Last updated 2026-07-11

TL;DR
Yes, individual officers and directors can be personally liable for a company's TCPA violations. Courts apply a "direct, personal participation" standard, or they pierce the corporate veil, when an executive knowingly authorized or directed illegal calls or texts. Personal exposure runs $500 to $1,500 per violation, with no cap. One mid-sized text campaign can put millions on a single person.
Can an officer or director be personally sued for company TCPA violations?
Yes. The corporate shield does not automatically protect you. Courts in the Ninth, Eleventh, and Seventh Circuits have held that an individual who personally authorizes, directs, or participates in TCPA violations can be named as a defendant alongside the company, with no need to pierce the corporate veil first. [1]
The statute does not limit liability to corporations. 47 U.S.C. § 227 imposes liability on "any person" who violates the Act. [2] That one word covers individuals. Courts read it that way routinely.
So there are two routes to personal liability. The first is direct participation, meaning you were personally involved in sending or approving the campaign. The second is veil-piercing, which applies when the company is so undercapitalized or intertwined with the individual that treating them as separate would be a fiction. The direct-participation theory catches the most executives off guard. It does not require any showing of corporate misconduct or fraud. It just requires that you, personally, had a hand in the violation. [3]
This is not a theoretical risk. Courts have entered judgment against chief executive officers, chief marketing officers, and sales directors in real cases, sometimes for amounts that dwarf the company's total assets.
What is the "direct, personal participation" standard courts use?
The standard asks two things. Did the individual personally participate in the violating conduct? Or did they have authority to control it and fail to stop it? The framework comes from cases like FTC v. Dish Network, where regulators pursued individual liability against corporate officers. [3]
Participation does not mean you physically dialed a phone. Signing off on a text campaign counts. So does approving a vendor contract for an auto-dialer, setting call volume targets, or writing the script consumers hear. Courts look at the whole picture of an executive's involvement, and titles alone do not impress them.
The "authority to control" prong is the dangerous one for passive executives. If you had the power to stop the campaign and did not, that is enough. A CEO who hears from counsel that a campaign is legally risky and proceeds anyway has almost no defense. Neither does a VP of Sales who owns the vendor relationship with the dialing platform.
In the Ninth Circuit, the standard grew out of cases dealing with both the TCPA and the FTC Act, and courts import those principles freely. [3] Plaintiffs' lawyers know this. They routinely name individual executives in complaints because it creates settlement pressure, even when the individual would eventually win.
How much can individual TCPA liability cost an officer or director?
The TCPA sets $500 per violation for negligent conduct and $1,500 per violation for willful or knowing conduct. [2] There is no cap. Each call or text is a separate violation.
Do the math. A campaign that sends 100,000 texts without proper consent generates $50 million in liability at the base rate, or $150 million if a court finds willfulness. Individual defendants in class actions face the same arithmetic as the company. Courts can reduce awards, but they often do not once they find someone acted knowingly.
Here is how per-message exposure stacks up:
| Violation type | Per-message exposure | 10,000 messages | 100,000 messages |
|---|---|---|---|
| Negligent TCPA violation | $500 | $5,000,000 | $50,000,000 |
| Willful or knowing violation | $1,500 | $15,000,000 | $150,000,000 |
Those numbers apply per named defendant, individuals included. Directors and officers liability (D&O) insurance may cover defense costs, but many policies exclude intentional violations or regulatory proceedings. Read your policy before you assume you are covered. [4]
The cash app tcpa class action settlement shows how large these cases get even when the defendant has deep pockets.
Does the corporate veil protect officers and directors?
Not automatically, and not under the direct-participation theory at all. The corporate form protects shareholders from contract and tort liability. But the TCPA's "any person" language, paired with the direct-participation doctrine, lets an executive be held liable with no veil-piercing analysis at all. [1][2]
Veil-piercing is a separate, extra route. If the company is a shell, undercapitalized, or the officer mixed personal and corporate money, a court can also reach the individual through ordinary corporate law. That is a harder showing for plaintiffs. It matters most when the company has already gone bankrupt or dissolved after the violations happened.
Here is the practical reality. Plaintiffs name individuals at the complaint stage to see what shakes loose. Companies that settle early often fold in individual releases. Companies that fight get into discovery, where internal emails, Slack messages, and meeting notes become evidence of who approved what. That is the point where a lot of executives wish they had documented things differently.
Which executives are most at risk?
The roles closest to the revenue machine carry the most exposure: CEO, President, VP of Sales, VP of Marketing, Chief Revenue Officer, Chief Marketing Officer. Anyone who directly runs the outbound calling or texting operation is squarely in the zone.
General counsel and compliance officers sit in a trickier spot. A GC who raises concerns, gets overruled, and documents the objection has low exposure. A GC who greenlights a campaign despite obvious legal risk can be named too. Compliance is no shield if you rubber-stamp bad practices.
Board directors face liability mainly when they specifically authorized a campaign or had actual knowledge of violations and did nothing. A director who read a board-level risk report flagging TCPA exposure and voted to keep going is in a far worse position than one who knew nothing. Willful blindness, meaning deliberately avoiding the information, does not help either.
Small companies are the most exposed of all. At a 10-person outbound shop, the CEO often set up the dialing software, approved the contact list, and wrote the scripts. There is no plausible separation between the person and the conduct. [3]
What real cases show officer and director TCPA liability?
The clearest line runs through FTC v. Dish Network. Regulators pursued individual liability against the principals of Dish's telemarketing vendors for years. Those proceedings set the precedent that officers who controlled and directed the violating programs could not hide behind the corporate entity. [3]
In private civil litigation, the Ninth Circuit has affirmed in multiple rulings that individual defendants who authorized or controlled TCPA-violating campaigns can be held personally liable. Courts in Florida, an aggressive TCPA venue, have entered default judgments against individuals when the company shut down and the principals tried to walk away.
The credit one tcpa settlement shows how large institutional defendants handle these cases. Smaller companies cannot absorb hits like that, and the individuals involved face bankruptcy-level exposure.
Nobody has a clean public accounting of how many executives have personally paid TCPA judgments, because most cases settle under confidentiality. What the docket does show is that individual defendants appear alongside corporate ones in a large share of TCPA class actions. [12]
How does FCC enforcement treat individual officers?
The FCC can issue forfeiture orders against "any person" who willfully or repeatedly violates the Communications Act or FCC rules, under 47 U.S.C. § 503(b). [5] That includes individuals, not only companies.
FCC enforcement actions name individuals when the evidence shows they personally directed the conduct. The Commission's forfeiture orders can run into the tens of millions of dollars. The FCC has historically focused on robocall scammers rather than B2B sales teams, but the agency keeps escalating its attention on text marketing and outbound dialing programs.
The FCC's 2023 rulemaking on one-to-one consent for lead generation flagged the role of corporate principals in authorizing non-compliant consent flows. [11] The Commission has made clear it treats the humans running these programs as accountable, not only the legal entities.
For cold calling programs, FCC enforcement matters less than private civil liability, because most exposure comes from private suits. But an FCC forfeiture order is a public record, and plaintiffs use it in later civil cases to establish willfulness, which triggers the $1,500 per-violation rate.
What defenses are available to individual defendants?
The strongest defense is lack of personal participation. If you truly had no knowledge of and no control over the campaign, that is your argument. Document it as it happens, not after the lawsuit lands.
Reliance on counsel is a partial defense. An executive who sought legal advice, got an opinion that the program was compliant, and followed it in good faith stands on firmer ground than one who ignored warnings. Courts do not grant this automatically, and "reliance" means actually following the advice, not collecting a memo for cover.
Established consent is a company-level defense that flows up to individuals. If the company held proper prior express written consent for every contact, there is no underlying violation for the individual to answer for. That is why your consent infrastructure matters so much. [2] Getting your text message marketing opt-in process right upstream erases the exposure that otherwise lands on executives personally.
The absence of an autodialer or prerecorded message can also defeat some TCPA claims, though the definition of "automatic telephone dialing system" (ATDS) stays contested after the Supreme Court's 2021 decision in Facebook v. Duguid. [8] The Court held that a system must "use a random or sequential number generator" to qualify as an ATDS. That narrowed the definition, but live-agent dialing from contact lists can still trigger do-not-call claims with no ATDS in sight.
How should officers and directors reduce their personal exposure?
Start with a real compliance program, not a paper one. A program nobody follows is worse than nothing in court, because it proves you knew the rules and ignored them.
Here are the steps that actually move your personal risk:
- Make consent documentation the gate before any campaign launches. No record of consent, no campaign. Full stop.
- Give one person real authority over compliance, reporting straight to the CEO or board. Not a junior paralegal with no budget and no power.
- Keep written records of compliance approvals for every campaign: which list was used, what consent basis applied, whether the DNC registry was scrubbed, and when. [9]
- Read your vendor contracts for dialing and telemarketing platforms. Confirm they carry their own liability and that you have indemnification.
- Never accept a legal risk memo and then proceed without documented mitigation. That paper trail shows up in discovery.
If you run an outbound team and have not done a full TCPA audit lately, the compliance kit at LeadCompliant gives you a structured place to start finding gaps before a plaintiff does.
On list hygiene, scrubbing against the federal do not call list is table stakes. [10] Beyond that, scrubbing against state DNC lists and wireless number databases lowers the odds that any single call becomes a violation at all.
Check whether your cold call scripts and training reflect current law. Outdated scripts citing consent standards from five years ago are their own liability.
Does D&O insurance cover TCPA claims against individuals?
Sometimes, but not reliably. D&O insurance covers wrongful acts committed while managing a company. TCPA violations can fall inside that definition, but insurers often argue exclusions for intentional misconduct, violations of law, or regulatory penalties.
Exclusion language varies enormously by policy. "Profit or advantage" exclusions are common: if the court finds the executive personally profited from the campaign, the insurer may disclaim. "Knowing violation" exclusions knock out coverage exactly when exposure peaks, because the $1,500 willfulness rate only applies to knowing conduct.
Some companies carry employment practices liability (EPLI) or errors and omissions (E&O) coverage that touches TCPA exposure, but neither substitutes for D&O. The honest answer: read your policy and get an actual opinion from coverage counsel before anything happens. Nobody has reliable public data on how often TCPA individual-defendant claims end in covered defense or indemnity, because insurers hold their claims data close. [4]
What should a new officer or director do when joining a company with an outbound program?
The day you join, you inherit whatever compliance posture already exists. That matters because your personal liability clock starts once you have authority and knowledge. Courts will ask what you knew and when.
Run an intake review within 30 to 60 days. Ask for the last TCPA audit, the consent documentation process, the DNC scrubbing frequency, any prior complaints or litigation, and the vendor contracts for dialing technology. If there is no documented compliance program, that is your first project.
Find active violations? Get outside counsel involved right away. Put your concern in writing. If the board or your superiors overrule you, document that too. In litigation, the paper trail of someone who raised the issue and got overruled looks nothing like the record of someone who stayed quiet.
The do not call telemarketer list and the federal registry scrubbing cadence are usually the fastest things to confirm. If the company is not scrubbing at least every 31 days, that is a violation under the FTC's rules, and fixing it is a one-week job, not a six-month overhaul. [9]
How does the TCPA treat small business owners compared to corporate officers?
Worse, in practical terms. At a large company, there is organizational distance between the CEO and the dialing platform. At a small business, the owner usually made every decision about the outbound program. Courts find direct participation trivially in those situations.
Small business owners also lack the infrastructure that gives large companies at least some defense. No compliance committee. No outside counsel on retainer. No documented approval chain.
The TCPA applies identically regardless of company size. A sole proprietor who sends 10,000 unwanted texts faces the same $500 to $1,500 per-message exposure as a Fortune 500 company. The difference is who can survive it. The big company absorbs a settlement. The small owner does not.
If you run a small outbound shop and you are the person who owns the dialing login, approved the contact list, and wrote the scripts, treat your personal financial exposure as identical to the company's. They are not meaningfully separate.
Consent documentation, DNC scrub logs, and records of every campaign decision are not bureaucratic overhead. For a small business owner, they are the line between a dismissible claim and a judgment that follows you home.
Frequently asked questions
Can a CEO be personally sued for TCPA violations committed by the company?
Yes. Courts hold CEOs personally liable under the TCPA's "any person" standard when they directly authorized or participated in the violating campaign. The corporate form does not protect an executive who was personally involved in or controlled the conduct. Personal exposure runs $500 to $1,500 per call or text, with no cap.
What is the "any person" standard in the TCPA?
47 U.S.C. § 227 imposes liability on "any person" who violates the Act, not only corporations. Courts read this to reach individual officers, directors, and even employees who personally participated in or directed TCPA-violating calls or texts. It is the statutory basis for pursuing individuals without needing to pierce the corporate veil.
Does the corporate veil protect directors from TCPA lawsuits?
Not under the direct-participation theory. If a director personally authorized or controlled the violating campaign, they can be held liable with no veil-piercing analysis. Veil-piercing is a separate route plaintiffs use when the company is a shell or undercapitalized, but it is not required to reach individual defendants.
How much can an individual officer owe in a TCPA judgment?
The TCPA sets $500 per violation for negligent conduct and $1,500 per violation for willful or knowing conduct, with no cap. A campaign of 100,000 texts can mean $50 to $150 million in individual exposure. Most cases settle, but courts have discretion to award full statutory damages when they find willfulness.
Does D&O insurance cover personal TCPA liability?
Sometimes, but the exclusions bite hard. Many D&O policies exclude intentional misconduct or knowing violations of law. Since the $1,500 willfulness rate only applies to knowing violations, coverage often vanishes exactly when exposure is highest. You need an actual coverage opinion from counsel, not an assumption that D&O means full protection.
