Below is a recap of the essential regulatory updates for contact compliance professionals for November.  

This is a marketing blog and is not intended, nor should it be interpreted, as legal advice. Please seek legal counsel for full interpretations of all rules and laws outlined in this blog. 

National DNC Registry Back Online After Shutdown, Gryphon AI Ensured Full Client Protection  

The federal government shutdown from October 1 to November 13, pausing key FTC operations including access to the National Do Not Call Registry, SAN renewals, and Federal DNC complaint intake. Donotcall.gov is active again, and a National DNC Registry file refresh was available on November 14. With federal funding only secured through January 30, 2026, these systems remain vulnerable to future outages.  

Gryphon AI clients remained fully protected throughout the shutdown. We maintained the most recent National DNC Registry file, ensured continued scrubbing accuracy, and monitored all affected datasets. Third-party sources such as RND and Ported Wireless remained stable. Gryphon AI will continue to safeguard compliance and keep clients informed. Continued compliance is crucial; as a reminder, penalties can be up to $50,120 per illegal call. 

FCC Recalibrates TCPA Framework in Adopted Call Branding NPRM, Preserves iDNC and Revocation Protections 

Following our October 2025 Regulatory Report, the FCC’s adopted Call Branding NPRM (adopted on October 28, 2025) takes a more measured approach than the FNPRM preview suggested. While the Commission signaled its intent to modernize outdated rules, the final adopted NPRM reflects a willingness to slow down and re-examine several provisions with real TCPA impact. 

Call Abandonment

The FNPRM proposed eliminating the 15-second/4-ring minimum and the 3% abandonment cap. The adopted NPRM does not finalize these changes and instead pauses the proposal for further evaluation. The Commission indicates it requires additional analysis on potential consumer impact before altering long-standing abandonment standards. 

Caller ID/Rich Call Data (RCD)

The FNPRM encouraged a broad RCD expansion. The adopted NPRM steps back, acknowledging operational variability raised in filings by ACA and ARM-Industry commenters. The FCC will collect more data before mandating uniform RCD adoption. 

Originating-Provider Verification

What began as sweeping verification obligations now shifts toward practical accuracy improvements. The Commission is seeking further comment rather than imposing immediate top-to-bottom verification reforms. 

Company-Specific DNC (iDNC)

Perhaps the most significant reversal, the FNPRM aimed to eliminate iDNC; however, the adopted NPRM sends it back for re-evaluation. NCLC’s Ex Parte argued that removing iDNC would weaken consumer control, an argument the FCC clearly took seriously. 

Foreign Call Identification

The concept remains active, but the FCC is pausing implementation to evaluate operational feasibility and ensure carriers can execute the requirement consistently. 

Consent Revocation (“Revoke All”) 

The FNPRM proposed eliminating the long-standing “revoke-all” requirement, which obligates callers to apply a consumer’s opt-out request across all marketing numbers and campaigns for that entity. The adopted NPRM does not move forward with that deletion. Instead, the FCC sends the provision back for further review, acknowledging that revocation plays a central role in TCPA compliance and consumer control. For now, “revoke-all” remains intact while the Commission evaluates whether modification, not elimination, better aligns with consumer protection goals.

Bottom Line 

The FCC is recalibrating, not retreating. The adopted Call Branding NPRM raises scrutiny on identity accuracy, DNC integrity, and consent alignment, even as several FNPRM proposals move into reconsideration rather than immediate rule changes. For outbound callers, the compliance risk is direct: identity accuracy now drives TCPA exposure, and gaps in attestation, branding, revocation handling, or iDNC processes will invite blocking, labeling, and audit scrutiny. The framework is shifting more slowly than anticipated, but the Commission’s expectations are tightening all the same. 

See Commissioner Trusty’s, Commissioner Gomez’s, and Chairman Carr’s statements on the matter. 

