Last updated 2026-07-09

TL;DR
Debt collectors face two federal regimes at once. The FDCPA governs how and when you can contact consumers about a debt. The TCPA governs the technology you use to make that contact. A call can violate both laws simultaneously, meaning a plaintiff can stack claims and you can owe up to $1,500 per call under TCPA plus $1,000 statutory damages under FDCPA from the same single outreach.
What is the difference between the TCPA and the FDCPA?
The TCPA (Telephone Consumer Protection Act, 47 U.S.C. § 227) is a communications law. It restricts the technology collectors use to reach people: autodialers, prerecorded voice messages, and text messages to cell phones. It applies to almost any entity making those calls, including first-party creditors and third-party debt collectors alike. The FCC enforces it, and private plaintiffs can sue for $500 per negligent violation or $1,500 per willful violation with no cap on class size. [1]
The FDCPA (Fair Debt Collection Practices Act, 15 U.S.C. § 1692 et seq.) is a consumer protection law. It restricts who can collect, what they can say, and when they can call. It generally applies only to third-party debt collectors (collection agencies, debt buyers, attorneys collecting debts), not to original creditors collecting their own debts. The CFPB and FTC share enforcement, and the statute caps statutory damages at $1,000 per plaintiff per lawsuit plus actual damages. [2]
Here is the cleanest way to hold the two apart. FDCPA tells you what you may do and say. TCPA tells you what equipment and process you may use to do it. They are separate statutes with separate consent standards, separate damages, and separate regimes. But a real debt collection call lives inside both at once.
How can one call violate both the TCPA and the FDCPA at the same time?
This happens more than people expect. Say a collector uses an autodialer to call a cell phone about a past-due credit card balance. The consumer never gave prior express consent for autodialed calls to that number. That is a TCPA violation: $500 to $1,500 per call. [1] If the collector also calls before 8 a.m. or after 9 p.m. local time, or calls after the consumer has sent a written cease communication notice, that same call is an FDCPA violation too: up to $1,000 plus actual damages. [2]
Plaintiffs and their attorneys love this. They plead both counts in a single federal complaint. Federal courts have jurisdiction over both claims and will hear them together, so one fact pattern turns into two theories of liability.
The overlap goes further. FDCPA's prohibition on harassing conduct (§ 1692d) has been applied when collectors call repeatedly even without an autodialer. TCPA's prohibition on prerecorded messages applies whether the message is harassing or perfectly polite. The statutes do not require each other but they frequently travel together.
For anyone running outbound debt collection calls, the practical message is simple: before you dial, you have to satisfy both sets of rules at once. Checking DNC status is a separate question again, which you can read about in our guide to the do not call list.
What consent does TCPA require for debt collection calls to cell phones?
Under the TCPA, using an autodialer or prerecorded message to call a cell phone requires the called party's "prior express consent." [1] For purely informational calls (like a balance reminder), the FCC has historically said providing your cell phone number to the original creditor in connection with the debt counts as prior express consent. The FCC's 2015 Omnibus TCPA Order (FCC 15-72) reinforced this standard and is still the governing framework for consent analysis in most debt collection contexts. [3]
But consent has limits that collectors routinely miss:
- Consent given to the original creditor does not automatically transfer to a debt buyer or third-party collector in all courts. The Eleventh Circuit in Mais v. Gulf Coast Collection Bureau (2014) held that a cell number provided to a medical provider carried over to the collector, but other circuits have read consent more narrowly. [5]
- If the number has been reassigned to a new consumer, that new person never consented. Caller liability for reassigned numbers has been contested, and the FCC issued a one-call safe harbor for reassigned numbers in its 2015 Order, but it is narrow. [3]
- Oral consent or consent buried in fine print is risky. TCPA plaintiffs argue that consent must be clear and conspicuous.
For marketing messages (texts or calls that promote a product or service), the standard rises to prior express written consent, which requires a signed agreement with specific disclosures. Debt collection calls are generally informational, not marketing, but watch for collectors who bundle a pitch for credit monitoring or other products into a collection call. That can flip the consent requirement. [1]
The safest operational posture: get written consent, store it with a timestamp and the specific number consented to, and check number reassignment before every campaign.
What does FDCPA say about call times, frequency, and cease-and-desist requests?
FDCPA § 1692c sets the calling window: 8 a.m. to 9 p.m. in the consumer's local time zone. Calling outside that window is a per se violation, no intent required. [2]
FDCPA § 1692d prohibits conduct whose natural consequence is to harass, oppress, or abuse. Regulators and courts have applied this to repeated calling. The CFPB's 2021 Regulation F (effective November 30, 2021) created a specific numeric limit for the first time: a collector is presumed to violate the harassment prohibition if it calls more than seven times in seven consecutive days about the same debt, or calls within seven days after having a phone conversation with the consumer. [4] That presumption can be rebutted, but it is a real threshold to track operationally.
Section 1692c(c) gives consumers the right to send a written cease communication notice. Once the collector receives it, all further communication must stop except to notify the consumer of specific actions (like filing suit or terminating collection efforts). Calling after a cease notice is one of the most common FDCPA violations in litigation.
The interaction with TCPA here matters. Revoking TCPA consent and sending an FDCPA cease notice are legally separate acts with separate consequences. A consumer who orally revokes TCPA consent on a call (which the FCC recognizes as valid revocation) has not necessarily sent a valid FDCPA written cease notice. And the reverse holds too. Your call-center scripts and CRM need to handle both separately.
Does TCPA apply to original creditors, or only to third-party collectors?
TCPA applies to everyone making autodialed or prerecorded calls to cell phones, whether you are an original creditor or a third-party collector. [1] This is one of the sharpest distinctions between the two statutes.
FDCPA, by contrast, mostly exempts original creditors. A bank collecting its own credit card debt is not a "debt collector" under 15 U.S.C. § 1692a(6) in most circumstances. There are exceptions (creditors who use a different name to suggest a third party is collecting), but the basic rule holds. [11]
So a bank's internal collection department is subject to TCPA when it autodials cell phones but is generally not subject to FDCPA. A third-party collection agency calling the same consumer on the same debt is subject to both. This asymmetry is why you see large banks facing TCPA class actions (see the credit one tcpa settlement as one example) even though FDCPA claims against them for the same conduct might not be available.
For compliance program design, original creditors need a full TCPA program and should also check state equivalents (several states have their own debt collection rules that mirror FDCPA for original creditors). Third-party collectors need both programs running simultaneously.
What are the actual penalties when both laws apply?
The math gets uncomfortable fast.
Under TCPA, a plaintiff can recover $500 per call or text for each violation, trebled to $1,500 if the court finds the violation was willful or knowing. There is no cap on the number of violations in a class action. [1] The Cash App TCPA class action settlement (see our breakdown at cash app tcpa class action settlement) shows how quickly class exposure adds up.
Under FDCPA, statutory damages max out at $1,000 per plaintiff in an individual action, or the lesser of $500,000 or 1 percent of the net worth of the debt collector in a class action. Actual damages are also available. [2]
Attorneys' fees are mandatory for prevailing plaintiffs under both statutes. That is exactly why plaintiff-side lawyers take these cases on contingency.
| Statute | Per-violation damages | Class cap | Attorneys' fees |
|---|---|---|---|
| TCPA (47 U.S.C. § 227) | $500 (negligent) / $1,500 (willful) | None | Available |
| FDCPA (15 U.S.C. § 1692k) | $1,000 per plaintiff | $500,000 or 1% net worth | Mandatory for prevailing plaintiff |
| Combined exposure (same call) | Up to $2,500 per call | Uncapped TCPA + FDCPA class cap | Both fee provisions apply |
Run the numbers on a 1,000-person TCPA class where each member received three unauthorized calls. At $1,500 per call, that is $4.5 million before fees. Add FDCPA and it grows. This is not a theoretical scenario. It is a real pattern in federal district court filings.
How does CFPB Regulation F change the TCPA and FDCPA overlap analysis?
Regulation F, which became effective November 30, 2021, is the CFPB's first major rulemaking under FDCPA. It did not change TCPA at all. What it did was add specificity to FDCPA obligations in ways that interact with technology and call volume. [4]
The seven-call-in-seven-days presumption is the headline number, but the rule did more. It expanded FDCPA's scope to cover electronic communications including emails and text messages. It also allowed limited-content messages (a message that identifies the caller, provides a callback number, and says it is a debt collector) to be left on voicemail without triggering a full "communication" under FDCPA, which matters for compliance with third-party disclosure rules.
For TCPA purposes, electronic communications including texts were already covered. Regulation F's extension of FDCPA to texts means text message debt collection campaigns now have to satisfy both TCPA's prior express consent requirement and FDCPA's content and frequency restrictions at the same time. Our guide to text message marketing covers the consent mechanics in more detail.
The CFPB also addressed email and social media contact under Regulation F, which TCPA does not touch (TCPA is telephone-specific). So for those channels, only FDCPA (and state equivalents) apply.
What are the riskiest compliance gaps collectors actually fall into?
Based on the litigation landscape over the past decade, a few failure patterns show up over and over.
First, relying on cell numbers in the original account file as permanent TCPA consent. Numbers get reassigned. People change numbers. Consent tied to a number can evaporate. The FCC's 2015 Order offered a one-call safe harbor for reassigned numbers but that is one call, not a campaign. [3]
Second, not documenting revocation of consent. TCPA lets consumers revoke consent "at any time through any reasonable means." The FCC confirmed this in its 2015 Order. If a consumer says "stop calling me" on a recorded call and your CRM does not flag that number immediately, the next autodialed call is a knowing violation at $1,500.
Third, treating FDCPA's cease notice and TCPA consent revocation as the same thing and handling them with one workflow. They are not the same. A cease notice under FDCPA § 1692c(c) must be in writing to trigger the statutory obligation, but TCPA revocation can be oral. Your scripts and CRM must handle both independently.
Fourth, failing to scrub against the National Do Not Call Registry before manual calls that are not autodialed. TCPA's DNC obligations apply to telemarketing calls even without an autodialer. If your collection calls include any marketing element, you have a DNC obligation. You can check your numbers against the registry, and our tools at LeadCompliant include a free DNC checker for this. See also our overview of the do not call telemarketer list for how to handle that scrub.
Fifth, calling cell phones inside FDCPA's 8-to-9 window but never checking the consumer's local time zone. The rule runs on the consumer's local time, not yours.
How does TCPA consent transfer work when debt is sold or assigned?
This is genuinely unsettled law and you should get jurisdiction-specific counsel before assuming consent transfers.
The business argument is intuitive: when a creditor sells a debt portfolio, the TCPA consent granted to the original creditor travels with the account. Some courts have accepted this. The Eleventh Circuit in Mais v. Gulf Coast Collection Bureau (2014) held that consent provided to a hospital carried to the collector the hospital hired. The logic was that the consumer consented to be called about the account, not specifically by the original creditor. [5]
Other courts have been skeptical. The argument against transfer is that TCPA consent is given to a specific entity and the consumer could not have anticipated calls from a stranger debt buyer they never dealt with. Courts in the Second and Ninth Circuits have sometimes applied narrower readings.
Regulation F does not resolve this for TCPA purposes because it is an FDCPA rule. The FCC has not issued a definitive ruling on consent transfer in debt sale chains.
Here is the practical upshot. If you are a debt buyer, do not assume consent from the seller's file is good TCPA consent without a legal review of your circuit's case law. Getting fresh consent at the start of the collection relationship is expensive and often infeasible, but it is the cleanest option. Short of that, document what consent evidence you received in the purchase and vet it against current-subscriber databases.
What does a compliant debt collection call process look like under both laws?
A compliant process has to satisfy both statutes at every step, more than one. Here is how that maps out operationally.
Before any outreach: verify the number belongs to the current subscriber (use a real-time reassignment check, more than what is in your file). Confirm the number type (cell vs. landline, since TCPA autodialer restrictions apply to cell phones specifically). Scrub against your internal do-not-call list and any applicable DNC registry lists. Confirm you have TCPA-compliant consent for the specific technology you plan to use. Check whether a written cease notice is on file for this consumer.
Call timing: respect the 8 a.m. to 9 p.m. local time window for FDCPA. There is no separate TCPA time-of-day restriction for individual calls, but FCC guidance and state analogs may add restrictions. [2]
Call frequency: track against Regulation F's seven-in-seven presumption for FDCPA. There is no explicit TCPA frequency limit per consumer, but high-volume calling with an autodialer to a single number can support a "willful" finding for treble TCPA damages.
During the call: provide FDCPA's mandatory disclosures (identify as a debt collector, provide the debt validation disclosure on first contact). Do not record without complying with applicable state wiretapping laws. If the consumer orally revokes TCPA consent or submits a written cease notice, the agent must capture it immediately and the CRM must suppress the number in real time.
After the call: log outcomes, consent status, and any revocation events. Retain records long enough to defend a TCPA suit (the statute of limitations is four years for TCPA, one year for FDCPA). [6]
LeadCompliant's compliance kit (available at leadcompliant.com) includes a pre-call checklist template that maps each of these steps to the specific statute and rule section, which saves time building your own from scratch.
Are there state laws that add a third layer on top of TCPA and FDCPA?
Yes, and in some states the state law is the most dangerous one.
California has the Rosenthal Fair Debt Collection Practices Act, which applies FDCPA-like obligations to original creditors. It also interacts with California's Invasion of Privacy Act (CIPA), which has been used to challenge call recording and in some cases autodialer-like technology, sometimes with per-violation damages. [7]
Florida's Consumer Collection Practices Act (FCCPA) applies to all creditors, mirrors many FDCPA provisions, and allows attorney fee awards.
New York's FDCPA equivalent, enforced through the CFPB and state AG, adds its own restrictions.
Texas, Colorado, and a growing number of states have their own mini-TCPA or mini-FDCPA statutes. Some states prohibit calls to cell phones added to state-specific do-not-call lists regardless of federal DNC status. See our breakdown of the mobile phone do not call list for how state cell-specific lists interact with the federal registry.
The safest assumption for a multi-state collector: your compliance program needs a state-law review for each state where consumers reside, on top of federal TCPA and FDCPA. The federal floor is real but states can and do go further.
How do courts decide which law applies when a dispute arises?
Courts do not choose between TCPA and FDCPA. Both can apply. Federal district courts hear both under federal question jurisdiction (28 U.S.C. § 1331) and will adjudicate both counts in a single case.
The burden of proof differs slightly. For TCPA, a plaintiff must show they received a call or text from an autodialer or prerecorded message to their cell phone without prior express consent. The defendant then bears the burden of proving consent existed. [1] For FDCPA, the plaintiff must show they are a consumer, the defendant is a debt collector, and the specific conduct violated a named provision.
Statute of limitations: TCPA gives plaintiffs four years to sue under 28 U.S.C. § 1658. FDCPA gives plaintiffs one year from the date of the violation under 15 U.S.C. § 1692k(d). [6] A collector can face TCPA exposure for calls made within the past four years even if FDCPA claims for the same calls are time-barred.
In practice, plaintiff attorneys file TCPA claims more often in class actions because the uncapped per-violation damages make class certification economically attractive. FDCPA claims often ride along, but sometimes the FDCPA count is an individual claim added to push a settlement.
Frequently asked questions
Can a debt collector be sued under both TCPA and FDCPA for the same call?
Yes. A single autodialed call to a cell phone can simultaneously violate TCPA (if consent is lacking) and FDCPA (if the call is outside permitted hours or follows a cease notice). Federal courts hear both claims together. Damages from each statute are separate, so a plaintiff can recover up to $1,500 under TCPA and $1,000 under FDCPA from one call, plus attorneys' fees under both.
Does FDCPA apply to original creditors or only to collection agencies?
FDCPA generally applies only to third-party debt collectors, meaning collection agencies, debt buyers, and attorneys collecting debts. Original creditors collecting their own debts are largely exempt under 15 U.S.C. § 1692a(6). However, TCPA applies to original creditors and third-party collectors equally. Several states have their own debt collection laws, like California's Rosenthal Act, that cover original creditors.
What is the TCPA statute of limitations for debt collection lawsuits?
TCPA claims have a four-year statute of limitations under 28 U.S.C. § 1658. FDCPA claims have a one-year limit from the date of the violation under 15 U.S.C. § 1692k(d). This gap matters: a consumer can file a TCPA class action for calls made up to four years ago even if the FDCPA window has closed.
How many times can a debt collector call per week before violating the law?
CFPB Regulation F (effective November 2021) created a rebuttable presumption of FDCPA harassment if a collector calls more than seven times in seven consecutive days about the same debt, or calls within seven days after having a telephone conversation with the consumer. TCPA has no explicit per-consumer frequency cap but high-volume autodialed calling can support a willful violation finding that trebles damages.
Does giving a cell phone number to a creditor count as TCPA consent?
Generally yes, under FCC guidance from the 2015 Omnibus TCPA Order (FCC 15-72). Providing your number in connection with a transaction counts as prior express consent for informational calls about that transaction. But consent has limits: it may not transfer automatically to debt buyers, it evaporates if the number is reassigned to a new subscriber, and it can be revoked at any time by the consumer.
What happens if a consumer revokes TCPA consent verbally on a call?
The FCC confirmed in its 2015 Order that consumers can revoke TCPA consent through any reasonable means, including orally during a call. Once revoked, the next autodialed call is a knowing violation subject to $1,500 in damages. Your CRM must capture oral revocation events in real time and suppress the number immediately. Verbal revocation does not automatically constitute an FDCPA written cease notice, which requires a separate written request.
Does the FDCPA calling window (8 am to 9 pm) also apply under TCPA?
No. The 8 a.m. to 9 p.m. calling window is an FDCPA rule under 15 U.S.C. § 1692c(a)(1), based on the consumer's local time. TCPA has no separate time-of-day restriction for individual outbound calls, though state laws in California and some other states add their own time restrictions. A call made at 7 a.m. can violate FDCPA without violating TCPA, or both if autodialed without consent.
Do debt collectors have to scrub against the National Do Not Call Registry?
Debt collection calls are generally considered informational, not telemarketing, so the National DNC Registry does not apply to a pure collection call. If the call includes any solicitation or marketing element, DNC obligations kick in under TCPA. Collectors should also check their own internal do-not-call lists. See our explainer on the do not call list for how to run that scrub correctly.
Can a debt collector send text messages, and what rules apply?
Yes. TCPA covers text messages to cell phones the same as calls using an autodialer. Prior express consent is required. CFPB Regulation F (2021) extended FDCPA obligations to electronic communications including texts, so content and frequency restrictions apply too. A text sent without TCPA consent and containing content that violates FDCPA faces exposure under both statutes simultaneously.
What is a limited-content message under Regulation F?
Regulation F created a safe harbor for voicemail messages that include only the debt collector's name, a callback number, and a statement that the message is from a debt collector. This limited-content message avoids triggering FDCPA's third-party disclosure prohibitions because it does not convey information about the debt. It does not affect TCPA consent requirements, which still apply to the underlying call technology.
If a debt is sold, does TCPA consent transfer to the new debt buyer?
Courts are split. Some, like the Eleventh Circuit in Mais v. Gulf Coast Collection Bureau (2014), have held consent transfers with the account. Others apply a narrower reading and require fresh consent from the consumer. The FCC has not issued a definitive rule on consent transfer in debt sale chains. Debt buyers should obtain legal advice specific to their circuit and document whatever consent evidence they receive from sellers.
What records should a debt collector keep to defend a TCPA or FDCPA claim?
For TCPA, retain consent documentation, timestamps, call logs, number-type verification records, and any revocation events for at least four years. For FDCPA, retain call records, cease-notice logs, and disclosure documentation for at least one year, though matching the TCPA retention period is safer. Courts increasingly expect CRM-level audit trails showing exactly when consent was obtained, what number was consented to, and when any revocation was recorded.
Which agency enforces TCPA versus FDCPA for debt collectors?
The FCC has primary rulemaking and enforcement authority over TCPA. The CFPB enforces FDCPA against debt collectors and issued Regulation F in 2021. The FTC shares FDCPA enforcement authority. Both the FCC and CFPB have issued civil investigative demands and enforcement actions against debt collectors. Private plaintiffs can sue under both statutes independently of agency enforcement.
Sources
- U.S. Code, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA authorizes $500 per violation, trebled to $1,500 for willful violations; covers autodialed and prerecorded calls/texts to cell phones; requires prior express consent
- U.S. Code, 15 U.S.C. § 1692 et seq. (Fair Debt Collection Practices Act): FDCPA restricts third-party debt collectors; prohibits calls outside 8 am to 9 pm local time; caps statutory damages at $1,000 per plaintiff; requires mandatory attorneys' fees for prevailing plaintiffs
- CFPB, Regulation F (Debt Collection Practices), 12 C.F.R. Part 1006, effective November 30, 2021: Creates rebuttable presumption of FDCPA harassment if collector calls more than seven times in seven consecutive days about the same debt; extends FDCPA obligations to electronic communications including texts and emails
- Mais v. Gulf Coast Collection Bureau, 768 F.3d 1110 (11th Cir. 2014): Eleventh Circuit held that consent to be called provided to a medical provider transferred to the third-party debt collector the provider retained
- U.S. Code, 28 U.S.C. § 1658 and 15 U.S.C. § 1692k(d) (statutes of limitations): TCPA claims have a four-year statute of limitations under 28 U.S.C. § 1658; FDCPA claims must be brought within one year of the violation under 15 U.S.C. § 1692k(d)
- California Rosenthal Fair Debt Collection Practices Act, Cal. Civ. Code § 1788 et seq.: California's Rosenthal Act applies FDCPA-like obligations to original creditors collecting their own debts, extending protections beyond federal FDCPA scope
- FTC, Fair Debt Collection Practices Act text and guidance: FTC shares FDCPA enforcement authority; publishes annual report on FDCPA complaints and enforcement actions
- CFPB, Debt Collection Consumer Resources: CFPB has primary rulemaking authority over FDCPA and enforces it against debt collectors; maintains consumer complaint database showing volume of collection-related complaints
- U.S. Code, 15 U.S.C. § 1692a(6) (FDCPA definition of debt collector): FDCPA defines 'debt collector' to generally exclude creditors collecting their own debts, limiting FDCPA applicability compared to TCPA which covers all callers