TCPA Compliance: Outbound Calling Rules for Businesses

The TCPA sets strict rules on outbound calls and texts, with fines of $500 to $1,500 per violation. Here is what your call operation must follow.

Share This Post

One Law Your Calling Team Cannot Ignore

If your business makes outbound calls or sends text messages for sales, marketing, or appointment-setting purposes, the Telephone Consumer Protection Act applies to you. The TCPA is a federal law enforced by the Federal Communications Commission, and it carries private rights of action, meaning consumers can sue you directly without waiting for a government investigation. Statutory damages start at $500 per violation and reach $1,500 per willful violation. On a calling list of any real size, a class-action under TCPA can produce liability in the millions before a case is ever fully litigated.

TCPA violations are not rare enforcement actions against rogue telemarketers. They are a common source of litigation against otherwise legitimate businesses: insurance agencies, home services companies, financial services firms, medical offices, and call centers of all sizes. Many violations happen because someone on the team did not know the rules, not because anyone intended to break them.

This article explains the current rules your operation must follow, including changes that took effect in 2025, and what a compliant outbound calling program looks like in practice.

What the TCPA Covers

Person signing a written consent form for business communications compliance — Photo by 2H Media on Unsplash

The TCPA was originally passed in 1991, but the FCC continues to update its rules and courts continue to interpret the statute. At its core, the law restricts calls and texts to residential lines and cell phones when those calls use an automatic telephone dialing system (autodialer), a prerecorded or artificial voice, or are made for marketing purposes.

The rules break into a few distinct scenarios:

Robocalls and autodialers to cell phones: Require prior express written consent from the recipient before you dial. This is the strictest category.
Prerecorded or artificial voice calls to residential lines: Also require prior express written consent for marketing calls.
Live agent calls to residential lines for marketing purposes: Must comply with Do Not Call rules, calling hours restrictions, and identification requirements.
Text messages: Treated like calls. Marketing texts to cell phones using an autodialer require prior express written consent.

The written consent requirement is not informal. It must be a signed agreement, digital or paper, that clearly authorizes the specific seller to contact the person at that number using that type of technology, for that purpose.

The 2025 One-to-One Consent Rule

A significant rule change took effect January 27, 2025. The FCC’s one-to-one consent rule closed what regulators called the lead-generator loophole. Under the old rules, a consumer could click a single checkbox on a lead-generation website and unwittingly consent to be contacted by dozens of different companies. That blanket consent is no longer valid.

Under the new rule, prior express written consent for robocalls and robotexts must be obtained one seller at a time. A consumer must separately and specifically consent to each company that wants to contact them. A checkbox buried in terms of service that applies to a list of partners no longer satisfies the written consent requirement for any call your company makes based on that lead.

If your business buys leads from a lead generator, this rule directly affects you. The consent collected by the lead generator must name your company specifically, not just a category of sellers. Buying a lead list without confirming the consent structure is now a source of direct legal exposure.

Do Not Call Registry Requirements

Call center compliance manager reviewing Do Not Call scrubbing records at a computer — Photo by geralt on Pixabay

Separate from the autodialer rules, the National Do Not Call Registry is enforced by the Federal Trade Commission and covers telemarketing calls to any telephone number. Numbers on the registry cannot be called for marketing purposes, regardless of whether a live agent or a dialer is placing the call.

Requirements your calling operation must meet:

Subscribe to and scrub against the National Do Not Call Registry at least every 31 days.
Honor any consumer’s individual do-not-call request within 30 days and for at least five years.
Maintain your own internal do-not-call list and honor it permanently.
Disclose your company name and phone number at the start of every call.
Only call between 8 a.m. and 9 p.m. in the called party’s local time zone.

Florida runs its own Do Not Call program under the Florida Telemarketing Act, which applies to calls originating from or terminating within Florida. Check the Florida Department of Agriculture and Consumer Services for state-level registration requirements if you operate in or call into Florida.

Consent Best Practices for a Live-Agent Operation

Many small and mid-size outbound operations run live agents dialing from a managed list, not an autodialer. The TCPA still applies to marketing calls to residential lines, and the Do Not Call rules apply regardless. The difference is that live agent calls to cell phones generally don’t require prior express written consent unless you’re using autodialer technology, which is a factual and technical question that depends on your specific dialing system.

Practical steps for a compliant live-agent operation:

Source your lists from reputable vendors who certify their data, consent sourcing, and DNC compliance.
Scrub against the National Do Not Call Registry and your internal DNC list before every campaign.
Train every agent on call identification requirements, call timing rules, and how to handle an on-call do-not-call request immediately.
Log every DNC request with timestamp and caller ID, and remove the number from all active campaigns within 30 days (sooner is better).
Review your dialing system’s technical classification. If your vendor describes it as an autodialer or ATDS, the stricter consent rules apply.

Document all of the above. When a complaint or a lawsuit lands, the business that can show a written compliance program, DNC logs, and consent records is in a far better position than one that handled it informally.

What Violations Actually Look Like

Attorney reviewing telemarketing compliance documentation at a desk — Photo by Zulfugar Karimov on Unsplash

TCPA cases rarely start with a regulator. They start with a single consumer who received a call they didn’t want, checked whether their number was on the DNC list, confirmed it was, and found a plaintiff’s attorney. From there, the case frequently becomes a class action covering everyone in the same campaign who shared that number’s status.

The most common violations in litigation:

Calling DNC-registered numbers without a prior established business relationship.
Using a lead’s contact information when the consent form didn’t name your company specifically.
Continuing to call after a consumer requested to be removed.
Calling outside the allowed hours (before 8 a.m. or after 9 p.m. local time).
Using prerecorded messages without written consent.

None of these are unusual. They show up in otherwise legitimate businesses that grew their calling operation without building the compliance infrastructure to match. The time to build that infrastructure is before the first complaint, not after.

Running a Compliant Calling Program That Also Converts

Sales manager coaching outbound call center agents at their workstations — Photo by geralt on Pixabay

Compliance and performance are not in conflict. A calling program built on clean lists, honest consent, and well-trained agents typically outperforms one built on volume and shortcuts. The conversion rate on a clean, consented list almost always beats the conversion rate on a scraped cold list, and the liability profile is incomparably better.

The businesses that run high-performing and compliant calling operations share a few habits: they invest in good data sourcing, they train their agents on both legal requirements and effective technique, and they measure the right metrics, contact rate, conversion rate, and DNC rate, rather than just dial volume.

At MJI Consulting Group, we work with call center operators and outbound sales teams to build calling programs that drive results within the rules. The regulatory environment for outbound calling is strict and actively enforced. Every business is different; this is general information, not legal, financial, or compliance advice for your specific situation. Consult a qualified attorney before launching or restructuring an outbound calling program.

Building a TCPA Compliance Program Your Team Can Follow

Call center team participating in TCPA compliance training and review session — Photo by BaljkanN 4 on Unsplash

Compliance does not happen because a policy document exists. It happens because the people making calls know the rules, follow a defined process, and have a way to flag situations they are unsure about. A compliance program for a calling team has three components: written policies, documented training, and a live audit process.

Written policies should answer the specific questions agents face: What do I do when someone says do not call? What do I say when asked whether this is a sales call? What technology am I using, and what consent does it require? What hours can I call this number? These questions have clear answers under the TCPA and the FTC Telemarketing Sales Rule, and those answers should be in a document every agent reads and signs.

Documented training means a record that each agent received the training, when they received it, and what was covered. Refresher training when the rules change, as they did with the one-to-one consent rule in January 2025, should be documented as well. In a lawsuit, the business that can show its agents were trained differently from the one that cannot.

Auditing means pulling a sample of calls regularly, verifying DNC scrub logs, and checking that consent records exist for campaigns that require them. A quarterly audit is a minimum. A monthly audit for a high-volume operation is better. Problems caught in an internal audit are recoverable. Problems found in a plaintiff’s lawsuit are not.

Where to Learn More About the Rules

The FCC’s consumer guide on telemarketing and robocalls explains the current rules in plain English. The FTC’s Do Not Call resources cover National DNC Registry requirements, the Telemarketing Sales Rule, and recent enforcement actions. For any outbound calling operation, reading both of these before building or revising a calling program is the minimum due diligence.

The statutory text of the TCPA itself is available at Cornell Law’s Legal Information Institute, 47 U.S.C. § 227. If your calling program uses any autodialing technology or prerecorded messages, a qualified attorney familiar with TCPA should review your consent documentation and call flows before launch.

Building a Compliance Program Your Team Can Follow

Call center team participating in a TCPA compliance training review session — Photo by sarah b on Unsplash

Compliance does not happen because a policy document exists somewhere. It happens because the people making calls know the rules, follow a defined process, and have a clear way to flag situations they are unsure about. A practical program for a calling team has three components: written policies, documented training, and a live audit process.

Written policies answer the specific questions agents face on calls: What do I do when someone says do not call me? What do I say when asked whether this is a sales call? What hours can I call this number? These questions have clear answers under the TCPA and the FTC Telemarketing Sales Rule. Those answers should be in a document every agent reads and signs before their first call.

Documented training means a record that each agent received the training, on what date, and what was covered. When the rules change, as they did with the one-to-one consent rule effective January 2025, refresher training should be documented as well. Auditing means pulling a sample of calls regularly, verifying Do Not Call scrub logs, and confirming that consent records exist for every campaign that requires them. A quarterly audit is a minimum for a small operation. Problems caught in an internal audit are recoverable. Problems found by a plaintiff attorney are not.

The statutory text of the TCPA is available at Cornell Law, 47 U.S.C. § 227. If your program uses any autodialing technology or prerecorded messages, a qualified attorney familiar with TCPA should review your consent documentation before launch. At MJI Consulting Group, we work with call center operators to build calling programs that drive results within the rules. Every business is different; this is general information, not legal, financial, or compliance advice for your specific situation. Consult a qualified attorney before launching or restructuring an outbound calling program.

Share This Post

Stop Guessing. Start Fixing.

If leads are slipping away, calls are not converting, or operations feel harder than they should, it is time for a clearer plan. Schedule a consultation with MJI Consulting and find out where the real opportunities are.

Addiction treatment center reception area with professional staff at desk.

Patient Brokering Laws: What Treatment Operators Must Know

Patient brokering is a federal and state crime that can end a treatment center’s operation overnight. Here is what every operator must know to stay legal.

Call center manager reviewing team performance reports at a desk.

Call Center Pay Plans: Build One That Drives Results

A poorly designed call center pay plan drives high turnover and flat performance. Here is how to structure pay that motivates agents and produces results.