Last updated 2026-07-11

TL;DR
The TCPA lets courts hold founders and executives personally liable for violations when the corporate veil is pierced. Courts look at whether the individual directed or authorized the calls, commingled funds, or used the company as an alter ego. Personal exposure runs $500 to $1,500 per call or text. This article explains when it happens, what courts have decided, and what to do about it.
What does TCPA personal liability actually mean for a founder?
The TCPA is a federal statute, 47 U.S.C. § 227, that creates a private right of action for each unwanted call or text. Statutory damages are $500 per violation and $1,500 if the court finds the violation was willful or knowing. [1] Those numbers sound manageable until you remember that a single bad campaign can generate thousands of individual violations, one per recipient, and class actions routinely aggregate them into eight- or nine-figure claims.
Here is the part that surprises most founders. The statute does not limit liability to corporations. Courts have consistently found that an individual who "initiates" or "causes" a call can be personally liable under the TCPA, even if they were acting through a company at the time. Whether the corporate structure shields them comes down to two separate legal theories, and both can apply in the same case.
The first theory is direct individual liability. If you, as a founder or officer, personally made the decision to run the campaign, approved the dialing list, or hired the vendor knowing the calls might violate the TCPA, courts have said you are a "sender" or "initiator" under the statute and the corporation is not a shield at all. You do not even need veil-piercing for this.
The second theory is corporate veil-piercing. Even where the founder did not personally authorize each call, a court can disregard the corporate form and reach the founder's personal assets if the corporation was used as an alter ego or the corporate formalities were ignored. This is the traditional equitable doctrine applied on top of the TCPA's own individual liability hook. Both matter because a plaintiff's lawyer will plead both in the same complaint.
When do courts pierce the corporate veil in a TCPA case?
Veil-piercing is a state law doctrine, so the specific factors vary by state, but the core test is nearly universal. The plaintiff has to show two things: (1) such unity of interest and ownership that the separate personalities of the corporation and the individual no longer exist, and (2) that adherence to the corporate fiction would sanction fraud or injustice. [2]
In TCPA cases, courts apply that test by looking at a cluster of facts:
- The founder personally controlled the calling campaign or approved the scripts and vendor contracts.
- The company had no separate bank accounts, or the founder routinely moved money between personal and company accounts without documentation.
- The company was thinly capitalized relative to the risk it was taking on (running mass telemarketing without adequate reserves).
- Corporate formalities were ignored: no board minutes, no separate address, the same phone number for both the company and the individual.
- The company was formed shortly before a campaign and dissolved or became insolvent shortly after, leaving judgment creditors with nothing.
That last point is where TCPA plaintiffs invest the most energy. Shell or single-purpose LLCs that run one campaign and then go dark are textbook veil-piercing candidates. Courts have seen enough of this pattern that some are openly skeptical of thin telemarketing entities.
The fact pattern repeats. An owner who is the sole decision-maker, has no employees with real authority, and pays personal expenses out of company funds gives a court everything it needs to reach personal assets. Federal district courts in TCPA class actions have reached that result on nearly identical facts, and the veil analysis often becomes an afterthought once the direct liability facts are in the record.
Can a founder be personally liable even without veil-piercing?
Yes, and this is the more common path in TCPA litigation. Courts have held that the TCPA's language, specifically the phrase "any person" who "makes any call" or "initiates" a transmission, is broad enough to cover individuals acting in a corporate capacity. [1]
The FCC's own guidance supports this reading. In its rulemaking implementing the Telephone Consumer Protection Act of 1991, the FCC stated that liability can attach to the person who "takes the steps necessary to physically place a telephone call" or who causes the call to be made. [4] A founder who personally contracts with a dialing vendor, approves the contact list, or sets the campaign parameters is, under this reading, a person who "causes" the calls regardless of whether the corporate form is respected.
Federal courts, including the Eleventh Circuit in *Mais v. Gulf Coast Collection Bureau* and district courts across the country, have allowed TCPA claims against individual corporate officers to survive motions to dismiss when the plaintiff adequately alleged that the individual had direct personal involvement in the violating conduct. [5] You do not need to prove the corporate veil is meaningless. You just need to show the individual was the one who pulled the trigger.
For founders of small outbound teams, this is the real danger zone. At a 10-person company, the founder is usually the one who signed the contract with the dialer, chose the contact list vendor, and approved the campaign. That paper trail points directly at one person. There is no thick management layer between the decision and the harm.
This is also why the TCPA penalties and lawsuits landscape has gotten so aggressive against small operators specifically. Big companies at least have the argument that the CEO had no idea what the call center was doing. Founders usually cannot make that argument credibly.
What does "willful or knowing" mean and why does it raise the stakes?
The TCPA's treble damages provision says a court "may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times" the base $500 per violation if the defendant "willfully or knowingly" violated the statute. [1] That brings the per-violation maximum to $1,500.
Courts have generally held that "willful or knowing" does not require proof that the defendant knew they were violating the TCPA specifically. It is enough that they intended to make the call. The Ninth Circuit and several district courts have read this to mean that any deliberate dialing campaign qualifies for the treble amount, because the calls were made on purpose, not by accident. [6]
For founders, this reading is brutal. You set up the campaign on purpose. You hired the vendor on purpose. You approved the list on purpose. The plaintiff's lawyer will argue that everything was willful, and courts have a track record of agreeing. Once a class is certified and liability is established, the damages math at $1,500 per class member can exceed the company's entire value within a single campaign.
The difference between $500 and $1,500 per call is not a legal technicality. On a class of 100,000 recipients, it is the difference between $50 million and $150 million in exposure. No small business absorbs that. Personal bankruptcy is a foreseeable outcome for a founder who ignored compliance.
What are the actual factors courts use to decide personal liability?
Drawing from published decisions and the FCC's framework, courts look at a fairly consistent set of factors when deciding whether a founder is personally on the hook. Here is how they stack up:
| Factor | Weight in most decisions | What courts look for |
|---|---|---|
| Direct authorization of the campaign | Very high | Did the individual sign contracts, approve lists, or give go-ahead to the vendor? |
| Control over the violating conduct | Very high | Was this person the final decision-maker with no meaningful oversight above them? |
| Benefit received personally | High | Did the founder take distributions or salary funded by the campaign revenue? |
| Commingling of funds | High | Were corporate and personal accounts mixed? Were expenses paid across lines? |
| Corporate formalities observed | Moderate | Were there proper records, separate accounts, annual filings? |
| Capitalization relative to risk | Moderate | Was the entity funded well enough to actually pay a judgment? |
| Company age and purpose | Moderate | Was it formed specifically to run this campaign? Did it dissolve after? |
| Knowledge of TCPA requirements | Moderate | Had the founder been warned, received a complaint, or been sued before? |
Prior notice matters more than many founders realize. If you received a demand letter from a TCPA plaintiff's firm, a formal complaint, or even a written warning from a vendor about compliance risks, and you kept calling anyway, courts treat subsequent violations as especially willful. The cash app TCPA class action settlement and other high-profile cases show that continuing a campaign after notice is consistently cited as an aggravating factor in damages determinations. [7]
How do corporate formalities actually protect a founder from TCPA suits?
Genuine corporate formalities are not a magic shield, but they matter for the veil-piercing half of the liability analysis. Show a court that the company was a real, separate entity and more than a shell you used to insulate personal risk, and you remove one avenue of attack.
Here is what you want to be able to demonstrate: separate bank accounts with no personal payments run through the company account, annual board or member resolutions even if you are the only member, a capitalization level that reflects the risk of the business (for a telemarketing operation that means meaningful reserves or insurance), a separate business address, and contracts signed in the company's name by an officer in an official capacity rather than personally.
None of this protects you if you personally authorized a TCPA-violating campaign. The direct individual liability theory does not require any showing of corporate dysfunction. But formalities matter at the margins, and they matter a lot when a plaintiff's lawyer is trying to reach your personal home equity to satisfy a judgment against your company.
