Quick answer: TCPA-compliant SMS marketing for mortgage loan officers in 2026 requires explicit prior express written consent before any automated marketing text. The 6 hard requirements: (1) named-company consent at form submission, (2) disclosure of automated dialing technology, (3) confirmation that consent is not a condition of service, (4) clear opt-out mechanism (STOP), (5) audit logging of consent and opt-outs, (6) do-not-call list cross-checking. Loan officers who get TCPA wrong face $500-$1,500 per violation in statutory damages. The mortgage industry has been a particular target of TCPA class actions.
This guide answers: What TCPA requires in 2026, the 6 mortgage-specific compliance requirements, the consent language that works, what happens when you get it wrong, and how mortgage CRMs handle compliance automatically.
What TCPA actually requires for mortgage SMS
The Telephone Consumer Protection Act (TCPA) of 1991 has been continually expanded by the FCC and federal courts. As of 2026, mortgage SMS marketing requires explicit "prior express written consent" before automated text messages can be sent. This is stricter than the "prior express consent" standard for non-marketing texts (like service updates).
For mortgage specifically: any text that markets mortgage products (rate alerts, refi offers, new program announcements, etc.) requires written consent. Operational texts about an existing loan in progress (milestone updates, document requests) fall under a different standard but still benefit from explicit consent.
The 6 compliance requirements
Requirement 1 — Named-company consent
What does TCPA-compliant consent language look like?
The consent must name the specific company that will be texting. Generic "our partners may contact you" language has been ruled non-compliant in multiple federal court cases. Sample language that has survived enforcement:
"By submitting this form, you consent to be contacted by [Specific Company Name] and its loan officers by phone and text message at the number provided, including via automated dialing technology, regarding mortgage products and services. Consent is not a condition of any purchase. Message and data rates may apply. Reply STOP to opt out."
Requirement 2 — Automated dialing disclosure
The consent must disclose that automated dialing or texting technology may be used. This is the "ATDS" (Automatic Telephone Dialing System) disclosure. Mortgage CRMs that auto-send SMS qualify as ATDS technology, so the disclosure is mandatory.
Requirement 3 — Not a condition of service
The consent must confirm that signing up for marketing texts is NOT required to use the service. Mortgage loan officers cannot make TCPA consent a precondition of receiving a quote or pre-approval. The form must allow the borrower to opt out of SMS while still receiving the service.
Requirement 4 — Clear opt-out (STOP)
Every marketing SMS must include a STOP keyword opt-out. The receiver replies STOP and all future marketing texts must stop within a reasonable time (usually 24 hours per FCC guidance). The opt-out cannot be conditional on the receiver providing additional information.
Requirement 5 — Audit logging
The mortgage CRM must log the date, time, IP, and exact consent language at the moment of consent capture. This is the evidence file you need if a TCPA class action is filed. Without audit logs, the lender cannot prove consent was given and loses in court.
BNTouch's SMS module logs consent automatically with timestamp + IP + exact form HTML at submission time. See CRM text messaging integration for the deeper compliance setup.
Requirement 6 — DNC cross-check
The CRM must cross-check outbound numbers against the National Do Not Call Registry and any state-level DNC lists. A consented borrower number can be texted; a number on DNC without consent cannot. BNTouch automates this check on every outbound SMS.
What happens when you get it wrong
TCPA violations carry $500-$1,500 per text in statutory damages. Mortgage lenders have been sued in class actions for thousands of unsolicited texts, with settlements in the millions. The mortgage industry has been a particular target because of the regulatory scrutiny and the public's sensitivity around financial outreach.
Recent settlements have ranged from $1M to $20M for mortgage lenders who failed to maintain compliant consent capture and audit logging.
How mortgage CRMs handle TCPA automatically
The right mortgage CRM enforces TCPA compliance by default. BNTouch's SMS module:
- Requires consent capture at the form before any auto-SMS can fire
- Logs the timestamp + IP + exact form HTML for audit trail
- Enforces STOP keyword across all numbers
- Cross-checks national + state DNC lists
- Throttles auto-SMS to FCC-compliant hours (8am-9pm receiver local time)
- Generates a compliance audit report for legal review
The mortgage CRM choice matters here. Generic CRMs (HubSpot, Salesforce, Pipedrive) can technically send SMS but they don't enforce mortgage-specific TCPA compliance. Loan officers using those CRMs often turn off auto-SMS to avoid risk, then lose the speed-to-lead advantage. See the 5-minute rule for why that matters.
Frequently asked questions
What does TCPA require for mortgage SMS in 2026?
Explicit prior express written consent before automated marketing SMS. The consent must name the specific company, disclose automated dialing, confirm consent is not a condition of service, and provide a STOP opt-out.
What is the TCPA fine for non-compliant mortgage SMS?
$500 per text for statutory violations, up to $1,500 per text for willful or knowing violations. Class actions have produced $1M-$20M settlements against mortgage lenders.
Can I send mortgage SMS without explicit consent?
Only for service-related, non-marketing texts about an existing loan (milestone updates, document requests). Marketing SMS (rate alerts, refi offers, new programs) requires prior express written consent.
How long does TCPA consent last?
Indefinitely until the receiver opts out via STOP. Best practice: re-confirm consent annually and after long periods of inactivity. Audit logs must persist for the duration of the consent.
Does a borrower already in my CRM count as consented?
Only if you have documented evidence of their explicit prior express written consent. Existing relationships do not waive TCPA. You need the original consent record.
What if I'm using a generic CRM for SMS?
Generic CRMs (HubSpot, Salesforce, Pipedrive) can send SMS but don't enforce mortgage-specific TCPA compliance. Many loan officers turn off auto-SMS to avoid risk, losing speed-to-lead. Mortgage-specific CRMs like BNTouch enforce compliance by default.
See BNTouch in a live demo
The mortgage CRM with MAIA AI and HBPPA-compliant Credit Pull Alerts. $165/month solo.
Get a Demo of BNTouch
