A Texas insurance agency made 6,000 calls in a single week. Their leads came from a reputable vendor. Their agents were working hard. And by Friday afternoon, one of those 6,000 calls had landed on the phone of a professional TCPA plaintiff who had been waiting for exactly this kind of call.
Six weeks later, the agency was looking at a $1.2 million settlement. Twelve people. One bad list. One call they had no idea they shouldn't have made.
They weren't reckless. They weren't lazy. They just didn't understand how DNC compliance actually works — the layers, the timelines, the state-level traps that sit right below the surface of what most agents think they know. This guide fixes that.
There Isn't One DNC List. There Are Three.
Most agents know there's a Do Not Call Registry. What most don't know is that it's three overlapping systems — and violating any one of them carries independent penalties.
Layer 1: The Federal Registry
Managed by the FTC, the National DNC Registry contains over 240 million active phone numbers. Once a consumer registers, their number stays permanently — unless they remove it themselves. You're required by law to access updated registry data within 31 days of any call. Not 32 days. Not 45. Thirty-one.[1]
Layer 2: State DNC Lists
Seventeen-plus states maintain their own DNC lists independent of the federal registry — and many are stricter. Some require 15-day refresh cycles instead of 31. Some impose higher per-violation fines. Some extend coverage to business lines that federal law doesn't cover. If your list includes California, Florida, Indiana, or Texas numbers, federal compliance alone is not enough.[2]
Layer 3: Your Internal DNC List
This one is entirely in your control — and it's the one that generates the most easily preventable violations. Any time a prospect tells you to stop calling them, you're legally required to add them to your own suppression list. Under the TSR, you must maintain that record for five years and honor it on every future campaign. The violation that comes from calling someone who already asked you to stop is the one a jury has the least sympathy for.
HERE'S WHAT NOBODY TELLS INSURANCE AGENTS ABOUT THE DNC:
The 31-day rule doesn't mean you can scrub once and dial for a month. It means your DNC data cannot be older than 31 days at the moment you dial. If you scrub on March 1 and run the campaign through March 31, you're compliant on March 1 and potentially non-compliant on March 31 depending on how many new registrations occurred during that window.
The 31-Day Rule
Under the FTC's Telemarketing Sales Rule (16 C.F.R. § 310.4(b)(3)(iv)), your DNC registry data must be current within 31 days of the campaign date — not the purchase date, the dial date.[2]
If you scrub a list on March 1 and start dialing on March 15, you're compliant. If you keep dialing that same list on April 5 without re-scrubbing, you're potentially non-compliant for every new DNC registration that occurred between March 1 and April 5.
How TCPA Enforcement Actually Happens to an Insurance Agent
Most agents imagine a federal investigation — regulators, subpoenas, big dramatic consequences. The reality is quieter and moves much faster.
A consumer gets a call they didn't want. They go to FTC.gov and file a two-minute complaint. That complaint enters a database that consumer attorneys monitor for patterns. If your company name or number appears multiple times, a letter arrives. That letter isn't from the FTC — it's from a plaintiff's attorney asking for call logs, consent documentation, and your DNC scrub records.
If you can produce those records quickly and completely, the attorney moves on. If you can't — or if the records show a pattern of calling DNC-registered numbers — the same statute that empowers the FTC also gives private individuals the right to sue you directly for $500 to $1,500 per call.[3] No government agency required. One frustrated prospect and one contingency-fee attorney are all it takes.
The Five DNC Myths That Get Insurance Agents in Trouble
Myth 1: 'We dial manually, so DNC doesn't apply to us.'
The TCPA's autodialer restrictions may or may not apply to manually-dialed calls depending on your equipment configuration. DNC registry obligations apply regardless of how you dial. If the number is registered and you call it without a valid exemption, it's a violation.
Myth 2: 'Our vendor scrubbed the list, so we're covered.'
You are not. Under the TCPA, the company that makes the call is responsible — not the vendor who sold the data. A vendor's compliance claim is not a legal shield. Run your own scrub on every list before dialing, regardless of what anyone else claims about the data.
Myth 3: 'We have consent, so the DNC doesn't matter.'
Prior express written consent can override DNC registration for the specific purpose the consumer consented to. But that consent must name your company (or clearly include your category), cannot be a condition of purchase, and must be documented with a timestamp and IP address. Verbal consent from a form fill three years ago for a different product does not qualify.
Myth 4: 'We only have a few hundred numbers registered — small exposure.'
The plaintiff's attorney doesn't care about your list size. They care about the pattern. If 50 out of your 800 numbers were DNC-registered and one of them belongs to a serial TCPA plaintiff, you're looking at a class-action that covers all 50 numbers. At $1,500 per willful violation: $75,000 minimum from a campaign of 800 dials.
Myth 5: 'Texts have different rules than calls.'
The TCPA treats SMS messages identically to phone calls. Every marketing text to a DNC-registered number without proper consent is a separate violation at the same penalty level. The rules on consent, timing, and registry compliance apply to texts exactly as they apply to voice calls.
Federal vs. State DNC: What Changes by State
| Rule | Federal (FTC/FCC) | State (strictest) |
|---|---|---|
| Registry refresh | Every 31 days | Some require 15 days |
| Calling hours | 8 AM – 9 PM local | Some restrict to 9 AM – 8 PM |
| Per-violation fine | Up to $51,744 | $1,000 – $25,000+ on top |
| B2B exemption | Generally yes | Some states cover B2B |
| Private lawsuit | Yes — $500–$1,500/call | Yes — state penalties separate |
The Compliance Checklist Every Insurance Agent Needs
- Scrub every list against the federal DNC Registry within 31 days of the campaign date — not the purchase date, the dial date.
- Scrub against every applicable state DNC list for states you're calling into. Not just states you're calling from.
- Maintain an internal DNC list and honor opt-out requests from prospects within 30 days — immediately is better.
- Document consent with a timestamp, IP address, and form version for any ATDS campaign targeting mobile numbers.
- Verify calling hours apply to the called party's time zone, not your office's time zone.
- Retain all compliance documentation for at least 5 years — consent records, scrub receipts, training logs.
- Re-scrub any list older than 31 days before reusing it — even if you scrubbed it last month.
Clean Leads 365 scrubs every list against the National DNC Registry and 17+ state lists automatically at delivery. Upload your existing list at cleanleads365.com/dnc-scrubbing and get a complete compliance report — showing exactly how many numbers are registered and which states they're flagged in. First 100 records free.
References
- Federal Trade Commission. (2024). National Do Not Call Registry Data Book FY 2023. ftc.gov
- FTC Telemarketing Sales Rule. 16 C.F.R. § 310.4(b)(3)(iv). 31-day data access requirement.
- 47 U.S.C. § 227(b)(3). TCPA private right of action: $500 per violation, up to $1,500 for willful.
- Federal Trade Commission. (2024). Civil penalty adjustments. $51,744 maximum per TSR violation.
