Last updated 2026-07-09

TL;DR
Debt collection agencies must get prior express consent before calling or texting cell phones with an autodialer or prerecorded voice. Violations cost $500 to $1,500 per call under 47 U.S.C. § 227. Document consent at origination, honor revocations right away, scrub against the reassigned-number database, and train collectors on the line between permitted manual calls and prohibited autodialed ones.
What is prohibited under the TCPA for debt collectors?
The Telephone Consumer Protection Act, at 47 U.S.C. § 227, bars anyone from calling (or texting, which courts and the FCC treat as a call) a cell phone with an automatic telephone dialing system (ATDS) or a prerecorded or artificial voice without the called party's prior express consent [1]. That ban applies no matter why you're calling. Collecting a debt buys you no exemption.
Section 227(b)(1)(A) says it is unlawful to make any call using an ATDS or an artificial or prerecorded voice to any number assigned to a cellular telephone service "unless the call is made for emergency purposes or with the prior express consent of the called party" [1]. One clause, three prohibitions: ATDS calls to cell phones without consent, prerecorded calls to cell phones without consent, and prerecorded calls to residential landlines without consent (with narrow emergency and informational exceptions).
For a collection shop, the practical prohibitions look like this:
- Autodialed or prerecorded calls or texts to a consumer's cell phone without prior express consent.
- Calls to numbers on the National Do Not Call Registry when those consumers never gave consent (the FDCPA and TCPA overlap here) [11].
- Continuing to call after the consumer revokes consent, no matter what the original creditor's contract said.
- Calling a reassigned number where the new subscriber never consented, even if the prior subscriber did.
Faxes are covered too, though they barely matter to most collection shops now [1].
The statute does not care whether the debt is a payday loan, a medical bill, or a credit card balance. It's content-neutral on that point. What matters is the technology you used and whether you had permission.
How does TCPA consent work for debt collection calls?
Consent splits into two categories, and confusing them gets expensive.
"Prior express consent" (the lower bar) covers informational calls about an existing debt where a business relationship already exists. The FCC's 2008 Declaratory Ruling held that a consumer gives this consent by voluntarily handing their phone number to the creditor during the transaction that created the debt [2]. Put your cell number on a loan application, and the original creditor has consent to call you about that loan. That consent can move to a debt buyer or collection agency, but only for the same debt.
"Prior express written consent" is the higher bar. It's required for any call or text that is "dual purpose" (debt information plus marketing) or that counts as telemarketing [3]. Written consent has to be a clear and conspicuous authorization that specifically agrees to autodialed or prerecorded calls, names the phone number being authorized, and carries the consumer's signature. A footnote or a buried arbitration clause doesn't count.
Here's where agencies trip. A lot of collectors now send account-resolution texts or calls that float settlement offers. Mention a discount, a payment plan, any promotional hook, and the FCC can call the message dual-purpose. Now you're in written-consent territory.
Consent also has to come before the call. You cannot call someone to ask permission to call them. That's circular, and several courts have thrown it out.
Consent is not unlimited either. It attaches to the specific debt and the specific creditor relationship. A consumer who agreed to calls about their Visa card has not agreed to calls about a separate medical bill, even if you hold both accounts.
What happens when a consumer revokes TCPA consent?
Revocation burns more collection agencies than anything else. The FCC's 2015 Omnibus TCPA Order held that consumers can revoke consent at any time, through any reasonable means [3]. That covers saying "stop calling me" on a live call, texting "stop," mailing a letter, or posting a message in an online portal. You don't get to pick the method for them.
Once consent is gone, the calls and texts stop. Immediately. Not at the end of the billing cycle, not after the collector's shift, not after one more "just following up" message. Courts have found that a single extra contact after a clear revocation can generate liability.
The hard part is operational: catching revocations across every channel. A consumer tells a live agent to stop, that note never reaches your dialer's suppression list, and the next autodialed attempt goes out anyway. New violation. A revocation workflow where the collector's note instantly flags the account in the dialer is the difference between a manageable complaint and a class action.
One trap worth naming. Some collection agreements with original creditors include language trying to limit how consumers revoke. The 2015 Order rejected that. Contractual limits on revocation methods are unenforceable. The consumer's right to revoke through any reasonable means overrides the contract.