FCC FNPRM Requests Input on Expanded Caller-ID Verification and STIR/SHAKEN Obligations 

Issued on October 29, 2025, the Federal Communications Commission’s (FCC) FNPRM on Caller Identity (FCC 25-73A1) seeks comment on expanded caller-ID authentication requirements across originating, intermediate, gateway, and terminating providers. The proposal strengthens STIR/SHAKEN obligations, tightens identity validation at call origination, and directs terminating carriers to display verified caller name and Rich Call Data (RCD) for calls carrying A-level attestation. 

The multifaceted proposal signals a significant increase in carrier responsibility: higher verification workloads, stricter limits on legitimate spoofing, end-to-end authentication data transmission, and increased exposure during traceback. For carriers, gaps in identity metadata, attestation of inconsistencies, or incomplete verification processes will translate into direct regulatory vulnerability. 

The compliance-risk hook is clear: outbound calls that cannot meet the authentication expectations outlined in the FNPRM may be blocked, mislabeled, or flagged across networks, regardless of intent. Marketing teams relying on unauthenticated or poorly branded caller IDs will see degraded reach and greater scrutiny around consent alignment, while consumers gain stronger protections against caller-ID manipulation as the FCC evaluates industry feedback. 

Comment Date is 30 days after Federal Register publication. 

Collections Corner: Key Updates on Evolving Debt Collection & Contact Compliance Rules 

CFPB Funding in Doubt 

The Consumer Financial Protection Bureau’s (CFPB) funding model is in critical jeopardy. The Bureau recently notified the court that it can no longer draw funds from the Federal Reserve (Fed) because the Fed has no reported “combined earnings” on the statutory basis under Dodd-Frank (see OLC analysis). 

With the debt-collection industry increasingly relying on telemarketing and texting, this funding uncertainty comes at a risky moment. Regulatory oversight could shrink just as outreach via automated calls, texts, and dynamic dialers is exploding. Industry sources highlight the CFPB’s funding may be exhausted by early 2026, raising questions about its future enforcement strength. 

Message for creditors and collectors: don’t count on regulatory relief. Even if the CFPB pulls back, the Telephone Consumer Protection Act (TCPA) and the Fair Debt Collection Practices Act (FDCPA) remain fully active – and states will fill the enforcement gap. Meanwhile, the FTC is signaling a return to broader consumer-finance oversight under its historically expansive jurisdiction, albeit with fewer resources. Compliance risks still persist, and documented consent, opt-out tracking, audit trails for automation, vendor oversight, and readiness for FTC enforcement should be cornerstones of your compliance imperatives. 

“Initial Communications” and Texting   

As featured by ACA International, the “initial communication” requirement under the FDCPA applies the moment a collector first reaches a consumer, including text messages. Under Regulation F, a text message can constitute an initial communication, triggering the obligation to deliver a validation notice or send it within five days. The Federal Register version of Reg F further requires that each electronic message include simple, clear opt-out instructions. 

Recent industry analysis highlights that texting continues to expand as a primary outreach channel for collectors in 2025, but with heightened scrutiny around consent and revocation. Collectors must ensure audit-ready logs for consent, timing, and disclosures – particularly when the first touchpoint is SMS. 

Former CFPB Officials Join Advocacy Group: Protect Borrowers 

A new litigation initiative is emerging as a counterweight to declining federal consumer-finance enforcement. Protect Borrowers has launched a national strategic litigation project led by three former senior CFPB enforcement officials, Eric Halperin, Cara Petersen, and Tara Mikkilineni, who will serve as senior fellows guiding circuit-wide impact cases. Their mandate is explicit: address abusive corporate practices through private and state-level litigation as federal oversight becomes more uncertain. 

Simultaneously, Law360 highlights how the FTC is repositioning itself to assume a greater share of consumer-finance oversight, even with more limited enforcement authority than the CFPB. 

For debt collectors, lenders, and any organization using outbound calls or texting, this means compliance exposure is shifting, not diminishing. Regulatory risk now comes from multiple fronts: state AGs, private plaintiffs, advocacy-driven legal strategies, and an FTC exploring expanded jurisdiction. Documented consent, disclosure discipline, and clean audit trails remain essential as enforcement becomes increasingly decentralized. 

