

Get a personalized demo of Stuut and see how it can help with AR automation.
Dunning emails sit in spam folders while your DSO climbs. The average B2B email open rate sits between 36.7% and 42.35%, with click-through rates of 2% to 4%. SMS delivers open rates near 98% and gets responses in about 90 seconds, not 90 minutes. The challenge is executing SMS dunning without exposing your company to TCPA fines that can stack into six figures fast. This guide covers the exact rules, the cadence that works by aging bucket, and six copy-paste templates you can use today.
You can't ignore the numbers behind SMS dunning. SMS delivers an average response rate of 45% with a median response time of about 90 seconds, compared to 90 minutes for email. When your customers respond faster, you collect faster, and the impact shows directly in your Days Sales Outstanding (DSO).
For a portfolio of 100 to 500 accounts, the math is significant. Send 200 dunning emails today and roughly 80 will be opened, with fewer than 10 generating a reply. Send 200 dunning texts to customers who have given consent and you can expect closer to 90 responses, which directly affects how quickly overdue balances convert to cash. Our DSO improvement checklist covers the full process for lowering collection time, and SMS cadence sits near the top.
The Telephone Consumer Protection Act (TCPA) applies to text messages sent to mobile numbers using automated systems, and the Federal Communications Commission treats B2B collections texts with the same scrutiny as consumer messages. TCPA fines run $500 to $1,500 per violation, with higher fines for knowing or willful violations and no cap on aggregate damages. Sending 100 non-compliant texts could expose your company to $150,000 in liability.
SMS works best on routine reminders and long-tail accounts your team doesn't have time to call, not on active disputes or complex deductions requiring negotiation. Many practitioners report that accounts in the 1 to 60 days past-due range often respond well to text, possibly because the payment delay is sometimes a clerical issue such as a wrong email address, a missed invoice, or a payment approver on leave. Accounts past 90 days typically need human judgment, a payment plan conversation, or formal escalation, and a text alone won't resolve those. Understanding why AR teams lose time chasing emails explains exactly why channel selection matters at each aging stage.
The FDCPA and Regulation F govern consumer debt collection by third-party debt collectors. If your AR team is collecting your own company's B2B commercial invoices in your own name, these rules generally do not apply at the federal level. Many B2B AR teams adopt FDCPA and Regulation F standards as best practice because they represent a defensible framework, and state laws may apply when the customer or personal guarantor is an individual (for example, California's RFDCPA covers commercial debt owed by sole proprietors). TCPA applies to any automated text sent to a mobile number regardless of creditor type. Review these practices with your legal or compliance team before implementing them.
The TCPA requires prior express consent before you send automated texts to a mobile number. According to the FCC's consent definition, prior express consent is a clear agreement, written or oral, that indicates willingness to be contacted at a specific number. For collections texts sent via an automated system, implied consent is not sufficient under federal law. Oral consent or consent established by the customer providing their mobile number in the normal course of business may satisfy the federal standard, but written consent is the strongest best practice for collections and may be required under some state laws.
You need to gather explicit written consent with minimal friction. The most defensible approach for B2B collections is to add a checkbox to your credit application or master service agreement that specifically authorizes SMS communications related to accounts receivable. Capture the consent date, the method of capture, the specific number provided, and the company contact who authorized it. That documentation is your legal defense if a complaint is filed. For context on managing consent at scale across hundreds of accounts and multiple ERPs, the compliance tracking challenge compounds quickly without automation.
Every collections text must include a clear opt-out mechanism. Under FCC rules effective April 11, 2025, you must accept opt-out requests via any reasonable method, including "STOP," "quit," "end," "revoke," "cancel," or "unsubscribe" sent by text. You cannot designate a single exclusive opt-out method and refuse others. Once a customer sends any of those keywords, you have 10 business days to process the request and halt all outreach. You may send one final confirmation text acknowledging the opt-out, but it must contain no collection or promotional content.
Include an opt-out instruction in every message. A standard footer that works:
"Reply STOP to opt out."
