Mobile App Advertising and CAN-SPAM

courtesy of Compliance Alliance

It seems more and more of our members are putting out their own mobile applications, or “apps” as they’re more commonly known, for banking. These “apps,” which can be downloaded directly to a mobile device, enable users to do everything from check balances to make funds transfers and deposit checks. We’ve noticed that many of our members are taking the advantage of the margins or small spaces within their mobile app screens to display commercial messages in the form of banners or ‘pop-up’ advertisements. Outside the standard Reg DD/E/Z and UDAAP concerns, would any other laws come into play to restrict this type of advertising? The answer may surprise you.

In 2003, Congress passed the CAN-SPAM Act, which was designed to limit the exponentially increasing flow of commercial messaging done via e-mail. Passed in an era where the very idea of mobile apps (let alone mobile devices) was still science fiction, the law both restricts and establishes certain requirements for any commercial message sent to an “electronic mail address,” which the Act defines as, “a destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the "local part") and a reference to an Internet domain (commonly referred to as the "domain part"), whether or not displayed, to which an electronic mail message can be sent or delivered.”

While at first glance this unwieldy definition seems to just cover what we all think of as an e-mail address—something like—the devil may lie in the details. First of all, the definition makes frequent use of the word “commonly,” indicating that the aforementioned is simply an example, and not the only type of “electronic mail address” that is possible. Second, the unique username/mailbox and Internet domain components are broad and arguably apply to many different forms of electronic communication today, including texting and even movie streaming. Finally, the last part of the definition is meaningless because it says an e-mail address is a destination where “an electronic mail message can be sent or delivered,” but the Act only defines “electronic mail message” as “a message sent to a unique electronic mail address.”

You might see where we’re going with this. It’s entirely possible that an overzealous auditor or examiner could consider the CAN-SPAM Act’s broad definition of “electronic mail address” to encompass many modern technologies, including mobile apps. Consequently, banks should be on guard when it comes to doing any kind of banner, pop-up, or margin advertising within their mobile app windows. In order to protect against any possible CAN-SPAM criticism, a financial institution could, for example, make sure that a physical address for the bank is always present in the footer of the mobile app, and also could include in the footer a message that any banners within the app are advertisements. Additionally, a bank could provide its mobile app users an obvious way to ‘opt out’ of seeing any advertising or banners within the software.

Should you have any compliance questions about advertising in mobile apps or other software-based-platforms your financial institution may be using, remember to reach out to us on the Hotline at: or (888) 353-3933!

Founded in 2011, Compliance Alliance is the only banking industry compliance resource that is owned, operated and managed by 30 State Bankers Associations. Based on the needs of community bankers, Compliance Alliance provides its members an all-inclusive set of bank compliance tools and services that help them stay up-to-date with consumer and regulatory requirements.