What are the penalties for TCPA violations?

TCPA violations carry statutory damages of $500 per call or text message. If the violation is found to be willful or knowing, damages increase to $1,500 per call or text. Class action lawsuits can result in multi-million dollar settlements.

How can I verify that my lead vendor is TCPA compliant?

Ask your lead vendor to provide consent documentation with every lead, including opt-in timestamps, IP addresses, the exact consent language shown to the consumer, and proof that the consumer specifically consented to your company contacting them. A compliant vendor should be able to produce this documentation on demand.

Does the TCPA apply to both calls and text messages?

Yes. The TCPA applies to telemarketing calls, auto-dialed calls, prerecorded or artificial voice calls, and text messages (which the FCC treats as calls under the statute). Both inbound and outbound communications are subject to consent requirements when used for marketing purposes.

TCPA Compliance for Lead Generation: What Every Agent Needs to Know

Q: What is the TCPA one-to-one consent rule?

The FCC's 2024 update to the TCPA requires one-to-one consent, meaning a consumer must give explicit written consent to each specific company that will contact them. Blanket consent shared across multiple sellers is no longer sufficient.

If you buy leads for insurance, debt relief, or any other consumer-facing industry, TCPA compliance is not optional. A single violation can cost you $500 to $1,500 per call or text, and class action lawsuits have bankrupted companies that ignored the rules. This guide covers what you need to know to protect your business.

What Is the TCPA?

The Telephone Consumer Protection Act (TCPA) is a federal law enacted in 1991 that regulates telemarketing calls, auto-dialed calls, prerecorded voice messages, and text messages. It was created to protect consumers from unwanted communications and has been updated multiple times to keep pace with changes in technology and marketing practices.

For lead buyers, the TCPA means one thing above all else: you must have documented proof that a consumer agreed to be contacted by your company before you pick up the phone or send a text.

The One-to-One Consent Requirement (2024 FCC Update)

In January 2024, the FCC issued a major update to TCPA rules that fundamentally changed how consent works in lead generation. Under the new one-to-one consent requirement, a consumer must give explicit written consent to each specific company that will contact them.

Before this change, many lead generators used broad consent language that allowed them to share a single opt-in across dozens of buyers. A consumer might fill out one form and unknowingly consent to calls from a long list of companies buried in fine print. That practice is no longer compliant.

Under the updated rule, the consumer must clearly and specifically agree to be contacted by your company by name. This means the lead provider must present your company to the consumer at the point of consent, and the consumer must affirmatively agree.

Written Consent vs. Express Consent

The TCPA distinguishes between two levels of consent, and understanding the difference is critical for lead buyers.

Express consent is basic permission to be contacted. A consumer who voluntarily provides their phone number has given express consent for informational (non-marketing) calls.

Prior express written consent is the higher standard required for marketing calls and texts. It must include a clear disclosure that the consumer is agreeing to receive marketing communications, identify the specific company that will be calling, and be signed by the consumer (electronic signatures are valid). This is the standard that applies to virtually all lead-based outreach.

Penalties for Violations

The financial exposure from TCPA non-compliance is severe. Statutory damages are $500 per violation -- meaning per call or per text message. If the court finds the violation was willful or knowing, that figure triples to $1,500 per violation.

These penalties compound quickly. An agent who makes 100 calls without proper consent faces potential liability of $50,000 to $150,000. Across a team or call center, the numbers grow into the millions. TCPA class action settlements have exceeded $75 million in some cases.

Beyond lawsuits, the FCC can impose its own fines and enforcement actions. State attorneys general can also bring actions under state telemarketing laws, adding another layer of risk.

How to Verify Your Lead Vendor Is Compliant

As a lead buyer, you bear liability for the calls you make. If your lead vendor provided bad consent, that is your problem in court, not just theirs. Here is what to demand from any vendor:

Consent documentation with every lead: Each lead should include the timestamp of the opt-in, the consumer's IP address, and the exact consent language that was displayed.
Proof of one-to-one consent: Your company name must appear in the consent disclosure the consumer agreed to. Ask to see the actual form or flow.
Conversation transcripts: For conversational or AI-generated leads, full transcripts of the interaction provide evidence of voluntary participation.
Willingness to be audited: A compliant vendor welcomes scrutiny. If a vendor is evasive about their consent process, that is a red flag.

Consent Documentation Best Practices

Even with a compliant lead vendor, your own documentation practices matter. Keep these records for every lead you contact:

The original consent record provided by your lead vendor, stored in a way that cannot be altered after the fact.
A log of every call and text you make to each lead, including date, time, duration, and outcome.
Records of any opt-out or do-not-call requests, and evidence that you honored them promptly.
Your internal TCPA compliance policy, reviewed and updated regularly.

Maintain these records for at least five years. The statute of limitations for TCPA claims is four years, and you want a buffer.

The Do Not Call Registry

The National Do Not Call (DNC) Registry is a separate but related compliance requirement. Consumers can register their phone number to opt out of telemarketing calls, and businesses are required to scrub their call lists against the registry at least every 31 days.

Having prior express written consent generally overrides a DNC listing, but only for the specific company the consumer consented to. Once a consumer revokes consent or asks to be placed on your internal do-not-call list, you must stop calling immediately. Many businesses scrub against both the national registry and their own internal DNC list before every campaign.

State-Level Regulations

The TCPA is a federal floor, not a ceiling. Many states have their own telemarketing laws that impose additional requirements. For example:

Florida enacted the Florida Telephone Solicitation Act with stricter calling hour restrictions and higher penalties.
California has broad consumer privacy protections under the CCPA that affect how lead data can be collected and shared.
Oklahoma and other states maintain their own state-level do-not-call lists with separate registration and scrubbing requirements.

If you operate across state lines -- and most lead buyers do -- you need to understand the regulations in every state where your consumers are located, not just where your business is based.

The Bottom Line

TCPA compliance is a business necessity. The penalties are too steep and the enforcement too active to treat it as an afterthought. Every lead you buy should come with complete consent documentation, every call you make should be logged, and every opt-out should be honored immediately. The agents and businesses that treat compliance as a competitive advantage -- rather than a burden -- are the ones that build sustainable operations.

Every Optinly Lead Is Fully Documented

Optinly provides complete TCPA consent records with every lead, including one-to-one consent documentation, opt-in timestamps, IP addresses, and full conversation transcripts. Compliance is built into every lead we deliver.

Book a demo →