For text campaigns, treat a STOP reply as immediate. Suppress within minutes, not days. The how consumers try to stop robocalls experience shows exactly how persistent unwanted contact turns an annoyed consumer into a plaintiff.
What is the reassigned number problem and how do you fix it?
This is one of the messier traps for collectors. Phone numbers get recycled. The person who owed the debt gave you their cell number two years ago. That number belongs to someone else now, someone who never heard of your agency, never consented to anything, and is getting your autodialed calls.
The prior subscriber's consent does not carry forward. The FCC addressed this head-on in its 2015 Order and later proceedings, holding that a caller who makes even one call to a reassigned number without consent can face liability where the caller had actual or constructive knowledge of the reassignment [3].
The fix is the Reassigned Numbers Database (RND), which the FCC launched in 2021 [4]. It's a permanent, nationwide database of reassigned numbers, run by Somos under FCC oversight. Query it before you make autodialed calls. If a number shows as reassigned since your consent date, pull it from the dialer queue. The FCC has said good-faith reliance on the RND can serve as a safe harbor defense.
Access runs roughly $0.003 per query for small users (under 100,000 queries a month) under the FCC's published rate schedule [4]. A mid-size shop making 50,000 automated calls a month spends about $150. Set that against $500 to $1,500 per bad call. The math is not close.
Go further than the RND. Cross-reference your returned-mail file and flag any account where contact went cold with no explanation. A number that just stopped responding could be disconnected or reassigned. Route those to manual-only outreach until you verify.
What counts as an ATDS under the TCPA after Facebook v. Duguid?
The ATDS definition has been litigated more than almost any other TCPA question. In Facebook, Inc. v. Duguid (2021), the Supreme Court narrowed it, holding that an ATDS must have the capacity to store or produce numbers using a random or sequential number generator [5]. A system that dials from a stored list of specific numbers, with no random or sequential generation, is not an ATDS under the Court's reading.
This matters for collectors because most predictive and power dialers work from a list of account phone numbers, not randomly generated ones. After Duguid, several district courts found that list-based dialers fall outside the ATDS definition [5]. Good news for collection operations. Not a clean safe harbor.
Three caveats. Some state statutes (California's CIPA, for one) use broader autodialer definitions that Duguid does not preempt. Prerecorded voice calls sit on a separate legal track from ATDS calls, so even a non-ATDS dialer drops you back into TCPA liability the moment it plays a prerecorded message without consent. And the FCC has pending proceedings that could redefine ATDS, so today's posture may not hold.
The safe operational stance: treat your dialer as an ATDS unless outside counsel confirms in writing that your specific system's architecture sits outside Duguid. Being wrong costs too much to guess.
How should debt collectors document and store consent records?
Consent is only as good as your proof of it. If a consumer sues and swears they never consented, you need a record showing who consented, what they agreed to, when, what number they gave, and on what platform.
When a debt originates with a creditor who later places the account with you, get the consent documentation from that creditor before you start calling. Plenty of agencies skip this and assume the placement agreement implies consent. It doesn't. No documentation, no autodialing the cell number.
When consent comes to your agency directly (an online payment portal, an inbound call), the record should capture:
- Date and timestamp of consent
- IP address or call recording reference
- The exact consent language the consumer saw or heard
- The phone number tied to that consent
- The debt account the consent relates to
Store these records for at least four years. The TCPA runs on a four-year statute of limitations under 28 U.S.C. § 1658, so your records need to survive the full exposure window [6].
Some agencies use consent-management platforms that timestamp and archive consent events automatically. Money well spent. A paper log or a note buried in a free-text CRM field is not. You need a system that produces a consent record on demand when a complaint letter lands.
LeadCompliant's free TCPA consent checker and compliance kit include a consent documentation template covering every required field. Any system that captures the elements above and keeps them retrievable will do the job.
What are the TCPA penalties debt collectors actually face?
Statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation for negligent violations and $1,500 per violation if the court finds the defendant acted willfully or knowingly [1]. No cap per plaintiff. Courts have discretion to treble.
Class action exposure is the part that keeps people up at night. Each call or text is a separate violation, so plaintiff attorneys aggregate them into classes where the math turns brutal fast. A campaign that sent 100,000 autodialed texts without proper consent could carry $500 per text in statutory damages, or $50 million before any trebling. Courts have allowed TCPA class actions even where individual damages are small, because the per-violation structure makes them worth a plaintiff lawyer's time.