Canada Bank Will Pay $37,000 for 100+ Calls After Notice Provided 

According to this Undertaking issued by Consumer Protection BC, the Bank of Nova Scotia (dba ScotiaBank) has been fined for continued calling after a consumer told them several times to communicate with their lawyer only.  

The repeated calls violate Section 154 of the Business Practices and Consumer Protection Act. The timeframe for which the calls occurred and the amount of the original debt are unknown at this time. 

The Vancouver Sun states: “Scotiabank has been ordered to pay $3,500 to cover the costs of the investigation and to pay $33,900 to a consumer education fund. The bank will also update its policies and ensure staff are trained on best practices with debt collection.” 

YouMail Report: October 2025 Robocalls Continue Downward Trend 

According to the YouMail Inc. Robocall Index, U.S. consumers received an estimated 3.7 billion robocalls in October 2025, which represents the lowest volume since December 2023. This volume reflects a continuing downward trend, showing a 7.7% drop month-over-month and a significant 24% drop year-over-year, marking the seventh consecutive monthly decline since robocalls peaked in April. 

 

YouMail defines a robocall as any call detected through its network as being automated, using audio fingerprints, call-pattern analytics, and user reports, and includes both legitimate automated calls and illegal scam or telemarketing calls. 

In contrast, as highlighted in our October 2025 Regulatory Report, the U.S. Public Interest Research Group (PIRG) reports spam robocalls reached a six‐year high in 2025, up roughly 20% year-over-year. 

PIRG defines a robocall as an unwanted or illegal automated call reported by consumers, primarily drawn from FCC, FTC, and state complaint data, focusing on scam, impersonation, and telemarketing calls rather than all automated call volumes. 

To clarify, the contradiction stems from different methodologies: YouMail measures the total call volume captured via its network, while PIRG focuses on consumer‐reported scam/telemarketing calls.  

While YouMail tracks billions of calls per month, PIRG highlights harmful, high‐risk traffic patterns. For compliance teams, the takeaway is clear: even as overall volume may dip, escalating scam and telemarketing threats remain – and organizations must maintain blocking, reporting, and mitigation controls. 

For more insights, check out YouMail stats here for gripping tidbits like Top Affected Areas Nationwide by city (Atlanta is #1 in October), Area Code (Atlanta, 404), and State (Texas wins overall in October). 

State Summary Legislation Recap: New Activity in Texas, Michigan, and More

Reminder:

• Oregon HB 3865 is effective January 1, 2026
• Virginia SB 1339 is effective January 1, 2036

Texas SB140 – Effective September 1, 2025

In response to this legislation, Ecommerce Innovation Alliance (EIA), Flux Footwear, and Postscript took legal action, arguing that SB140’s registration and compliance requirements unfairly burden businesses engaged in consent-based text marketing.  

The case ended with a clarification from the Texas Attorney General, stating: 

• The definition of “telephone solicitation” has been expanded to include text messages (see below) 
• Businesses deploying consent-based text messages are exempt from registration and disclosure rules under Chapter 302 of the Texas law 
• New requirements (e.g. bonding, etc.) may not be necessary with documented and confirmed consent. 
• Once again, consent is king! 

 

See more here. 

Michigan 

A 5-bill “tie-bar” package includes SB 351, SB 352, SB 353, SB 354, and SB 355: 

• The proposed Telephone Solicitation Act targets unfair robocalls, strengthens Do Not Call compliance, requires consent signatures for automated calls and texts, sets clearer ID rules, and increases penalties 
• The bill has drawn industry concern over litigation risk and compliance burdens; EIA is also challenging this legislation, stating that if passed, “Michigan would become one of the strictest SMS telemarketing regimes in the country” 
• See Summary Bill Analysis issued on 10/21/2025 and introduced into the Committee same day 

Other bills: 

• Florida SB 134: Introduced on 10/8/25, this bill revises definitions for “telephone solicitor” and “telephonic sales call” (calls, texts, and voicemail solicitations), exempts non-profits, adjusts conditions for awarding attorney fees and costs, and applies retroactively to existing cases and statutory references. 
• Illinois HB 2435: Amends the Telephone Solicitations Act to update terminology from “automatic dialing and announcing” to “automatic telephone dialing system,” prohibits soliciting sales of goods or services in Illinois using automatic telephone dialing system without consent, removes limit on damages and clarifies enforcement provisions. Passed Senate Committee.  
• New Jersey SB 4739: Amends wiretapping law to require the consent of all parties before intercepting any wire, electronic, or oral communication. Passed Senate. 
• New York AB 9029: Establishes a statewide opt-out (“do not disturb”) registry for all channels (phone, text, email, direct mail & fax) and prohibits unsolicited marketing communications to Do Not Disturb registrations. Referred to Committee. 
• New York AB 1250: Amends New York’s General Business Law to prohibit unsolicited telemarketing sales calls to individuals in counties, cities, towns, or villages under a declared state of emergency or disaster emergency when such calls would interfere with emergency response efforts. Lasts no longer than two weeks and can be renewed for additional two-week periods if necessary. Passed Assembly. 
• New York SB 8470: Robocall Identification and Notification for Guarding Consumers Act (“RING Act”). Requires voice service providers to display the level of STIR/SHAKEN authentication on incoming calls to recipients in a way understandable by the general public and requires voice service providers to file annual reports with the public service commission. In Committee. 
• Ohio SB 224: Amends telemarketing law by replacing exemptions for certain voice service providers from the prohibition on providing substantial assistance or support to telemarketers who violate federal law with exemptions for certain telecommunications carriers. Passed Senate. 
• Oregon HB 3865:  Effective January 1, 2026, amends telemarketing law expanding telemarketing restrictions by limiting outreach to three calls or texts per consumer within a 24-hour period and shortening permissible contact hours to 8:00 a.m.- 8:00 p.m. It broadens the definition of “telephone solicitation” to include text messages, mandates accurate caller identification within the first ten seconds, and requires automated calls to provide a clear opt-out mechanism and disconnect promptly when the recipient hangs up. Violations are deemed unlawful trade practices, exposing businesses to civil penalties and heightened enforcement under Oregon’s consumer protection laws.  
• Pennsylvania SB 992: Amends telemarketing law to require registration for businesses making outbound solicitations or receiving inbound calls related to consumer goods purchases, restricts Sunday calls to between 9 a.m. and 7 p.m., revises telemarketing registration exemptions, requires prior express written consent for automated prerecorded or artificial voice calls, and prohibits falsifying caller ID information. Passed Senate. 
• Virginia SB 1339: Effective January 1, 2026, requires telephone solicitors to honor “STOP” or “unsubscribe” requests for 10 years, limits contact between 8:00 a.m. and 9:00 p.m., and mandates clear caller identification and opt-out options. Callers must disclose their identity & their entity at the start of each communication and avoid contacting individuals on the National Do Not Call Registry who have opted out. Both the seller and solicitor share liability for violations, increasing compliance risk for telemarketing and text-based outreach. 
• United States S 2666: Foreign Robocall Elimination Act. Requires the FCC to create a task force to address unlawful robocalls, focusing on international calls, and report findings and recommendations to Congress. Passed Senate Committee.  
• United States S 2495: Keep the Call Centers in America Act. Requires employers to publicly disclose when they move call centers or jobs overseas, making them ineligible for federal support, while also mandating that businesses inform customers of the physical location of their customer service representatives and the use of AI. Introduced. 

Keyword-Avoidance Litigation Escalates in 2025 

In 2025, “keyword-avoidance” lawsuits surged as courts clarified that consumers could revoke SMS marketing consent in any reasonable manner, not just with prescribed opt-out terms like STOP. The National Law Review notes plaintiffs increasingly succeed when businesses ignore natural-language revocations such as “don’t text me anymore,” arguing this violates the TCPA and the FCC’s broad revocation standard.

The Media & Privacy Risk Report similarly highlights post-McLaughlin cases where courts reject rigid keyword-only systems and emphasize totality-of-circumstances consent analysis.

Key 2025 cases involving text revocation disputes based on “keyword avoidance” or “alleged non-keyword opt out” 

• Rose v. 307 SW 2nd St LLC (Kemistry Nightclub), 0:25-cv-61339 (S.D. Fla.)
  • Issue: TCPA claim over marketing texts; allegations include improper handling of SMS opt-outs.
  • Outcome: Case is in early stages; no merits ruling yet.  
• Dudek v. Surf Clean Energy Inc., 2:25-cv-03621 (E.D.N.Y.)
  • Issue: TCPA texting case alleging unlawful continued messaging after attempted revocation.
  • Outcome: Filed June 30, 2025; litigation pending, no reported decision.  
• Gomez v. Gage Bowl Inc., 2:25-cv-05257 (C.D. Cal.)
  • Issue: TCPA suit over continued SMS contact; complaint asserts revocation attempts were ignored.
  • Outcome: Active case; last docket activity October 24, 2025, no merits ruling yet.  
• Ofek Gabai v. Tabs Labs LLC, 2:25-cv-04630 (C.D. Cal.)
  • Issue: TCPA texting claims, including disputed SMS consent/revocation.  
  • Outcome: Court issued an Order to Show Cause re dismissal for lack of prosecution; potential dismissal is procedural, not a merits decision on revocation.  
• Saul De La Torre v. American First Finance LLC, 2:25-cv-01447 (E.D. Cal.)
  • Issue: Plaintiff texted “cease and desist all communication” yet continued to receive texts.
  • Outcome: Early-stage litigation; no substantive ruling on what constitutes “reasonable” SMS revocation yet. 

The trend is unmistakable: systems that rely solely on rigid keywords face escalating TCPA exposure. Compliance now requires recognizing all natural-language opt-outs, logging revocations, and ensuring automated platforms respond to real-world phrasing, not idealized words or scripts. 

November Louisiana Holiday Update & December Holiday Solicitation Bans 

Louisiana Governor Declares 2025 State Holidays for November and December 

By Executive Proclamation, the Governor of the state of Louisiana declares the following dates as 2025 holidays, prohibiting unsolicited sales and marketing calls in observance of these proclamations: 

• Friday, November 28, 2025, in observance of Acadian Day. 
• Wednesday, December 24, 2025, in observance of Christmas Eve. 
• Friday, December 26, 2025, in observance of the Christmas holiday. 

Note: these proclamations are in addition to State Holidays already defined in the Louisiana Holiday Statute. 

See Acadian Day Proclamation, Christmas Eve & Day After Christmas, and Louisiana Holidays. 

Please be aware of the following U.S. holiday telephone solicitation bans for the month of December 2025: 

1. On December 24, 2025, Louisiana prohibits unsolicited sales and marketing calls to residents in observance of Christmas Eve. 
2. On December 25, 2025, Alabama, Louisiana, Nebraska*, Pennsylvania, Rhode Island, and Utah prohibit unsolicited sales and marketing calls to residents in observance of Christmas Day. 

Other holidays may be proclaimed by the Governor in each state throughout the year.  

*Nebraska does not prohibit calls on Sundays or legal holidays; however, it does restrict the use of prerecorded messages to 1 pm to 9 pm on these days (subject to certain exceptions). 

Please be aware of the following Canadian holiday telephone solicitation bans for the month of December 2025: 

1. On December 25, 2025, unsolicited sales and marketing calls to residents of British Columbia are prohibited in observance of Christmas Day. 

Gryphon AI has updated its existing service parameters to reflect these solicitation bans.

About Gryphon AI 

Staying updated with the latest regulatory changes is crucial for any enterprise aiming to minimize risk and maximize reach. Gryphon AI is the only automatic, real-time, intelligent contact compliance solution on the market that delivers compliant, real-time intelligence into every customer conversation.     

With Gryphon AI, enterprises can stay ahead of the regulatory curve and efficiently manage all regulatory changes, ensuring seamless compliance and operational excellence.     

To learn more about how Gryphon AI can help you manage these updates, reach out to us today.