The FCC's "One-to-One Consent" Rule is Gone. Are Insurance Agents Safe?
Spoiler Alert: No.
Insurance agents are not "safe" now that the FCC's "One-to-One Consent" rule is no more. Is it a relief? Yes, but there is still plenty of TCPA risk for insurance agents to consider. Lead practices that were risky before the FCC proposed "1:1 consent" are still risky today.
What Was the FCC "One-to-One Consent" Rule (And Why Were Agents Worried?)
Historically, lead generators have captured the consumer's consent for TCPA purposes using language directly on their forms prior to knowing who will actually be buying the lead. One reason for this is technical constraints. The lead generators want to get the consent prior to running the consumer's information through their system and matching them or finding the end lead buyer. Lead generators often use language such as "You agree to us and our PARTNERS" or similar language in their consents. The "PARTNERS" is often hyperlinked to a list of potential lead buyers. Depending on the lead generator, this "partner list" can get very lengthy and lead to consumer confusion around what partners will actually receive their information.
As such, the FCC proposed their "One-to-One Consent" rule under the title of "Closing the Lead Generator Loophole". This proposed rule was set to make it essentially impossible for lead generators to use a blanket consent with a hyperlink to a "partner list". Instead of this tried and true method of gaining consent, the FCC wanted a consumer to select each potential lead buyer that could call the consumer.
The FCC stated that requiring this consumer selection "will stop the abuses we saw…where the websites at issue included TCPA consent disclosures whereby the consumer 'consented' to receive robocalls from 'marketing partners.'" Therefore, the FCC wanted to require "consent to one seller at a time." Additionally, the FCC proposed to require two additional changes to consent: (1) the consent must be clearly and conspicuously disclosed with only a single seller; and (2) the consent must be "logically and topically related to that website".
The "clear and conspicuous" standard was somewhat noncontroversial, however, the "logically and topically related requirement" was very controversial. Part of the reason for this controversy was the FCC ‘s choice not to define what "logically and topically related" meant. For example, is home insurance related to mortgage? Is a personal loan related to health insurance? Therefore, the FCC was implementing this new rule, but not giving any guidance as to how to comply with it.
These proposed requirements were obviously controversial as they drastically affected companies, both large and small, including insurance agencies who relied on these lead generators to obtain consumers. As such, the Insurance Marketing Coalition (IMC), an insurance trade group, stepped in and challenged the FCC in court.
Why the 11th Circuit Struck It Down: A 2-Minute Legal Summary
The lead generation industry had used the FCC's prior guidance to enact a commonly accepted framework in which consent was being obtained by lead generators on behalf of their partners, including insurance agencies. In IMC's petition, they correctly identified that the proposed rule "discards that longstanding framework and replaces it with a rigid new scheme that will reduce consumer choice, drive small businesses out of the market, and devastate performance marketing companies that partner with and operate comparison shopping services."
The oral arguments before the 11th Circuit were revealing, and the panel did not disappoint in its pushback against the FCC. The conversation hinged on the FCC's power to implement regulations in furtherance of the TCPA's statutory language. This is a critical distinction. The FCC is limited to implementation; they do not have the authority "to rewrite the statute," as was mentioned during the arguments.
Judge Luck, for instance, raised concerns about the FCC's limitations on a consumer's ability to consent. According to Luck, the statute clearly intends to allow consumers to agree to receive calls. If that is the case, then any limitation on the consumer's ability to exercise their rights is an attempt to rewrite the statute. Luck agreed that implementing the statute is fine, but limiting the right of consumers to receive calls they consent to receive is an overreach.
He followed this with a very telling quote: "Just because you [the FCC] are ineffective at enforcing the authority doesn't mean you have the right to limit one's right, a statutory right, or rewrite those rights to limit what it means".
When it came time to issue their ruling, the 11th Circuit ultimately vacated the Order:
The FCC has impermissibly exceeded its statutory authority by attempting to redefine 'prior express consent' to include the additional restrictions….In its attempt to 'implement' the TCPA, the FCC overstepped statutory boundaries….Rather than respecting the line that Congress drew, the FCC stepped right over it.
And with that ruling, the One-to-One consent rule, which the industry fretted over and tested new procedures against, died.
The Big Mistake: 3 Risks That Remain (Even Without the Rule)
However, the death of the One-to-One Consent rule did not alleviate the risk around lead generation for insurance agencies. The Eleventh Circuit's ruling was limited to the "One-to-One Consent" rule, not the TCPA as a whole. Therefore, the risks around telemarketing phone calls and text messages are still there.
Do Not Call Lawsuits
Lawsuits around Do-Not-Call ("DNC") violations still abound. DNC violations are based on a caller calling or texting a consumer whose phone number is on the national DNC database. These calls run severe risks for the caller, as each call has statutory damages in the amount of $500 per call or text and if the calls were made in knowing violation of the DNC rules, those damages could be tripled to $1,500 per violation. Therefore, DNC violations, although a subset of TCPA claims, are just as dangerous.
American Income Life, an insurance company offering life insurance policies, settled a DNC class action for over $14 million dollars. In the initial complaint, it was alleged that American Income Life would generate online leads using a will kit and then "bait and switch" consumers into a life insurance pitch. American Income Life had consent which would have met the "one-to-one" standard proposed by the FCC, but their issue was one of DNC violations.
State Level "Mini-TCPA" Lawsuits
Many states are now enacting their own "mini-TCPA" statutes to protect their consumers. It is no longer sufficient to ensure your compliance with the federal TCPA—it is also imperative to know if there are state-level rules which would apply to your business.
Florida, for instance, enacted one of the first "mini-TCPA" statutes. Florida's law has a stricter time restriction than the federal TCPA and Florida restricts the number of calls/texts made to a caller regarding the same subject matter in a 24-hour period. Additionally, the Florida statute has statutory damages that can stack on any potential federal TCPA damages. Meaning, if you violate the federal TCPA and the Florida statute, then your per violation damage could be up to $3,000 per call ($1,500 for TCPA and $1,500 for Florida).
Contract and Vendor Liability
This is one of the most underrated risks for anyone thinking about TCPA compliance. When you are buying leads from third parties, it is imperative that the third parties are getting TCPA consent to cover you and your calling strategy. Essentially, you are not only buying leads from the third party, but you are betting their compliance is adequate to cover you.
QuoteWizard, a large insurance lead generator, recently settled a TCPA lawsuit for $19 million. Part of the reason for the issue is that QuoteWizard could not trace back the consent language to the lead generators they were buying the leads from. Therefore, since the leads were several steps removed from QuoteWizard, they could not prove they had valid TCPA consents. Good vendor management is key to good TCPA compliance.
Your 3-Step Legal Strategy for Buying Insurance Leads Today
Now that the dust has settled from the 11th Circuit's ruling, insurance agents need a clear roadmap for compliance. The One-to-One consent rule may be dead, but the TCPA itself is very much alive—and hungry. Here's your three-step strategy for buying leads without betting your business on a lawsuit.
Step 1: Audit Your Vendor Contracts (And Look Hard at Indemnification)
Why This Matters: Remember QuoteWizard's $19 million settlement? That happened because they couldn't trace consent back through their vendor chain. When you buy a lead, you're not just buying a phone number—you're betting that every party in that lead's journey got proper consent. If they didn't, you're the one holding the bag when the lawsuit arrives.
What to Do:
Review indemnification clauses. Your contract should clearly state that the vendor indemnifies you for TCPA violations arising from their consent practices. But don't stop there—make sure the indemnification is broad enough to cover actual defense costs, not just judgments. TCPA defense can cost six figures even if you win.
Demand consent documentation. Your vendor contract should require the lead generator to provide, upon request, the exact consent language shown to each consumer. This isn't optional; it's your lifeline in litigation. If your vendor can't produce the consent form for a specific lead within 48 hours, that's a red flag.
Verify vendor insurance. An indemnification clause is only as good as the company behind it. Require proof that your vendor carries adequate TCPA-specific liability insurance. Small lead generators often don't, which means their indemnification promise is worthless.
Audit sample leads quarterly. Don't wait for a lawsuit to test your vendor's compliance. Pull 10-20 random leads each quarter and request the consent documentation. Review the language yourself. Does it specifically mention insurance? Does it clearly disclose that consumers will receive marketing calls? If you can't understand the consent, a jury won't either.
Map the entire chain. If your vendor is buying from other lead generators (which is common), your contract should require transparency about the entire supply chain. You need to know exactly who touched that lead and what consent language was used at each step.
Step 2: Scrutinize Your Lead Forms (Ensure Clear, Unambiguous Consent)
Why This Matters: Even though the One-to-One rule is gone, the basic TCPA requirement remains: you need "prior express written consent" for marketing calls or text messages using an automatic telephone dialing system or artificial/prerecorded voice. Vague consent language is an invitation to a class action.
What to Do:
Use specific, clear language. Your consent should be crystal clear about what the consumer is agreeing to. Generic phrases like "marketing partners" or "related companies" create ambiguity that plaintiff's attorneys love. Instead, use language like: "I expressly consent to receive marketing calls and text messages from [Your Agency Name] and up to [specific number] insurance agents, agencies, or carriers about insurance products at the telephone number I provided, including calls using an automatic telephone dialing system or artificial or prerecorded voice."
Make it conspicuous. The consent language must stand out visually. This means larger or bold font, a separate box or highlighted section, not buried in a wall of text, and placed near the signature or submit button. It cannot be hidden behind a hyperlink (though you can supplement with a hyperlink to additional details).
Disclose what they're consenting to. Be explicit about what types of calls (marketing, follow-up, quotes), what methods (calls, texts, automated systems, prerecorded messages), what subject matter (insurance products), that consent is not required to purchase, and that message and data rates may apply (for texts).
Separate from terms and conditions. TCPA consent cannot be bundled into general terms and conditions. It must be a separate, standalone agreement or clearly delineated within a form.
Get affirmative action. Consent must be affirmative—pre-checked boxes don't count under recent FCC guidance. The consumer must actively check a box, click a button, or sign adjacent to the consent language.
Match your calling practices. If you're going to text, your consent must mention texts. If you're using an autodialer, your consent must mention automated calling technology. Don't consent to "phone calls" and then send texts—that's a violation.
Document everything. Keep records showing the exact consent language presented to each consumer, the date and time consent was obtained, IP address or other verification of the consumer's action, and any changes made to consent forms over time.
Step 3: Maintain a Perfect Internal DNC List
Why This Matters: Remember American Income Life's $14 million settlement? They likely had adequate consent, but DNC violations are a separate TCPA claim with massive liability. Each call or text message to a number on the National DNC Registry is $500 in damages—or $1,500 if "willful." A single agent making 50 calls a day to unchecked numbers can rack up seven-figure liability in a month.
What to Do:
Scrub against the National DNC Registry every 31 days. This is the law, not a suggestion. The FTC requires you to update your calling lists against the National DNC Registry at least every 31 days. Set a recurring calendar reminder and document every scrub with the date of scrub, number of records checked, number of matches found and suppressed, and name of person who performed the scrub.
Maintain your company-specific DNC list. Federal law requires you to maintain an internal "do not call" list separate from the National Registry. When anyone—anyone—asks not to be called, you must add them to your internal DNC list immediately, suppress them from all calling campaigns within 30 days (or immediately for Florida residents), never remove them unless they specifically request to be called again, and train all staff on how to properly record DNC requests.
Honor requests made through any channel. A DNC request doesn't have to follow a specific format. If a consumer says "take me off your list" via phone call, text message reply, email, social media message, or voicemail, you must honor it. Train your team to recognize DNC requests even when they're not phrased perfectly.
Implement a halt procedure. When someone requests DNC status, they should be suppressed from calling campaigns within ten business days maximum—sooner for states like Florida. Have a system that flags the number immediately across all campaigns, notifies all agents who might have that lead, syncs to your CRM and dialer in real-time, and sends confirmation to the requester (best practice).
Document every DNC request. For each DNC request, maintain records showing the date and time of request, method of request (call, text, email, etc.), name of person who received request, date added to internal DNC list, and any notes about the conversation.
Audit your DNC processes monthly. Conduct monthly spot checks by pulling 20 random names from your internal DNC list, verifying they're suppressed in all calling systems, checking that no calls/texts were made after DNC request, reviewing documentation for completeness, and testing your DNC request intake process with a secret shopper.
The Bottom Line on DNC: DNC compliance isn't exciting, but it's non-negotiable. Unlike consent issues where you might have a defense, DNC violations are often black and white: either you called a registered number or you didn't. There's no gray area, no "we thought we had consent" defense. That makes DNC compliance your most important daily discipline.
Why This Strategy Matters Now
The death of the One-to-One consent rule doesn't mean the TCPA is toothless. If anything, it means plaintiff's attorneys will double down on the violations that remain: DNC claims, inadequate consent, and vendor liability. The three steps above—auditing vendors, perfecting consent, and maintaining DNC discipline—address the three most common ways insurance agents find themselves in TCPA litigation.
The agents who thrive in this environment won't be the ones who breathe a sigh of relief that One-to-One is dead. They'll be the ones who use this moment to build bulletproof compliance systems that protect them regardless of what the FCC does next.
Because here's the truth: the FCC may have lost this battle, but they haven't given up the war. And while they're regrouping, plaintiff's attorneys are actively hunting for the next big TCPA class action—and insurance lead buyers are right in their crosshairs.
Don't be an easy target.