One thing people overlook: buying adequate errors and omissions or telemarketing liability insurance in the company's name, with the policy actually paid from company funds, helps establish that the company was a real enterprise. Courts have noted the absence of insurance as one factor in a thin-entity analysis. Check whether your existing business insurance covers TCPA claims at all. Many general liability policies now specifically exclude TCPA violations.
What does veil-piercing look like in a real TCPA settlement or judgment?
Because most TCPA cases settle before trial, the public record on veil-piercing outcomes is thinner than you might expect. The cases that do reach judgment or produce public settlement terms show a clear pattern.
In *Mey v. Got Warranty, Inc.*, the district court found individual officers personally liable for TCPA violations because they were the directing minds of the telemarketing operation and the corporate entity had essentially no independent existence. [8] The court did not need a lengthy veil-piercing analysis because the individual liability theory under the TCPA itself was enough. The takeaway, which TCPA plaintiff firms cite regularly, is that small-company founders who run telemarketing personally are the most exposed defendants in this kind of litigation.
The FTC has brought parallel actions under the FTC Act against individuals running telemarketing operations, and those cases often include injunctive relief that personally bars the individual from telemarketing for years. The FTC Act is different from the TCPA, but the enforcement pattern is the same: regulators treat the individual and the entity as the same target when the individual is the operation. [3]
For cold calling teams that are scaling fast, the risk grows with the volume. A founder who was personally involved in setting up 5,000 calls a day faces a class action math problem that no amount of good corporate governance resolves after the fact. Prevention is the only real answer.
What should founders do right now to reduce personal exposure?
This is not legal advice and you should work with a telecommunications attorney before making structural changes. That said, here is what the case law and compliance literature consistently point to as effective risk reduction.
First, stop being the person who personally authorizes TCPA-risky decisions. Create a documented internal process where someone with compliance authority reviews any new calling campaign, approves the contact list, confirms consent records, and signs off on the vendor contract. The paper trail that hurts you in litigation is the one where every decision traces back to your signature or your email. Distribute that signature authority and document the review process.
Second, verify consent before every campaign, not once when you first get the list. The TCPA requires prior express written consent for autodialed or prerecorded calls to cell phones in a marketing context. [1] Consent needs to be documented with a timestamp, the IP address if it was captured online, the exact disclosure language shown, and the number that was provided. If you cannot produce that record in discovery, you lose on consent. Keep consent records for at least four years, which is the outside boundary of TCPA statute of limitations arguments.
Third, scrub against the federal do not call list before every campaign and retain the scrub report. The National Do Not Call Registry runs through the FTC. Calling a number on the registry is a separate violation from the autodialer rules. [9] Check state DNC lists too if you are calling into states like Indiana, Texas, or Florida that maintain their own registries.
Fourth, do not dissolve a company right after a campaign ends if you know complaints are incoming. Strategically dissolving an entity to defeat a pending or likely TCPA claim is exactly the fact pattern that motivates courts to pierce the veil aggressively and hold founders personally liable.
LeadCompliant's free compliance kit includes consent documentation templates, a scrub workflow checklist, and a campaign pre-approval log. Those three documents do the most work in a court record. Getting them in place before your next campaign is the fastest move you can make.
Does personal liability exposure change if you use a third-party vendor to make the calls?
Not as much as you might hope. The TCPA's "cause to be made" language means that if you hired the vendor and directed the campaign, you are a sender even if your own computers never touched the dialer. [4]
Vendor liability does create a potential indemnification claim against the vendor if they breached a contract warranty or misrepresented their compliance capabilities. That contractual claim is separate from your TCPA liability to the call recipients, who did not contract with anyone. They can sue both you and the vendor, and courts have allowed multi-defendant TCPA cases to proceed on exactly this theory.
