Skip to content
Ledgerline.
Menu

Compliance & trust

TCPA Compliance for Insurance Agents Buying Leads

By The Ledgerline TeamPublished June 29, 2026

TCPA compliance for insurance agents buying leads means you can only auto-dial or text a consumer who gave prior express written consent to YOUR contact, you keep the consent record yourself, and you scrub against the DNC list. The consent travels with the lead, not the vendor.

Buying leads is the fastest way to fill a calendar in this business. It is also the fastest way to buy a lawsuit if the consent behind those leads is thin. The Telephone Consumer Protection Act (TCPA) sets statutory damages of $500 to $1,500 per call or text — and plaintiff firms run on volume, not on whether you closed the sale.

This is a practical operator’s walkthrough, not legal advice. We run lead programs for senior-market agents, so we read these vendor agreements for a living. Talk to a telecom attorney before you change your dialing setup.

What the TCPA actually requires

Strip away the jargon and the TCPA asks three questions every time you contact a consumer with technology:

  1. Did you have consent for the method you used? Autodialed calls, prerecorded or AI voice, and SMS texts to a cell phone require prior express written consent. A manually dialed call to a number you typed yourself is a lower-risk category.
  2. Did the consent name you? Consent runs to a caller, not to “the industry.” A form that says the consumer agrees to hear from “us and our marketing partners” is weaker than one that names your agency or describes the seller specifically.
  3. Did you scrub the Do Not Call list? Even with consent, you document the scrub against the National Do Not Call Registry before you dial.

Prior express written consent has a specific meaning: a signature or affirmative check, a clear disclosure that the consumer will receive autodialed or prerecorded marketing, and the consumer’s phone number — all captured at the moment of opt-in.

The vacated FCC one-to-one rule (January 2025)

This is the part agents get wrong in 2026, so be precise.

The FCC adopted a rule that would have required separate consent for each individual seller — the “one-to-one” rule — and banned the broad “marketing partners” consent that shared-lead vendors relied on. It was scheduled to take effect January 27, 2025.

Days before, the Eleventh Circuit Court of Appeals vacated the rule in Insurance Marketing Coalition v. FCC. So the stricter one-to-one standard is not law. The older written-consent standard still governs.

Here is the trap: the rule being vacated does not mean broad consent is safe. It means the floor didn’t rise. A consumer who agreed to hear from a list of 200 “partners” can still argue they never agreed to your call by name. The one-to-one rule going away removed a regulatory mandate; it did not remove your civil exposure.

Consent scenario Risk level for the buying agent What to do
Consumer named your agency on the form Lowest Keep the record, scrub DNC, call
Single-seller form, your name swapped in at delivery Low–moderate Verify the swap mechanism is documented
Shared lead, named “marketing partners” list Moderate–high Get the full seller list and exact text
Aged or re-sold list, consent provenance unclear Highest Manual dial only, or pass

For more on how shared sourcing changes your risk and economics, see our breakdown of exclusive versus shared final expense leads.

What to demand from your lead vendor

Most agents accept a CSV and a login. That is not enough to defend a claim. Before you wire money, get these in writing:

  • The exact consent language the consumer saw — not a paraphrase, the literal text.
  • A copy of the opt-in record per lead: timestamp, originating IP or device, source URL, and the checkbox/signature state.
  • The seller list the consent covered, if it was a shared form.
  • Their DNC scrubbing practice and who is responsible for the final scrub before you dial — you, them, or both.
  • An indemnification clause that survives the contract. Read what it actually covers; many exclude TCPA or cap liability below a single judgment.

If a vendor cannot produce the consent record on demand, you are buying the lead and the liability. Walk. We screen sourcing this way inside our managed insurance lead generation service because the cheapest lead is worthless if it carries an uninsurable risk.

Record-keeping: own your own paper

The single most common mistake we see: the agent’s only proof of consent lives on the vendor’s server. When a demand letter arrives 18 months later and the vendor has churned, gone dark, or deleted the record, the agent has nothing.

Keep your own copy. For every lead you contact with technology, store:

  • The consent disclosure text and the affirmative action (check/signature)
  • Timestamp and source
  • Your DNC scrub result, dated, before the first dial
  • Your call and text logs

The federal TCPA statute of limitations is four years, so retain records at least that long. Cheap insurance against an expensive problem.

A simple compliance routine for buying agents

You do not need a legal department. You need a repeatable checklist:

  1. Confirm written consent language names you or a documented seller before purchase.
  2. Pull and store the per-lead consent record on your own system.
  3. Scrub against the National Do Not Call Registry; log the scrub.
  4. Honor every opt-out immediately and maintain an internal DNC list.
  5. Match your dialing tech to your consent — manual dial when provenance is weak.
  6. Retain everything for four years.

This same discipline shows up across paid acquisition. If you advertise to generate your own first-party leads, note that Meta’s and platform rules add their own layer — we cover that context in our guide to Facebook ads for insurance agents and in our broader insurance marketing compliance overview.

Why compliance is a growth lever, not a tax

Skeptical agents read all of this as friction. Flip it. Clean, named, documented consent does three things for your book:

  • Connect rates rise because named consent means the consumer remembers requesting contact.
  • Cancellations drop because the lead actually wanted the conversation.
  • Your downside shrinks because one TCPA judgment can erase a year of margin.

Compliance is a moat. The agencies that treat consent as paperwork are the ones who get named in the class action. The ones who own their records and buy from clean sources keep dialing.

Want a second set of eyes on where your current leads come from and how exposed your dialing setup is? Grab a free marketing audit and we’ll map your sourcing and consent trail with you. If you’d rather see how we structure compliant senior-market campaigns end to end, start with our final expense marketing programs.

This article is marketing guidance for licensed agents and is not legal advice. You are the licensed party; consult a TCPA attorney for your specific setup.

Frequently asked questions

Does the vendor's consent cover me when I buy a shared lead?
Not automatically. Consent under the TCPA is specific to who is calling. If the lead form named the vendor or a generic "marketing partners" list, a court may decide the consumer never agreed to hear from your agency by name. Shared leads sold to multiple agents carry the most exposure. Ask for the exact consent language and the list of sellers it covered.
Is the FCC one-to-one consent rule still in effect for 2025?
No. The FCC's one-to-one consent rule, which would have required separate written consent for each individual seller, was set to take effect January 27, 2025, but the Eleventh Circuit vacated it days before in IMC v. FCC. The pre-existing TCPA written-consent standard still applies. You should still document who the consumer agreed to hear from.
What records do I need to keep to defend a TCPA claim?
Keep the consumer's checkbox or signature, the exact disclosure text they saw, a timestamp, the originating IP or device, the source URL, and proof of DNC scrubbing before the call. Store it for at least four years, the federal TCPA statute of limitations. If your vendor holds the only copy, you cannot defend yourself.
Can I call a lead that is on the Do Not Call list?
Only if you have a valid prior express written consent or an established business relationship that overrides the DNC registration. Written consent on a lead form generally permits contact despite a DNC listing, but you must be able to produce that consent. Scrub every list against the National Do Not Call Registry before dialing and document the scrub.
Does the TCPA apply to text messages and ringless voicemail?
Yes. The TCPA treats SMS and MMS texts sent with an autodialer the same as calls, and the FCC has treated ringless voicemail as a call requiring consent. Prerecorded voice drops to cell phones need prior express written consent. Manual one-to-one texts you type yourself carry less risk, but consent and DNC rules still apply.

See exactly where your agency is leaking leads.

15 minutes. We screen-share our own live lead dashboard and tear down your funnel line by line — no pitch deck, just numbers.