Online Service Agreements: A Devil in the Details

Anthony M. Sciara, commercial lawyer and litigator, was featured in the November 2016 issue of Great Lakes Banker Magazine. His article, “Online Services Agreements: A Devil in the Details,” follows. It covers the growth of online interactions by consumers and bankers, and how the enforcement of regulations governing those relationships has likewise increased.

“Online Services Agreements: A Devil in the Details”

The future is now. Consumers are not transitioning to online banking. They have transitioned. Consider statistics reported by the Federal Reserve and Pew Research Center:

• 81% managing household finances conduct banking online.

• 87% in the U.S. have mobile phones.

• 77% of mobile phones are internet-enabled.

• 53% of mobile phone owners with bank accounts use mobile banking.

As consumers and banks have increased online interactions, enforcement of regulations governing those relationships has multiplied. One recent example evidences the challenges and serves as a warning to banks utilizing online platforms.

A Cautionary Tale

A year ago, the enforcement arm of the Federal Communications Commission (“FCC”) issued a Citation and Order (“Order”) to First National Bank (“FNB”). The Order was a formal notice to FNB that it violated the Telephone Consumer Protection Act (“TCPA”).

TCPA is federal law originally enacted twenty-five years ago. TCPA generally restricts practices associated with telephone solicitation. Congress enacted TCPA because consumers viewed receiving telephone calls with autodialed and prerecorded voice messages (“robocalls”) as a nuisance and invasion of privacy.

The FCC creates rules implementing TCPA and may enforce them. Two rules are pertinent. First, the rules prohibit making robocalls for telemarketing and advertising, unless the caller has prior express written consent of the party called. Second, the rules protect consumers from being forced to give consent unwillingly by prohibiting businesses from requiring consent as a condition of purchasing goods, services, or property.

The Order found FNB violated the second rule. Specifically, consumers using FNB’s online banking services were required to do so by accessing its website and enrolling through the internet. To register, consumers were required to accept FNB’s online banking services agreement.

One section of the agreement addressed telephone calls, emails, and text messages to the consumer. It initially required that, by providing a telephone number, the consumer consented to receiving telephone calls, text messages, email messages, and robocalls for “everyday business purposes” or “non-marketing purposes.” This did not violate TCPA.

But the agreement went further. It also required consumers to “consent to receiving text messages and emails … at that number for marketing purposes.” An identical requirement was similarly included in connection with FNB’s Apple Pay service. This latter agreement further provided that, if “at any time you revoke this consent, we may suspend or cancel your ability to use your Card in Apple Pay.” These violated TCPA.


These violations may seem technocratic and trivial. But they can have substantial consequences. While the FCC essentially warned FNB with the Order, it also threatened that any further violations may result in monetary forfeitures ranging from $16,000 to $112,500 per violation and/or each day of a continuing violation. The FCC further warned FNB that, in determining an appropriate future penalty, there could be an increase due to “any history of prior offenses.”

There is another – potentially more troubling – concern. If FNB had robocalled or sent text messages to consumers for marketing purposes under the mistaken belief it obtained appropriate prior express written consent through its online services agreement, FNB may have subjected itself to a class action lawsuit.

The TCPA authorizes private citizens to bring class actions against businesses that make unauthorized communications. The potential damages range from $500 to $1500 per unauthorized communication. Even a modest marketing campaign can result in thousands of unauthorized communications and millions of dollars in damages. To compound the problem, most insurance policies do not provide coverage for TCPA. Consequently, by doing little more than inserting one otherwise innocuous sentence into an online services agreement, FNB could have subjected itself to substantial liability, without insurance coverage. It unfortunately appears there are plaintiffs’ attorneys investigating this now.

Lessons Learned

Banks offering online platforms should review services agreements. Banks should ensure agreements (a) do not obligate customers to receive telephone calls or text messages in order to use banking services and (b) allow customers to opt-out of that portion of any agreement. If possible, banks should obtain separate, prior express written consent before sending marketing communications. The consent should be in writing, signed, identify the receiving telephone number, and authorize telephone calls, robocalls, and text messages. It should also contain a disclosure stating that: (a) by executing the agreement, the customer authorizes the caller to deliver advertisements or telemarketing messages via telephone calls, robocalls, and text messages; and (b) the customer is not required to sign or enter the agreement as a condition of purchasing any property, goods, or services.