every AI interaction is a regulated event.
Nine categories. Hundreds of millions in real enforcement. This is what you're protecting your business from — and how moatis catches each one.
- FCC
- 47 USC §227
TCPA / Robocall & SMS consent
Telephone Consumer Protection Act. Restricts auto-dialed calls and texts to consumers without prior express consent.
EXPOSURE
$1,500 - $4,500
- per call
- class action
real enforcement cases
Bank of America
$32M settlement, 2014
Auto-dialed mortgage calls to consumers on DNC list
Capital One
$76M judgment, 2016
Robocalls and texts without consent to credit card holders
Caribbean Cruise Line
$76M judgment, 2016
Pre-recorded calls to 1M+ recipients
WHAT MOATIS CATCHES
- Auto-dialed calls without consent
- SMS marketing to non-opted-in numbers
- Robocalls to DNC list
- Missing STOP/HELP keywords
- Texts after consent revoked
- HHS OCR
- HITECH Act
HIPAA / PHI exposure
Health Insurance Portability and Accountability Act. Protects patient health information.
EXPOSURE
up to $1.9M
- per violation category, annual
real enforcement cases
Anthem
$16M settlement, 2018
Cyber breach exposing 79M patient records
Premera Blue Cross
$6.85M settlement, 2020
Breach affecting 10.4M individuals
Memorial Healthcare
$5.5M settlement, 2017
Improper PHI access by employees
WHAT MOATIS CATCHES
- Patient names in unencrypted SMS
- Medical conditions in CRM notes
- Diagnoses in marketing emails
- Treatment plans without BAA
- Medication info to non-covered parties
- PCI Security Standards Council
PCI DSS / Payment data
Payment Card Industry Data Security Standard. Required for any organization handling cardholder data.
EXPOSURE
$5K–$100K
- per month + breach costs
real enforcement cases
Target
$18.5M multi-state, 2017
Breach of 40M card numbers
Home Depot
$17.5M settlement, 2017
56M card numbers compromised
TJX Companies
$40M+ settlement, 2007
First major PCI breach precedent
WHAT MOATIS CATCHES
- Card numbers typed in SMS
- CVV codes captured in screens
- Cardholder data emailed plain
- Card data stored in CRM notes
- Stripe data in plain text
- FTC
- CFPB
- State AGs
GLBA / Financial privacy
Gramm-Leach-Bliley Act. Governs how financial institutions handle customer non-public personal information.
EXPOSURE
$100K+
- per violation
- civil penalties
real enforcement cases
Mortgage Solutions FCS
$1.5M penalty, 2023
Failure to safeguard customer financial data
Ascension Data & Analytics
$1.6M settlement, 2020
Unauthorized exposure of mortgage records
RCM Capital Markets
FTC enforcement, 2018
Inadequate Safeguards Rule compliance
WHAT MOATIS CATCHES
- SSNs in plain-text outbound
- Loan account numbers in email
- Credit scores in chat
- Income data without authorization
- Bank account details in exports
- FTC
- CFPB
FCRA / Credit information
Fair Credit Reporting Act. Restricts how consumer credit information can be obtained and shared.
EXPOSURE
$100–$1,000
- per violation + actual damages
real enforcement cases
Equifax
$575M+ settlement, 2019
Data breach exposing 147M credit records
Spokeo
$800K FTC settlement, 2012
FCRA violations selling consumer reports
Sterling Infosystems
$2.5M CFPB penalty, 2019
Background check FCRA violations
WHAT MOATIS CATCHES
- Credit score values in SMS
- Tradeline data in unsecured outbound
- Adverse action without notice
- Credit pulls discussed openly
- Score-based offers without purpose
- FTC
- Mobile carriers
10DLC / Carrier deliverability
Carrier rules for application-to-person SMS. Violations cause spam-flagging and brand throttling.
EXPOSURE
75% drop
- answer rate
- revenue impact
real enforcement cases
Industry-wide 2024
30%+ delivery decline
Carriers tightened SHAFT-C enforcement
AT&T 10DLC fines
$0.005-$0.02/msg surcharges
Non-compliant traffic penalties
T-Mobile filtering
Permanent number blocking
Sender ID violations result in blocks
WHAT MOATIS CATCHES
- SHAFT-C content
- Public URL shorteners
- All-caps marketing language
- Unverified sender IDs
- Mass-send without registration
- FTC
CAN-SPAM / Email compliance
Controlling the Assault of Non-Solicited Pornography and Marketing Act. Email marketing rules.
EXPOSURE
up to $51,744
- per email
- stackable
real enforcement cases
Adobe
$1M FTC settlement, 2009
Missing unsubscribe and false headers
ExperianRentBureau
$650K FTC penalty, 2018
Misleading email subject lines
LeadClick Media
$16M FTC judgment, 2016
Affiliate emails violating CAN-SPAM
WHAT MOATIS CATCHES
- Missing physical address
- Deceptive subject lines
- No clear unsubscribe
- False 'From' headers
- Sending after opt-out
- State AGs
- GDPR
- CCPA
PII / Personally identifiable
Names, addresses, SSNs, DOBs, emails, phone numbers — any data that can identify an individual.
EXPOSURE
$2,500–$7,500
- per intentional violation
real enforcement cases
Sephora
$1.2M CCPA settlement, 2022
First CCPA enforcement action
Marriott
£18.4M GDPR fine, 2020
PII breach affecting 339M guests
Uber
$148M multi-state settlement, 2018
Concealed PII breach
WHAT MOATIS CATCHES
- SSNs via SMS or unencrypted emailx
- Customer names in shared docs
- DOB in marketing
- Phone numbers in exports
- Email lists shared without consent
- Internal policy
Custom / Company-specific
Phrases or patterns specific to your business that compliance has flagged as risky.
EXPOSURE
Variable
- depends on policy
real enforcement cases
Mortgage example
“lifetime rate lock” claims
Prohibited by most state rules
Insurance example
“guaranteed coverage” language
Triggers state DOI scrutiny
Healthcare example
Off-label mentions
FDA enforcement risk
WHAT MOATIS CATCHES
- Company-specific prohibited phrases
- Internal identifiers
- Confidential codenames
- Pricing language
- Competitor mentions
your next violation has already been drafted.
Somewhere on your team right now, an agent is typing something that will cost you. moatis catches it before it sends.
The compliance and trust layer for every AI-powered customer interaction.