cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Purpose

 

Sinch is committed to maintaining a trusted messaging ecosystem that protects consumers, supports legitimate messaging programs, and meets the compliance expectations established by Mobile Network Operators (MNOs), industry associations, and applicable regulatory requirements.

 

This document defines the Sinch process for identifying, managing, communicating, remediating, and closing Messaging Compliance Incidents.

 

Sinch follows established industry compliance frameworks, including severity definitions, remediation timelines, Service Level Agreements (SLAs), and cure periods established by:

  • Cellular Telecommunications Industry Association (CTIA)

  • Mobile Network Operators (MNOs)

  • Canadian Telecommunications Association (CTA)

  • Canadian wireless carriers

  • Applicable messaging ecosystem standards

This framework applies to Sinch messaging products operating in the United States and Canada, including:

  • Short Code Messaging

  • Toll-Free Messaging

  • A2P Long Code Messaging

  • A2P 10DLC Messaging (United States)

  • RCS Messaging

  • Other sanctioned A2P messaging channels supported by Sinch


Compliance Incident Definition

 

A Compliance Incident is any event where messaging activity, registration information, consent practices, traffic patterns, customer behavior, or messaging content may violate:

  • Carrier messaging requirements

  • CTIA or CTA industry standards

  • Sinch Acceptable Use Policy

  • Customer contractual requirements

  • Applicable laws and regulations

Compliance incidents may be identified through:

  • Carrier monitoring

  • Industry audits

  • Consumer complaint reporting

  • Spam reporting channels

  • Sinch Compliance Operations

  • KYT (Know Your Traffic) monitoring

  • Content and campaign review

  • Registration and consent validation

Sinch-initiated incidents carry the same operational importance as carrier or industry-initiated compliance actions.


United States Compliance Incident Severity Framework

Sinch utilizes the CTIA and MNO-defined severity framework as the baseline for US messaging compliance incidents.

 

The CTIA Short Code Monitoring Handbook severity model provides the foundation for severity classification, response expectations, remediation timelines, and cure periods.

 

Severity Definition Examples Required Response
Severity 0 Critical compliance incident involving immediate consumer harm, fraud risk, abuse, or significant ecosystem impact Phishing, fraud, malicious messaging, unauthorized traffic, significant consumer harm Immediate action, possible suspension, investigation, RCA, carrier remediation
Severity 1 High priority compliance issue requiring expedited correction Significant policy violations, consent concerns, elevated complaint activity, campaign abuse Immediate corrective action within defined cure period
Severity 2 Compliance issue requiring remediation but limited immediate impact Registration issues, content concerns, campaign health issues Corrective action and monitoring
Severity 3 Lower risk compliance observation Minor issues, informational findings, best practice gaps Notification and remediation guidance

Canada Compliance Incident Severity Framework

 

Sinch Canada follows a similar compliance incident methodology aligned with Canadian carrier expectations, CTA guidance, and Canadian messaging ecosystem practices.

Canadian compliance actions utilize comparable severity concepts and remediation requirements.

 

For Canadian Short Code programs, the enforcement approach follows the notification and remediation framework outlined by Canadian industry guidance.

Canadian severity classifications are maintained separately:

 

Severity Definition Examples Required Response
Severity 1 Critical compliance incident requiring immediate intervention Fraud, phishing, malicious messaging, significant unauthorized traffic, consumer harm Immediate containment, investigation, corrective action, possible suspension
Severity 2 High priority compliance issue requiring timely remediation Consent concerns, campaign violations, elevated complaints, unacceptable traffic patterns Corrective action within required remediation period
Severity 3 Compliance concern requiring correction Registration issues, content concerns, campaign health degradation Remediation plan and monitoring
Severity 4 Informational or lower-risk issue Minor findings, administrative gaps, recommendations Notification and correction

US / Canada Severity Alignment

Although severity numbering differs between regions, Sinch aligns response actions based on risk and required remediation urgency.

