Does forming an LLC protect founders from TCPA personal liability?

An LLC shields you from many lawsuits, but TCPA cases are different. Courts hold founders personally liable when they directed illegal calls. Here's what the law says.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-11

Founder reviewing legal documents at a conference table, facing personal TCPA liability risk
Founder reviewing legal documents at a conference table, facing personal TCPA liability risk

TL;DR

An LLC gives you some protection, but it won't save you here. Courts routinely hold founders personally liable under the TCPA when they directed, authorized, or controlled the illegal calling or texting. The direct-participation theory bypasses the corporate veil entirely. A compliant LLC helps. A non-compliant one rarely does, especially if you personally ran the campaign.

What does the TCPA actually say about who is liable?

The TCPA does not limit liability to corporations. It reaches individuals. The statute, codified at 47 U.S.C. § 227, makes it unlawful for "any person" to make certain calls or send certain texts without proper consent [1]. That word "any" carries weight. Courts read it to reach the human who ordered the calls, more than the business entity on the letterhead.

The FCC has backed this reading for decades. Its 2003 order establishing the national do-not-call registry discussed the liability of individuals who direct telemarketing, separate from the companies employing them [2]. So the statute and the agency point the same way. If you personally told the team to send the texts, you can be sued as a person.

Before you read about who pays, it helps to know which calls and texts trigger liability in the first place. The tcpa overview covers that baseline.

How does an LLC normally protect a founder from business debts and lawsuits?

An LLC protects your personal assets from the company's ordinary debts. Standard LLC law in every U.S. state says members and managers are not personally liable for the obligations of the LLC just because of their membership or management role [8]. That is the whole point of the entity. A creditor sues the LLC, wins a judgment, and collects from the LLC's assets. Not from your bank account.

This works well for ordinary business debts. Unpaid invoices. Lease obligations. Product liability in most cases. The LLC files for bankruptcy, the creditor takes what's there, and the founder walks away. That protection is real and worth having.

But it has two enemies in a TCPA case. First, courts can pierce the veil when a founder treats the LLC as an alter ego, commingles funds, or uses the entity as a fraud vehicle. Second, and this matters more, personal liability can attach without any veil-piercing at all, because the founder was a direct participant in the statutory violation. Those are two separate legal theories. TCPA plaintiffs use both.

Can TCPA plaintiffs sue founders personally even if the LLC is properly maintained?

Yes. This is the part that surprises most founders. The direct-participation theory does not require piercing the veil at all. A court can hold you personally liable while fully agreeing the LLC is a valid, separate entity.

The logic is simple. The TCPA creates liability for anyone who "makes" or "initiates" a prohibited call or text. If you personally approved the call script, set the dialing cadence, chose the contact list, or told the team to run the campaign, courts have found that founder liable for initiating those calls. The company is liable too. Both are on the hook.

The case cited most often here is Fitzhenry-Russell v. Dr. Pepper Snapple Group (N.D. Cal. 2017), where the court let claims proceed against individual officers who directed the telemarketing program [3]. The pattern repeats in smaller, quieter cases. A startup sends an SMS blast without proper consent. Plaintiff's lawyers name every officer in the complaint. Suddenly the founders are defending personal exposure alongside the company.

For a sense of how fast the dollar figures climb, even for smaller operations, the cash app tcpa class action settlement shows the math.

TCPA personal liability: key numbers founders need to know Statutory figures and exposure thresholds under 47 U.S.C. § 227 $500 Damages per negligent viola… $1,500 Damages per willful violati… $5M Exposure on 10,000-text cam… (negligent) $15M Exposure on 10,000-text cam… (willful) Source: Legal Information Institute, Cornell Law School, 47 U.S.C. § 227 (2024)

What is the direct-participation theory and how do courts apply it?

The direct-participation theory comes from FCC guidance and federal case law reading the word "initiation" in the statute. Courts generally ask two questions. Did the individual know calls were being made? Did the individual have the authority to stop them or direct them differently?

If both answers are yes, personal liability is a real risk. Courts have found that a founder who is also the CEO, who signs off on marketing campaigns, and who reviews the analytics dashboards qualifies. You never had to dial the number or type the text. Authorizing it is enough.

