What community financial institutions should know about recent changes to TCPA requirements

Recent court action has changed the landscape of how community banks and credit unions can approach customer outreach under the Telephone Consumer Protection Act (TCPA). While one burdensome rule has been struck down, new consumer protection standards are still moving forward. Here's what you need to know—and how to stay compliant while continuing to engage your customers and members.

A refresher: The FCC’s one-to-one consent rule

In late 2023, the FCC adopted a rule requiring “one-to-one” consent under the TCPA. This would have significantly impacted how financial institutions—especially those relying on third-party lead generation—obtained permission to contact prospective customers and members.

What it would have required

• Credit unions and community banks would have been required to obtain separate, individual consent for each specific institution contacting a consumer.
• Consent would need to be clearly disclosed and directly related to the consumer’s original inquiry or transaction.

For example, a consumer filling out a form for auto loan quotes couldn’t be contacted about unrelated products or by multiple institutions using that one form. The intention was to limit misleading consent practices, particularly in online lead generation. But it also risked making member outreach more complex and costly for community-based lenders.

The 11th circuit steps in: The rule is vacated

On January 24, 2025, the U.S. Court of Appeals for the Eleventh Circuit vacated the one-to-one consent requirement in Insurance Marketing Coalition v. FCC.

New rules still going into effect: “any reasonable means” of revoking consent

While the FCC’s one-to-one consent rule was overturned, other rule changes are still happening—most notably, those addressing how consumers can revoke consent for robocalls and robotexts.

Effective April 11, 2025

Consumers will now have the right to revoke consent through “any reasonable means,” such as:

• Saying “stop” during a phone call
• Replying “STOP” to a text
• Emailing or writing to the institution
• Verbally requesting no further contact

Financial institutions must honor such revocations within 10 business days—regardless of the method used.

• You cannot require customers and members to use a specific method (e.g., only a web form) to revoke consent.
• If there’s a dispute, the burden of proof is on your institution to show that consent was not reasonably revoked.
• Staff training and systems updates may be needed to ensure revocations are properly captured and acted upon.

Source: FCC Consent Revocation Rule, Effective April 11, 2025

What community institutions should do now

Here’s a quick action plan for credit unions and community banks in light of these changes:

If you’re onboarding digitally through our platform, we’ve got you covered

The good news for our partner institutions: If you're using our digital onboarding platform, you're already compliant with these new revocation rules though any texts sent via our platform.

Here's why

• Our platform clearly documents express consent during onboarding, including date/time stamps and context for each interaction.
• All revocation requests are logged, time-stamped, and ready for your compliance team in real-time for either manual upload or automated updating in your core (if you’ve set that up with us).

If you’re not yet using our onboarding flow for this part of your customer and member engagement, we can help you get set up quickly and efficiently.

Need help evaluating your consent capture or revocation tracking? We’re here to support you.

Let Digital Onboarding simplify the process. Schedule a demo today.

Final thoughts

For credit unions and community banks, this ruling offers some operational relief—but it’s not a green light to ease up on TCPA compliance. With revocation rights expanding and regulatory scrutiny still high, proactive review of your communication practices is essential.