The Standard CRMGet started
Compliance

The 2026 TCPA and DNC Field Guide for Life-Insurance Agents

June 13, 202611 min read
The 2026 TCPA and DNC Field Guide for Life-Insurance Agents

Most life-insurance agents treat TCPA compliance as a vague cloud of risk they hope never rains on them. It does not have to be vague. The rules that govern how you can call and text a lead are specific, dated, and mostly mechanical, which means they can be followed precisely instead of guessed at. This is the field guide: what the TCPA and DNC rules actually require in 2026, what the recent court decisions changed, and how to run outreach that holds up.

Informational, not legal advice. This guide explains how the rules generally work as of June 13, 2026. It is not a substitute for advice from qualified TCPA or insurance counsel, and the authorities cited here are moving quickly. Confirm anything load-bearing before you rely on it.

TCPA compliance for insurance agents comes down to four deterministic checks before each contact: the right consent, a clean DNC scrub, an allowed local calling window, and a prompt opt-out. Get those right on every call and text and you have removed most of your exposure. The reason agents still get burned is that these checks are easy to skip when you are dialing fast by hand, and the penalties are per call.

Key takeaways

  • The TCPA governs how you contact a cell phone with an autodialer or an artificial or prerecorded voice, including AI voices (FCC 24-17, 2024).
  • Consent law is in flux: the Eleventh Circuit vacated the one-to-one consent rule (January 2025) and the Fifth Circuit rejected a blanket written-consent requirement (February 2026). Capturing clear written consent is still the strongest defense.
  • Federal calling hours are 8am to 9pm local time; many states are stricter (47 CFR 64.1200(c)(1)).
  • You must scrub the National DNC Registry with a copy no more than 31 days old, and honor internal opt-outs regardless of consent (FTC).
  • Penalties are $500 per violation, up to $1,500 for willful conduct, and uncapped (47 USC 227). That is why a system, not a memory, should enforce the rules.

What does the TCPA actually require?

The TCPA requires the right level of consent before you use an autodialer or an artificial or prerecorded voice to contact a cell phone, plus DNC compliance, allowed calling hours, and clear identification and opt-out. It is a federal statute, and in February 2024 the FCC confirmed in Declaratory Ruling 24-17 that AI-generated voices count as an artificial or prerecorded voice, so AI calling falls squarely under the same rules rather than in a gray area.

The practical version for an agent is a short, hard checklist that runs before every outbound contact:

  • Consent appropriate to the channel and content (see the next section).
  • DNC scrub against the National Registry and your internal opt-out list.
  • Calling window inside the allowed local hours.
  • Identification and opt-out so the prospect knows who is calling and can stop it.

None of these are judgment calls. They are yes-or-no conditions, which is exactly why they belong in a deterministic gate rather than in an agent's head during a busy dialing session.

The consent landscape shifted twice in a year, and both moves loosened the federal written-consent requirement, but the prudent posture did not change. Here is the dated timeline an agent should know:

Date Authority What it did
Feb 8, 2024 FCC (Ruling 24-17) Confirmed AI-generated voices are an artificial or prerecorded voice under the TCPA
Jan 24, 2025 11th Circuit Vacated the FCC one-to-one consent rule (Insurance Marketing Coalition v. FCC)
Apr 11, 2025 FCC Revocation of consent must be honored within 10 business days
Feb 25, 2026 5th Circuit Held the TCPA does not itself require prior express written consent for telemarketing (Bradford v. Sovereign Pest)
Jan 31, 2027 FCC Extended effective date for the cross-topic revoke-all requirement

The headline looks like consent got easier. The reality for a regulated, long-tail business like life insurance is that you still want clear, documented prior express written consent, because it is the strongest defense in any forum no matter how the circuit split resolves, and because state laws and DNC rules apply regardless. The safe reading of a moving target is to hold the higher standard. The point of recording consent is being able to prove it later, which is the subject of why every call decision should be logged.

What are the calling-hours and DNC rules?

The calling-hours rule is 8am to 9pm in the called party's local time under 47 CFR 64.1200(c)(1), and several states set narrower windows or per-day caps. Because the relevant time zone is the prospect's, not yours, a lead in California and a lead in Florida have different legal windows at the same moment, which is impossible to track reliably by hand across a list.

The DNC rules layer on top:

  • National DNC Registry. Scrub against a copy no more than 31 days old (FTC). A registered number generally needs a valid exemption, such as documented consent, before you call it.
  • Internal DNC. If someone asks you not to call, that request is honored regardless of any consent on file, and it does not expire.

The conservative, defensible posture is to gate on the most restrictive of the federal and applicable state rules, computed from each lead's location, on every single attempt. See how that gate runs ahead of every dial on the AI voice caller page.

Do state laws add rules on top of the federal TCPA?

Yes, and this is where most agents get caught off guard. A growing number of states have passed their own "mini-TCPA" statutes that are stricter than the federal law, and they apply based on where the consumer is, not where you are. The federal rules in this guide are the floor, not the ceiling.

The most aggressive is Florida's Telephone Solicitation Act (FTSA). It requires prior express written consent for autodialed or prerecorded sales calls and texts, and oral consent is not enough (LegalClarity, 2026). Oklahoma's Telephone Solicitation Act (OTSA) and Washington's Commercial Electronic Message Act (CEMA) add their own written-consent and opt-out requirements, with CEMA penalties reaching $1,000 per message (Leadgen Economy, 2026). Several of these laws carry a private right of action, which is what turns them into class-action engines.

Law Key extra requirement Why it matters
Federal TCPA Consent, DNC, 8am to 9pm local, opt-out The nationwide floor
Florida FTSA Written consent for autodialed or prerecorded calls and texts; oral not enough Stricter consent, active plaintiff bar
Oklahoma OTSA Express written consent for autodialed marketing calls and texts Adds a state private right of action
Washington CEMA Express written consent for marketing texts; strict opt-out Up to $1,000 per message

The practical lesson is that a single national consent and calling-hours policy is not enough if you work leads across state lines, which almost every agent does. You either segment by state, which is hard to do reliably by hand, or you gate every contact on the strictest rule that could apply to that specific lead. The patchwork is exactly why the rules belong in code that knows each lead's location.

Do the TCPA rules apply to texting, too?

Yes. Text messages are treated like calls under the TCPA, so an SMS to a cell phone using an automated system needs the same consent as an autodialed call, and the state mini-TCPAs above explicitly cover texts. Agents often assume texting is a lighter-touch, lower-risk channel. Legally, it is not.

That means your follow-up cadence cannot route around consent by switching from a call to a text. If a number is not eligible for an automated call, it is generally not eligible for an automated marketing text either, and the same DNC and quiet-hours rules apply. A compliant system therefore runs the identical gate before a text that it runs before a call. For how that plays out across an entire multi-touch cadence, see the AI voice caller and SMS follow-up pages.

What are the penalties, and why do they scale so fast?

Penalties are $500 per violation, rising to up to $1,500 per violation for willful or knowing conduct, and there is no cap (47 USC 227). The statute itself sets the per-violation figure. As 47 USC 227(b)(3) puts it, a plaintiff may bring:

an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater

The danger is the words "each such violation." A single mishandled list does not produce one violation, it produces one per call or text, which is how TCPA cases turn into class actions with eye-watering numbers.

TCPA statutory damages per violationTCPA statutory damages per violation$0$500$1k$1.5k$2k$500Per violation$1.5kWillful or knowing
Source: 47 USC 227. Damages are per call or text and uncapped.

Run the arithmetic on a bad batch and the exposure is obvious: a thousand non-compliant calls at $500 each is $500,000 before anyone alleges the conduct was willful. That is the real reason compliance should be automated. A person dialing fast will eventually skip a quiet-hours check or miss a DNC flag; a deterministic gate will not. The way a shared, multi-buyer lead quietly multiplies this risk is covered in shared and multi-buyer leads and the TCPA trap.

How The Standard CRM makes the rules deterministic

The Standard CRM treats compliance as code, not as a habit. Before Atlas, the AI voice and follow-up assistant, places any call or text, a deterministic gate evaluates the rules and either allows or blocks the contact. The AI plans the conversation; the rules decide whether the contact is legal, and the rules are pure, version-stamped functions, never left to the model's judgment.

