Insurance sales TCPA compliance: specific requirements explained

Insurance agents face TCPA fines up to $1,500 per call or text. Learn the exact consent, DNC, and dialer rules that apply to insurance outbound sales.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Insurance sales agent reviewing compliance documents at a desk with a telephone
Insurance sales agent reviewing compliance documents at a desk with a telephone

TL;DR

Insurance sales teams must get prior express written consent before auto-dialing or texting a prospect, scrub against the National Do Not Call Registry, call only between 8 a.m. and 9 p.m. in the consumer's local time, and identify themselves on every call. Each violation costs $500 to $1,500. Insurance gets no exemption, and bought leads create their own liability.

Does TCPA apply to insurance sales specifically?

Yes, fully. The Telephone Consumer Protection Act (47 U.S.C. § 227) covers any person or entity making outbound telemarketing calls or texts, and the FCC has never carved out an exemption for insurance [1]. Health insurers, life carriers, P&C agencies, and independent agents all fall under the same statute, no matter the line they sell.

Some people hear that healthcare calls get special treatment and assume insurance does too. That confusion comes from a narrow FCC exemption for calls from a patient's own healthcare provider about treatment or appointment reminders. Selling a policy is not that. An agent cold-calling a prospect about auto or life coverage is a telemarketer under the statute, full stop.

So every rule in the TCPA, and every FCC regulation reading it, applies to your outbound insurance operation. Consent rules. Calling-hour windows. DNC scrubbing. Mandatory disclosures. Auto-dialer limits. There is no shortcut because you sell a regulated financial product.

Prior express written consent (PEWC) is the strongest form of consent the TCPA demands before you auto-dial or send a marketing text to a cell phone [2]. The FCC's 2012 rule change made it mandatory for any marketing call to a wireless number placed with an automatic telephone dialing system (ATDS) or a prerecorded voice, and the rule names texts specifically.

For insurance sales, PEWC has to:

1. Be in writing (an electronic signature counts under the E-SIGN Act). 2. Clearly authorize that specific seller to contact the person at that number. 3. Say the person does not have to consent as a condition of buying anything. 4. Come before the call or text, never after.

The FCC's 2023 "one-to-one consent" order (FCC 23-107) added a requirement with an effective date of January 27, 2025: one consent form cannot authorize calls from a stack of different sellers [3]. That aims straight at the insurance lead model, where a web form captures a consumer and then resells that lead to a dozen carriers. Each carrier now needs its own consent, gathered in that same web session, from a consumer who picked that company by name.

Buying leads from an aggregator? Ask for documentation showing one-to-one consent to your company specifically. If the vendor can't produce it, those leads are legally risky to touch with an ATDS or prerecorded message.

For cold calling a landline with a live agent and no recording, the consent bar is lower (prior express consent, not written). DNC rules still apply.

What are the calling hour rules for insurance telemarketing?

The federal window is 8 a.m. to 9 p.m. in the consumer's local time. FCC regulations at 47 C.F.R. § 64.1200(c)(1) ban calls to residential numbers before 8 a.m. or after 9 p.m. at the called party's location, not your call center's [4]. The consumer's time zone is what counts.

This trips up agencies running national campaigns from one office. A call placed at 8:30 a.m. Eastern to a Montana prospect lands at 6:30 a.m. Mountain. That's a violation on its face, and it's one of the most common triggers for complaints and class actions, because your call logs prove it for the plaintiff.

States often go tighter. Florida keeps the same 8-to-9 federal window but layers on its own solicitation limits. California adds rules under the CPUC. Check the state layer on top of the federal minimum every time.

For cold call operations, configure your dialer to check each number's area code against its current local time and hold any record outside the window rather than dial it. Area-code time mapping is imperfect (a Montana cell could be sitting in New York), but it's the standard defensible practice.

How does the National Do Not Call Registry affect insurance agents?

Insurance telemarketers have to scrub their lists against the National Do Not Call Registry before dialing [5]. The FTC enforces the Registry under the Telemarketing Sales Rule, and the FCC enforces parallel rules under the TCPA. Both bind you at once.

The mechanics:

  • Access the Registry at least every 31 days and honor opt-outs within that window.
  • A call to a registered number carries $500 in statutory damages, trebled to $1,500 for willful violations.
  • You need a subscription to pull the data. The FTC charges by area code, and the first five area codes are free.

The Registry doesn't block every call. If a consumer gave you their number for a quote in the past 18 months, or has an existing business relationship with your agency in that window, you can call even if they're on the list. But document that relationship. Class action lawyers subpoena call logs and CRMs, and a claimed exemption you can't prove is worse than no defense.

For how to pull the Registry and hold a scrub schedule, see our guide on the do not call list and how to get do not call telemarketer list data.

A mobile number on the Registry gets double coverage. The Registry opt-out applies, and the separate ATDS/prerecorded-voice consent rule applies too. You have to satisfy both.

What disclosures must insurance callers make on every outbound call?

Say it's a sales call, name the seller, and do it up front. FCC rules at 47 C.F.R. § 64.1200(d) require telemarketers to keep a written do-not-call policy and describe it on request. The FTC Telemarketing Sales Rule at 16 C.F.R. § 310.4 adds mandatory disclosures at the start of every outbound call [6]:

1. The caller states it's a sales call before asking for anything. 2. The caller discloses the seller's name. 3. For insurance, many state insurance departments require a license number disclosure when soliciting by phone.

Prerecorded messages carry more. The FCC requires the message to give the business name and a toll-free number the consumer can call to opt out [4]. That opt-out line has to be live during the call and for 30 days after.

Texts need identification too. A marketing text has to include the sender's name and an opt-out instruction (usually "Reply STOP to unsubscribe"). Miss a STOP request past the required window and you've violated the statute.

State insurance regulators pile on. Many require the insurer's state of domicile, the producer's license number, and sometimes a script approval process for prerecorded solicitations. California's Department of Insurance, New York's DFS, and Florida's OIR each publish telemarketing guidance for licensed producers.

Does using a predictive dialer or ATDS change the rules for insurance calls?

Yes, and it's the fight that decides most cases. The TCPA defines an automatic telephone dialing system as equipment with the capacity to store or produce numbers and dial them automatically [1]. Whether a modern predictive dialer meets that definition has been contested since the Supreme Court's 2021 Facebook v. Duguid ruling, which narrowed the term to systems that use a random or sequential number generator to produce or store the numbers dialed [7].

Here's the practical read for insurance teams. A click-to-call dialer that only fires numbers a human loaded and approved is less likely to count as an ATDS after Duguid than a system that generates or sequences numbers on its own. But plaintiffs' lawyers still argue predictive dialers with big auto-loaded lists meet the test, and some courts have agreed in narrow facts.

Safest posture: treat your dialer as an ATDS until your own counsel says otherwise, get PEWC for every cell number regardless, and keep documentation of your dialer's technical architecture. If you're sued, that documentation is your first line of defense.

Prerecorded voice is its own animal. It carries a consent requirement no matter whether the delivery system qualifies as an ATDS. Leave a prerecorded voicemail for a prospect who never asked for it and you've got a TCPA problem, even on a landline in some situations.

What do TCPA lawsuits against insurance companies actually look like?

Insurance carriers and their agents sit near the top of the most-sued list in TCPA class actions. The pattern repeats: a lead-gen operation collects consumer data, sells it to several carriers, and one or more carriers auto-dials the consumer over and over without valid consent. The consumer sues alone or joins a class.

Settlements here run big. Humana settled a TCPA class action for $8.7 million in 2018. Health insurance lead-gen company QuoteWizard settled for roughly $2.5 million in 2022 in a case that turned on whether it had valid consent to share leads with third-party agents [8].

The cash app TCPA class action settlement and the credit one TCPA settlement show how these numbers scale. Per-call damages of $500 to $1,500 turn enormous when millions of calls are in play.

What sets off the suits most often in insurance:

  • Calling cell numbers without PEWC, especially with a prerecorded message.
  • Calling again after a consumer says "remove me" or "stop calling."
  • Dialing a lead list where the consent chain is broken or faked.
  • Calling DNC-registered numbers without a documented exemption.

An individual plaintiff recovers $500 to $1,500 per violation, with no cap on class size. A company that placed 500,000 calls without consent faces exposure in the hundreds of millions before anyone talks settlement.

It raises the documentation bar hard. The FCC's Report and Order released in December 2023 (FCC 23-107) rewrote the consent rules for lead generation with an effective date of January 27, 2025 [3]. The order aims at comparison-shopping websites and lead aggregators, the backbone of insurance distribution.