Here's what courts weigh in practice:

FactorHigher personal liability riskLower personal liability risk
Role in campaignApproved the campaign directlyNo involvement in marketing decisions
Knowledge of contact listReviewed or sourced the listNo access to contact data
Response to complaintsIgnored or suppressed opt-out requestsActed on complaints immediately
Corporate formalitiesCommingled funds, no real board processClean books, separate accounts
Pattern of violationsRepeated campaigns after prior complaintsFirst-time, isolated incident

No single factor decides it. Courts weigh the whole picture. But if three or four of those higher-risk boxes describe your situation, a plaintiff's attorney will name you personally and use discovery to build the case around your emails and Slack messages.

Does piercing the corporate veil matter separately from direct participation?

It does, and plaintiffs often plead both theories in the alternative.

Veil-piercing is the classic route. Show the LLC is an alter ego of the founder, used to perpetrate fraud or injustice, under-capitalized to the point that the entity is a sham. State law governs this, and the standards vary. California applies a plaintiff-friendly two-prong test: unity of interest plus an inequitable result [11]. Delaware demands more fraud-like conduct. Texas sits somewhere in between.

When a plaintiff pierces the veil, every LLC obligation becomes the founder's personal obligation, more than the TCPA judgment. That's catastrophic.

Some founders assume that perfect corporate formalities keep them safe. In the TCPA context, that assumption is wrong. A court can find you personally liable as a direct participant without ever touching the veil question. Both theories live in the same complaint. TCPA plaintiffs' lawyers, who often work on contingency and file hundreds of cases a year, know this and plead accordingly.

What do actual TCPA verdicts and settlements show about founder personal liability?

Nobody has clean aggregate data on cases where founders paid out of pocket separately from their companies. Most cases settle under confidentiality agreements. But the pattern in court filings and reported opinions is clear enough to draw a conclusion: adding an individual founder to a complaint raises the settlement pressure, because the founder can't hide behind the LLC.

The TCPA sets statutory damages at $500 per violation for negligent violations and up to $1,500 per violation for willful or knowing violations [1]. In a mass-texting campaign, "per violation" means per text to each recipient. A startup that sends 50,000 unsolicited marketing texts faces $25 million in exposure at $500 each, or $75 million if a court finds the violations willful. If the founder is personally liable as a direct participant, that number attaches to the founder.

The credit one tcpa settlement reached $12.5 million, which shows what corporate defendants absorb. Individual defendants in smaller cases often settle for six figures, because the alternative is a trial where a jury awards statutory damages per message. Defending the case alone can run $200,000 to $500,000 in legal fees for a mid-complexity TCPA suit, based on rates defense attorneys publish openly.

The honest caveat: the personal-versus-corporate settlement split is not something anyone tracks well. What practitioners report is consistent, though. Name the founder, and the case gets more expensive to settle.

Does an LLC registration state change the analysis?

Barely. Delaware LLCs are popular because Delaware corporate law is well-developed and business-friendly. But TCPA liability is federal, and the direct-participation theory is a federal reading of a federal statute. The state where you registered affects veil-piercing under state law. It does not change whether you, as a founder, can be named personally under the federal direct-participation theory.

Some founders register in Wyoming or Nevada for the strong charging order protections and the narrow grounds for veil-piercing. Those protections are real in their lane. They shield a member's LLC interest from that member's personal creditors. They do not build a wall around federal statutory liability for your own conduct.

Register wherever makes operational sense for your business. Don't pick a state for TCPA protection. It won't give you what you're after.

What actually reduces a founder's personal TCPA exposure?

The thing that moves the needle most is not entity structuring. It's making calls and sending texts in compliance so there's no violation to sue over. That sounds obvious, but say it plainly: you can't structure your way out of a violation you're about to commit.

With that said, a few practices genuinely lower the odds that a founder ends up named and liable.

Delegate execution, own the compliance system. Keep distance from the operational details of individual campaigns while keeping tight control over the compliance rules. If someone else approves individual campaign lists, that someone else becomes the direct participant. If you set the rules and review whether they're followed, you're exercising governance, not initiating calls.

Document everything. Written policies. Written approvals. A record of consent obtained before texting. A working do-not-call process. Courts look at what actually happened, and documentation shows a real program instead of a sham.

Respond to opt-outs and complaints immediately. A founder who got a demand letter, discussed it in writing, and told staff to keep running the campaign is in far worse shape than one who ordered an immediate stop and investigated.

Check numbers against the do not call list before every campaign run. Same for the do not call telemarketer list. These are concrete steps, and they're what show a campaign was not willful.

For teams running cold calling or text message marketing, LeadCompliant has free DNC checkers and a compliance kit that help you document each step. That paper trail is exactly what separates an isolated mistake from a willful pattern.

Can you use multiple LLCs or a holding company to reduce personal TCPA risk?

Founders ask this a lot, usually framed as: what if the calling entity is a subsidiary, and I only own the parent?

It doesn't work the way people hope. If you direct the subsidiary's calling campaigns, personal liability as a direct participant attaches no matter how many entity layers sit between you and the calls. And if the subsidiary is judgment-proof (no assets), a plaintiff looks up the chain, to the parent and then to you, using both alter-ego and direct-participation theories.

Worse, a structure that appears built to shield assets while the founder keeps running non-compliant campaigns can look like intentional fraud. Courts have little patience for layered entities that seem designed to dodge statutory liability. The FCC has stated in enforcement actions that it looks through entity structures when the purpose appears to be evasion.

Multiple LLCs serve legitimate purposes. Different product lines. Separate geographic markets. Joint venture partners. But if the purpose is TCPA liability insulation, you're building something that won't hold and may make your position worse.

Does D&O insurance or EPLI fill the gap that an LLC leaves?

Sometimes, and it's worth a hard look. Directors and Officers (D&O) insurance covers the personal liability of officers and directors for "wrongful acts" in that role. Some D&O policies cover TCPA defense costs and settlements for founders named personally.

The question is whether your specific policy covers statutory violations, regulatory fines, and class-action defense. Many D&O policies exclude intentional statutory violations. Because TCPA cases often turn on willfulness arguments (that's how plaintiffs reach the $1,500 tier), insurers sometimes deny coverage under the willfulness exclusion. Read the actual policy language, ideally with a coverage attorney.

Employment Practices Liability Insurance (EPLI) generally does not cover TCPA claims. That's not what it's for.

Cyber liability policies occasionally pick up TCPA claims tied to electronic communications, again depending on the language.

If you're running serious outbound volume, get a D&O policy and ask the broker one blunt question: does this cover TCPA claims, both defense costs and indemnification? Get the answer in writing. A policy that covers defense costs alone, even if it won't touch the settlement, is still worth real money, because defending a class action can run into the hundreds of thousands.

What should founders do right now to lower their personal exposure?

A handful of concrete steps, ordered by how much they matter.

Document your consent process before the next campaign goes out. If you collect phone numbers on a web form, the form should include clear disclosure language saying that by providing a number the consumer consents to receive calls or texts. Screenshot the form, save it with a date stamp, and store it somewhere outside your email.

Check your contact lists against the National DNC Registry before every campaign. The FTC operates the registry. Commercial access requires a subscription, but you can check up to five numbers for free on the FTC's official site [4]. For mobile phone do not call list guidance, there's more on what cell-number protections look like.

Write a TCPA compliance policy, even a one-pager. It should say who approves campaign lists, who verifies consent records, and what happens when a complaint arrives. Having it in writing and following it is evidence of a non-willful posture.

Got a complaint or a demand letter? Stop the relevant campaign immediately while you investigate. Running the same campaign after notice of a problem is the fastest way to turn a negligent violation into a willful one and to lock in your personal involvement as a knowing participant.

And learn what a cold call means in the regulatory sense, and how it differs from calling existing customers or confirmed opt-ins. The rules change with the relationship, and mixing them up is a common source of violations a founder could have dodged with thirty minutes of reading.

Is there any scenario where an LLC does meaningfully protect a founder from TCPA claims?

Yes, and it's worth being honest so the picture isn't all doom.

A truly passive founder is much harder to reach. Not involved in campaign decisions. Not reviewing contact lists. Not approving messaging. Someone else runs the marketing operation end to end. In that case the direct-participation theory is difficult to apply, and the LLC does its job. The company is liable, the founder is not, and personal assets stay protected by the entity structure.

This is realistic for a CEO of a larger company who has handed all marketing decisions to a VP. It's much less realistic for a 10-person startup where the founder is in every Slack channel and approved the SMS campaign last Tuesday.

The LLC also helps against veil-piercing. Maintain proper formalities, keep the books clean, don't commingle personal and business funds, don't pay personal expenses from the LLC account, and a veil-piercing theory fails. That's real protection against one of the two main theories plaintiffs use.

So the honest answer to the headline: yes, partially, in certain circumstances, if you've genuinely delegated marketing execution and kept clean formalities. No, not reliably, if you're the founder of a small team who is personally running the outbound campaigns.

Frequently asked questions

Can I be sued personally for TCPA violations even if my company is a properly formed LLC?

Yes. Federal courts let TCPA plaintiffs sue founders personally under the direct-participation theory, which does not require piercing the corporate veil. If you directed, approved, or had authority over the illegal calling or texting, courts can hold you individually liable alongside the LLC. Statutory damages run $500 to $1,500 per violation, and those attach to you personally, more than to the company.

What is the direct-participation theory in TCPA cases?

It's the theory that any individual who personally directs or authorizes a TCPA violation can be held liable as a direct participant, without piercing the corporate veil. Courts ask whether you knew about the calls and had authority to stop or control them. Yes to both means personal exposure. The theory comes from reading "any person" in 47 U.S.C. § 227 and has been applied across multiple federal district courts.

Does the state where I form my LLC affect my TCPA personal liability?

Only for the veil-piercing analysis, which is governed by state law. Delaware, Wyoming, and Nevada have founder-friendly veil-piercing standards. But the direct-participation theory is a federal reading of a federal statute and applies the same way nationwide. Registering in Delaware does not protect you from being named personally as the person who directed a federal statutory violation.

What are the TCPA statutory damages a founder could face personally?

The TCPA sets damages at $500 per violation for negligent violations and up to $1,500 per violation for willful or knowing violations, under 47 U.S.C. § 227(b)(3). Each call or text to each recipient is a separate violation. A campaign of 10,000 texts could expose you to $5 million to $15 million in statutory damages if you're found personally liable as the individual who directed it.

Does D&O insurance cover a founder's personal TCPA liability?

It can, but coverage depends entirely on the policy language. Some D&O policies exclude intentional statutory violations, and TCPA cases often involve willfulness arguments. Ask your broker explicitly whether the policy covers TCPA claims, including class-action defense costs and settlements. Get a written answer. Even partial coverage for defense costs alone is valuable, since defending a TCPA class action can cost hundreds of thousands of dollars.

Can a multi-entity structure (parent LLC plus subsidiary) shield a founder from TCPA liability?

No, not reliably. If the founder directs the subsidiary's calling campaigns, personal liability attaches no matter how many entity layers exist. Courts and the FCC look through entity structures that appear designed to evade statutory liability. A deliberate shield structure can look like intentional fraud and worsen the founder's position. Multiple entities serve legitimate operational purposes, but not TCPA liability insulation.

What corporate formalities actually help protect against TCPA personal liability?

Clean formalities reduce veil-piercing risk but not direct-participation risk. Keep separate bank accounts, document board or member decisions, and never pay personal expenses from the LLC. For direct-participation protection, what matters more is genuine delegation: someone other than the founder approves campaign lists and execution, with documented decision trails showing the founder set the compliance rules but didn't direct individual campaigns.

What is the best thing a founder can do today to reduce personal TCPA exposure?

Document your consent records before the next campaign. Verify your contact list against the National DNC Registry. Write a one-page TCPA compliance policy naming who approves campaigns. If a complaint or demand letter arrives, stop the relevant campaign immediately. These steps show non-willful conduct and put distance between you personally and the decision to send any specific message to any specific number.

If a TCPA lawsuit names me personally, what happens during litigation?