Business Impact United States  Canada
Critical / Immediate Consumer Risk Severity 0 Severity 1
High Risk Compliance Issue Severity 1 Severity 2
Campaign Health Issue Severity 2 Severity 3
Informational / Best Practice Severity 3 Severity 4

Incident Intake and Validation

Upon identification of a potential Compliance Incident, Sinch Compliance Operations will:

  1. Validate the reported activity

  2. Identify impacted:

    • Customer

    • Brand

    • Campaign

    • Messaging product

    • Sending resources

  3. Assign severity

  4. Open a compliance ticket

  5. Begin required remediation actions

The compliance ticket is the system of record for:

  • Incident details

  • Evidence

  • Communications

  • Customer actions

  • Remediation deadlines

  • Closure approval


Severity 0 / Critical Incident Process (United States) & Severity 1 (Canada)

These incidents require immediate action.

Examples include:

  • Fraudulent messaging

  • Phishing

  • Malicious content

  • Account compromise

  • Significant unauthorized messaging

  • Consumer harm

 

Sinch Actions

Upon receiving a Severity 0 notification from an MNO, CTIA or a Severity 1 from Canadian MNO or CTA:

Sinch will:

  • Notify the affected Partner, CSP, or Brand

  • Identify impacted messaging resources

  • Suspend or restrict traffic when required

  • Begin investigation

  • Collect evidence

  • Coordinate remediation

A Root Cause Analysis (RCA) may be required.

 

Brand / Partner Responsibilities

The Brand or Partner must:

  • Immediately stop offending activity

  • Investigate the cause

  • Provide requested evidence

  • Submit RCA documentation within the required timeframe

  • Implement corrective controls

RCA documentation should include:

  • Summary of incident

  • Root cause

  • Timeline

  • Impact assessment

  • Corrective actions

  • Preventative measures

Reactivation may require carrier approval. Not all incidents will qualify for unsuspension.


Sinch-Initiated Critical Compliance Incidents - Severity 0

Sinch may identify critical incidents before escalation from a carrier.

Examples:

  • Fraud detection through KYT monitoring

  • Suspicious traffic patterns

  • Customer account compromise

  • Abuse indicators

  • Significant consent failures

Sinch may:

  • Suspend traffic

  • Restrict messaging resources

  • Require immediate remediation

  • Require RCA

  • Deprovision resources when necessary


Proactive Compliance Alerts

Sinch may issue proactive compliance alerts when campaign health indicators require attention.

Examples:

  • Increasing opt-out rates

  • Elevated spam complaints

  • 7726 / 7727 complaint signals

  • Content concerns

  • Consent concerns

  • Registration inconsistencies

Proactive Alerts require customer action but generally do not require RCA unless requested.


Opt-In Consent Audits

Consent-related concerns may trigger an Opt-In Consent Audit.

Audits may be initiated by:

  • CTIA

  • MNOs

  • CTA

  • Canadian carriers

  • Sinch Compliance Operations

Reviews may include:

  • Opt-in records

  • Messaging logs

  • Consent collection methods

  • Consumer interaction history

  • Opt-out handling

Required remediation may include:

  • Campaign updates

  • Consent process changes

  • Traffic restrictions

  • Additional verification


Customer Communication and Ticket Management

All compliance incidents are managed through Sinch ticketing workflows.  See Process Documentation below.

Each ticket will contain:

  • Severity level

  • Incident description

  • Impacted resources

  • Required action

  • Cure date or remediation deadline

  • Supporting information

  • Closure criteria

Customers and partners are expected to provide timely responses and complete remediation actions.


Incident Closure

An incident may be closed when:

  • Remediation is completed

  • Required documentation is provided

  • Compliance risk is addressed

  • Traffic behavior is verified

  • Monitoring confirms improvement

Closure does not remove ongoing compliance obligations.

Repeat or unresolved incidents may result in:

  • Increased monitoring

  • Additional restrictions

  • Suspension

  • Resource deprovisioning


Governance

Sinch Compliance Operations owns administration of this process.

Sinch reserves the right to take action necessary to protect:

  • Consumers

  • Carrier networks

  • Messaging ecosystems

  • Customers operating compliant messaging programs

This process will evolve as CTIA, CTA, MNO, and regulatory expectations change.

Featured Article
Version history
Last update:
‎07-07-2026 01:52 AM
Updated by: