Most TCPA violations don't happen because agents deliberately break the law. They happen because compliance was treated as someone else's job — the lead vendor's, the dialer company's, the compliance officer's. The agent just dialed. That's not how liability works. This checklist is designed to be your operational standard operating procedure.
The Legal Foundation: What TCPA Actually Requires
The Telephone Consumer Protection Act (47 U.S.C. § 227) was enacted in 1991. The key operative requirements for insurance sales operations are:
- No calls or texts to cell phones using an ATDS or prerecorded voice without prior express written consent
- No calls to numbers on the National DNC Registry (or state lists) without an applicable exemption
- No calls before 8:00 a.m. or after 9:00 p.m. in the called party's local time
- Honor all do-not-call requests within 30 days
- Identify yourself and the company you're calling on behalf of
- Provide a toll-free number for opt-out requests
"Each of these requirements is individually enforceable. Failing one while complying with all others does not reduce your exposure on the one you missed."
Section 1: Before You Build a List
- ☐ Identify which states you'll be calling into
- ☐ Confirm which state DNC lists apply (17+ states have their own programs)
- ☐ Register with the FTC's DNC Registry portal and obtain a SAN
- ☐ Establish a documented consent capture process meeting FCC requirements
Section 2: Before You Dial Any List
- ☐ Scrub the list against the National DNC Registry (downloaded within past 31 days)
- ☐ Scrub against applicable state DNC lists
- ☐ Scrub against your internal DNC list
- ☐ Verify mobile vs. landline status for every number
- ☐ Verify phone numbers are active/in-service
- ☐ Check consent documentation for every mobile number
- ☐ Configure dialer for correct time-zone calling windows
Section 3: During the Campaign
- ☐ Identify yourself on every call (name, company, callback number)
- ☐ Log all DNC requests in real time
- ☐ Record calls only where permitted (check two-party consent states)
Section 4: After Every Campaign
- ☐ Update internal DNC list within 30 days of any opt-out request
- ☐ Retain all compliance records for a minimum of 5 years
- ☐ Review and refresh consent documentation older than 2 years
- ☐ Repeat DNC scrub every 31 days on any list still in active rotation
Section 5: Organizational Requirements
- ☐ Maintain a written TCPA compliance policy
- ☐ Train all agents on TCPA requirements before their first call
- ☐ Audit vendor compliance before using any third-party lead source
- ☐ Appoint a compliance point of contact
What Happens When You Don't Follow This Checklist
The FTC's enforcement record makes clear that no company is too small. In 2023, the FTC brought 28 telemarketing enforcement actions, including against single-agent operations. The agency has explicitly prioritized health insurance and financial services telemarketing as enforcement targets.
The single fastest action on this checklist: run your existing lead list through a DNC scrub — 100 records free, results in under 5 minutes. And use our free TCPA Fine Calculator to see your exact exposure before your next campaign. You can also check live TCPA calling hours for your state →
