My first thought is that if it has your bank's name your bank is at risk if a person opts out of commercial email marketing messages (CEMM) but continues to receive them. Why would the bank want opt outs to get unwanted messages?
That said the sender of the CEMM will not the bank, but rather the servicer who is the owner of these accounts. A sender is the person who initiates the CEMM and whose product is promoted. This will not be your bank. This reduces or eliminates duties on the bank.
I believe what the bank should be looking for, is any CEMMs that are sent from the servicer/owner clearly indicating what role your bank has. Based on the description your bank has no real role, only its brand on the cards already issued. Will new cards approved by the vendor have your bank's name on them? That may indicate remuneration for continued profits and some responsibility on the bank's part due to an ongoing agreement with the vendor. But if your bank has sold the portfolio and at card renewal your branding is dropped, you may simply be restricted from knowing who opts out with the vendor, and therefore can't do anything. So understanding the banks role going forward is a key.
My opinions are not necessarily my employers.
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell