAN-SPAM standards.

Thanks everyone for your above and beyond patience and guidance!

I will reading all of the information provided in this topic and searching for additional information.....

What kind of message would it be if we were to send out something asking for a customer to give their review of our bank on Google? Would this be a commercial message requiring compliance with all the opt-in rules or would this be exempt?

If we were to send out this kind of message, what should we consider?