Hear Stuut chase cash! The agent doing $200M / mo in AI collections wants to chat.

Give Stuut a Ring

SMS dunning: TCPA-safe templates and cadence for AR teams

Ben Winter
CPO
Table of contents

See Stuut in action

Get a personalized demo of Stuut and see how it can help with AR automation.

Get started

TL;DR: SMS dunning delivers open rates near 98% compared to 37-42% for email, and your customers respond in seconds rather than hours. That speed is the opportunity. The risk is legal: every automated text to a mobile number without documented consent exposes your company to TCPA fines of $500 to $1,500 per message with no cap on aggregate damages. Compliant execution requires prior express consent, strict 8 AM to 9 PM local time windows, and opt-out language in every message. Written consent is the strongest best practice and may be required under some state laws. The six templates below work within those rules.

Dunning emails sit in spam folders while your DSO climbs. The average B2B email open rate sits between 36.7% and 42.35%, with click-through rates of 2% to 4%. SMS delivers open rates near 98% and gets responses in about 90 seconds, not 90 minutes. The challenge is executing SMS dunning without exposing your company to TCPA fines that can stack into six figures fast. This guide covers the exact rules, the cadence that works by aging bucket, and six copy-paste templates you can use today.

Why SMS dunning delivers higher open rates (and where it goes wrong)

The open rate gap: SMS vs. email

You can't ignore the numbers behind SMS dunning. SMS delivers an average response rate of 45% with a median response time of about 90 seconds, compared to 90 minutes for email. When your customers respond faster, you collect faster, and the impact shows directly in your Days Sales Outstanding (DSO).

For a portfolio of 100 to 500 accounts, the math is significant. Send 200 dunning emails today and roughly 80 will be opened, with fewer than 10 generating a reply. Send 200 dunning texts to customers who have given consent and you can expect closer to 90 responses, which directly affects how quickly overdue balances convert to cash. Our DSO improvement checklist covers the full process for lowering collection time, and SMS cadence sits near the top.

Channel Open rate Click-through rate / Response rate Avg. response time
Email 37–42% 2–4% (CTR) 90 minutes
SMS Up to 98% ~45% (response rate) ~90 seconds

TCPA compliance for SMS dunning

The Telephone Consumer Protection Act (TCPA) applies to text messages sent to mobile numbers using automated systems, and the Federal Communications Commission treats B2B collections texts with the same scrutiny as consumer messages. TCPA fines run $500 to $1,500 per violation, with higher fines for knowing or willful violations and no cap on aggregate damages. Sending 100 non-compliant texts could expose your company to $150,000 in liability.

Targeting accounts for SMS dunning

SMS works best on routine reminders and long-tail accounts your team doesn't have time to call, not on active disputes or complex deductions requiring negotiation. Many practitioners report that accounts in the 1 to 60 days past-due range often respond well to text, possibly because the payment delay is sometimes a clerical issue such as a wrong email address, a missed invoice, or a payment approver on leave. Accounts past 90 days typically need human judgment, a payment plan conversation, or formal escalation, and a text alone won't resolve those. Understanding why AR teams lose time chasing emails explains exactly why channel selection matters at each aging stage.

TCPA compliance requirements for collections texts

The FDCPA and Regulation F govern consumer debt collection by third-party debt collectors. If your AR team is collecting your own company's B2B commercial invoices in your own name, these rules generally do not apply at the federal level. Many B2B AR teams adopt FDCPA and Regulation F standards as best practice because they represent a defensible framework, and state laws may apply when the customer or personal guarantor is an individual (for example, California's RFDCPA covers commercial debt owed by sole proprietors). TCPA applies to any automated text sent to a mobile number regardless of creditor type. Review these practices with your legal or compliance team before implementing them.

Securing prior SMS consent

The TCPA requires prior express consent before you send automated texts to a mobile number. According to the FCC's consent definition, prior express consent is a clear agreement, written or oral, that indicates willingness to be contacted at a specific number. For collections texts sent via an automated system, implied consent is not sufficient under federal law. Oral consent or consent established by the customer providing their mobile number in the normal course of business may satisfy the federal standard, but written consent is the strongest best practice for collections and may be required under some state laws.

You need to gather explicit written consent with minimal friction. The most defensible approach for B2B collections is to add a checkbox to your credit application or master service agreement that specifically authorizes SMS communications related to accounts receivable. Capture the consent date, the method of capture, the specific number provided, and the company contact who authorized it. That documentation is your legal defense if a complaint is filed. For context on managing consent at scale across hundreds of accounts and multiple ERPs, the compliance tracking challenge compounds quickly without automation.

Required opt-out message wording

Every collections text must include a clear opt-out mechanism. Under FCC rules effective April 11, 2025, you must accept opt-out requests via any reasonable method, including "STOP," "quit," "end," "revoke," "cancel," or "unsubscribe" sent by text. You cannot designate a single exclusive opt-out method and refuse others. Once a customer sends any of those keywords, you have 10 business days to process the request and halt all outreach. You may send one final confirmation text acknowledging the opt-out, but it must contain no collection or promotional content.

Include an opt-out instruction in every message. A standard footer that works:

"Reply STOP to opt out."

Keep it short to preserve your 160-character message budget. But remember, if a customer opts out by any other reasonable means, such as an email or a phone call, you must honor that too.

TCPA-safe hours for SMS dunning

The FDCPA's 8 AM to 9 PM contact window is a consumer-debt rule that does not automatically bind first-party B2B creditors at the federal level, but it is widely adopted as best practice and may apply under state law when the customer or guarantor is an individual. Treat the recipient's local time zone as the reference point, not yours, to stay within those limits. If your AR team is in New York and you have a customer in California, a message sent at 6:30 PM Eastern (3:30 PM Pacific) is compliant. A message sent at 7:45 AM Eastern lands at 4:45 AM Pacific, which is a clear violation.

Tracking timezone compliance manually across hundreds of accounts is where spreadsheet-based SMS dunning breaks down. One miscalculated send time creates a per-message exposure, whether the basis is TCPA, state law, or a best-practice standard your legal team has adopted.

What to say in collections SMS

You'll get reliable delivery at 160 characters or fewer for most carriers. Beyond that limit, your message may split into multiple segments, which complicates opt-out compliance and increases cost. Regulation F sets electronic disclosure requirements for third-party consumer debt collectors, not for first-party B2B creditors collecting their own invoices. Nonetheless, many B2B AR teams adopt these standards as best practice: include your business name, a statement that you are contacting the recipient regarding an outstanding balance, and opt-out instructions in your initial text. Subsequent messages should include your business name and opt-out instructions at minimum.

Use a business name the customer will recognize, typically the name on their invoice or the name from prior communications. This is consistent with FDCPA identification standards adopted by many B2B teams as best practice, even where the federal rule does not directly apply.

Setting safe text limits for debt recovery

SMS dunning cadence by delinquency level

The Consumer Financial Protection Bureau's (CFPB) Regulation F sets no hard text frequency cap, but Section 1006.14(a) prohibits conduct whose natural consequence is to harass, oppress, or abuse. The CFPB's commentary makes explicit that texts, alone or combined with other contact types, can constitute harassment even without crossing a specific numerical threshold.

The following cadence maps text frequency to aging bucket and stays well within defensible limits based on general industry practice and the FDCPA harassment standard, which many B2B teams adopt as a best-practice benchmark even where the federal rule does not directly apply:

Aging bucket Suggested SMS frequency Tone
1–15 days past due 1 text Gentle reminder
16–30 days past due 1 text (plus email) Friendly follow-up
31–45 days past due 1 text Clear escalation
46–60 days past due 1 text (plus voice) Urgent request
61–90 days past due 1 text Final attempt
90+ days past due Human escalation recommended Formal notice

Note: These represent suggested frequencies based on general industry practice, not legal requirements. Adjust your actual cadence based on your customer relationships and internal policies.

TCPA-safe weekly text limits

General industry practice caps SMS dunning at one to two messages per week per account. For collections specifically, one text per aging milestone is a commonly recommended defensible approach. Sending multiple texts within the same week does not automatically create harassment risk. The CFPB's seven-in-seven presumption of harassment under 12 CFR § 1006.14(b) applies exclusively to telephone calls and was written for third-party consumer debt collectors. It does not bind first-party B2B creditors at the federal level, but it provides a useful reference point for defensible frequency limits.

The CFPB explicitly declined to set any numeric cap for texts or emails in Regulation F. That rule targets third-party consumer collectors, but its general anti-harassment principle is widely adopted as a best-practice benchmark. High combined volume across all channels can still attract regulatory scrutiny or customer complaints. A pattern of daily texts risks being characterized as harassment under any standard your team or state law applies.

TCPA-safe: Required dunning pauses

Stop texting immediately under four conditions:

  1. STOP reply received: Process the opt-out within 10 business days and send no further collection texts to that number, per the FCC's updated opt-out rules.
  2. Written cease communication request: The FDCPA's cease-communication rule (FDCPA § 805(c) / 12 CFR 1006.6(c)) formally binds third-party consumer debt collectors, not first-party B2B creditors at the federal level. As a best practice, and to avoid UDAAP or state-law exposure, treat a written cease-communication request as requiring you to stop all further outreach except to confirm you are stopping or to notify the customer of a specific authorized next step.
  3. Dispute filed: The FDCPA validation period and overshadowing rules apply to third-party consumer debt collectors under federal law. As a best practice, pause automated outreach once a dispute is formally lodged and route the account to human review so the customer's dispute is addressed before further collection contact resumes.
  4. Attorney representation confirmed: The FDCPA's attorney-representation rule formally binds third-party consumer debt collectors. As a best practice, once a customer confirms legal representation, direct all further communications to the attorney rather than the customer directly.

6 ready-to-use SMS templates by collection stage

You already know how to talk to your customers. These templates give you compliant starting points that include the required legal elements while leaving room to adjust tone based on your relationship with each account. Replace [PHONE] with your AR department's direct line so customers can reach someone who knows their account, not a general switchboard.

Each template is designed to stay within 160 characters, includes required identification and opt-out language, and matches the appropriate tone for the aging stage.

Template 1: Initial SMS (1-15 days past due)

Use this for first outreach on an invoice that just crossed the due date. The tone stays neutral and assumes the delay is an oversight.

[CompanyName]: Invoice #[INV] for $[AMT] was due [DATE]. Pay now: [LINK].
Questions? Call [PHONE]. Reply STOP to opt out.

Why it works: It's designed to include your company name, the specific invoice reference, the amount, a payment link, and opt-out language. It assumes good faith on the customer's part, which protects the relationship at this early stage.

Template 2: Friendly follow-up (16-30 days past due)

At this stage, confirm the customer received the invoice before escalating tone. A missing or misdirected invoice accounts for a significant share of routine payment delays, as our analysis of why AR teams struggle with email confirms.

[CompanyName]: Following up on Invoice #[INV] ($[AMT]), now 16+ days overdue.
Did you receive it? Reply or pay: [LINK]. Reply STOP to opt out.

Why it works: "Did you receive it?" invites a response that either confirms receipt or surfaces a document delivery problem your team can resolve immediately.

Template 3: Escalation notice (31-45 days past due)

Shift tone here. The account has had two contacts and the invoice is now past the 30-day mark, which begins to drag DSO in a meaningful way.

[CompanyName]: Invoice #[INV] ($[AMT]) is now 31+ days overdue. Please confirm
payment status or contact us: [PHONE]. Pay: [LINK]. Reply STOP to opt out.

Why it works: "Please confirm payment status" requires a concrete response, either a payment date or a reason for delay. That response either resolves the balance or tells you which accounts need a human call.

Template 4: Urgent payment request (46-60 days past due)

At 46 days, the account is approaching the territory where it affects aging reports and may trigger an account review. The message reflects that reality without making a threat.

[CompanyName]: Invoice #[INV] ($[AMT]) is 46+ days past due and under account review.
Please pay today: [LINK] or call [PHONE]. Reply STOP to opt out.

Why it works: "Under account review" is accurate and signals escalating consequences without crossing into threatening language. Avoiding implied threats you cannot follow through on is sound practice under any standard, including FDCPA harassment rules that many B2B teams adopt as a benchmark.

Template 5: Final attempt (61-90 days past due)

This is a near-final SMS attempt before the account moves to formal escalation. Keep it brief and direct. The goal is one last self-service payment opportunity before involving senior staff.

[CompanyName]: FINAL NOTICE - Invoice #[INV] ($[AMT]) is 61+ days overdue.
Pay now to avoid escalation: [LINK]. Call [PHONE]. Reply STOP to opt out.

Why it works: "Final notice" accurately describes the stage and creates urgency without implying a legal threat that hasn't been authorized. It gives the customer one clear action to take.

Template 6: Prevent service disruption

Use this template when a credit hold or service suspension is an authorized next step for accounts at 61 to 90 days. Send this only if your policy actually supports the action described, because threatening an action you can't take violates FDCPA Section 807.

[CompanyName]: Invoice #[INV] ($[AMT]) remains unpaid. Service disruption may occur
within 5 business days. Pay now: [LINK]. Call [PHONE]. Reply STOP to opt out.

Why it works: Stating a specific consequence tied to a specific timeline is compliant as long as the consequence is real and authorized. Use this template only if your policy actually supports the action described, because threatening an action you cannot follow through on is deceptive, and this standard is reflected in FDCPA Section 807, which many B2B teams adopt as a best-practice benchmark even where the federal rule does not directly apply.

These templates handle the routine volume, but your expertise determines when to escalate, when to call instead of text, and when an account needs a custom approach. Autonomous execution works because you set the strategy and the AI runs it.

Your plan for TCPA-protected payment texts

Initial TCPA consent for SMS dunning

You need to gather consent with minimal friction at the right moment. The most defensible options for B2B collections are:

  1. Credit application checkbox: Add an explicit consent field that specifies the types of texts the customer will receive (payment reminders, invoice notifications) and the number to be contacted.
  2. Master service agreement clause: Include an SMS communication clause with a field for the customer to provide and confirm their mobile number.
  3. Customer portal confirmation: If customers log into an AR portal like Ariba or Coupa, add a consent confirmation during onboarding.

Capture the consent date, the method used, the specific number provided, and the company contact who authorized it. That audit trail is your primary defense if a TCPA complaint is filed.

Integrating SMS with email and calls

You'll get the best results when you use SMS as one layer in a multi-channel cadence, not as a standalone channel. A practical sequence looks like this:

  • Day 1: Email with invoice attachment for formal documentation and audit trail
  • Day 5: SMS reminder with payment link, taking advantage of high open rates
  • Day 15: Voice call for accounts with no email or SMS response
  • Day 25: SMS escalation for accounts with no resolution after the call
  • Day 35+: Human escalation for disputes or payment plan conversations Stuut's AI agent picks the right channel based on each customer's communication history and the urgency of the aging stage. Customers who consistently respond to SMS get SMS. Customers who have historically responded only to phone calls get routed to voice first. That contextual decision-making lets the agent personalize outreach instead of defaulting to static template sequences. For a direct comparison of how this differs from legacy platforms, see our Stuut vs. Versapay comparison.

Stuut connects to SAP, Oracle, NetSuite, and Dynamics via API and typically completes integration without modifying your enterprise resource planning (ERP) configuration. From go-live, the platform is designed to handle channel selection based on customer history and urgency, so your team can focus on escalations and complex disputes while the AI covers routine volume.

Avoiding TCPA penalties: Consent logs

Your audit trail for SMS dunning must capture five data points per account:

  1. Consent record: Date, method, and specific number the customer consented to
  2. Message log: Timestamp, content, and delivery status for every text sent
  3. Response log: Customer replies, including opt-out requests and their receipt timestamps
  4. Opt-out processing record: Date the opt-out was processed and confirmation that outreach stopped
  5. Exception notes: Account-level flags such as dispute filed, attorney representation notified, or cease communication letter received

Stuut gives your AR team a real-time dashboard showing all customer interactions, including SMS exchanges, so your team has visibility into the full communication history for each account. Bishop Lifting, an industrial equipment distributor managing 5,000 active accounts across 45 branches, saw 91% of outbound communications automated after deploying Stuut, with a 35% reduction in overdue receivables and $3M in working capital improvement. That result reflects what happens when a compliant, autonomous system covers the routine volume that manual processes can't reach consistently.

Book a demo with the team to see Stuut's compliant, multi-channel SMS collections in action.

FAQs

What qualifies as prior express consent for SMS dunning?

Prior express consent is a clear agreement, written or oral, by the customer to receive automated texts at a specific mobile number. For B2B collections, written consent captured on a credit application or MSA clause, naming the specific types of messages the customer will receive, provides the strongest legal defense.

Do TCPA hour restrictions apply on weekends?

The FDCPA's 8 AM to 9 PM contact restriction and "known to be inconvenient" prohibition formally apply to third-party consumer debt collectors, not to first-party B2B creditors collecting their own invoices at the federal level. However, these standards are widely adopted as best practice by B2B AR teams and may apply under state law when the customer or guarantor is an individual. Apply them every day of the week, including weekends, to stay within a defensible framework.

How quickly must a STOP reply be processed?

Under FCC rules effective April 11, 2025, you have 10 business days to honor the opt-out request. You may send one confirmation text acknowledging the opt-out, but it must contain no collection or promotional content.

What is the ideal gap between SMS dunning messages?

One text per aging milestone is the most defensible cadence. Regulation F and CFPB commentary on frequency formally govern third-party consumer debt collectors, not first-party B2B creditors at the federal level. The underlying principle, that high contact frequency can constitute harassment, is still a useful benchmark for any B2B team to apply. Most practitioners cap SMS at one to two messages per week per account.

Can I send SMS to customers who haven't explicitly opted in?

Not safely. Even if B2B communications fall outside certain TCPA definitions after the narrowed ATDS definition established in Facebook v. Duguid, the safest practice is to treat any automated SMS as requiring prior express consent. Document consent explicitly during onboarding to maintain a defensible audit trail.

Key terms glossary

CFPB (Consumer Financial Protection Bureau): A federal agency that enforces consumer financial protection laws, including Regulation F governing debt collection practices. Issues commentary on FDCPA compliance and harassment standards. CFPB rules such as Regulation F formally govern third-party consumer debt collectors; B2B first-party creditors collecting their own commercial invoices are generally not subject to these rules at the federal level, though many adopt them as best practice.

TCPA (Telephone Consumer Protection Act): A federal law governing automated phone calls and text messages to mobile numbers. Violations carry statutory damages of $500 to $1,500 per message.

FDCPA (Fair Debt Collection Practices Act): A federal law that prohibits harassment, false statements, and unfair practices in debt collection, including restrictions on contact timing and frequency. The FDCPA applies to third-party debt collectors collecting consumer debt. B2B companies collecting their own commercial invoices in their own name are generally not subject to the FDCPA at the federal level, though state laws may extend similar protections and many AR teams adopt FDCPA standards as best practice.

Regulation F: The CFPB's rule implementing the FDCPA for electronic communications, covering how debt collectors may use email and text messages and what disclosures those messages must include. Regulation F implements the FDCPA for electronic communications and formally applies to third-party consumer debt collectors. First-party B2B creditors are generally outside its scope at the federal level but often treat its disclosure and frequency standards as a best-practice baseline.

ATDS (Automated Telephone Dialing System): Equipment that can store or produce telephone numbers to be called using a random or sequential number generator. Post-Facebook v. Duguid, the legal definition is narrowed, but prior express consent remains best practice for any automated SMS platform.

Prior express consent: A clear agreement by the recipient authorizing automated contact at a specific number. Written consent captured on a credit application or MSA provides the strongest legal defense for B2B collections.

ERP (Enterprise Resource Planning): Business management software that integrates core processes including accounting, inventory, and order management. Stuut connects to ERPs like SAP, Oracle, NetSuite, and Dynamics via API to read invoice data and write cash application entries without modifying the ERP configuration.

DSO (Days Sales Outstanding): The average number of days it takes to collect payment after a sale. SMS dunning at the right cadence reduces DSO by accelerating customer responses on overdue invoices.

Opt-out: A customer's request to stop receiving automated texts, sent via "STOP" or any other reasonable method. Businesses must process opt-outs within 10 business days under current FCC rules.

Aging bucket: A classification of outstanding invoices by days past due. Standard AR reporting uses four bands (0-30, 31-60, 61-90, 90+), but SMS dunning cadence benefits from tighter sub-bands (1-15, 16-30, 31-45, 46-60, 61-90, 90+) so tone and frequency can be calibrated more precisely as an invoice ages. Each sub-band warrants a different SMS tone and escalation path.

Dunning: The process of systematically contacting customers to collect on outstanding invoices, progressing in tone and urgency as the balance ages.

Ben Winter

CPO

Ben brings over a decade of go-to-market and operations expertise to building AR automation that actually works. He was VP Marketing at Fairmarkit (where he met Tarek) and GTM executive at Waldo before co-founding Stuut. He focuses on operations, product, and marketing—ensuring the platform integrates seamlessly with existing ERP systems and delivers results in days rather than months.

Frequently asked questions  about DSO

Is a higher or lower DSO better?
Lower is better because it means cash reaches your account faster. A DSO of 35 days is better than 55 days if your payment terms are the same.
Does DSO include current AR?
Yes. DSO reflects the total dollar amount you're owed from outstanding invoices, including invoices that aren't yet due.
How does bad debt affect DSO?
Writing off bad debt reduces your AR balance, which artificially lowers DSO even though no cash was collected. Ensure your AR figure is net of bad debt reserves for accurate measurement.
Should I calculate DSO monthly or annually?
Both. Annual DSO tracks long-term trends, while monthly DSO helps you spot process problems quickly and take corrective action before they compound.
What's the difference between DSO and CEI?
DSO measures collection speed in days. CEI measures collection quality as a percentage. A company can have low DSO but poor CEI if they're writing off accounts aggressively.
Can I reduce DSO without upsetting customers?
Yes. Proactive communication before due dates, helpful reminders, and fast dispute resolution improve customer experience while accelerating payment.

Related posts

Setup time to learn more