On every attempt, the gate checks:

  • Consent status for the lead and channel, defaulting to the higher written-consent standard.
  • DNC, against the National Registry and your internal suppression list.
  • Quiet hours, computed from the prospect's local time against the most restrictive of federal and state windows.

Every decision, allowed or blocked and why, is written to an immutable ledger, so you can prove what was checked and when. That combination, deterministic gating plus a tamper-evident record, is the difference between hoping you were compliant and being able to show it. See the compliance ledger for how that record works, and use the time-saved calculator to estimate the hours automated, compliant follow-up returns to your week.

Frequently asked questions

What are the core TCPA rules a life-insurance agent must follow?

Four things: get the right level of consent before contacting a cell phone with an autodialer or an artificial or prerecorded voice, scrub against the National and internal Do-Not-Call lists, only call inside the allowed local hours (8am to 9pm federally), and honor opt-outs promptly. These are deterministic rules, not judgment calls, which is why they should be enforced by a system, not remembered by a person.

Yes, and they are in flux. The Eleventh Circuit vacated the FCC one-to-one consent rule in January 2025 (Insurance Marketing Coalition v. FCC), and in February 2026 the Fifth Circuit held in Bradford v. Sovereign Pest that the TCPA does not itself require prior express written consent for telemarketing. The prudent posture is still to capture clear prior express written consent, because it remains the strongest defense regardless of how the rules settle.

What are the calling hours for life-insurance telemarketing?

Federal rules limit telemarketing calls to 8am to 9pm in the called party's local time (47 CFR 64.1200(c)(1)). Several states impose narrower windows and per-day caps, so the safe approach is to gate on the most restrictive of the federal and applicable state rules, computed from the lead's location.

What are the penalties for a TCPA violation?

Statutory damages are $500 per violation, rising to up to $1,500 per violation for willful or knowing conduct (47 USC 227). Because the count is per call or text and uncapped, a single mishandled list can scale into serious class-action exposure.

References

  1. Federal Communications Commission, Declaratory Ruling FCC 24-17. https://docs.fcc.gov/public/attachments/FCC-24-17A1.pdf
  2. Insurance Marketing Coalition Ltd. v. FCC, No. 24-10277 (11th Cir. Jan. 24, 2025). https://law.justia.com/cases/federal/appellate-courts/ca11/24-10277/24-10277-2025-01-24.html
  3. Holland & Knight, "TCPA Reset: Fifth Circuit Rejects Prior Express Written Consent Rule." https://www.hklaw.com/en/insights/publications/2026/03/tcpa-reset-fifth-circuit-rejects-prior-express-written-consent-rule
  4. Consumer Financial Services Law Monitor, "FCC Further Extends Effective Date for TCPA Revoke-All Rule." https://www.consumerfinancialserviceslawmonitor.com/2026/01/fcc-further-extends-effective-date-for-tcpa-revoke-all-rule/
  5. Electronic Code of Federal Regulations, 47 CFR 64.1200. https://www.ecfr.gov/current/title-47/chapter-I/subchapter-B/part-64/subpart-L/section-64.1200
  6. Federal Trade Commission, "Q&A for Telemarketers & Sellers About DNC Provisions." https://www.ftc.gov/business-guidance/resources/qa-telemarketers-sellers-about-dnc-provisions-tsr-0
  7. Cornell Legal Information Institute, 47 USC 227. https://www.law.cornell.edu/uscode/text/47/227
  8. LegalClarity, "Florida TCPA Rules, Requirements, and Penalties." https://legalclarity.org/florida-tcpa-compliance-regulations-penalties-and-strategies/
  9. Leadgen Economy, "State Mini-TCPA Laws: Florida FTSA, Oklahoma OTSA, and the Patchwork That Multiplies Your Risk." https://www.leadgen-economy.com/blog/state-mini-tcpa-laws-ftsa-otsa/

The TCPA is only scary when it lives in your head as a vague risk. The Standard CRM is being built so the rules live in code: a deterministic consent, DNC, and quiet-hours gate runs before every call and text, and every decision is logged. Request early access and run compliant outreach you can actually prove.

#TCPA#Compliance