CASL Compliance Policy

1. What is CASL?

Canada’s Anti-Spam Legislation (CASL) is one of the world’s strictest anti-spam laws. It requires that anyone sending a Commercial Electronic Message (CEM) to a Canadian electronic address must have either express or implied consent from the recipient, include accurate sender identification, and provide a functioning unsubscribe mechanism.

Violations can result in penalties up to $1,000,000 per violation for individuals and $10,000,000 for corporations. As a licensed advisor, your regulatory body may impose additional sanctions for CASL non-compliance.

2. CASL Consent Types

Express Consent

The recipient has explicitly agreed to receive CEMs from you — via a checkbox on a landing page, a verbal agreement captured in writing, or a signed form. Express consent has no expiry date but is lost if the recipient unsubscribes.

AdvisorApex funnel pages and lead intake forms collect and record express consent with timestamp, source URL, and IP address.

Implied Consent

Implied consent exists in specific circumstances such as an existing business relationship (e.g., a client who purchased a policy from you within the past 2 years) or a conspicuously published email address without a CASL opt-out notice. Implied consent has a limited duration and must be tracked carefully.

AdvisorApex allows you to tag leads with implied consent and records the relationship type, start date, and expiry window. The system will flag implied consent records approaching their expiry.

3. How AdvisorApex Enforces CASL

• Consent field on every lead record: Express, Implied, or None — required before any AI agent can draft a CEM to that contact.
• Do Not Contact (DNC) flag: Once set, this permanently blocks all AI-generated outbound communications to the lead. The flag can only be removed by a manual advisor action with an audit log entry.
• Audit trail: Every consent status change, every DNC flag set or removed, and every CEM sent is timestamped and logged to the immutable audit log.
• Unsubscribe enforcement: When a lead unsubscribes via the Resend unsubscribe link, a webhook automatically sets the DNC flag on their AdvisorApex record.
• Province licensing gate: AI agents will not draft outbound messages to leads in provinces where your advisor profile does not list an active licence.

4. Sending CEMs Through AdvisorApex

All AI-drafted Commercial Electronic Messages require your explicit approval before sending. The AI Approval Queue displays each draft with the recipient’s consent status, the draft content, and the channel (email or SMS). You approve, edit, or reject each action individually.

Every CEM sent through AdvisorApex automatically includes:

• Your name and business name as the sender
• A mailing address (your office address from your advisor profile)
• An unsubscribe mechanism that is functional for at least 60 days after sending

5. Your Responsibilities

AdvisorApex is a compliance tool — it is not a substitute for understanding and meeting your own CASL obligations. You are responsible for:

• Correctly classifying the consent type for each lead you enter
• Ensuring that consent records entered manually are accurate and verifiable
• Monitoring implied consent expiry dates and obtaining express consent before expiry
• Reviewing all AI-drafted messages for CASL compliance before approval
• Maintaining your own records in the event of a CRTC investigation

6. CASL Resources