Real settlements show the range. Credit One Bank paid over $12 million to resolve TCPA claims tied to collection calls. Truist Bank faced a class action over TCPA violations. UnitedHealthcare paid $2.5 million to settle alleged TCPA violations tied to automated calls.
Those are big companies. Small collection agencies don't have the budget to fight a class action even with a decent defense. The calculus pushes toward settlement, which often lands in six or seven figures once plaintiff attorney fees are added.
The FCC can also assess civil forfeitures through its enforcement authority under the Communications Act. Those are separate from private suits [7].
| Violation Type | Statutory Damages per Call/Text | Trebled (Willful) |
|---|---|---|
| ATDS or prerecorded, cell, no consent | $500 | $1,500 |
| ATDS or prerecorded, cell, no consent (class) | $500 x class size | $1,500 x class size |
| DNC violation (residential) | $500 | $1,500 |
| FCC civil forfeiture | Set by FCC order | N/A |
How do the FDCPA and TCPA interact for debt collection agencies?
They're separate laws with separate enforcement, and breaking one doesn't automatically break the other. But they overlap in ways that can double your liability.
The Fair Debt Collection Practices Act (FDCPA), enforced by the CFPB and FTC, governs the content and timing of collection communications. It bars harassment, false statements, and calls before 8 a.m. or after 9 p.m. in the consumer's time zone [12]. The TCPA governs the technology and consent behind those communications. A single call can break both: an autodialed call at 9:30 p.m. without consent is an FDCPA timing violation and a TCPA autodialer violation at once.
The CFPB's Regulation F took effect November 30, 2021, and added structure for texts and emails in collection [8]. Under it, collectors can text and email consumers but must follow set procedures, including an opt-out mechanism. A consumer who opts out under Regulation F should also be treated as a TCPA consent revocation for automated texts.
So your program cannot run TCPA and FDCPA as two separate checklists owned by two separate people. A call that clears FDCPA review can still blow up your TCPA exposure, and the reverse holds too. Integrated training and integrated account flagging is the only setup that actually cuts risk.
One dead end to close. Congress created a debt collection exemption in 2015 for calls to cell phones about federal or federally backed debt. The Supreme Court struck it down in Barr v. American Association of Political Consultants in 2020 [9]. That exemption is gone. Don't build anything on it.
What should a TCPA compliance program actually include for a collection agency?
A working program for a mid-size shop isn't a binder on a shelf. It's a set of controls that run every day without anyone having to remember them.
Here's what it needs to cover:
Consent intake and verification. Before any account enters an autodialed queue, someone or something confirms documented consent exists for that specific number and that debt. No documentation, no autodialing. Full stop.
Reassigned number scrubs. Every number in your dialer queue gets queried against the FCC's Reassigned Numbers Database on a rolling basis, more than at intake. Consent confirmed six months ago says nothing about a number reassigned last month [4].
Revocation processing. A written procedure stating that any revocation (verbal, text, email, letter) triggers removal from all autodialed and prerecorded queues within a defined window. Aim for one business day maximum, same day for text campaigns.
ATDS classification. Outside counsel or a qualified compliance consultant reviews your specific dialing technology and writes an opinion on whether it meets the post-Duguid ATDS definition [5]. Document that opinion and update it when your tech changes.
Time-zone controls. Your dialer restricts calls to the consumer's local 8 a.m. to 9 p.m. window, consistent with the FDCPA and TCPA best practice [12].
Call recording and logging. Record calls, log attempts, and keep records at least four years [6].
Annual training. Collectors need to know the line between permitted manual calls and prohibited autodialed ones. They need to know how to log a verbal revocation. They need to know what to do with a "wrong number" complaint.
Litigation response protocol. A demand letter or lawsuit triggers an immediate hold on all automated contact with that consumer. Have outside TCPA counsel on retainer, or at least identified, before you need them.
LeadCompliant's one-time compliance kit packages several of these into ready-to-use templates, including the consent documentation form and a revocation logging checklist. Useful as a starting point, but adapt anything to your operation and get counsel review for your state.
Do state laws add compliance requirements beyond federal TCPA?
Yes, and some go stricter. The TCPA sets a federal floor. States can build higher.
Florida's Telephone Solicitation Act, effective July 1, 2021, covers calls made using any automated system for the selection or dialing of telephone numbers, a broader definition than the federal post-Duguid standard [10]. Florida also created a private right of action with statutory damages of $500 per call, same as the federal number, but the wider ATDS definition sweeps in more calls.
California's Invasion of Privacy Act (CIPA) and its Automatic Dialing-Announcing Device statute reach collection calls and have been paired with TCPA claims to stack liability. California courts have been receptive to TCPA class actions.
Washington State has its own automatic dialing and announcing device statute. Texas restricts automated calls. Oklahoma, Maryland, and several other states have provisions that ride alongside federal law.
Operate in multiple states, and you need a state-by-state read of which rules touch your dialing practices. This isn't a one-size analysis. A practice legal in Georgia can generate liability in Florida. The latest TCPA news space moves fast on state law, and 2023 and 2024 legislative sessions added new wrinkles in several jurisdictions.
For multi-state operations, the safe move is to comply with the most restrictive state law that touches your portfolio rather than run 50 separate rulebooks.
What specific steps reduce TCPA litigation risk for debt collection agencies?
Risk reduction comes down to three things: prevention, detection, and response readiness.
Prevention is everything in the compliance program above. The single highest-leverage step is consent documentation at account intake. Most collection TCPA suits start because the agency couldn't prove consent. Prove it and you have a defense. Fail to prove it and you're negotiating a settlement number.
Detection means internal auditing. Every quarter, pull a random sample of accounts that got autodialed calls. Confirm each had documented consent, that the number wasn't flagged as reassigned in the RND, and that no prior revocation existed. If your sample turns up problems, you have a systemic issue. Fix it before plaintiff counsel finds it.
Complaint monitoring is detection too. "Wrong number" complaints running above about 1% of call volume signal trouble in your number lists or consent records. Track the rate.
Response readiness is having a plan before the demand letter arrives. Identify TCPA defense counsel now. Know your D&O and E&O coverage for TCPA claims, because many policies exclude them and you want to learn that before you need it. Have a litigation hold protocol that immediately preserves call records, consent records, and dialer logs for the affected accounts.
One more note. The Joseph Snyder Credit One TCPA litigation and cases like it show that individual plaintiff attorneys can pile real pressure on collection agencies without ever certifying a class. A single-plaintiff TCPA suit with clear violations and documented calls can settle in the $15,000 to $50,000 range. A class action on the same facts can settle for millions. Early detection and clean records separate those outcomes.
Frequently asked questions
What is prohibited under the TCPA for debt collectors specifically?
The TCPA prohibits using an automatic telephone dialing system or a prerecorded or artificial voice to call or text a consumer's cell phone without prior express consent, whatever the reason for the call. It also bars prerecorded calls to residential landlines without consent, and calls to numbers on the National Do Not Call Registry absent an established relationship and consent.
Does consent from the original creditor transfer to a debt collection agency?
Generally yes. If the consumer gave their cell number to the original creditor during the transaction that created the debt, that consent can travel with the account. But you must get proof of it from the original creditor. Can't document it, can't rely on it. The consent also applies only to the specific debt, not to other accounts you may hold.
Can a consumer verbally revoke TCPA consent during a collection call?
Yes. Under the FCC's 2015 Omnibus Order, consumers can revoke consent through any reasonable means, including saying 'stop calling me' on a live call. Once they do, automated calls and texts to that number must stop. The collector should log the revocation right away, and the account has to be flagged in the dialer before the next campaign runs.
How many times can a debt collector call a cell phone before it becomes a TCPA violation?
There's no call-count limit in the TCPA. The violation happens the moment you make an autodialed or prerecorded call to a cell phone without consent, or after consent is revoked. Even one call can be a violation. The FDCPA separately restricts repeated or harassing calls, but TCPA liability can attach from the very first unconsented automated call.
Does the TCPA apply to text messages sent by debt collectors?
Yes. The FCC and courts treat texts as calls under the TCPA. An autodialed or system-generated text to a cell phone without prior express consent violates 47 U.S.C. § 227(b)(1)(A). Each text is a separate violation with its own $500 to $1,500 exposure. Consent rules, revocation rules, and reassigned-number obligations all apply to texts the same as voice calls.
What is the statute of limitations for a TCPA lawsuit against a debt collector?
Four years, under 28 U.S.C. § 1658, the federal catchall limitations statute. Courts have consistently applied this window to TCPA claims. Retain consent records, call logs, and revocation records for at least four years after your last contact with a consumer, so you can defend against claims filed at the far end of that window.
Does Facebook v. Duguid mean collection agencies can autodial without TCPA risk?
No. The 2021 Duguid decision narrowed the ATDS definition to systems that use random or sequential number generation. List-based dialers may fall outside it under federal law. But prerecorded voice calls stay prohibited without consent on a separate track, and several state laws use broader ATDS definitions. Treating Duguid as a blanket green light is a serious mistake.
Are debt collectors required to use the FCC's Reassigned Numbers Database?
The FCC hasn't issued a hard mandate for RND use in every case, but it has established that good-faith reliance on the RND can serve as a safe harbor defense if you call a reassigned number. Skipping the queries removes your main defense against wrong-number claims. At roughly $0.003 per query, the cost is trivial next to the exposure from a single reassigned-number call.
Can a debt collector send texts under Regulation F and still comply with the TCPA?
The two rules run in parallel. Regulation F (CFPB, effective November 2021) lets collectors text consumers with certain disclosures and opt-out mechanisms. The TCPA requires prior express consent for autodialed texts. You have to satisfy both: Regulation F's content and opt-out rules, and TCPA consent before the first text. Meeting Regulation F does not substitute for TCPA consent.
What does prior express written consent look like for debt collection texts?
It's a signed agreement (electronic signature counts) where the consumer clearly authorizes autodialed or prerecorded calls or texts at a specified number. It has to be a standalone authorization, not buried in a credit agreement's general terms. It must name the company calling and the number authorized. A checkbox on an online form works if it isn't pre-checked and the language is clear.
How do Florida's mini-TCPA rules change compliance for debt collectors in Florida?
Florida's Telephone Solicitation Act, effective July 2021, uses a broader automated-dialing definition than the federal post-Duguid standard. It covers any system that automates the selection or dialing of numbers, which likely reaches list-based predictive dialers. Florida also restricts calls to numbers on its state Do Not Call list. Collectors with Florida accounts need separate analysis under both statutes.
What records should a debt collection agency keep to defend a TCPA lawsuit?
At minimum: the original consent record showing who consented, when, to what number, and under what debt; the chain of custody showing how that consent transferred to your agency; call logs with dates, times, and numbers dialed; any revocation records; and RND query results. Keep all of it for four years. Records living only in a collector's notes or a free-text CRM field rarely survive a litigation hold in useful form.
Can a debt collector call a cell phone manually without TCPA risk?
A purely manual call, where a human physically dials with no autodialing or prerecorded element, generally sits outside the TCPA's ATDS prohibition. But if your dialer presents a number to an agent who clicks 'dial' and the system connects automatically, courts have split on whether that's manual or ATDS. Get outside counsel to review your specific system before assuming manual-dial is safe.
Sources
- U.S. Government, 47 U.S.C. § 227 (TCPA statute text): TCPA prohibits ATDS and prerecorded calls to cell phones without prior express consent; statutory damages of $500 to $1,500 per violation
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held ATDS must have capacity to store or produce numbers using random or sequential number generator; list-based dialers may fall outside definition
- U.S. Government, 28 U.S.C. § 1658 (federal statute of limitations): Four-year federal catchall statute of limitations applies to TCPA claims, establishing minimum record retention period
- CFPB, Debt Collection Practices (Regulation F), 12 CFR Part 1006, effective November 30, 2021: CFPB Regulation F permits debt collectors to communicate via text and email with required disclosures and opt-out mechanisms, effective November 30, 2021
- U.S. Supreme Court, Barr v. American Association of Political Consultants, 591 U.S. 610 (2020): Supreme Court struck down the government-debt exception to the TCPA's cell phone autodialer prohibition in 2020, eliminating that exemption
- Florida Legislature, Florida Telephone Solicitation Act (§ 501.059, F.S.): Florida's mini-TCPA uses broader automated dialing definition than federal post-Duguid standard; effective July 1, 2021
- FTC, National Do Not Call Registry: National DNC Registry restricts telemarketing calls; applies alongside TCPA for collectors making calls with marketing or solicitation elements
- CFPB, Fair Debt Collection Practices Act consumer resources: FDCPA prohibits calls before 8 a.m. or after 9 p.m. consumer local time; applies alongside TCPA for debt collection communications