What does it mean to "directly participate" in a TCPA violation?
Courts look at whether you approved the campaign, picked the contact list, signed the vendor contract, set call volume targets, or had authority to stop the program and did not. You do not need to have dialed a phone yourself. Approving a marketing campaign with a known legal risk is direct participation.
Can a director who did not know about a TCPA violation be held liable?
Generally no, unless they had authority to control the program and a court finds willful blindness. A director who got no notice of the campaign and had no decision-making role has a strong defense. The risk climbs sharply once a director read risk memos, voted on the program, or overruled compliance concerns.
What is the best way for an officer to protect themselves before a campaign launches?
Require documented prior express written consent for every contact before any campaign launches. Keep DNC scrub records with dates. Get a legal review in writing. If counsel raises concerns, document how they were addressed. The paper trail showing you acted reasonably before the campaign is your primary defense in litigation.
How does the FCC pursue individual TCPA violators?
The FCC can issue forfeiture orders under 47 U.S.C. § 503(b) against any person, individuals included, for willful or repeated violations. Enforcement actions have named corporate officers and principals in proceedings over illegal robocall campaigns. An FCC forfeiture order is also a public record that plaintiffs use in civil cases to establish willfulness.
If the company goes bankrupt, can plaintiffs still pursue the officers personally?
Yes. Corporate bankruptcy does not extinguish individual liability under the direct-participation theory. Plaintiffs routinely continue or file separate suits against individual officers after a company files for bankruptcy protection. This is one of the main reasons personal liability matters so much: the individual cannot hide behind a dissolved entity.
Does TCPA liability apply to text messages the same way it applies to calls?
Yes. The TCPA covers text messages to cell phones. A text sent using an autodialer without prior express written consent carries the same $500 to $1,500 per-message exposure as a call. Officers who authorize text campaigns without proper consent face identical personal liability to those who authorize illegal calls.
What records should a compliance-conscious officer keep to defend against personal TCPA claims?
Keep written documentation of consent records for every contact, DNC scrub logs with dates and frequency, legal review approvals for each campaign, vendor contracts with indemnification provisions, and any compliance concerns raised with written responses. Records showing you acted on legal advice and ran a real compliance process are your core defense evidence.
Are sales managers and VPs below the C-suite personally exposed to TCPA liability?
Yes, if they personally participated in or controlled the conduct. A VP of Sales who owns the vendor relationship, sets call targets, and approves the contact list is personally exposed regardless of title. The standard is about what you did, not what your business card says.
What happens to a small business owner who personally runs an outbound calling program?
They face identical exposure to the company because there is no meaningful separation between the person and the conduct. Courts find direct participation easily when one person made every decision. A small business owner's personal assets, more than the LLC's, are at risk for TCPA violations from their own outbound program.
Sources
- FTC v. Dish Network LLC, N.D. Ill., Case No. 09-cv-3073, opinion on individual officer liability: Courts have held that corporate officers who personally participate in or direct TCPA and telemarketing violations can be individually liable without veil-piercing
- 47 U.S.C. § 227, Telephone Consumer Protection Act, full statute text via Cornell LII: The TCPA imposes liability on 'any person' who violates the Act and provides for $500 per violation or $1,500 for willful or knowing violations
- FTC v. Dish Network LLC enforcement record and Ninth Circuit officer-liability doctrine, FTC: The direct-participation standard asks whether an individual personally participated in the violating conduct or had authority to control it and failed to stop it
- Insurance Information Institute, Directors and Officers Liability coverage overview: D&O policies frequently contain exclusions for intentional misconduct and knowing violations of law that can eliminate coverage for TCPA willfulness claims
- 47 U.S.C. § 503(b), FCC forfeiture authority, Cornell LII: The FCC has authority to issue forfeiture orders against 'any person' who willfully or repeatedly violates the Communications Act or FCC rules
- Facebook Inc. v. Duguid, 592 U.S. 395 (2021), Supreme Court opinion: The Supreme Court in 2021 held that a system must use a random or sequential number generator to qualify as an ATDS, narrowing the definition
- FTC, Telemarketing Sales Rule, 16 CFR Part 310, DNC scrubbing requirements: The FTC's Telemarketing Sales Rule requires telemarketers to scrub against the National Do Not Call Registry at least every 31 days
- FTC, National Do Not Call Registry, business access and compliance information: Businesses must access and scrub against the federal Do Not Call Registry before making outbound telemarketing calls
- U.S. District Court filings, PACER, TCPA class action complaint patterns identifying individual defendants: Individual executives are named as defendants alongside corporate entities in a substantial share of TCPA class action complaints