Plaintiff's counsel uses discovery to request emails, Slack messages, campaign approvals, and call logs showing your personal involvement. Anything that shows you reviewed contact lists, approved message copy, or received and ignored prior complaints strengthens the case against you personally. That's why documentation of a real compliance process matters before litigation starts, not after.

Are TCPA class actions common against small startups, or just big companies?

Both. Plaintiffs' TCPA attorneys work on contingency, so they follow violations, not company size. Small startups running aggressive SMS or cold-calling campaigns without proper consent procedures are frequent targets. The statutory damages structure means even a modest campaign generates millions in theoretical exposure, which makes small companies attractive settlement targets. The Cash App settlement and similar cases show how seriously courts take volume violations.

Does being a passive investor or silent member of an LLC protect me from TCPA liability?

Generally yes, for direct-participation liability. If you have no role in campaign decisions, no authority over the marketing team, and no knowledge of calling practices, the direct-participation theory is very hard to apply to you. LLC membership alone doesn't create liability. The risk rises steeply the moment you approve, review, or direct any part of the outbound calling or texting operation.

Can TCPA violations result in criminal liability for founders, beyond civil damages?

TCPA violations are generally civil, not criminal. The statute provides for private lawsuits and FCC enforcement actions, but criminal prosecution under the TCPA itself is rare and usually limited to cases with deliberate fraud layered onto the calling violation. State attorneys general can bring actions under state unfair practices laws, which sometimes carry different enforcement mechanisms. For most founders, the practical risk is civil statutory damages and class-action liability.

How do I know if my outbound calling or texting program creates personal founder risk?

Ask yourself: Did I personally approve the contact list or message copy? Do I review campaign performance data? Have I received a complaint, opt-out request, or demand letter and kept the campaign running anyway? A yes to any of these means meaningful personal exposure under the direct-participation theory. A compliance audit of your consent records and calling practices is the right next step.

Does having a written TCPA compliance policy actually help in court?

Yes, meaningfully. A written policy that was actually followed is evidence of non-willful conduct, which caps damages at $500 per violation instead of $1,500. It also shows you were acting in a governance capacity rather than as a direct operational participant. Courts distinguish a founder who set compliance rules from one who ignored them. The policy has to be real and followed, not a paper document nobody reads.

Sources

  1. Legal Information Institute, Cornell Law School, 47 U.S.C. § 227 (Telephone Consumer Protection Act): The TCPA makes it unlawful for 'any person' to make certain calls or texts without consent, and sets statutory damages at $500 per violation and up to $1,500 for willful violations.
  2. Fitzhenry-Russell v. Dr. Pepper Snapple Group, N.D. Cal. 2017, Case No. 17-cv-00564: Federal district court allowed TCPA claims to proceed against individual officers who directed a telemarketing program, a key direct-participation precedent.
  3. Federal Trade Commission, National Do Not Call Registry: The FTC operates the National DNC Registry; commercial users access it by subscription, and consumers and organizations can verify registration status on the official site.
  4. FTC, Complying With the Telemarketing Sales Rule: FTC guidance on telemarketing compliance discusses individual liability for persons who direct or authorize deceptive or abusive telemarketing practices.
  5. Uniform Limited Liability Company Act (ULLCA), Uniform Law Commission: Standard LLC law in the United States provides that members and managers are not personally liable for the debts and obligations of the LLC solely by reason of their membership or management role.
  6. FTC, National Do Not Call Registry Data Book FY2023: The FTC publishes annual data on DNC registry size, complaints, and enforcement actions, providing baseline figures on the scale of telemarketing compliance enforcement.
  7. 47 U.S.C. § 227(b)(3), Telephone Consumer Protection Act, private right of action provision: The TCPA's private right of action allows any person to sue for $500 per negligent violation and up to $1,500 per willful violation, with no cap on class-action aggregate damages.
  8. California Court of Appeal, Sonora Diamond Corp. v. Superior Court (2000), veil-piercing two-prong test: California courts apply a two-prong alter-ego test requiring unity of interest and an inequitable result to pierce the corporate veil, one theory used in TCPA cases against founders.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit