If you're cold calling insurance leads, you're operating under a federal law that can fine you $500 to $1,500 per call if you get it wrong. That's not a typo. Per call. The Telephone Consumer Protection Act has been around since 1991, but enforcement has ramped up dramatically in the last few years, and insurance agents are squarely in the crosshairs.
This isn't a legal guide. We're not lawyers. But we've spent enough time navigating TCPA requirements for our own agency and our platform that we can walk you through what actually matters in practice. If you're dialing leads, you need to understand this.
What the TCPA Actually Says
The TCPA restricts how businesses can contact consumers by phone, text, and fax. For insurance agents, the relevant parts boil down to a few key rules.
You cannot use an automatic telephone dialing system (ATDS) or prerecorded voice to call a cell phone without prior express consent. If you're calling a landline with a prerecorded message, you need prior express consent for marketing calls. If you're using a predictive dialer that automatically dials numbers from a list, that likely qualifies as an ATDS under most court interpretations.
The definition of ATDS has been fought over in courts for years. The Supreme Court narrowed it in 2021 with the Facebook v. Duguid decision, ruling that a device must use a random or sequential number generator to qualify. But many state laws have broader definitions, and the FCC has continued to expand its interpretation. The safest assumption: if your dialer is automatically placing calls from a list without a human manually initiating each call, treat it as if ATDS rules apply.
Consent Types and What They Mean
There are two types of consent that matter for insurance cold calling.
Prior express consent means the person gave you their phone number in some context. They filled out a quote form, they called your office, they gave you their card at an event. This allows you to call them, but only for non-marketing purposes (like servicing an existing policy).
Prior express written consent is the higher bar. This requires a clear, written agreement (physical or electronic) where the person specifically agrees to receive marketing calls or texts. This is what you need for cold calling leads you bought from a vendor, running automated outbound campaigns, or sending marketing text messages.
Here's where agents get tripped up: buying a lead list does not automatically give you prior express written consent. The consent has to have been given by the consumer directly, and it has to specifically authorize the type of contact you're making. A generic "I agree to be contacted" checkbox on a quote form may not hold up if it doesn't specifically mention telemarketing calls or automated dialing.
If you're buying leads from a vendor, ask them exactly how consent was obtained. Get it in writing. If the vendor can't show you the specific opt-in language and prove the consumer agreed to it, those leads are a liability, not an asset.
Calling Hours by State
Federal TCPA rules restrict calls to between 8 AM and 9 PM in the consumer's local time zone. But many states have stricter rules.
Some notable state restrictions: California restricts marketing calls between 9 PM and 8 AM, and has its own TCPA equivalent (the California Consumer Call Protection Act) with additional requirements. Florida requires registration as a telemarketer and restricts calls from 8 AM to 8 PM. New York requires a specific telemarketer license and has a state do-not-call list that's separate from the federal one. Georgia, Indiana, and Oklahoma all have 8 PM cutoffs instead of the federal 9 PM.
The practical takeaway: if you're calling nationally, set your dialer to respect the earliest start time (9 AM) and latest end time (8 PM) in the consumer's time zone to stay safe across all jurisdictions. Yes, you lose an hour on each end compared to federal rules, but it eliminates the risk of a state-level violation.
The Do Not Call Registry
The National Do Not Call Registry is separate from TCPA but equally important. If a number is on the DNC list and you call it for marketing purposes, that's a separate violation with its own fines.
You must scrub your call lists against the National DNC Registry before dialing. You also need to maintain your own internal DNC list of anyone who's asked you to stop calling. If someone says "don't call me again," that goes on your internal list immediately, and you have 30 days to process it (though best practice is to flag it the same day).
The DNC Registry subscription costs between $75 and $19,000 per year depending on how many area codes you access. For most insurance agencies calling in multiple states, it's a few hundred dollars per year. There's no excuse not to have it.
What Happens When You Violate
TCPA violations carry statutory damages of $500 per violation. If the violation is found to be willful or knowing, that triples to $1,500 per violation. Each call or text is a separate violation.
The math gets horrifying fast. If you ran an automated campaign to 1,000 numbers without proper consent, that's $500,000 in potential liability. Willful? $1.5 million.
Most TCPA lawsuits are class actions brought by plaintiffs' attorneys who specialize in this area. There's an entire cottage industry of TCPA litigation. Some consumers even use apps to flag and record telemarketing calls specifically to file TCPA claims. Settling these suits typically costs between $50,000 and $500,000 for small businesses.
Beyond lawsuits, the FCC can issue fines directly. And your state's insurance commissioner can take action against your license. A TCPA violation isn't just a financial risk; it's a licensing risk.
How Good Dialers Handle Compliance
Any dialer worth using in 2026 should have compliance features built in. Here's what to look for.
DNC scrubbing should be automatic. When you upload a lead list, the dialer should scrub it against the National DNC Registry and your internal DNC list before any calls go out. If your dialer doesn't do this automatically, switch dialers.
Time zone detection should be built into the dialing logic. The system should know what time zone each number is in and refuse to dial outside permitted hours. This needs to account for state-specific rules, not just federal ones.
Consent management should be trackable. For every lead you're calling, you should be able to pull up when and how consent was given. If a plaintiff's attorney or regulator asks you to prove consent for a specific number, you need to produce that documentation.
Call recording with disclosure is important. Many states require one-party or two-party consent for call recording. Your dialer should handle the required disclosure ("this call may be recorded for quality assurance") automatically.
Caller ID compliance is the latest area of enforcement. STIR/SHAKEN is the new caller ID authentication framework that carriers are implementing to combat spoofing. Your dialer should be using verified caller IDs that pass STIR/SHAKEN attestation. If your calls are showing up as "Spam Likely" on consumer phones, your attestation level is probably too low, and your answer rates are tanking alongside your compliance.
Closd's dialer handles DNC scrubbing, time zone enforcement, consent tracking, and STIR/SHAKEN attestation natively. We built it this way because we were dialing leads ourselves and couldn't afford to get this wrong.
What to Do Right Now
If you're currently cold calling insurance leads, do these things this week.
Confirm your DNC Registry subscription is active and your lists are being scrubbed. Audit your lead sources and verify that each one provides documentation of prior express written consent. Check your dialer's time zone settings and make sure they respect state-specific calling hours. Review your internal DNC list process and make sure every "stop calling" request is being captured. Check your caller ID attestation level with your dialer provider.
TCPA compliance isn't exciting. It's not going to help you close more deals directly. But a single violation can cost you more than a year of commissions, and a pattern of violations can cost you your license. The agents who build compliance into their process from day one never have to think about it again. The ones who ignore it are playing a game of Russian roulette with their entire business.