Sinch is committed to maintaining a trusted messaging ecosystem that protects consumers, supports legitimate messaging programs, and meets the compliance expectations established by Mobile Network Operators (MNOs), industry associations, and applicable regulatory requirements.
This document defines the Sinch process for identifying, managing, communicating, remediating, and closing Messaging Compliance Incidents.
Sinch follows established industry compliance frameworks, including severity definitions, remediation timelines, Service Level Agreements (SLAs), and cure periods established by:
Cellular Telecommunications Industry Association (CTIA)
Mobile Network Operators (MNOs)
Canadian Telecommunications Association (CTA)
Canadian wireless carriers
Applicable messaging ecosystem standards
This framework applies to Sinch messaging products operating in the United States and Canada, including:
Short Code Messaging
Toll-Free Messaging
A2P Long Code Messaging
A2P 10DLC Messaging (United States)
RCS Messaging
Other sanctioned A2P messaging channels supported by Sinch
A Compliance Incident is any event where messaging activity, registration information, consent practices, traffic patterns, customer behavior, or messaging content may violate:
Carrier messaging requirements
CTIA or CTA industry standards
Sinch Acceptable Use Policy
Customer contractual requirements
Applicable laws and regulations
Compliance incidents may be identified through:
Carrier monitoring
Industry audits
Consumer complaint reporting
Spam reporting channels
Sinch Compliance Operations
KYT (Know Your Traffic) monitoring
Content and campaign review
Registration and consent validation
Sinch-initiated incidents carry the same operational importance as carrier or industry-initiated compliance actions.
Sinch utilizes the CTIA and MNO-defined severity framework as the baseline for US messaging compliance incidents.
The CTIA Short Code Monitoring Handbook severity model provides the foundation for severity classification, response expectations, remediation timelines, and cure periods.
| Severity | Definition | Examples | Required Response |
|---|---|---|---|
| Severity 0 | Critical compliance incident involving immediate consumer harm, fraud risk, abuse, or significant ecosystem impact | Phishing, fraud, malicious messaging, unauthorized traffic, significant consumer harm | Immediate action, possible suspension, investigation, RCA, carrier remediation |
| Severity 1 | High priority compliance issue requiring expedited correction | Significant policy violations, consent concerns, elevated complaint activity, campaign abuse | Immediate corrective action within defined cure period |
| Severity 2 | Compliance issue requiring remediation but limited immediate impact | Registration issues, content concerns, campaign health issues | Corrective action and monitoring |
| Severity 3 | Lower risk compliance observation | Minor issues, informational findings, best practice gaps | Notification and remediation guidance |
Sinch Canada follows a similar compliance incident methodology aligned with Canadian carrier expectations, CTA guidance, and Canadian messaging ecosystem practices.
Canadian compliance actions utilize comparable severity concepts and remediation requirements.
For Canadian Short Code programs, the enforcement approach follows the notification and remediation framework outlined by Canadian industry guidance.
Canadian severity classifications are maintained separately:
| Severity | Definition | Examples | Required Response |
|---|---|---|---|
| Severity 1 | Critical compliance incident requiring immediate intervention | Fraud, phishing, malicious messaging, significant unauthorized traffic, consumer harm | Immediate containment, investigation, corrective action, possible suspension |
| Severity 2 | High priority compliance issue requiring timely remediation | Consent concerns, campaign violations, elevated complaints, unacceptable traffic patterns | Corrective action within required remediation period |
| Severity 3 | Compliance concern requiring correction | Registration issues, content concerns, campaign health degradation | Remediation plan and monitoring |
| Severity 4 | Informational or lower-risk issue | Minor findings, administrative gaps, recommendations | Notification and correction |
Although severity numbering differs between regions, Sinch aligns response actions based on risk and required remediation urgency.
| Business Impact | United States | Canada |
|---|---|---|
| Critical / Immediate Consumer Risk | Severity 0 | Severity 1 |
| High Risk Compliance Issue | Severity 1 | Severity 2 |
| Campaign Health Issue | Severity 2 | Severity 3 |
| Informational / Best Practice | Severity 3 | Severity 4 |
Upon identification of a potential Compliance Incident, Sinch Compliance Operations will:
Validate the reported activity
Identify impacted:
Customer
Brand
Campaign
Messaging product
Sending resources
Assign severity
Open a compliance ticket
Begin required remediation actions
The compliance ticket is the system of record for:
Incident details
Evidence
Communications
Customer actions
Remediation deadlines
Closure approval
These incidents require immediate action.
Examples include:
Fraudulent messaging
Phishing
Malicious content
Account compromise
Significant unauthorized messaging
Consumer harm
Upon receiving a Severity 0 notification from an MNO, CTIA or a Severity 1 from Canadian MNO or CTA:
Sinch will:
Notify the affected Partner, CSP, or Brand
Identify impacted messaging resources
Suspend or restrict traffic when required
Begin investigation
Collect evidence
Coordinate remediation
A Root Cause Analysis (RCA) may be required.
The Brand or Partner must:
Immediately stop offending activity
Investigate the cause
Provide requested evidence
Submit RCA documentation within the required timeframe
Implement corrective controls
RCA documentation should include:
Summary of incident
Root cause
Timeline
Impact assessment
Corrective actions
Preventative measures
Reactivation may require carrier approval. Not all incidents will qualify for unsuspension.
Sinch may identify critical incidents before escalation from a carrier.
Examples:
Fraud detection through KYT monitoring
Suspicious traffic patterns
Customer account compromise
Abuse indicators
Significant consent failures
Sinch may:
Suspend traffic
Restrict messaging resources
Require immediate remediation
Require RCA
Deprovision resources when necessary
Sinch may issue proactive compliance alerts when campaign health indicators require attention.
Examples:
Increasing opt-out rates
Elevated spam complaints
7726 / 7727 complaint signals
Content concerns
Consent concerns
Registration inconsistencies
Proactive Alerts require customer action but generally do not require RCA unless requested.
Consent-related concerns may trigger an Opt-In Consent Audit.
Audits may be initiated by:
CTIA
MNOs
CTA
Canadian carriers
Sinch Compliance Operations
Reviews may include:
Opt-in records
Messaging logs
Consent collection methods
Consumer interaction history
Opt-out handling
Required remediation may include:
Campaign updates
Consent process changes
Traffic restrictions
Additional verification
All compliance incidents are managed through Sinch ticketing workflows. See Process Documentation below.
Each ticket will contain:
Severity level
Incident description
Impacted resources
Required action
Cure date or remediation deadline
Supporting information
Closure criteria
Customers and partners are expected to provide timely responses and complete remediation actions.
An incident may be closed when:
Remediation is completed
Required documentation is provided
Compliance risk is addressed
Traffic behavior is verified
Monitoring confirms improvement
Closure does not remove ongoing compliance obligations.
Repeat or unresolved incidents may result in:
Increased monitoring
Additional restrictions
Suspension
Resource deprovisioning
Sinch Compliance Operations owns administration of this process.
Sinch reserves the right to take action necessary to protect:
Consumers
Carrier networks
Messaging ecosystems
Customers operating compliant messaging programs
This process will evolve as CTIA, CTA, MNO, and regulatory expectations change.
Learn how to get started with SMS by watching this step-by-step tutorial. The video explains the basics of SMS and shows you how easy it is to send your first message with Sinch:
Sign up to the Sinch Build Dashboard and get started today or take a look at the Sinch SMS Product page to learn more about our SMS products.