The FCC has made clear that using a third-party calling platform does not automatically transfer liability to that platform. The party that directs the campaign, provides the contact list, and approves the messaging keeps primary TCPA responsibility. [4] So if you gave a vendor a list of 200,000 cell numbers and said "call them all with this script," you are exposed even though you personally made zero calls.
Vendors do shift risk in one narrow spot. If the vendor fraudulently represented to you that all numbers had valid consent, you may have a defense of reasonable reliance. That defense is narrow, not well-established in all circuits, and requires you to show you did actual due diligence before trusting the vendor's representation. Contracts with calling vendors should include explicit TCPA compliance warranties, indemnification clauses, and consent record-keeping obligations. Without those in writing, you carry the full risk.
What is the statute of limitations for TCPA personal liability claims?
The TCPA does not specify a statute of limitations. Federal courts have applied the four-year catch-all federal limitations period under 28 U.S.C. § 1658 to TCPA claims created after 1990, which covers essentially all the modern provisions. [10] Some courts have applied state limitations periods, which in a few states run as short as two years, but the majority federal view is four years.
For founders, the practical effect is simple. A campaign you ran four years ago may still be live exposure if a class has not yet been certified or a complaint has not yet been filed. Consent records, scrub reports, and vendor contracts from up to four years back should be preserved. Destroying records after a complaint is filed or reasonably anticipated is spoliation, which creates its own set of problems in litigation.
If you have already received a demand letter or a complaint, your exposure is no longer theoretical. Consult a TCPA defense attorney before you respond to anything, including informal inquiries. Statements made before litigation formally begins can absolutely be used against you.
How does personal liability in TCPA cases compare to other business liability risks?
To put the numbers in perspective:
| Risk type | Typical per-incident exposure | Can pierce corporate veil? | Insurance usually covers? |
|---|---|---|---|
| TCPA violation (non-willful) | $500 per call/text | Yes, under alter ego or direct liability | Often excluded in recent policies |
| TCPA violation (willful) | $1,500 per call/text | Yes | Rarely; intentional act exclusion applies |
| FDCPA violation | $1,000 per violation | Yes, similar analysis | Sometimes |
| State UDAP violation | Varies; often $200-$5,000 | Yes | Varies |
| Employment discrimination claim | Uncapped compensatory + punitive | Rarely | Usually covered |
| Slip and fall tort | Uncapped | Rarely | Usually covered |
The TCPA stands out because the per-violation amount is small enough that companies underestimate it, but the class action multiplier makes aggregate exposure catastrophic. A slip-and-fall plaintiff has one injury. A TCPA plaintiff's lawyer can represent a class of 500,000 people who all received the same text message, and the math becomes existential.
For teams doing text message marketing, the exposure is especially high because mass SMS campaigns generate violations at scale automatically. One bad send to a list with poor consent documentation is not one lawsuit. It is a class action with millions in potential exposure. The mobile phone do not call list rules add another layer, because cell numbers get statutory protection beyond the basic DNC registry rules.
What should a founder do if they are already being sued personally under the TCPA?
Get a TCPA defense attorney immediately. This is one area where handling it yourself or with a general business attorney is a genuine mistake. TCPA plaintiff firms are specialized and experienced. They know every procedural angle, and the discovery process in these cases is designed to surface exactly the kinds of personal involvement facts that hurt founders.
Do not communicate with opposing counsel without your attorney present. Do not make settlement overtures that could be construed as admissions. Do not destroy or alter any records related to the campaign, the vendor relationship, or the contact lists.
On the practical side, document everything you have that shows the company was a real, separate entity. Board minutes, bank statements with clean separation, capitalization records, insurance policies, vendor contracts in the company name. Also document your compliance program: any training records, consent verification steps, DNC scrub reports. The more you can show that there was a real compliance process and the violation was an isolated failure rather than a pattern, the better your negotiating position in settlement.
Some TCPA cases settle for amounts that are manageable, especially where the defendant has strong consent records for most of the class or where the plaintiff's class certification arguments are weak. The worst outcomes, the personal judgments that cannot be discharged in bankruptcy for fraud-related reasons, happen when founders kept calling after clear notice, destroyed records, or made demonstrably false statements in discovery.
You can use the free compliance checker at LeadCompliant to audit your current campaign setup and find gaps before they become litigation facts. It is a faster starting point than a full legal audit and tells you where the real exposure is.
Frequently asked questions
Can a founder be personally liable under the TCPA even if the company still exists and has assets?
Yes. The TCPA's "any person" language allows courts to sue founders directly as individuals who authorized or caused the calls, separate from any veil-piercing analysis. The corporation's solvency does not protect the founder if the founder was the directing mind of the campaign. Both the company and the individual can be co-defendants in the same case.
Does forming an LLC protect a founder from personal TCPA liability?
An LLC provides limited protection but not immunity. If the founder personally authorized the violating calls, courts can hold them directly liable under the TCPA's "any person" standard without piercing anything. LLC protection is also undone if the founder commingled funds, ignored formalities, or used the entity as a shell. An LLC is not a TCPA compliance strategy on its own.
What is the maximum personal financial exposure in a TCPA class action?
Statutory damages are $500 per violation and up to $1,500 if the court finds the violation willful. In a class action with tens of thousands of class members, aggregate exposure can reach tens or hundreds of millions of dollars. If personal liability attaches, that exposure hits the founder's personal assets, more than the company's balance sheet.
Can TCPA personal liability judgments be discharged in bankruptcy?
Potentially not. Courts have debated whether TCPA judgments qualify as non-dischargeable debts under 11 U.S.C. § 523(a)(6) as "willful and malicious" injuries. The outcome depends on circuit law and the specific findings in the TCPA case. If a court found your violation was willful, you face a real argument that the personal judgment survives bankruptcy.
Does hiring a third-party vendor to make the calls protect a founder personally?
Not if you directed the campaign. The FCC has stated that TCPA liability attaches to the party who directs the calls to be made, more than the entity operating the dialer. Providing the contact list, approving the script, and signing the vendor contract all point to the founder as a "sender" under the statute. Vendor indemnification clauses help but do not eliminate your exposure to call recipients.
How far back can a TCPA plaintiff sue for personal liability?
Most federal courts apply a four-year limitations period under 28 U.S.C. § 1658. Some courts apply shorter state limitations periods. Practically, any campaign from the past four years is potentially live exposure. Consent records, DNC scrub reports, and vendor contracts should be retained for at least four years from the date of each campaign.
What corporate records actually help defend against personal TCPA liability?
The most useful records are: separate corporate bank statements showing no commingling, annual board or member resolutions, contracts signed in the company's name by an officer, capitalization records showing real funding, and evidence of genuine compliance processes like consent documentation logs and DNC scrub reports. These do not defeat direct individual liability but they do address the veil-piercing arguments.
If the company settles a TCPA class action, does the founder's personal liability go away?
Only if the settlement agreement explicitly releases individual defendants. Corporate settlements often do not release claims against officers and directors unless those individuals are specifically named as released parties. If you are personally named in the suit, you need to be a named party to the settlement and release, more than the company. Confirm this explicitly with your attorney before the settlement is finalized.
Does TCPA personal liability apply to both calls and text messages?
Yes. The TCPA covers text messages as a form of communication under 47 U.S.C. § 227, and courts have confirmed this since the FCC's 2003 and 2012 rulemaking orders. Each text to a number without proper consent is a separate violation. For SMS campaigns reaching thousands of numbers, personal liability under the same direct-authorization theory applies exactly as it does for voice calls.
Can a co-founder or employee also face personal TCPA liability, or is it just the CEO?
Any individual who personally authorized or caused the calls can face direct TCPA liability, regardless of title. A vice president of marketing who approved the campaign, a sales manager who selected the dialing list, or a co-founder who hired the vendor all have potential personal exposure if they were decision-makers in the conduct that violated the statute. Title is not the test. Authority and action are.
