How to choose a compliant predictive dialer for small teams

TCPA fines hit $500, $1,500 per call. Here's how small outbound teams pick a predictive dialer that won't land them in court. Practical, citation-backed guide.

LeadCompliant Team
25 min read
In This Article

Last updated 2026-07-09

Two sales agents with headsets at standing desks in a small outbound sales office
Two sales agents with headsets at standing desks in a small outbound sales office

TL;DR

A compliant predictive dialer for a small team needs built-in DNC scrubbing, TCPA-safe calling modes (especially for cell phones), call recording disclosure support, and audit logs. TCPA statutory damages run $500 to $1,500 per violation, with no cap in a class action. Picking the wrong dialer is a legal exposure decision, not an IT decision. This guide walks through every criterion that matters.

What makes a predictive dialer 'TCPA compliant' in the first place?

A dialer earns the label 'TCPA compliant' when it scrubs numbers against Do Not Call registries, supports safe modes for cell phones, logs calls in enough detail to reconstruct them, and enforces your internal DNC list in real time. No dialer makes you immune. Compliance is a system. The dialer is one piece of it.

The Telephone Consumer Protection Act, 47 U.S.C. § 227, restricts how businesses use automated dialing equipment to reach consumers [1]. A predictive dialer dials ahead of your agents, predicts when they will be free, and connects live calls automatically. That automation is exactly what draws TCPA scrutiny.

The FCC's one-to-one consent rules require that prior express written consent for telemarketing calls be specific to a single seller, not a broad lead-generation form that passes a consumer's number to dozens of companies [2]. That change broke a lot of older shared-lead workflows. A dialer that was technically fine in 2022 can now be part of your exposure if your consent chain is not seller-specific.

For practical purposes, 'compliant' means the dialer does at least four things: (1) checks every number against federal and applicable state Do Not Call registries before dialing, (2) supports manual or preview mode for cell phone lists when you cannot document prior express written consent, (3) records or at least timestamps calls with enough metadata to reconstruct what happened in litigation, and (4) lets you enforce your own internal DNC list in real time.

A vendor who markets a tool as making you 'TCPA-proof' is selling you something that does not exist. Your consent documentation is one layer. Your list hygiene is another. The dialer is a third. Miss any one and the whole thing leaks.

What is the actual TCPA liability exposure for a small team?

Statutory damages under 47 U.S.C. § 227(b)(3) are $500 per negligent violation and $1,500 per willful violation [1]. There is no cap on the number of violations in a class action. A predictive dialer hitting 10,000 numbers on a bad list is not a $5,000 problem. It is a $5 million problem at minimum, and up to $15 million if a court finds willfulness.

Real settlements give you a sense of the range. The Cash App TCPA class action settlement resulted in a reported $10 million payout. The Credit One TCPA settlement reached $12.5 million. Both involved automated calling to cell phones. Neither company was tiny, but the exposure math applies at any scale.

Small teams carry a specific risk profile. They rarely have a compliance attorney on retainer. They often buy cheap dialer software with no real DNC integration. And they assume their list vendor scrubbed everything. That last assumption has cost small businesses everything.

The FCC can also pursue administrative penalties separately from private suits [3]. State attorneys general have their own authority under some state mini-TCPA laws (more on that below). None of this is theoretical. The plaintiff's bar targets small and mid-size companies on purpose, because they settle faster.

Does the dialer's architecture matter, specifically the ATDS question?

Yes, and this is where it gets genuinely complicated. The TCPA restricts calls made using an 'automatic telephone dialing system' (ATDS), defined in the statute as equipment with the capacity to store or produce numbers using a random or sequential number generator, and to dial those numbers [1]. The Supreme Court's 2021 Facebook v. Duguid decision narrowed that definition. A system counts as an ATDS only if it uses a random or sequential number generator, not merely a stored list [4].

That ruling helped dialers that pull from a pre-loaded contact list rather than generating numbers on the fly. It did not eliminate TCPA risk. Calls to cell phones still require consent under the FCC's rules even when the device is not technically an ATDS under the post-Facebook definition, because the FCC's consent framework under 47 U.S.C. § 227(b)(1) reaches calls using artificial or prerecorded voices too [3].

Here is what that means for choosing a dialer. If your dialer uses preview or click-to-dial mode (an agent manually clicks to start each call), the ATDS question largely goes away. If your dialer runs in full predictive mode with no human starting each individual call, you are in a grayer zone and your consent documentation has to be airtight. Most small teams doing cold calling to consumer lists should think hard before running a fully automated predictive mode on cell numbers.

Ask every vendor you evaluate a blunt question: is your system considered an ATDS under the post-Facebook test, and what documentation does your legal team have to back that up? A vendor who cannot answer that is not a vendor you want.

TCPA damages and compliance thresholds at a glance Key figures every small team using a predictive dialer should know before dialing 500 Statutory damages per negli… TCPA violation 1,500 Statutory damages per willf… TCPA violation 3 Max abandoned call rate allowed (% of answered 30 Days to honor company-speci… DNC opt-out under TCPA Source: 47 U.S.C. § 227; FTC Telemarketing Sales Rule (16 C.F.R. Part 310); FTC DNC Registry Data Book FY 2023

What DNC scrubbing capabilities should a dialer have?

A dialer should scrub against the federal registry automatically, integrate state DNC lists, honor your internal opt-outs in real time, and flag cell numbers so you can apply different consent rules. The National Do Not Call Registry is run by the FTC and holds more than 249 million registered phone numbers as of fiscal year 2023 [5]. Telemarketers must scrub against it at least every 31 days.

A dialer that does not automate that scrub is asking you to remember a monthly compliance task. In a small team, that task gets missed.

Look for these DNC features specifically:

  • Federal DNC scrubbing: The dialer should query the FTC registry (or a licensed data provider) on a rolling schedule, more than when you remember to run a scrub.
  • State DNC list integration: Several states run their own lists. Florida, Indiana, Texas, Wyoming, and others have separate registries with their own subscription or scrubbing requirements [6]. If you operate nationally, you need multi-state coverage.
  • Internal DNC management: When a consumer says 'do not call,' your own internal list must honor that immediately and forever. The TCPA requires honoring company-specific opt-out requests within 30 days [1]. A good dialer lets you flag a number and suppress it in real time.
  • Wireless identification: The dialer should flag or separate cell phone numbers so you can apply different consent rules to them.

You can verify numbers yourself too. The FTC's do not call list checker and the do not call telemarketer list resources explain what consumers see and expect. Knowing the consumer-side experience helps you design a workflow that avoids the calls people complain about.

Some dialers charge extra for DNC scrubbing as an add-on. That is fine, as long as the integration is automated and auditable. What you want to avoid is a system where DNC scrubbing is a manual CSV export and import, because that creates gaps and leaves no audit trail.

How do call time restrictions factor into dialer configuration?

The dialer has to respect the consumer's local time, not your office time. The TCPA and the FTC Telemarketing Sales Rule both bar telemarketing calls before 8 a.m. or after 9 p.m. local time at the consumer's location [7]. A team in Phoenix calling consumers in New York has to account for the time zone difference automatically.

Some states go further. Florida restricts calls to the 8 a.m. to 9 p.m. window and layers on extra restrictions for certain categories. California has no state-specific calling-hour rule beyond the federal baseline, but California's consumer protection laws add other requirements.

A dialer should have time-zone-aware suppression built in. You enter a number, the system looks up the area code (and ideally the NPA-NXX, or better yet a real-time geocode), and it refuses to dial outside the permitted window. This sounds basic. A surprising number of cheap dialers do not do it. They let you set a single time window for the whole campaign, which fails the moment you have a national list.

Test this during your demo. Hand the vendor a list with numbers from Hawaii, Puerto Rico, and New York, and ask them to show you exactly how the system handles time-zone logic before it dials.

What call recording and disclosure features does a compliant dialer need?

A compliant dialer should play an automatic recording disclosure in states that require it (or prompt the agent to give one), retain recordings for at least the four-year TCPA statute of limitations, and tie each record to a specific number and campaign. Recording without proper disclosure in a two-party consent state is its own separate violation.

Call recording cuts both ways. As an asset, recorded calls are your best evidence that you had consent, followed procedure, or that the consumer said something inconsistent with their later claim. As a liability, recording without proper disclosure in a two-party consent state (California, Illinois, Florida, and others) breaks state law on its own.

Better systems let you configure state-by-state disclosure logic, so California calls automatically get the right opener while calls to one-party states do not.

For recording storage, look at three things: how long records are retained (the TCPA has a four-year statute of limitations [1], so you want at least that), whether records are tied to the specific phone number and campaign, and whether you can export everything easily for a litigation hold.

This is where a lot of small teams learn their dialer choice was wrong. The vendor stores 90 days of recordings, a lawsuit lands 18 months after the call, and there is nothing left to defend with.

What dialer features matter specifically for small teams, versus enterprise?

Small teams need something that works out of the box and does not require a full-time admin. Enterprise compliance teams have dedicated legal staff, IT security teams for integrations, and budget for custom builds. You do not. That changes what you prioritize.

For a team of 2 to 20 agents, the features that matter most:

  • Simple DNC automation: You should not need to understand API calls to run a compliant scrub. If the dialer needs a developer to set up DNC integration, it is not built for small teams.
  • Per-seat pricing that is honest: Some dialers charge low per-seat fees, then bill heavily for compliance add-ons (DNC scrubbing, recording storage, TCPA suppression lists). Get the total monthly cost, including compliance features, in writing.
  • Audit logs you actually own: If you leave the vendor, can you export your full call history and consent records? Some SaaS dialers hold that data and make it hard to extract. That is a problem if litigation lands after you switch vendors.
  • Preview mode as a real option: For small teams doing high-value sales calls rather than high-volume consumer spam, preview mode (the agent sees the record and clicks to call) is often the right operating mode for both compliance and conversion. Not every dialer makes it easy.

One practical move: run a number lookup against your existing list before you pick a dialer. The mobile phone do not call list guidance explains how cell numbers get treated differently, and knowing your list composition (what fraction is cell versus landline) changes which dialer mode you even need.

How do state-level TCPA analogs change which dialer you need?

Federal TCPA is the floor, not the ceiling. Several states passed stricter laws, and your dialer needs to be configurable enough to handle them. If you run a national campaign, you are subject to all of them at once.

Florida's FTSA (Florida Telephone Solicitation Act, Fla. Stat. § 501.059) expanded significantly in 2021. It requires prior express written consent for calls or texts made with an 'automated system' to Florida numbers, and it created a private right of action with damages of $500 per call, similar to the federal structure [6]. Florida's definition of 'automated system' is broader than the post-Facebook ATDS definition, so systems that dodged TCPA liability under Facebook v. Duguid may still be covered under Florida law.

Oklahoma, Washington, and several other states have their own telemarketing acts with varying restrictions.

What this means for dialer selection: pick a vendor with documented state-specific compliance logic, or at minimum one that lets you segment your calling campaign by state and apply different dialing modes and disclosure scripts per state. A one-size-fits-all campaign configuration is increasingly a compliance gap.

If you are unsure which states' laws apply to your contacts, the answer is basically all of them where your contacts reside, regardless of where your business sits.

What questions should you ask a dialer vendor before signing?

Ask the vendor to prove specifics, not repeat the phrase 'TCPA compliant,' which means almost nothing on its own. The questions worth asking:

1. Is your system considered an ATDS under the post-Facebook v. Duguid definition? Do you have a legal memo supporting that position? 2. How does DNC scrubbing work: what is the scrub frequency, which lists are included, and what does a scrub error look like in your logs? 3. What happens if a consumer on my call list is added to the federal DNC registry tomorrow? How long until your system suppresses their number? 4. Do you support time-zone-aware suppression at the number level, more than the campaign level? 5. How long do you retain call recordings and metadata, and can I export everything if I leave your platform? 6. What compliance configuration is available per state, specifically for Florida, California, and Texas? 7. Have you or your customers been named in TCPA litigation? What happened? 8. What does your SLA say about incorrect scrubbing or a compliance failure on your end, specifically around indemnification?

That last question matters most. Most dialer vendors disclaim all liability for TCPA violations in their terms of service. That is standard. Read it carefully before you assume the vendor shares your risk. They almost never do.

Running a compliance check before any campaign cuts risk too. LeadCompliant's free number checker tools let you spot-check numbers against DNC status before they enter a campaign, which is a useful pre-flight step no matter which dialer you pick.

The rule means you need documented, seller-specific consent tied to each phone number before you run a list through a predictive dialer in any automated mode. If you cannot document that consent for a given number, the safer mode is manual or preview dialing.

The FCC's December 2023 Report and Order (FCC 23-107) revised the TCPA consent rules to require that prior express written consent for telemarketing calls be obtained on a per-seller basis [2]. The rule invalidated the practice of a single consent checkbox covering multiple sellers at once, which was the backbone of many lead aggregator and affiliate marketing models.

The FCC stated in that order that consent must be "logically and topically associated" with the website or interaction through which it is collected. That language has real operational consequences. You cannot buy a list from a lead vendor and assume their consent form covers your company's calls, even when the form technically mentioned 'marketing partners.'

Some dialer vendors are adding consent timestamp fields to their records, so you can store the consent date, source URL, and IP address alongside the phone number. That is worth looking for. If your current CRM or dialer does not support it, the gap is your problem in litigation, not the vendor's.

The TCPA overview covers the statute's full framework, useful context if your team is new to this.

(Note: the FCC delayed and courts later addressed portions of the one-to-one rule's rollout, so confirm the current effective status with counsel before relying on a specific date.)

What does a practical compliant dialer stack look like for a small team?

For a team of 5 to 15 agents doing legitimate outbound sales, a workable stack is a cloud dialer with both preview and predictive modes, automated federal plus state DNC scrubbing at upload, and consent records you own tied to each number. Choose the mode per campaign, not once for everything.

For consumer lists where consent is unclear, run preview mode. For opted-in B2B contacts where TCPA risk is lower (business lines are generally outside the TCPA's cell phone restrictions), you can use predictive mode.

You need automated DNC scrubbing covering the federal registry and at minimum the key state registries for your contact geography. Scrub at the point of list upload, not once a month.

Your consent records should live somewhere you own, whether in your CRM or exported from your lead vendor, tied to phone number, date, source, and the specific offer the consumer agreed to. The dialer log should match those consent records.

If you handle any volume of cell phone numbers, talk to an attorney before launching a fully automated campaign. That is not paranoia. It is math. At $500 per call, 1,000 wrong calls is $500,000 in exposure. An hour with a telemarketing attorney costs a tiny fraction of that.

LeadCompliant's one-time compliance kit covers the consent documentation templates, DNC workflow checklists, and state-by-state calling rules that small teams usually build out after a demand letter arrives. Building them before you dial is cheaper.

For the cold call rules that apply before the dialer even fires, the cold call guide covers the foundational restrictions in plain language.

Frequently asked questions

Can a small business legally use a predictive dialer to call cell phones?

Yes, but only with prior express written consent from each cell phone owner. The TCPA prohibits using an ATDS or prerecorded voice to call cell phones without consent, and damages run $500 to $1,500 per call. For lists where you cannot document seller-specific consent, use preview or manual dialing to avoid ATDS exposure. The FCC's one-to-one rule requires consent be specific to your company, not a shared lead-gen form.

How often does a predictive dialer need to scrub against the Do Not Call registry?

The FTC's Telemarketing Sales Rule requires scrubbing against the National DNC Registry at least every 31 days. Most compliance-grade dialers do this automatically on upload or on a rolling schedule. Scrubbing less often than that creates a gap: numbers registered after your last scrub are protected, and calling them is a violation even if they were clean when you bought the list.

What is the difference between a predictive dialer and a power dialer for compliance purposes?

A predictive dialer calls multiple numbers at once before agents are free, maximizing efficiency but creating abandoned-call risk and stronger ATDS arguments. A power dialer calls one number per available agent without predicting wrap time. Both can trigger TCPA liability with the wrong list or consent setup, but power dialers carry slightly lower ATDS argument risk because they dial one number at a time per agent.

Are B2B calls exempt from TCPA predictive dialer rules?

Business lines (numbers registered to a business, not a personal cell) are generally outside the TCPA's core cell phone restrictions. But if your 'B2B' list includes personal cell phones people use for work, those cells are still covered. TCPA protection follows the phone number, not the person's job. Wireless numbers used for business by an individual still require consent for automated calls.

The FTC's Telemarketing Sales Rule requires telemarketers abandon no more than 3 percent of answered calls over a 30-day campaign period, and abandoned calls must play a recorded message within 2 seconds with the caller's identity and a callback number. A dialer that cannot configure and report on abandon rate is a compliance liability itself. Most reputable predictive dialers have abandon rate controls built in.

The one-to-one consent rule applies to TCPA-covered calls, which center on consumer (non-business) wireless numbers and prerecorded voice calls. Pure B2B calls to business landlines generally fall outside TCPA's scope. But if you are calling personal cell phones even in a B2B context, the TCPA applies, and so does the one-to-one consent requirement for any automated calling.

What records should I keep to defend a TCPA claim after using a predictive dialer?

Keep the date and source of consent for each number, the specific offer the consumer agreed to, your DNC scrub logs with dates, call records showing time, duration, and phone number, any opt-out or DNC requests and when you honored them, and the dialer vendor's configuration at the time of the campaign. The TCPA's statute of limitations is four years, so retain records for at least that long.

How do I get the Do Not Call list to scrub my dialer lists?

The FTC's National DNC Registry is at donotcall.gov. Businesses pay to access it on a per-area-code or subscription basis. Most dialer vendors either include access in their pricing or integrate with a licensed data provider who holds a subscription. You can also check status directly using the FTC's lookup tool. The how do i get the do not call list resource covers the process step by step.

Can a dialer vendor be sued under the TCPA, or is it always the calling company?

Courts have generally held that TCPA liability attaches to the 'initiator' of the call, usually the business using the dialer, not the software vendor. Some cases have named vendors when they allegedly played an active role in the calling campaign beyond passive software provision. As a practical matter, assume liability falls on you and structure your vendor contract accordingly, including checking what indemnification, if any, the vendor offers.

What is the best dialer mode for a team new to TCPA compliance?

Preview mode. In preview mode, an agent sees the contact record and manually clicks to dial, which largely eliminates ATDS arguments and gives agents a chance to confirm consent before calling. It is slower, but for teams building a compliance foundation, the risk reduction beats the efficiency trade-off. Once you have clean consent documentation and solid DNC workflows, you can evaluate whether power dialer mode fits.

Do state DNC lists matter if I already scrub the federal registry?

Yes. Several states, including Florida, Indiana, Texas, and Wyoming, maintain their own registries separate from the federal list. Scrubbing only the federal registry leaves state-registered numbers unprotected. State violations can carry their own penalties under state telemarketing statutes, and some state private rights of action exist alongside the TCPA. If you call nationally, you need multi-state DNC coverage.

How much does a compliant cloud predictive dialer cost for a small team?

Pricing varies widely. Basic cloud dialers start around $50 to $150 per seat per month. Compliance features like automated DNC scrubbing, call recording retention, and consent management add cost and are sometimes bundled, sometimes sold as add-ons. All-in, a small team of 5 to 10 agents should budget $500 to $2,000 per month for a dialer with real compliance features. Cheaper tools look attractive until the first demand letter.

What is a 'safe harbor' under TCPA and does a dialer help me qualify?

The TCPA's safe harbor for company-specific DNC violations requires the company to keep written DNC policies, train personnel, and maintain an internal DNC list. A dialer that automatically captures and enforces internal DNC requests supports that safe harbor. The dialer alone does not qualify you. You also need the written policy and evidence of training. Safe harbor applies only to company-specific DNC violations, not to calling numbers on the national registry.

Does using an offshore dialer or VOIP service change my TCPA obligations?

No. The TCPA applies to calls made to US phone numbers regardless of where the calling technology or company sits. Using an offshore VOIP service does not exempt you. The FCC and plaintiffs' attorneys look at where the call landed and who benefited commercially. Trying to escape TCPA jurisdiction through offshore technology has not worked in the cases that tested it.

Sources

  1. Cornell Law School LII, 47 U.S.C. § 227 (TCPA full statute text): TCPA statutory damages are $500 per violation and $1,500 per willful violation; company-specific DNC opt-outs must be honored within 30 days; four-year statute of limitations applies
  2. FCC, Report and Order FCC 23-107 (One-to-One Consent Rule, December 2023): FCC December 2023 order requiring prior express written consent be seller-specific and logically associated with the interaction
  3. Cornell Law School LII, 47 U.S.C. § 227(b)(1) (TCPA prohibited calls): FCC administers TCPA consent requirements for calls using artificial or prerecorded voice and automated systems; FCC can pursue administrative penalties separately from private suits
  4. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held that an ATDS requires a random or sequential number generator; dialers using stored lists are not automatically ATDSs under this narrowed definition
  5. FTC, National Do Not Call Registry Data Book FY 2023: National DNC Registry contains more than 249 million registered phone numbers; telemarketers must scrub against it every 31 days
  6. Florida Legislature, Fla. Stat. § 501.059 (Florida Telephone Solicitation Act): Florida FTSA as amended in 2021 requires prior express written consent for automated calls/texts to Florida numbers and provides $500 per call private right of action
  7. FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): TSR prohibits telemarketing calls before 8 a.m. or after 9 p.m. local time at the consumer's location; requires abandoned call rate not exceed 3 percent with 2-second message requirement
  8. FTC, business guidance on complying with the Telemarketing Sales Rule: Businesses must access and scrub against the National DNC Registry and are responsible for honoring registrations regardless of list vendor representations
  9. Cornell Law School LII, 47 C.F.R. § 64.1200 (FCC TCPA implementing regulations): FCC implementing regulations govern dialing system compliance, prerecorded message rules, and abandoned call requirements
  10. Cornell Law School LII, 47 C.F.R. § 64.1200 (FCC TCPA implementing regulations): FCC implementing regulations require companies maintain written DNC policies, train personnel, and maintain internal DNC lists to qualify for the TCPA company-specific safe harbor

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit