Compliance & trust
TCPA Compliance for Insurance Agents Buying Leads
TCPA compliance for insurance agents buying leads means you can only auto-dial or text a consumer who gave prior express written consent to YOUR contact, you keep the consent record yourself, and you scrub against the DNC list. The consent travels with the lead, not the vendor.
Buying leads is the fastest way to fill a calendar in this business. It is also the fastest way to buy a lawsuit if the consent behind those leads is thin. The Telephone Consumer Protection Act (TCPA) sets statutory damages of $500 to $1,500 per call or text — and plaintiff firms run on volume, not on whether you closed the sale.
This is a practical operator’s walkthrough, not legal advice. We run lead programs for senior-market agents, so we read these vendor agreements for a living. Talk to a telecom attorney before you change your dialing setup.
What the TCPA actually requires
Strip away the jargon and the TCPA asks three questions every time you contact a consumer with technology:
- Did you have consent for the method you used? Autodialed calls, prerecorded or AI voice, and SMS texts to a cell phone require prior express written consent. A manually dialed call to a number you typed yourself is a lower-risk category.
- Did the consent name you? Consent runs to a caller, not to “the industry.” A form that says the consumer agrees to hear from “us and our marketing partners” is weaker than one that names your agency or describes the seller specifically.
- Did you scrub the Do Not Call list? Even with consent, you document the scrub against the National Do Not Call Registry before you dial.
Prior express written consent has a specific meaning: a signature or affirmative check, a clear disclosure that the consumer will receive autodialed or prerecorded marketing, and the consumer’s phone number — all captured at the moment of opt-in.
The vacated FCC one-to-one rule (January 2025)
This is the part agents get wrong in 2026, so be precise.
The FCC adopted a rule that would have required separate consent for each individual seller — the “one-to-one” rule — and banned the broad “marketing partners” consent that shared-lead vendors relied on. It was scheduled to take effect January 27, 2025.
Days before, the Eleventh Circuit Court of Appeals vacated the rule in Insurance Marketing Coalition v. FCC. So the stricter one-to-one standard is not law. The older written-consent standard still governs.
Here is the trap: the rule being vacated does not mean broad consent is safe. It means the floor didn’t rise. A consumer who agreed to hear from a list of 200 “partners” can still argue they never agreed to your call by name. The one-to-one rule going away removed a regulatory mandate; it did not remove your civil exposure.
| Consent scenario | Risk level for the buying agent | What to do |
|---|---|---|
| Consumer named your agency on the form | Lowest | Keep the record, scrub DNC, call |
| Single-seller form, your name swapped in at delivery | Low–moderate | Verify the swap mechanism is documented |
| Shared lead, named “marketing partners” list | Moderate–high | Get the full seller list and exact text |
| Aged or re-sold list, consent provenance unclear | Highest | Manual dial only, or pass |
For more on how shared sourcing changes your risk and economics, see our breakdown of exclusive versus shared final expense leads.
What to demand from your lead vendor
Most agents accept a CSV and a login. That is not enough to defend a claim. Before you wire money, get these in writing:
- The exact consent language the consumer saw — not a paraphrase, the literal text.
- A copy of the opt-in record per lead: timestamp, originating IP or device, source URL, and the checkbox/signature state.
- The seller list the consent covered, if it was a shared form.
- Their DNC scrubbing practice and who is responsible for the final scrub before you dial — you, them, or both.
- An indemnification clause that survives the contract. Read what it actually covers; many exclude TCPA or cap liability below a single judgment.
If a vendor cannot produce the consent record on demand, you are buying the lead and the liability. Walk. We screen sourcing this way inside our managed insurance lead generation service because the cheapest lead is worthless if it carries an uninsurable risk.
Record-keeping: own your own paper
The single most common mistake we see: the agent’s only proof of consent lives on the vendor’s server. When a demand letter arrives 18 months later and the vendor has churned, gone dark, or deleted the record, the agent has nothing.
Keep your own copy. For every lead you contact with technology, store:
- The consent disclosure text and the affirmative action (check/signature)
- Timestamp and source
- Your DNC scrub result, dated, before the first dial
- Your call and text logs
The federal TCPA statute of limitations is four years, so retain records at least that long. Cheap insurance against an expensive problem.
A simple compliance routine for buying agents
You do not need a legal department. You need a repeatable checklist:
- Confirm written consent language names you or a documented seller before purchase.
- Pull and store the per-lead consent record on your own system.
- Scrub against the National Do Not Call Registry; log the scrub.
- Honor every opt-out immediately and maintain an internal DNC list.
- Match your dialing tech to your consent — manual dial when provenance is weak.
- Retain everything for four years.
This same discipline shows up across paid acquisition. If you advertise to generate your own first-party leads, note that Meta’s and platform rules add their own layer — we cover that context in our guide to Facebook ads for insurance agents and in our broader insurance marketing compliance overview.
Why compliance is a growth lever, not a tax
Skeptical agents read all of this as friction. Flip it. Clean, named, documented consent does three things for your book:
- Connect rates rise because named consent means the consumer remembers requesting contact.
- Cancellations drop because the lead actually wanted the conversation.
- Your downside shrinks because one TCPA judgment can erase a year of margin.
Compliance is a moat. The agencies that treat consent as paperwork are the ones who get named in the class action. The ones who own their records and buy from clean sources keep dialing.
Want a second set of eyes on where your current leads come from and how exposed your dialing setup is? Grab a free marketing audit and we’ll map your sourcing and consent trail with you. If you’d rather see how we structure compliant senior-market campaigns end to end, start with our final expense marketing programs.
This article is marketing guidance for licensed agents and is not legal advice. You are the licensed party; consult a TCPA attorney for your specific setup.