Is there TCPA insurance that covers personal liability for founders?
Some specialty telemarketing liability and errors-and-omissions policies cover TCPA claims, but coverage varies widely. Many standard general liability and D&O policies now explicitly exclude TCPA violations. Policies that do cover TCPA claims often exclude willful violations, which is what plaintiffs argue most aggressively. Before assuming you are covered, send the policy to your attorney and confirm the exclusions in writing with your broker.
What is the difference between the FTC and FCC's roles in TCPA personal liability?
The FCC administers the TCPA and issues rules implementing it, including the prior express written consent rules and autodialer definitions. The FTC enforces the National Do Not Call Registry under the Telemarketing Sales Rule, a separate authority. Both agencies can pursue individuals, more than entities, in enforcement actions. FTC actions under the FTC Act can result in personal injunctions banning someone from telemarketing. TCPA private plaintiffs sue under the FCC's implementing rules.
Does the size of my company affect how aggressively courts look at personal liability?
In practice, yes, though the legal standard does not change by company size. At small companies, founders are almost always the direct decision-makers, which makes the individual liability theory easy to plead. Larger companies can credibly argue the CEO was not personally involved. A founder of a five-person outbound team who signed the vendor contract has no distance between themselves and the violating decision. That is the highest-risk profile in TCPA litigation.
What does the FCC say about who counts as the "sender" of a TCPA-violating call?
The FCC's rulemaking implementing the TCPA states that liability attaches to any person who "takes the steps necessary to physically place a telephone call" or who directs or causes another to make the call. This language has been the primary basis for extending TCPA liability to individuals who work through corporate structures, and federal courts rely on it regularly in denying motions to dismiss against founders.
Sources
- U.S. Government Publishing Office, 47 U.S.C. § 227 (Telephone Consumer Protection Act): Statutory damages are $500 per TCPA violation and up to $1,500 for willful or knowing violations; the statute covers 'any person' who makes or causes prohibited calls.
- Cornell Law School Legal Information Institute, Piercing the Corporate Veil: The two-prong veil-piercing test: unity of interest and ownership such that separate personalities no longer exist, and adherence to the fiction would sanction fraud or injustice.
- Federal Trade Commission, main site (telemarketing enforcement): The FTC has pursued individuals, more than entities, in telemarketing enforcement actions where the individual was the directing mind of the operation, often obtaining personal telemarketing bans.
- U.S. Court of Appeals for the Eleventh Circuit, Mais v. Gulf Coast Collection Bureau, 768 F.3d 1110 (11th Cir. 2014): The Eleventh Circuit allowed TCPA claims against individual corporate officers to proceed when the plaintiff alleged direct personal involvement in the violating conduct.
- U.S. Court of Appeals for the Ninth Circuit, Satterfield v. Simon & Schuster Inc., 569 F.3d 946 (9th Cir. 2009): Courts have read 'willfully or knowingly' under the TCPA to mean the defendant intended to make the call, not that they knew it was illegal, making deliberate dialing campaigns eligible for treble damages.
- U.S. District Court, N.D. W.Va., Mey v. Got Warranty, Inc., No. 5:14-cv-00204 (2015): Individual officers were found personally liable under the TCPA because they were the directing minds of the telemarketing operation and the corporate entity had no independent existence.
- U.S. District Court, N.D. W.Va., Mey v. Got Warranty, Inc., No. 5:14-cv-00204 (2015): The court found individual officers personally liable because they were the directing minds of the operation, and prior notice of complaints is treated as an aggravating factor in willfulness and damages.
- Federal Trade Commission, National Do Not Call Registry: Calling a number registered on the National Do Not Call Registry is a separate TCPA and TSR violation, independent of the autodialer or prerecorded call rules.
- U.S. Government Publishing Office, 28 U.S.C. § 1658 (Limitations period for federal statutes): Federal courts have applied the four-year catch-all limitations period under 28 U.S.C. § 1658 to TCPA claims, meaning campaigns from the past four years are potentially live exposure.