Keep it short to preserve your 160-character message budget. But remember, if a customer opts out by any other reasonable means, such as an email or a phone call, you must honor that too.
The FDCPA's 8 AM to 9 PM contact window is a consumer-debt rule that does not automatically bind first-party B2B creditors at the federal level, but it is widely adopted as best practice and may apply under state law when the customer or guarantor is an individual. Treat the recipient's local time zone as the reference point, not yours, to stay within those limits. If your AR team is in New York and you have a customer in California, a message sent at 6:30 PM Eastern (3:30 PM Pacific) is compliant. A message sent at 7:45 AM Eastern lands at 4:45 AM Pacific, which is a clear violation.
Tracking timezone compliance manually across hundreds of accounts is where spreadsheet-based SMS dunning breaks down. One miscalculated send time creates a per-message exposure, whether the basis is TCPA, state law, or a best-practice standard your legal team has adopted.
You'll get reliable delivery at 160 characters or fewer for most carriers. Beyond that limit, your message may split into multiple segments, which complicates opt-out compliance and increases cost. Regulation F sets electronic disclosure requirements for third-party consumer debt collectors, not for first-party B2B creditors collecting their own invoices. Nonetheless, many B2B AR teams adopt these standards as best practice: include your business name, a statement that you are contacting the recipient regarding an outstanding balance, and opt-out instructions in your initial text. Subsequent messages should include your business name and opt-out instructions at minimum.
Use a business name the customer will recognize, typically the name on their invoice or the name from prior communications. This is consistent with FDCPA identification standards adopted by many B2B teams as best practice, even where the federal rule does not directly apply.
The Consumer Financial Protection Bureau's (CFPB) Regulation F sets no hard text frequency cap, but Section 1006.14(a) prohibits conduct whose natural consequence is to harass, oppress, or abuse. The CFPB's commentary makes explicit that texts, alone or combined with other contact types, can constitute harassment even without crossing a specific numerical threshold.
The following cadence maps text frequency to aging bucket and stays well within defensible limits based on general industry practice and the FDCPA harassment standard, which many B2B teams adopt as a best-practice benchmark even where the federal rule does not directly apply:
Note: These represent suggested frequencies based on general industry practice, not legal requirements. Adjust your actual cadence based on your customer relationships and internal policies.
General industry practice caps SMS dunning at one to two messages per week per account. For collections specifically, one text per aging milestone is a commonly recommended defensible approach. Sending multiple texts within the same week does not automatically create harassment risk. The CFPB's seven-in-seven presumption of harassment under 12 CFR § 1006.14(b) applies exclusively to telephone calls and was written for third-party consumer debt collectors. It does not bind first-party B2B creditors at the federal level, but it provides a useful reference point for defensible frequency limits.
The CFPB explicitly declined to set any numeric cap for texts or emails in Regulation F. That rule targets third-party consumer collectors, but its general anti-harassment principle is widely adopted as a best-practice benchmark. High combined volume across all channels can still attract regulatory scrutiny or customer complaints. A pattern of daily texts risks being characterized as harassment under any standard your team or state law applies.
Stop texting immediately under four conditions:
You already know how to talk to your customers. These templates give you compliant starting points that include the required legal elements while leaving room to adjust tone based on your relationship with each account. Replace [PHONE] with your AR department's direct line so customers can reach someone who knows their account, not a general switchboard.
Each template is designed to stay within 160 characters, includes required identification and opt-out language, and matches the appropriate tone for the aging stage.
Use this for first outreach on an invoice that just crossed the due date. The tone stays neutral and assumes the delay is an oversight.
[CompanyName]: Invoice #[INV] for $[AMT] was due [DATE]. Pay now: [LINK].
Questions? Call [PHONE]. Reply STOP to opt out.
Why it works: It's designed to include your company name, the specific invoice reference, the amount, a payment link, and opt-out language. It assumes good faith on the customer's part, which protects the relationship at this early stage.
At this stage, confirm the customer received the invoice before escalating tone. A missing or misdirected invoice accounts for a significant share of routine payment delays, as our analysis of why AR teams struggle with email confirms.
[CompanyName]: Following up on Invoice #[INV] ($[AMT]), now 16+ days overdue.
Did you receive it? Reply or pay: [LINK]. Reply STOP to opt out.
Why it works: "Did you receive it?" invites a response that either confirms receipt or surfaces a document delivery problem your team can resolve immediately.
Shift tone here. The account has had two contacts and the invoice is now past the 30-day mark, which begins to drag DSO in a meaningful way.
[CompanyName]: Invoice #[INV] ($[AMT]) is now 31+ days overdue. Please confirm
payment status or contact us: [PHONE]. Pay: [LINK]. Reply STOP to opt out.
Why it works: "Please confirm payment status" requires a concrete response, either a payment date or a reason for delay. That response either resolves the balance or tells you which accounts need a human call.
At 46 days, the account is approaching the territory where it affects aging reports and may trigger an account review. The message reflects that reality without making a threat.
[CompanyName]: Invoice #[INV] ($[AMT]) is 46+ days past due and under account review.
Please pay today: [LINK] or call [PHONE]. Reply STOP to opt out.
Why it works: "Under account review" is accurate and signals escalating consequences without crossing into threatening language. Avoiding implied threats you cannot follow through on is sound practice under any standard, including FDCPA harassment rules that many B2B teams adopt as a benchmark.
This is a near-final SMS attempt before the account moves to formal escalation. Keep it brief and direct. The goal is one last self-service payment opportunity before involving senior staff.
[CompanyName]: FINAL NOTICE - Invoice #[INV] ($[AMT]) is 61+ days overdue.
Pay now to avoid escalation: [LINK]. Call [PHONE]. Reply STOP to opt out.
Why it works: "Final notice" accurately describes the stage and creates urgency without implying a legal threat that hasn't been authorized. It gives the customer one clear action to take.
Use this template when a credit hold or service suspension is an authorized next step for accounts at 61 to 90 days. Send this only if your policy actually supports the action described, because threatening an action you can't take violates FDCPA Section 807.
[CompanyName]: Invoice #[INV] ($[AMT]) remains unpaid. Service disruption may occur
within 5 business days. Pay now: [LINK]. Call [PHONE]. Reply STOP to opt out.
Why it works: Stating a specific consequence tied to a specific timeline is compliant as long as the consequence is real and authorized. Use this template only if your policy actually supports the action described, because threatening an action you cannot follow through on is deceptive, and this standard is reflected in FDCPA Section 807, which many B2B teams adopt as a best-practice benchmark even where the federal rule does not directly apply.
These templates handle the routine volume, but your expertise determines when to escalate, when to call instead of text, and when an account needs a custom approach. Autonomous execution works because you set the strategy and the AI runs it.
You need to gather consent with minimal friction at the right moment. The most defensible options for B2B collections are:
Capture the consent date, the method used, the specific number provided, and the company contact who authorized it. That audit trail is your primary defense if a TCPA complaint is filed.
You'll get the best results when you use SMS as one layer in a multi-channel cadence, not as a standalone channel. A practical sequence looks like this:
Stuut connects to SAP, Oracle, NetSuite, and Dynamics via API and typically completes integration without modifying your enterprise resource planning (ERP) configuration. From go-live, the platform is designed to handle channel selection based on customer history and urgency, so your team can focus on escalations and complex disputes while the AI covers routine volume.
Your audit trail for SMS dunning must capture five data points per account:
Stuut gives your AR team a real-time dashboard showing all customer interactions, including SMS exchanges, so your team has visibility into the full communication history for each account. Bishop Lifting, an industrial equipment distributor managing 5,000 active accounts across 45 branches, saw 91% of outbound communications automated after deploying Stuut, with a 35% reduction in overdue receivables and $3M in working capital improvement. That result reflects what happens when a compliant, autonomous system covers the routine volume that manual processes can't reach consistently.
Book a demo with the team to see Stuut's compliant, multi-channel SMS collections in action.
Prior express consent is a clear agreement, written or oral, by the customer to receive automated texts at a specific mobile number. For B2B collections, written consent captured on a credit application or MSA clause, naming the specific types of messages the customer will receive, provides the strongest legal defense.
The FDCPA's 8 AM to 9 PM contact restriction and "known to be inconvenient" prohibition formally apply to third-party consumer debt collectors, not to first-party B2B creditors collecting their own invoices at the federal level. However, these standards are widely adopted as best practice by B2B AR teams and may apply under state law when the customer or guarantor is an individual. Apply them every day of the week, including weekends, to stay within a defensible framework.
Under FCC rules effective April 11, 2025, you have 10 business days to honor the opt-out request. You may send one confirmation text acknowledging the opt-out, but it must contain no collection or promotional content.
One text per aging milestone is the most defensible cadence. Regulation F and CFPB commentary on frequency formally govern third-party consumer debt collectors, not first-party B2B creditors at the federal level. The underlying principle, that high contact frequency can constitute harassment, is still a useful benchmark for any B2B team to apply. Most practitioners cap SMS at one to two messages per week per account.
Not safely. Even if B2B communications fall outside certain TCPA definitions after the narrowed ATDS definition established in Facebook v. Duguid, the safest practice is to treat any automated SMS as requiring prior express consent. Document consent explicitly during onboarding to maintain a defensible audit trail.
CFPB (Consumer Financial Protection Bureau): A federal agency that enforces consumer financial protection laws, including Regulation F governing debt collection practices. Issues commentary on FDCPA compliance and harassment standards. CFPB rules such as Regulation F formally govern third-party consumer debt collectors; B2B first-party creditors collecting their own commercial invoices are generally not subject to these rules at the federal level, though many adopt them as best practice.
TCPA (Telephone Consumer Protection Act): A federal law governing automated phone calls and text messages to mobile numbers. Violations carry statutory damages of $500 to $1,500 per message.
FDCPA (Fair Debt Collection Practices Act): A federal law that prohibits harassment, false statements, and unfair practices in debt collection, including restrictions on contact timing and frequency. The FDCPA applies to third-party debt collectors collecting consumer debt. B2B companies collecting their own commercial invoices in their own name are generally not subject to the FDCPA at the federal level, though state laws may extend similar protections and many AR teams adopt FDCPA standards as best practice.
Regulation F: The CFPB's rule implementing the FDCPA for electronic communications, covering how debt collectors may use email and text messages and what disclosures those messages must include. Regulation F implements the FDCPA for electronic communications and formally applies to third-party consumer debt collectors. First-party B2B creditors are generally outside its scope at the federal level but often treat its disclosure and frequency standards as a best-practice baseline.
ATDS (Automated Telephone Dialing System): Equipment that can store or produce telephone numbers to be called using a random or sequential number generator. Post-Facebook v. Duguid, the legal definition is narrowed, but prior express consent remains best practice for any automated SMS platform.
Prior express consent: A clear agreement by the recipient authorizing automated contact at a specific number. Written consent captured on a credit application or MSA provides the strongest legal defense for B2B collections.
ERP (Enterprise Resource Planning): Business management software that integrates core processes including accounting, inventory, and order management. Stuut connects to ERPs like SAP, Oracle, NetSuite, and Dynamics via API to read invoice data and write cash application entries without modifying the ERP configuration.
DSO (Days Sales Outstanding): The average number of days it takes to collect payment after a sale. SMS dunning at the right cadence reduces DSO by accelerating customer responses on overdue invoices.
Opt-out: A customer's request to stop receiving automated texts, sent via "STOP" or any other reasonable method. Businesses must process opt-outs within 10 business days under current FCC rules.
Aging bucket: A classification of outstanding invoices by days past due. Standard AR reporting uses four bands (0-30, 31-60, 61-90, 90+), but SMS dunning cadence benefits from tighter sub-bands (1-15, 16-30, 31-45, 46-60, 61-90, 90+) so tone and frequency can be calibrated more precisely as an invoice ages. Each sub-band warrants a different SMS tone and escalation path.
Dunning: The process of systematically contacting customers to collect on outstanding invoices, progressing in tone and urgency as the balance ages.