The old rule let a consumer consent to a "marketing partner" list that could hold dozens of companies. One buried checkbox could authorize 50 insurers to call. Courts and regulators saw that for what it was, a consent factory producing technically compliant but consumer-hostile results.

Under the new rule, each seller must be "logically and topically associated" with the website where consent is gathered, the consent has to name each seller, and the consumer has to make an affirmative choice to opt in to each one. The FCC's order describes consent that is "given by a consumer to call the seller directly."

If you buy internet leads:

  • Ask your vendor for a copy of the consent form the consumer actually saw.
  • Confirm your company's name is on that form.
  • Confirm the consumer checked a box or took an affirmative action specific to your company.
  • Keep that documentation. In litigation, the burden of proving consent is yours.

This doesn't ban lead buying. It makes cheaply aggregated leads much riskier to auto-dial and forces you to keep proof for each one.

What internal policies does a TCPA-compliant insurance sales team need?

Start with the one policy the law names by title. FCC regulations at 47 C.F.R. § 64.1200(d) require companies that make telemarketing calls to keep a written do-not-call policy and train staff on it [4]. Past that floor, here's what a defensible program for an insurance sales team looks like in practice.

Written DNC policy. Document it, post it internally, and train every agent who dials out. It sounds like paperwork. It's legally required, and it's one of the first things plaintiffs' counsel asks for in discovery.

Consent documentation system. Every cell number in your dialing list needs a record of how consent was captured, when, and from what source. A spreadsheet holds up for a small shop. A CRM with custom fields holds up better. For lead buys, store the vendor's consent certificate right on the record.

Scrub schedule. Pull fresh DNC data at least every 31 days. Date-stamp each scrub. Automate it once volume justifies the setup.

Opt-out workflow. When a consumer says stop, honor it on that call and log it immediately. For texts, honor STOP requests fast; same-day is the safe practice.

Time-zone logic. Set your dialer or CRM to block outbound attempts outside 8 a.m. to 9 p.m. in the called party's local time.

State license compliance. Confirm every agent calling into a state holds the required producer license for that state. Soliciting without a license is a separate regulatory violation from TCPA, and the two together draw both insurance regulators and class action lawyers.

LeadCompliant's compliance kit includes template versions of these policies plus a free DNC scrubber to check numbers before you dial.

Running text campaigns too? The text message marketing guide covers SMS consent workflows in more detail.

What are the penalties for TCPA violations in insurance sales?

$500 per violation, $1,500 if it's willful, and no cap. The TCPA sets statutory damages at $500 for each call or text and up to $1,500 per violation if the court finds it willful or knowing [1]. There's no cap per plaintiff and no cap per class.

The FTC can pursue civil penalties under the Telemarketing Sales Rule alongside the TCPA regime. State attorneys general have their own authority to sue on behalf of residents.

Beyond money, courts can order injunctive relief, meaning a court order barring further violations that can freeze a calling program while the case runs.

Here's how the exposure scales:

Calls MadeViolation RateExposure at $500Exposure at $1,500
10,00010%$500,000$1,500,000
100,00010%$5,000,000$15,000,000
1,000,0005%$25,000,000$75,000,000

That table explains the target selection. Even a modest violation rate at scale produces eight-figure exposure, which is why class action lawyers chase high-volume callers. National insurance calling campaigns are a fat target.

Separate from litigation, state insurance departments have sanctioned carriers for telemarketing violations, handing out license suspensions and fines on top of any civil TCPA liability.

TCPA exposure by call volume and violation rate Statutory damages at $500 per violation (trebled to $1,500 for willful violations) 10K calls, 10% violation rate, $5… $500k 10K calls, 10% violation rate, $1… $1.5M 100K calls, 10% violation rate, $… $5M 100K calls, 10% violation rate, $… $15M 1M calls, 5% violation rate, $500… $25M 1M calls, 5% violation rate, $1,5… $75M Source: 47 U.S.C. § 227(b)(3), Cornell Law School LII

Are there state-level laws insurance agents need to know beyond federal TCPA?

Yes, and a few states hit harder than the federal floor. For agents operating nationally, these matter most:

Florida (FTSA). Florida's Telephone Solicitation Act (Florida Statute § 501.059) got a big amendment in 2021 and carries a private right of action mirroring the TCPA at $500 per call. It reaches calls made to Florida area codes regardless of where the caller sits, and it has its own consent and opt-out rules [9].

California (CCPA/CPRA). The California Consumer Privacy Act lets consumers opt out of the sale of their personal information, which changes how insurance lead data can be shared and used. The California Department of Insurance also sets specific solicitation rules for licensed producers.

Washington. Washington's Commercial Electronic Mail Act and separate state telemarketing rules add requirements for SMS marketing.

Indiana, Texas, Colorado. Each runs its own do-not-call registry or telemarketing law that adds scrubbing duties beyond the National Registry.

For cell phones specifically, see our guide on mobile phone do not call list requirements, which covers how state law meets federal cell phone protection.

If you're licensed across several states, apply the strictest applicable standard to every call rather than tailoring your process state by state. That means written consent, DNC scrubs, 8-to-9 hours, and full disclosure on every outbound contact. It's simpler to run and cheaper to defend.

Medicare Advantage and ACA marketplace sales carry a regulatory layer on top of TCPA, and it's a strict one. The Centers for Medicare and Medicaid Services (CMS) set marketing rules for Medicare Advantage plans at 42 C.F.R. § 422.2268 that limit when and how agents can contact beneficiaries [10]. Cold calling a Medicare beneficiary to sell a Medicare Advantage or Part D plan is barred under CMS rules except in narrow cases (the beneficiary asked for contact, or already has a relationship with the agent). That's separate from TCPA and runs right alongside it.

For ACA leads, the FCC one-to-one consent rule applies in full. Many ACA leads come from comparison-shopping sites where consumers enter their info to get quotes. Under the 2025 rule, that site has to name your specific agency and the consumer has to affirmatively opt in to your company before you can auto-dial.

So Medicare and ACA agents are largely boxed into inbound lead models, permission-based direct mail follow-up, and web leads backed by documented one-to-one consent. Mass outbound cold dialing into senior populations for health coverage is the highest-risk posture in the whole industry, and it draws the most regulatory heat.

Frequently asked questions

Does TCPA apply to insurance agents who are independent contractors rather than employees?

Yes. The TCPA reaches the entity that initiates the call and can reach individual agents along with the carrier or agency they represent. Courts have held carriers liable for calls made by their contracted agents under agency principles, and independent agents can face individual liability. The FCC weighs who benefits from the call and who directed it more than who physically dialed the number.

Can an insurance agent call a cell phone if the consumer gave their number on a quote request form?

Yes, with conditions. A consumer entering their cell number on a quote form can count as prior express written consent if the form clearly says that submitting the number means agreeing to be contacted by that specific agent or company by auto-dialer or text, and consent is not required to buy. The form also has to name the specific seller. A generic quote form without those disclosures does not meet the standard.

What is the established business relationship (EBR) exemption and does it apply to insurance?

The EBR exemption lets you call a residential number on the DNC Registry if the consumer bought from you, inquired about your services, or applied within the past 18 months. For insurance, quoting a policy counts as an inquiry. The exemption applies to DNC restrictions but does not override the ATDS or prerecorded voice consent rule for cell phones. Those two rules apply independently.

How often does an insurance agency need to scrub its list against the DNC Registry?

At least every 31 days under the FTC Telemarketing Sales Rule. FCC rules require honoring Registry opt-outs within 30 days of a consumer's registration. Many programs scrub monthly on a fixed date. Document each scrub with a date stamp and the data version used. In a lawsuit, that log is your evidence that you took reasonable steps to comply.

What happens if a consumer verbally asks an insurance agent to stop calling?

You have to honor it right away and log it. The TCPA requires telemarketers to keep company-specific do-not-call lists and honor requests for at least five years. A verbal stop during a call triggers that duty. Calling back after a consumer said stop is one of the most common facts in TCPA complaints, and courts often treat it as willful, which triggers the $1,500-per-call penalty instead of $500.

Is texting a prospect about their insurance quote covered by TCPA?

Yes. The FCC ruled in 2003 that text messages to wireless numbers fall under the TCPA, and courts have upheld that consistently. A marketing text to a prospect who has not given prior express written consent to hear from your specific company is a violation. Each text counts once. One-to-one consent applies too: a blanket lead-gen opt-in does not authorize texts from your agency unless you're named.

Can insurance agents use ringless voicemail drops without TCPA consent?

Probably not safely. The FCC has signaled that ringless voicemails (direct-to-voicemail drops that skip the ring) are subject to the TCPA as calls to wireless lines. In 2017 the FCC sought comment on whether ringless voicemail is a call under 47 U.S.C. § 227 and never issued a final rule, but most TCPA litigators treat it as needing the same consent as a prerecorded call. Several class actions have moved forward on that theory.

