Last updated 2026-07-09

TL;DR
The Telemarketing Sales Rule (TSR) is an FTC regulation, not a CFPB rule, though the CFPB enforces it against financial companies. It bans deceptive practices, requires specific disclosures, restricts calling hours to 8am-9pm local time, and mandates Do Not Call compliance. Violations cost up to $51,744 per call. Most outbound sales teams are covered.
What is the Telemarketing Sales Rule and who actually enforces it?
The Telemarketing Sales Rule, or TSR, is a federal regulation the Federal Trade Commission published under the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994 [1][7]. You'll see it cited as 16 CFR Part 310. It sets the floor for every commercial outbound call made to a consumer in the United States.
Here's where the CFPB connection comes in, and it trips up a lot of people. The Consumer Financial Protection Bureau can supervise and enforce the TSR against the financial services companies it oversees, things like debt collectors, mortgage servicers, and payday lenders [2]. Run a financial services firm and you can catch a TSR action from either the FTC or the CFPB, sometimes both at once. Everyone outside financial services answers to the FTC.
The rule reaches any person or entity that "initiates or receives telephone calls to or from a customer in connection with a plan, program, or campaign to sell goods or services through interstate commerce" [1]. That language is deliberately wide. B2C outbound sales calls, outbound sales voicemails, and even some inbound sales calls all fall in. B2B-only shops get a narrower carve-out, but it's not a full exemption if the call touches a sole proprietor or a consumer in any way.
Charitable solicitations, political calls, and purely informational calls from businesses with an established relationship generally sit outside the TSR. But "established relationship" is a defined term with limits, so don't assume your customer list is automatically safe.
How does the Telemarketing Sales Rule differ from the TCPA?
These two laws live in different houses and answer to different landlords. The TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) is a statute passed by Congress and enforced mostly through private lawsuits, with the FCC writing the rules [3]. The TSR is an FTC regulation backed by civil penalty authority. You can be liable under both for the same call.
The practical differences matter a lot in day-to-day compliance work:
| Dimension | TCPA (47 U.S.C. § 227) | TSR (16 CFR Part 310) |
|---|---|---|
| Who enforces | FCC + private plaintiffs | FTC + CFPB (financial firms) |
| Private right of action | Yes, $500-$1,500 per call | No direct private suit |
| Consent standard | Written prior express written consent for autodialed/prerecorded | Oral or written depending on context |
| Calling hours | Restricts based on equipment type | 8am-9pm local time, all calls |
| DNC requirement | National DNC + internal DNC | National DNC + internal DNC |
| Key penalty | $500-$1,500/call (private) | Up to $51,744/violation (agency) |
The TCPA is where the class actions live. Plaintiff's attorneys love it because any consumer can sue. The TSR is where the FTC shows up with investigators and seven-figure settlements. Both can hurt you badly. A solid cold calling compliance program takes both seriously at the same time.
One more distinction. The TSR bans specific sales practices the TCPA never touches, like advance-fee credit offers and certain prize promotions. So the TSR is broader in the conduct it regulates, even if the TCPA gets more press.
What does the Telemarketing Sales Rule actually prohibit?
The core prohibitions sit in 16 CFR § 310.3 and § 310.4. They're worth knowing in plain terms.
Deceptive acts are banned outright. You can't misrepresent the cost, quantity, restrictions, or material terms of what you're selling. You can't lie about your identity or your company's name. You can't make false or misleading statements about any prize, gift, or sweepstakes. The FTC reads "material" broadly, so even a technically true statement presented in a misleading way violates this section [1].
Abusive conduct is prohibited separately under § 310.4. That covers calling outside the allowed 8am-to-9pm window in the called party's local time zone. It covers causing a phone to ring or engaging someone in conversation repeatedly to annoy, abuse, or harass. It covers threatening or using obscene language. And it covers failing to transmit caller ID information. That last one surprises teams who thought caller ID was only an FCC concern.
The TSR also bans credit card laundering, advance-fee loan arrangements, and upselling without clearly disclosing you're making a separate offer. Upselling compliance is something a lot of outbound teams miss. If a customer calls in to buy one thing and your agent pivots to a second offer, specific disclosure rules kick in before you can process payment for the second item.
For calls that deliver a prerecorded message, the TSR requires an automated opt-out mechanism that lets the consumer immediately drop off the call. This overlaps with TCPA prerecorded call rules but operates on its own. One mechanism that satisfies both is smart design. If you're mapping out AI cold calling workflows, this disclosure and opt-out requirement is not optional.
The prohibited payment methods under § 310.4(a)(4) include remotely created checks, cash-to-cash money transfers, and cash reload mechanisms when used with prize offers, lotteries, or certain credit offers. These are the payments most tied to fraud, and the FTC added them because bad actors kept gravitating to them.
What disclosures are required before you can close a sale?
Section 310.3(a)(1) lists the disclosures that must happen "promptly" before a buyer submits payment information [1]. Promptly means before you ask for a credit card number or any payment mechanism.
You must clearly and conspicuously disclose:
1. The total cost to purchase, receive, or use the goods or services. 2. All material restrictions, limitations, or conditions on the offer. 3. The seller's no-refund, cancellation, exchange, or repurchase policies (if those exist, you must say so; if you have a satisfaction guarantee, you must state the terms). 4. In prize promotions, the odds of winning, all conditions necessary to receive the prize, and that no purchase is necessary.
For "free-to-pay conversion" or "negative option" offers, where a consumer gets something free and is later charged unless they cancel, extra disclosures apply under § 310.3(a)(1)(vii). You must state the date the charges begin and the amount. The FTC has been aggressive here, going after companies running subscription models with weak cancellation disclosures.
The disclosures have to be truthful and understandable to a reasonable consumer. Burying cancellation terms in a fast verbal rush at the end of a call, after the card has already been taken, is not compliant. Script reviews need to confirm disclosures happen in the right sequence.
Building or reviewing cold calling scripts? The disclosure sequence is one of the first things to audit. The FTC has cited agents for saying disclosures too fast, too quietly, or after the payment capture.
How does the TSR's Do Not Call requirement work?
The TSR built its own National Do Not Call Registry requirement, and the FTC runs that registry at donotcall.gov [4]. Telemarketers have to subscribe, pull current data for their calling areas before any campaign, and stop calling numbers on the list. The TSR's DNC rules predate the FCC's version but run in parallel.
Under 16 CFR § 310.4(b), it is an abusive telemarketing act to call any person whose number is on the National DNC Registry, unless the seller has express written agreement from that specific person, or has an established business relationship and the call comes within 18 months of the most recent purchase or transaction [1].
That 18-month window is a specific number worth remembering. An established business relationship created by a purchase or transaction expires 18 months after the last purchase [6]. One created by a consumer inquiry (someone asks for information) expires 3 months after the inquiry. These clocks run from the most recent event, not the first.
Sellers also have to keep their own internal Do Not Call list. If a consumer says "don't call me again," you must honor that within a reasonable time, which the TSR sets at no more than 30 days. Your internal suppression list has to be checked before every call, and it has to be organization-wide, more than campaign-by-campaign.
One thing teams often miss: the TSR's DNC requirement lands on the seller even when an outside telemarketing firm makes the calls [6]. You can't hire a vendor and assume you're clean. The seller is on the hook. Contractual indemnification from a vendor doesn't change your liability to the FTC.
What are the penalties for violating the Telemarketing Sales Rule?
The FTC can seek civil penalties of up to $51,744 per violation, per day [5][8]. That number is adjusted periodically for inflation under the Federal Civil Penalties Inflation Adjustment Act. The current figure has held around $51,744 since 2023, but check the FTC's current penalty schedule because it does move.
Think about what "per violation" means in practice. One call to one person on the DNC registry is one violation. Run a campaign that makes 10,000 such calls and the math gets ugly fast. The FTC doesn't always pursue the maximum, but it has landed settlements in the hundreds of millions of dollars against large operations [5].
The FTC can also seek injunctive relief, meaning a court order that stops your business activity, plus consumer redress (refunds to affected consumers) and disgorgement of profits. For a small company, an injunction can hurt worse than the fine.
CFPB enforcement in financial services follows similar penalty frameworks under the Consumer Financial Protection Act. The CFPB can also order remediation to harmed consumers and impose compliance monitoring that costs far more than the original penalty [9].
State attorneys general can enforce the TSR on their own, and many states run their own mini-TSR laws with extra requirements. Florida has the Florida Telemarketing Act. Texas has its own telemarketing statute that overlaps heavily with the federal TSR.
The deterrent is real. FTC enforcement actions against telemarketers, including consent decrees with ongoing monitoring, are public record and searchable on ftc.gov. Appearing in one of those press releases is not a marketing outcome any small team wants.
Does the TSR apply to B2B calls?
Mostly no, but with important exceptions. The TSR defines "customer" to include both a person who buys goods or services and a business entity that does the same, but the exemption in 16 CFR § 310.6(b)(7) excludes calls to a business except in limited circumstances [1].
Here's the exception that catches people. If you're calling a business but the real decision-maker is a sole proprietor, and the call relates to goods or services for personal use, the TSR may still apply. The line between a small-business owner and a consumer blurs fast.
For most true B2B outbound calls, where you're calling an incorporated entity about business products, the TSR's core provisions don't directly govern the call. But the FTC has pushed back on companies that claimed B2B status for what were really consumer campaigns. If your list includes any residential numbers or any sole proprietors, don't assume the exemption applies cleanly.
If you're thinking about what is cold calling in sales from a compliance angle, the B2B question is one of the most common areas of genuine confusion. The honest answer is: talk to your legal counsel before assuming the exemption fits your specific list and offer.
What is a seller's liability for a third-party telemarketer's violations?
High. Under the TSR, a seller is liable for the acts of the telemarketers it hires unless the seller can show it took reasonable precautions to prevent violations [6]. This is not pure vicarious liability, but "reasonable precautions" is a real standard that demands documented action.
Reasonable precautions the FTC has looked for in enforcement actions include written contracts requiring TSR compliance, pre-campaign list scrubbing procedures, call monitoring and audit programs, and prompt remediation when violations turn up. A contract clause saying "vendor must comply with all applicable law" is necessary but not sufficient.
The FTC's position, stated in its TSR compliance guide, is that sellers who turn a blind eye to vendor practices are liable [6]. Pay a dialing vendor by the lead, never audit their calls, never verify their DNC scrubbing, and don't expect that ignorance to protect you.
For teams that use cold call script vendors or outsourced calling centers, contracts need real teeth, monitoring needs to be real, and records need to be kept. The FTC has gone after the seller more than the caller in multiple cases.
How do you build a TSR-compliant outbound calling program?
Start with the list. Before any campaign, pull the National DNC Registry data for your calling areas through donotcall.gov [4]. You have to access current data, which the FTC reads as no older than 31 days at the time of the call. Combine that with your internal suppression list, which has to include everyone who ever asked you not to call.
Next, audit your scripts. Every cold call has to open with the true name of the seller, the purpose of the call, and (for outbound sales calls) disclosure that it's a sales call. Required disclosures before payment capture have to appear in the right sequence. Recording your calls and reviewing them periodically is good compliance practice and your evidence if a dispute arises.
Set calling hours in your dialer. Hard blocks at 8am and 9pm in the called party's local time zone. That means your dialer needs to know the time zone of the number it's calling, not the time zone where your call center sits.
Train your agents on the prohibited conduct list. They need to know they cannot threaten, abuse, or harass. They need to know they cannot claim the consumer won a prize without disclosing the odds and conditions. They need to know that if someone says "take me off your list," that request gets honored and documented immediately.
Caller ID has to transmit accurately. The number must be a working number the consumer can call back. Spoofing or deliberately altering caller ID information violates both the TSR and the Truth in Caller ID Act [11].
Document everything. DNC scrub dates and data pull timestamps. Call recordings and storage periods (the FTC sets 24-month retention for certain records under § 310.5). Agent training records. Vendor contracts and audit results. When the FTC comes in, they want a paper trail that shows you took compliance seriously before the investigation started.
LeadCompliant's free compliance kit covers the checklist items most small outbound teams miss, including the internal DNC log format and the disclosure sequence review. It's a starting point, not a substitute for counsel.
What records does the TSR require you to keep?
Section 310.5 sets the recordkeeping requirements, and the retention period is 24 months from the date the record is created [1]. That's often longer than teams expect.
Required records include:
Advertising and promotional materials. Any script, offer sheet, or recorded message used in a campaign.
Information about prizes offered, including the odds and the basis for the odds calculations.
Sales records that identify the customer, the goods sold, the date of the transaction, and the amount paid.
Employee records, including names of salespeople and their involvement in specific campaigns.
All verifications of authorizations for payment, especially for negative option and continuity plans.
DNC-related records, including the date, name, and telephone number of any consumer who asked to be placed on your internal DNC list, plus records confirming you accessed the National DNC Registry.
For electronic records, the FTC expects storage that keeps them accessible and hard to alter. Cloud storage with access logs is fine. A shared drive where anyone can edit files is not ideal from an audit standpoint.
If the FTC asks you to produce records and you can't, the absence of records becomes evidence of a compliance failure on its own. Build your retention policy before you start calling, not after an investigative demand lands.
Are there TSR exemptions that apply to financial services or debt collection?
Yes, but they're narrower than most financial firms assume.
Calls by a financial institution subject to the Gramm-Leach-Bliley Act and regulated by a federal functional regulator fall partly outside the TSR's scope, under the GLB exemption in § 310.6(b)(5) [1]. This doesn't mean those firms can ignore the TSR. It means some of their calls may be governed by their prudential regulator instead of the FTC directly.
Debt collection calls have their own exemption under § 310.6(b)(3), which excludes calls connected to a debt collection business governed by the Fair Debt Collection Practices Act [1]. But the moment a debt collector crosses into selling a product or service on that call, they're back inside TSR territory.
The CFPB's supervisory authority over large banks, credit unions, and non-bank financial companies means that even where the FTC's TSR reach is limited, the CFPB can bring parallel actions under its UDAAP authority (Unfair, Deceptive, or Abusive Acts or Practices) in the Consumer Financial Protection Act [9]. The CFPB defines "abusive" broadly, and a TSR violation the FTC might not pursue against an exempt firm can still become a CFPB UDAAP case.
The safest posture for any financial services team doing outbound calls: treat TSR requirements as a minimum floor and build up from there based on your specific regulator's guidance.
How has FTC enforcement of the TSR changed in recent years?
The FTC has amended the TSR several times since its original 2003 version. The 2003 amendment introduced the National Do Not Call Registry. Later amendments in 2008 and 2010 added restrictions on prerecorded calls and tightened the payment method rules [5].
Recent enforcement goes after robocall operations hard. The agency has used the TSR against operations that combine illegal robocalls with deceptive offers, often targeting seniors. The FTC's "Operation Stop Scam Calls" initiative, announced in 2023, produced multiple coordinated actions against telemarketing companies using prerecorded messages without consent [5].
The FTC has also taken a harder line on negative option marketing, proposing in 2023 a standalone Negative Option Rule to complement TSR requirements for subscription and continuity programs [10]. As proposed, it would require click-to-cancel mechanisms for any subscription marketed through a prerecorded call.
For outbound teams, the signal is clear. The FTC is not letting TSR cases sit. It coordinates with state attorneys general, the Department of Justice, and the CFPB. A pattern of DNC violations or deceptive scripts reaches someone's radar faster than it would have a decade ago.
At leadcompliant.com, the free DNC checker and the compliance kit are built around current enforcement priorities: DNC scrub timing, disclosure sequencing, and caller ID accuracy.
The cleanest summary of where TSR enforcement is headed: the FTC moves faster, coordinates more broadly, and its $51,744-per-violation ceiling makes even a modest campaign a serious financial risk if compliance is an afterthought.
Frequently asked questions
Is the Telemarketing Sales Rule an FTC rule or a CFPB rule?
The TSR is an FTC rule, published under 16 CFR Part 310. The CFPB has authority to enforce it against financial companies it supervises, like mortgage servicers and payday lenders. So financial firms can face TSR enforcement from both agencies. For everyone else, the FTC is the enforcer.
What hours are allowed for telemarketing calls under the TSR?
The TSR restricts outbound telemarketing calls to between 8am and 9pm in the called party's local time zone. This applies regardless of where your call center is located. Your dialer needs to reference the called number's time zone, not yours. Calling outside those hours is an abusive practice under 16 CFR § 310.4(b)(1)(iv).
What is the maximum fine for a TSR violation?
The FTC can seek civil penalties up to $51,744 per violation. Each illegal call to a DNC-registered number counts as a separate violation. Large campaigns with thousands of non-compliant calls can produce penalty exposure in the tens or hundreds of millions of dollars. The figure is inflation-adjusted periodically under federal law.
Does the Telemarketing Sales Rule apply to text messages?
The TSR's traditional scope covers voice calls. SMS marketing is primarily governed by the TCPA and FCC rules rather than the TSR. However, if a text message is part of a plan or campaign to sell goods or services through deceptive means, the FTC could pursue it under its broader UDAP authority. For text compliance specifically, TCPA and CTIA guidelines are the primary frameworks.
How often do I need to scrub my list against the National DNC Registry?
The TSR requires that you access current National DNC Registry data, which the FTC interprets as data no older than 31 days at the time the call is made. You cannot pull the list once and use it for six months. For active campaigns, most compliance teams pull fresh data monthly and before each new campaign launch.
Can I still call someone who is on the DNC list if I have a prior business relationship?
Yes, within limits. A prior business relationship created by a purchase lets you call for up to 18 months after the last transaction. A relationship created by a consumer inquiry lasts 3 months. If the person has separately asked you not to call, even an existing relationship doesn't override that request. And the existing business relationship exemption doesn't apply if they're on your internal DNC list.
What disclosures must a telemarketer make before taking payment?
Under 16 CFR § 310.3(a)(1), before processing any payment you must disclose the total cost, all material restrictions on the offer, your refund and cancellation policy, and for prize promotions, the odds of winning. For negative option or free-trial offers, you must also state exactly when charges begin and the amount. These disclosures must come before payment information is collected.
Does the TSR apply to B2B telemarketing calls?
Mostly no. The TSR exempts calls to businesses under 16 CFR § 310.6(b)(7). But the exemption has limits: calls to sole proprietors about personal goods or services can still fall under TSR. And if your list mixes business and residential numbers, you cannot assume the B2B exemption covers the full campaign. When in doubt, apply TSR standards and consult counsel.
What records must a telemarketer keep under the TSR?
Section 310.5 requires 24 months of records including advertising materials, prize promotion details, sales transaction records, employee records, payment authorizations, and DNC-related documentation. This includes timestamps of when you pulled National DNC data and records of all internal DNC requests. The absence of required records is itself a compliance failure during an FTC investigation.
If I hire an outside calling vendor, am I still responsible for their TSR violations?
Yes. The TSR holds sellers liable for the acts of their telemarketers unless the seller took reasonable precautions to prevent violations. Reasonable precautions include written contracts requiring TSR compliance, pre-campaign DNC scrubbing, call monitoring, and prompt remediation of discovered violations. Paying a vendor and ignoring their practices is not a defense.
What is the difference between the TSR and the TCPA for outbound calling compliance?
The TCPA (47 U.S.C. § 227) is a federal statute enforced by the FCC that allows private lawsuits at $500-$1,500 per call. The TSR is an FTC regulation with civil penalties up to $51,744 per violation enforced by the agency. The TCPA focuses heavily on automated dialing and prerecorded calls. The TSR covers deceptive sales practices, DNC requirements, disclosure rules, and prohibited payment methods. Both apply simultaneously to most outbound campaigns.
Do prerecorded calls have special rules under the TSR?
Yes. Under 16 CFR § 310.4(b)(1)(v), a prerecorded message call must provide an automated opt-out mechanism that lets the consumer immediately end the call and be placed on the seller's DNC list. The opt-out must be available throughout the message. This requirement exists alongside TCPA prerecorded call consent requirements, both of which must be met.
How does the TSR define 'telemarketing'?
The TSR defines telemarketing as a plan, program, or campaign conducted by telephone to sell goods or services in interstate commerce. It includes both outbound and certain inbound calls connected to a prior advertisement or solicitation. It doesn't cover purely informational calls, calls to existing customers about an ongoing service with no new sales pitch, or calls that fall under specific statutory exemptions.
What should I do if I discover my team has been making TSR-violating calls?
Stop the violating conduct immediately. Document what happened, how many calls were made, and to whom. Consult legal counsel before self-reporting; whether and how to approach the FTC is a legal strategy question. Update your internal DNC list, fix your scrubbing process, retrain agents, and create a written remediation record. Acting quickly and documenting your remediation is consistently cited in FTC consent decrees as a factor in settlement terms.
Sources
- FTC, Telemarketing Sales Rule (16 CFR Part 310), full rule text: TSR prohibitions, required disclosures before payment, calling hours, DNC requirements, recordkeeping obligations, and B2B exemption at 16 CFR § 310.6(b)(7)
- CFPB, Compliance and guidance for supervised financial companies: CFPB authority to supervise and enforce TSR and UDAAP against covered financial firms
- FTC, National Do Not Call Registry for businesses (donotcall.gov): TSR requires sellers to access the National DNC Registry and honor registrations; registry administered by FTC
- FTC, Telemarketing enforcement actions and press releases: Civil penalties up to $51,744 per violation; FTC enforcement actions including Operation Stop Scam Calls (2023) and large settlements
- FTC, Complying with the Telemarketing Sales Rule (business guidance): Seller liability for third-party telemarketer violations; reasonable precautions standard; 18-month established business relationship window
- U.S. Congress, Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. § 6101 et seq.: Statutory authority for the FTC to promulgate the Telemarketing Sales Rule
- FTC, Civil penalty amounts (inflation-adjusted): TSR civil penalty ceiling adjusted to $51,744 per violation as of 2023 under inflation adjustment requirements
- CFPB, Rules and policy on UDAAP authority: CFPB authority to pursue Unfair, Deceptive, or Abusive Acts or Practices against covered financial entities independently of FTC TSR enforcement
- FTC, Negative Option Rule rulemaking (2023 proposal): FTC proposed in 2023 a standalone Negative Option Rule to complement TSR requirements for subscription and continuity programs, including click-to-cancel mandates