If you work for a financial institution, invest the time it takes to read the act (
Public Law 108–187). You will find that it divides the world of electronic messaging two ways: closed proprietary systems vs. open public systems, and commercial vs. transactional message content. The type of recipient has no bearing on coverage.
Messages using ordinary internet-based public email are subject to CAN-SPAM and any other type of message is exempt. The second division (applying only to the public messages) is between "commercial electronic mail messages" and "transactional or relationship messages." Both of these terms are defined in the act.
Commercial electronic mail messages include any promotion of any type of product or service (including the offerings of the banking industry) to any type of recipient. This type of message must comply fully with the act.
Transactional or relationship messages include information or announcements relating to products or services the message's sender is already providing to the recipient. This could include such things as announcements of new branches, statements of accounts, fee schedule changes, etc. This type of message is exempt from most of the act.
The FTC's "
Compliance Guide For Business" provides much information that will help you get into compliance and maintain that position.
The act imposes an assortment of penalties. Amounts are based on the nature of violations.