What documentation should an insurance agency keep to defend a TCPA lawsuit?

Keep the consent record for every cell number you auto-dial (form text, timestamp, IP address, signature). Keep DNC scrub logs with dates and version numbers. Keep your written DNC policy and agent training records. Keep call logs showing call time in the consumer's local time. Keep opt-out logs. TCPA cases almost always turn on documentation, because the burden shifts to you to show consent existed.

Does the TCPA apply to insurance calls made from outside the United States?

Yes. The TCPA applies based on where the called party is, not where the caller is. A call center in another country calling a U.S. number triggers full TCPA obligations, including consent, calling-hour rules, and DNC requirements. Some offshore operators believe geographic distance gives them cover. It does not.

Heavily. Under FCC 23-107, effective January 27, 2025, a single consent form can no longer authorize calls from multiple insurance companies at once. Each company has to be listed by name and the consumer has to affirmatively select it. Comparison sites that once sent one lead to ten carriers now need ten separate consents in the same session. Many sites are rebuilding their opt-in flows to comply.

What is the statute of limitations for a TCPA claim against an insurance company?

Four years, under the federal catch-all limitations period at 28 U.S.C. § 1658. A consumer has four years from the date of the violating call or text to file. In class actions the class period often covers four years of call records, which is why retaining call logs for at least four years (and ideally five, to catch state law claims) is standard compliance practice.

Are there any TCPA exemptions that cover emergency or policy-servicing calls for existing insurance customers?

There's a limited exemption for calls "made for emergency purposes," but it's narrow and does not cover routine policy service. Informational calls to existing customers (premium due, claim status, renewal) that carry no marketing and use a live agent to a number the customer gave may sit outside the strictest TCPA rules, but the analysis is fact-specific. If a call has any marketing content, assume full TCPA applies.

How do I get access to the National Do Not Call Registry as an insurance agent?

Register at donotcall.gov and create an account for your organization. Access is free for the first five area codes and then charged per area code per year for wider access. You certify that you're pulling the data only to comply with the telemarketing rules. See our guide on how do i get the do not call list for a step-by-step walkthrough of registration and download.

What is the risk of buying aged insurance leads and dialing them with an auto-dialer?

High. TCPA consent has to be prior to the contact and specific to your company. Aged leads often carry consent gathered for a different company, in a different session, months or years back. Courts have held that consent obtained by one entity cannot be transferred or sold to another. Dialing aged leads with an ATDS without fresh, one-to-one written consent puts you against the FCC's 2025 rule and settled case law at the same time.

Sources

  1. Cornell Law School LII, 47 U.S.C. § 227 (TCPA full statute text): TCPA statutory damages of $500 per violation, $1,500 for willful violations, and the definition of automatic telephone dialing system
  2. FCC, 47 C.F.R. § 64.1200, Rules and Regulations Implementing the TCPA: Calling-hour restriction of 8 a.m. to 9 p.m. local time, written DNC policy requirement, and prerecorded message disclosure rules
  3. FTC, National Do Not Call Registry information for telemarketers: Telemarketers must scrub call lists against the National DNC Registry at least every 31 days and honor registrations within 30 days
  4. FTC, 16 C.F.R. § 310 Telemarketing Sales Rule: TSR requires disclosure of the sales nature of a call, the seller's identity, and other mandated disclosures at the outset of every outbound telemarketing call
  5. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to systems using random or sequential number generators, April 2021
  6. FTC, Legal Library, cases and proceedings (QuoteWizard TCPA settlement, In re: QuoteWizard.com LLC Litigation, D. Mass. 2022): QuoteWizard settled a TCPA class action for approximately $2.5 million in 2022 over consent chain issues in insurance lead generation
  7. Florida Legislature, Florida Statute § 501.059, Telephone Solicitation: Florida FTSA 2021 amendment created private right of action mirroring TCPA with $500 per call damages for telemarketing violations
  8. CMS, 42 C.F.R. § 422.2268, Medicare Advantage Marketing and Communications Rules: CMS prohibits unsolicited cold calling of Medicare beneficiaries by Medicare Advantage and Part D plan agents except in narrow circumstances
  9. donotcall.gov, National Do Not Call Registry for Businesses: Registry access is free for the first five area codes; telemarketers certify compliance when accessing data

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit