Last updated 2026-07-10

TL;DR
The Telemarketing Sales Rule (TSR), enforced by the FTC and DOJ, governs outbound telemarketing calls and some texts to consumers. It requires Do Not Call scrubbing, specific oral disclosures, limits on call timing, and bans deceptive tactics. Violations cost up to $53,088 per call. Banks and most B2B calls are exempt, but sellers who hire third-party telemarketers share the liability.
What is the Telemarketing Sales Rule and who does it apply to?
The Telemarketing Sales Rule is a federal regulation the FTC issued under the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994 [1]. It took effect in 1995 and has been amended several times, most recently to update the civil penalty inflation adjustments. The FTC enforces it alongside the DOJ, and state attorneys general can bring cases too.
The TSR reaches any company that makes, or hires someone else to make, outbound calls to sell goods or services, or to solicit charitable donations. That net is wide. Cold-call consumers, use a dialer vendor, or run a lead-gen campaign that ends in a phone sale, and the rule likely reaches you.
The exemptions are real and they matter. Business-to-business calls are generally exempt, though the TSR does cover calls to sole proprietors at their personal numbers. Common carriers acting as carriers are exempt. So are financial institutions under Gramm-Leach-Bliley, which is why your bank can call you about a product without TSR constraints. Calls that answer a consumer who specifically asked to be contacted are exempt from several (but not all) provisions [2].
Here is the part small teams underestimate. If you are a seller who hires a third-party telemarketer, you share liability for that vendor's violations when you knew or consciously avoided knowing about them. The FTC has sued sellers next to their call-center vendors in enforcement action after enforcement action. This is not a theoretical risk.
How is the TSR different from the TCPA?
The TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) and the TSR are two separate legal frameworks that can both apply to the same call or text [3]. Different agencies enforce them. They set different consent standards and carry different penalties. This trips up a lot of teams.
The TCPA runs through the FCC and through private lawsuits. It cares about the technology you use to reach people: autodialed calls, prerecorded messages, and texts to cell phones need prior express written consent. A consumer can sue you directly, which is why plaintiff's attorneys love it. If you want the full picture there, read our tcpa breakdown.
The TSR runs through the FTC and DOJ. Consumers cannot sue you under it. Only the FTC, DOJ, or a state AG can bring a TSR case. The rule cares less about your dialing tech and more about what you say and do during the transaction: your disclosures, your billing, what you can and cannot promise.
| Dimension | TSR | TCPA |
|---|---|---|
| Enforced by | FTC, DOJ, state AGs | FCC, private plaintiffs, state AGs |
| Private right of action | No | Yes |
| Focus | Deceptive/abusive practices, DNC, disclosures | Technology (autodialers, prerecorded calls, texts) |
| Applies to B2B calls | Generally no | Yes, if calling cell phones without consent |
| Max penalty per violation | $53,088 [1] | $500-$1,500 per call/text [3] |
| Consent standard | Prior express consent (oral or written) | Prior express written consent for autodialed/prerecorded |
You need to be clean under both. They are not alternatives, and getting one right does not cover you on the other.
What disclosures does the TSR require on a call?
The TSR's disclosure rules are specific and non-negotiable. Break one and it is a per-call offense.
On any outbound telemarketing call, the caller must promptly, and in a clear and conspicuous way, disclose three things: the identity of the seller, that the call's purpose is to sell goods or services, and the nature of those goods or services [2]. Promptly means before the pitch starts. Plenty of teams bury the company name at the tail of a two-minute opener. That fails.
Prize promotions carry extra disclosures: that no purchase is necessary to win, the odds of winning, and any restrictions on claiming the prize. Sweepstakes-driven lead-gen campaigns trip over this constantly.
Take payment before you deliver (upsells, advance-fee deals, subscription billing) and you must disclose all material terms before billing: the total cost, any material restrictions, your refund and cancellation policy, and for negative-option offers, how the consumer avoids the charge. The FTC has treated negative-option compliance as a priority for years, and the TSR's negative-option provisions are the hook the agency reaches for most often.
Calls that involve credit card laundering or third-party payment processors face extra restrictions most small teams never touch. Run a recurring billing model and you want legal counsel before launch, not after the CID arrives.
What are the TSR's Do Not Call requirements?
The TSR built the framework behind the National Do Not Call Registry. Under the rule, telemarketers must honor the National DNC Registry, honor their company-specific (internal) DNC lists, and call no number sitting on either list [4].
The FTC maintains the National DNC Registry at donotcall.gov, and sellers must access it to scrub their lists. Pricing runs by area code: the first five area codes are free, and additional area codes cost an annual subscription fee (historically around $79 per area code, though the FTC adjusts fees, so verify the current number directly with the agency). You have to re-scrub against the registry at least every 31 days [4].
The company-specific list is separate and stricter. The moment any consumer on any call asks not to be called again, that number goes on your internal DNC list, and it stays there indefinitely. You cannot wait for the next scrub cycle. You cannot limit it to one product line. Stop means stop.
Call timing is part of the DNC framework too. Telemarketing calls to residences are prohibited before 8 a.m. or after 9 p.m. local time where the called party sits [2]. The time zone that matters is theirs, not yours. Dial a Hawaii number from a New York office and you are working across a six-hour gap that catches teams off guard.
For tcpa-sms-compliance purposes, the TCPA sets nearly identical time limits on residential calls, so this is one spot where both rules line up.
What practices does the TSR prohibit outright?
The TSR carries a list of per se prohibited practices. No gray areas here.
You cannot misrepresent anything material about the goods or services, the seller, the transaction, or the consumer's obligations. That is broad on purpose. It covers misstating the total cost, the earnings potential of a business opportunity, the seller's tie to a government program, or the consumer's right to cancel.
You cannot threaten, intimidate, or use profane language. You cannot call someone repeatedly or continuously with intent to annoy, abuse, or harass. The FTC has enforced this against call centers that dialed consumers dozens of times a week.
You cannot make a false or misleading statement to get a consumer to pay. Sounds obvious. It is also the backbone of most TSR enforcement actions, which almost always include a disclosure or misrepresentation count.
The TSR bans, flatly: billing without authorization (charging an account without express informed consent), credit card laundering (processing a transaction for a merchant you know is violating the TSR), and advance-fee prize promotions that demand payment before a prize arrives.
Sell business opportunities or investment schemes by phone and additional rules apply. The TSR requires a disclosure document reach the prospect before the sale closes [12]. Franchises, work-from-home offers, investment programs: those extra obligations attach.
One prohibition catches teams flat-footed. Call abandonment. Run a predictive dialer and the TSR caps abandoned calls (connected but with no live agent available) at 3% of answered calls per campaign, measured over any 30-day period [2]. When a call does get abandoned, you must play a prerecorded message that names the seller and gives a callback number. Teams that ride the abandonment ceiling are building FTC exposure one dial at a time.
What are the TSR's rules on payment methods and billing authorization?
This piece gets less airtime and drives a surprising share of TSR cases.
The TSR restricts payment methods the FTC treats as high-risk because they are hard for consumers to reverse. It prohibits accepting payment through remotely created checks or remotely created payment orders in most telemarketing transactions [2]. Those instruments powered many of the deceptive billing schemes the FTC chased through the 2000s and 2010s.
Whatever payment you accept, you need verifiable authorization, and what counts depends on the method. For credit or debit cards, your normal processor records usually do the job. For bank transfers, the TSR demands express verifiable authorization: a written authorization signed by the consumer, a recorded oral authorization where the consumer confirms the key terms, or a written confirmation sent before billing.
Use recorded oral authorization and the recording has to capture the consumer acknowledging the amount, the date, the payment method, and the fact that they authorized the charge. Storing those recordings is not optional. When the FTC or a state AG asks, you produce them.
Negative-option billing earns its own paragraph. Give a consumer a free trial that auto-bills unless they cancel, and the TSR (backed by the FTC's separate Negative Option Rule, updated in 2024) requires clear disclosure of the offer terms, simple cancellation, and explicit consent before enrollment. The FTC's Negative Option Rule now requires that cancellation be at least as easy as sign-up, meaning if you have a sign-up button, you need a cancel button [5].
How much do TSR violations actually cost?
The civil penalty ceiling is $53,088 per violation, per day [1]. That number climbs periodically for inflation under the Federal Civil Penalties Inflation Adjustment Act, so figures in older articles run lower than what applies now.
Each prohibited call or practice can count as a separate violation. The FTC almost never sues over a single call. By the time it files, it has usually documented hundreds or thousands of violations. Its largest telemarketing actions have settled or been decided in the tens or hundreds of millions of dollars. A 2022 action against a Florida-based debt relief operation ended in a $25 million judgment [6].
State attorneys general can bring their own TSR cases and stack state consumer protection penalties on top. California, Florida, Texas, and New York are historically the busiest.
Fines are not the whole bill. FTC consent orders routinely add multi-year compliance monitoring, mandatory compliance documentation, bans on specific business practices, and personal liability for principals who had knowledge of the violations. The "knew or should have known" standard is why founders and sales managers get named personally in FTC complaints on a regular basis.
And then there is restitution. The FTC can seek consumer redress, meaning a court orders you to refund every consumer who was harmed. On a large campaign, that figure can dwarf the civil penalties.
Does the TSR cover text messages and online sales?
The TSR's coverage of text messages is genuinely unsettled, and honesty means saying that plainly. The rule was written for phone calls. The FTC has stretched its reading over time.
The agency's position is that the TSR can reach text messages used in telemarketing campaigns, especially where a text is part of a sequence that ends in a telephone sale [2]. The DNC provisions in particular have been read to cover texts in some contexts. But the primary technology framework for texts is the TCPA, not the TSR.
Here is the practical version. Run an SMS campaign to drive inbound calls or close deals by text, and you treat TCPA sms-opt-in compliance as your main framework, with TSR compliance handling the substance of what you say and how you bill. If a text triggers a phone call that closes a sale, both frameworks cover that transaction end to end.
The TSR's reach over internet-initiated sales (click-to-call, web forms that route into phone sales) is clearer: if the sale closes on a phone call, the TSR applies to that call no matter how you acquired the consumer. Lead funnels that move people from a web form to a phone close sit squarely in TSR territory.
For teams running opt-in-sms-marketing programs, the safe posture is to treat TSR disclosures as a floor, not a ceiling, and layer TCPA consent on top.
What records does the TSR require you to keep?
Record-keeping under the TSR is specific, with a 24-month minimum retention period for most records [2].
You have to keep advertising and promotional materials, the name and last known address of each customer, the goods or services bought and the amount paid, the name and phone number of the telemarketer, records of verifiable payment authorization, and all correspondence with consumers.
Access the National DNC Registry and the FTC expects you to hold onto proof of your subscriptions and the dates of your scrubs. If an enforcement action asks why you dialed a number on the DNC list, "we scrubbed last month" only helps if you can prove it with documentation.
The TSR does not explicitly require employee training records. The FTC asks for them anyway, and courts look at them when they decide whether a company ran a good-faith compliance program. Documented training that predates the alleged violation is often the difference between a manageable consent order and a large judgment.
Use a CRM or dialing platform? Confirm it retains call records, consent timestamps, and opt-out records in a format you can actually export. Vendor systems that purge data on rolling 90-day cycles have wiped out companies' compliance defenses.
How do you build a TSR-compliant calling program?
Compliance here is an operations problem more than a legal one. The rules are clear enough. The failure is almost always in the execution.
Start with your call list. Before any dial, every number gets scrubbed against the National DNC Registry and your internal DNC list. Keep the national scrub current (within 31 days). Log the scrub date and the vendor or process you used. LeadCompliant's free DNC checker (leadcompliant.com) lets small teams run number-by-number checks before a campaign goes live.
Train your callers on the required disclosures. Write the opening disclosure as a script requirement, not a suggestion. "Hi, my name is [name] calling from [company] with an offer for [product category]" clears the identity and purpose disclosure inside ten seconds. Make it mandatory. Audit recordings weekly.
Set your dialer's abandonment limit at 3% and get the vendor to confirm in writing that the system enforces it. Predictive dialers running at 5 to 6% abandonment to squeeze agent efficiency are building your TSR exposure, not your revenue.
Build a clear internal DNC process. When a consumer says "don't call me," that request has to hit your suppression list within 24 hours, max. Plenty of teams have the DNC process on paper and fail on the handoff between the agent and the suppression update. Close that gap on purpose.
On payment and billing, if you run any trial or subscription model, your script and your website must disclose the billing terms clearly before the consumer agrees. Record consent. Keep the recording.
Teams building out full compliance programs will find that our text message marketing best practices framework covers many of the same principles for SMS campaigns running next to the phone program.
Audit quarterly. The FTC does not warn you before it investigates. Your internal audit is the only early warning you get.
What should you do if your company receives an FTC civil investigative demand?
A civil investigative demand (CID) is not a lawsuit. It is also not something to hand off to your office manager. It means the FTC has opened a formal investigation and can compel document production and testimony.
Stop all document destruction the second it arrives. Litigation hold rules apply from the moment you receive a CID. Deleting call records, emails, or DNC logs after a CID lands is evidence spoliation, and courts treat it exactly that way.
Hire outside counsel with FTC enforcement experience before you respond. CID responses run on real legal strategy: what to produce voluntarily, how to answer interrogatories, whether to engage FTC staff informally. These are not calls to make without experienced help.
The FTC staff who handle TSR cases are sharp. They have usually already talked to consumers, pulled complaint data from the Consumer Sentinel database, and maybe made test calls to your operation [9]. By the time the CID shows up, the agency has a view of what happened. Your job, with counsel, is to understand that view and respond in a way that is truthful, complete, and reads like a company that takes compliance seriously.
Many TSR investigations close without a public enforcement action when the company cooperates, has real compliance infrastructure, and the violations are limited. The cases that become large judgments are nearly always the ones where the company ignored early warnings, ran no compliance program, or was operating a straight-up fraud.
Frequently asked questions
Does the Telemarketing Sales Rule apply to B2B calls?
Generally no. The TSR exempts calls to businesses. The main exception is a call to a sole proprietor at a personal phone number, which can count as a consumer call. If you sell only to businesses and dial business lines, you sit largely outside TSR scope. You still face TCPA obligations if you call cell phones with autodialers.
How often do I need to scrub against the National DNC Registry under the TSR?
The TSR requires scrubbing against the National Do Not Call Registry at least every 31 days. You also have to honor your internal company-specific DNC list on an ongoing basis, with no mandatory interval. Practically, scrub before every new campaign launch and run a real-time internal suppression process so opt-outs apply immediately.
What is the maximum fine for a TSR violation?
The current civil penalty ceiling is $53,088 per violation, per day. The figure adjusts periodically for inflation under federal law. Because each prohibited call can be a separate violation, a large campaign with systemic problems can generate penalties in the millions. State AG actions under state consumer protection statutes can pile on additional penalties.
Can consumers sue companies directly for TSR violations?
No. Unlike the TCPA, the TSR gives individual consumers no private right of action. Only the FTC, the DOJ, and state attorneys general can bring TSR cases. That makes TSR exposure less of a class-action risk than TCPA exposure. But FTC civil penalties and restitution orders can hurt just as much financially.
What disclosures are required at the start of a telemarketing call?
The TSR requires you to promptly disclose, clearly and conspicuously: the identity of the seller, that the call's purpose is to sell goods or services, and the nature of those goods or services. This happens before the pitch. Prize promotions add disclosures about odds and restrictions. Burying the company name at the end of an opener violates the rule.
What is the call abandonment rate limit under the TSR?
The TSR limits abandoned calls (connected calls where no live agent is available) to 3% of answered calls per campaign, measured over any rolling 30-day period. When a call is abandoned, a prerecorded message identifying the seller and giving a callback number must play. Teams using predictive dialers need written confirmation from their vendor that the system enforces this limit.
Does the TSR apply to text message marketing?
The FTC has read the TSR to cover texts used as part of a telemarketing campaign, especially where texts are part of a sales sequence. In practice, the TCPA is the primary framework for texts, while the TSR governs the substance of the transaction (disclosures, billing, DNC). If a text drives a phone call that closes a sale, both laws apply.
If I hire a third-party call center, am I responsible for their TSR violations?
Yes, potentially. A seller who provides substantial assistance to a telemarketer that violates the TSR can be held liable if the seller knew or consciously avoided knowing about the violations. Vet your call-center vendors, review their compliance programs, and put TSR representations in the contract. Ignorance of a vendor's practices is no safe harbor.
What payment methods are restricted under the TSR?
The TSR prohibits accepting payment through remotely created checks and remotely created payment orders in most telemarketing transactions. For other methods, it requires verifiable authorization: written, recorded oral, or a pre-billing written confirmation to the consumer. Negative-option arrangements face extra disclosure and consent requirements under the TSR and the FTC's 2024 Negative Option Rule.
How long do I need to keep records under the TSR?
The TSR requires a minimum 24-month retention period for most telemarketing records, including promotional materials, customer purchase records, telemarketer names and phone numbers, and payment authorization records. Keep evidence of National DNC Registry scrubs too. If you get an FTC civil investigative demand, a litigation hold takes precedence over any routine data-purge schedule.
What is the difference between the National DNC Registry and a company-specific DNC list?
The National DNC Registry, run by the FTC, holds numbers consumers registered to opt out of most telemarketing. Your company-specific list is internal: it must include anyone who has ever asked your company not to call, whether or not their number is on the national registry. You honor both. The internal list never expires.
Are nonprofit organizations exempt from the TSR?
Calls made by or on behalf of bona fide nonprofit charitable organizations to solicit donations are generally exempt from most TSR provisions, including the National DNC Registry requirement. But if a for-profit company runs fundraising calls for a nonprofit and keeps a large share of receipts, the FTC may scrutinize whether the exemption actually applies to that setup.
What is the TSR's rule on call timing?
The TSR prohibits telemarketing calls to residential numbers before 8 a.m. or after 9 p.m. local time where the called party sits. The relevant time zone is the consumer's, not the caller's. Calling Hawaii from New York at 3 p.m. Eastern means 9 a.m. Hawaii time, the outer edge of compliance. Verify time zones before you dial.
What should I do if my company gets a civil investigative demand from the FTC?
Issue a litigation hold right away to stop any document deletion. Hire outside counsel with FTC enforcement experience before responding. Do not contact FTC staff directly without counsel. CIDs are serious but they are not lawsuits. Companies with real compliance infrastructure and limited violations often resolve investigations quietly. The worst outcomes come from destroying records or ignoring the process.
Sources
- FTC, Telemarketing Sales Rule (16 CFR Part 310), FTC.gov: The TSR is a federal regulation issued by the FTC under the Telemarketing and Consumer Fraud and Abuse Prevention Act; civil penalties currently up to $53,088 per violation
- FTC, Complying with the Telemarketing Sales Rule, FTC.gov: TSR requires prompt disclosures, prohibits calls before 8 a.m. or after 9 p.m., limits call abandonment to 3%, requires DNC compliance, restricts remotely created checks, and mandates 24-month record retention
- FTC, National Do Not Call Registry, DoNotCall.gov: Telemarketers must access and honor the National DNC Registry and scrub lists at least every 31 days
- FTC, Negative Option Rule (16 CFR Part 425), FTC.gov: FTC's updated Negative Option Rule, finalized 2024, requires cancellation to be at least as easy as enrollment
- FTC, Press Releases, FTC.gov: FTC TSR enforcement actions have resulted in judgments in the tens and hundreds of millions; a 2022 Florida debt relief action resulted in a $25 million judgment
- FTC, Consumer Sentinel Network, FTC.gov: FTC uses Consumer Sentinel complaint data in building TSR enforcement cases
- FTC, Privacy and Security Business Guidance, FTC.gov: FTC shares liability standard: sellers who provide substantial assistance to TSR-violating telemarketers face liability if they knew or consciously avoided knowing
- FTC, Business Opportunity Rule, FTC.gov: TSR has specific disclosure document requirements for business opportunities and investment schemes sold via telephone