TCPA Compliance Guide for Buying Insurance Leads

The Telephone Consumer Protection Act is not something most insurance agents think about until they get a demand letter. By then it is too late. If you are buying leads and calling them, you need to understand TCPA — not because you need to become a lawyer, but because the fines are $500 to $1,500 per violation. Per call. One bad list of 200 leads could cost you $100,000 or more.

What TCPA Is and Why You Should Care

TCPA is a federal law enacted in 1991 that regulates telemarketing calls, auto-dialed calls, pre-recorded messages, and text messages. It was designed to protect consumers from unwanted robocalls. The law is enforced by the FCC, and consumers can also file private lawsuits — which is where most of the financial pain comes from.

The penalties are not theoretical. Class-action TCPA lawsuits are a cottage industry. Plaintiff attorneys actively recruit consumers who received calls they did not consent to. In 2024 alone, there were over 3,000 TCPA-related lawsuits filed in federal courts. Many more were settled before filing. Insurance agents are frequent targets because they make high volumes of outbound calls to people they have never spoken to before.

Express Consent vs. Prior Express Written Consent

TCPA distinguishes between two types of consent, and the difference matters.

Express consent means the person gave their phone number voluntarily. If someone fills out a form and provides their phone number, they have given express consent to receive calls from you — but only non-telemarketing calls. You could call to follow up on their inquiry, but you could not pitch them a product they did not ask about.

Prior express written consent is the higher standard. It requires the consumer to sign (including electronically) a clear disclosure that they agree to receive telemarketing calls or texts, including via autodialer or pre-recorded voice. This is what you need if you are using any kind of power dialer, auto-dialer, or pre-recorded message.

When you buy leads, the consent was given to the lead vendor, not to you. This is the critical point. The vendor’s form and disclosure language determine whether you have a legal basis to call that lead. If the vendor’s opt-in language is weak, generic, or missing, the consent may not transfer to you — and you are the one making the call, so you are the one on the hook.

The One-to-One Consent Rule

In January 2025, the FCC’s one-to-one consent rule took effect. This is the biggest change to lead generation compliance in a decade, and it fundamentally changes how shared leads work.

Under the old rules, a lead form could include blanket consent language like “By submitting this form, you agree to be contacted by our partners.” That single consent could cover dozens of companies. A consumer fills out one form, and 15 agents from 15 different companies all have “consent” to call them.

The new rule requires that consent be given to one specific seller at a time. The consumer must know exactly which company will be contacting them and agree to that specific company. Blanket consent to a list of “marketing partners” is no longer sufficient for calls that require prior express written consent.

This has massive implications for shared leads. If a lead vendor sells the same lead to five agents, each of those agents needs individual consent from the consumer. A single form submission with generic partner language does not satisfy this requirement. Agents calling shared leads without proper one-to-one consent are exposed to TCPA liability.

What to Ask Your Lead Vendor

Before you buy a single lead, ask these questions. If the vendor cannot answer them clearly and specifically, that is a red flag.

1. “Do your leads have TCPA-compliant consent?” — This is the baseline question. The answer should be yes, and they should be able to explain how consent is captured.
2. “Do you use TrustedForm certificates or similar verification?”— TrustedForm creates an independent, timestamped record of the consumer’s consent. It captures a replay of the form submission, including the disclosure language the consumer saw. This is the gold standard for proving consent in a dispute.
3. “Are leads sold as exclusive or shared?” — Under the one-to-one consent rule, shared leads are in a gray area at best. If the vendor sells shared leads, ask how they comply with the one-to-one consent requirement.
4. “Can I see a sample of your lead form and consent language?” — A legitimate vendor will show you exactly what the consumer sees when they opt in. If the vendor will not share this, walk away.
5. “How do you handle Do Not Call list scrubbing?” — Leads should be scrubbed against the National Do Not Call Registry before delivery. This is table stakes.

How This Affects Your Lead Strategy

The compliance landscape is pushing the industry toward exclusive, intent-based leads with explicit opt-in to a specific company. This is not a coincidence — these leads are both higher quality and lower risk.

If a consumer fills out a form that says “I want to be contacted by [Your Company Name] about life insurance,” and they sign that consent, you have a clean legal basis to call them. If a consumer fills out a generic form that says “I want insurance quotes from multiple companies,” the consent chain gets murky fast.

Aged leads present additional risk. Consent can be revoked at any time. A consumer who filled out a form 60 days ago may have already told three other agents to stop calling. If you dial them with an autodialer after they have revoked consent, you are exposed.

The safest lead types in the current environment are exclusive, real-time leads with documented one-to-one consent and TrustedForm certification. They cost more per lead. They cost far less per lawsuit.

Protecting Yourself

Even with compliant leads, there are basic steps you should take to limit your exposure.

• Maintain your own internal Do Not Call list. When someone tells you to stop calling, add them immediately and never call again.
• Document every call. Your CRM should log the date, time, and outcome of every contact attempt.
• Keep records of lead provenance. Know where every lead came from, when consent was captured, and what the consumer agreed to.
• If you use a dialer, make sure it can detect and skip numbers on the DNC registry and your internal suppression list.
• Consider TCPA liability insurance. It is not common yet, but some E&O policies now offer endorsements for telemarketing liability.

TCPA compliance is not optional. It is not a suggestion. It is a federal law with real financial consequences. The agents who take it seriously protect their businesses. The ones who ignore it are one lawsuit away from a very expensive lesson.