TCPA Compliance for Insurance Agents: The Definitive Guide
Key Takeaways
• Consent requirements depend on your technology (manual vs. autodialer) and message type (informational vs. marketing)
• An Established Business Relationship (EBR) exempts you from DNC rules—but not from autodialer consent requirements
• Medicare agents face dual regulation under both TCPA and CMS marketing rules
• Agency principals can be held vicariously liable for agent TCPA violations
• TCPA violations carry $500-$1,500 per call penalties with no cap on total damages
For insurance agents, calling or texting the customer is the lifeblood of the business. But every outbound call, every text message, and every lead you purchase carries significant regulatory risk under the Telephone Consumer Protection Act (TCPA). This risk can cripple an agency and leave the agent, potentially, personally liable.
Unlike generic TCPA guides, this resource addresses the specific compliance challenges insurance agents face: working purchased leads, navigating carrier relationships, and understanding when an Established Business Relationship protects you (and when it doesn't).
Why Insurance Agencies Face Elevated TCPA Risk
Insurance agencies have been disproportionately represented in TCPA litigation recently for several structural reasons:
High call volume: Insurance is a numbers game. More calls mean more policies written. But, it also means more potential violations. And the increased usage of text messaging just makes it easier for agents to run afoul of TCPA regulations.
Third-party lead reliance: Agents frequently purchase leads from vendors. If that vendor obtained the lead improperly, you inherit the liability. Understanding how the leads are generated is vital to protecting yourself from eye-watering penalties.
Complex distribution chains: Carriers, FMOs, agencies, and independent agents create vicarious liability exposure at every level.
“Professional” plaintiffs: Repeat TCPA plaintiffs specifically target insurance agents by providing false information and real phone numbers registered on the DNC list.
Understanding Consent Requirements for Insurance Calls
The TCPA doesn't treat all calls equally. Your consent obligations depends on two factors: (1) the technology you use and (2) whether your call is informational or marketing.
Critical distinction: The Established Business Relationship (EBR) exempts you from Do-Not-Call rules for manual calls. It does NOT exempt you from consent requirements for automated technology, such as autodialers or AI voice calls. Using any regulated technology to call an existing client for a cross-sell without written consent is a TCPA violation.
Do-Not-Call Compliance for Insurance Agents
Insurance agents must navigate multiple DNC obligations:
National DNC Registry
Scrub your call lists against the National DNC Registry every 31 days
EBR exemption applies for 18 months post-transaction or 3 months post-inquiry
There is a safe harbor under the DNC rules but the agency must follow the rules very carefully
Internal (Company-Specific) DNC List
You must maintain your own internal DNC list
Honor requests for 5 years
Affiliate sharing: A DNC request to one Farmers agent may bind all Farmers agents if a consumer would "reasonably expect" the request to apply broadly
State DNC Lists
Some states maintain separate DNC registries (e.g., Texas, Pennsylvania)
State "mini-TCPA" laws may impose stricter requirements (Florida requires explicit consent for all telemarketing calls, including manual)
Vicarious Liability: Agency Principals at Risk
The Supreme Court confirmed in Campbell-Ewald v. Gomez that vicarious liability applies to TCPA claims. This means:
Carriers can be liable for agent violations
Agencies can be liable for independent contractor violations
Protecting Your Agency
Producer agreements: Require TCPA compliance in all contracts with agents and lead vendors
Define scope: Specify that TCPA violations fall outside the agency relationship
Training: Document regular compliance training for all producers
Auditing: Conduct periodic audits of calling practices
Indemnification: Include TCPA indemnification clauses in producer agreements
Working Purchased Leads Compliantly
Purchasing leads is standard practice in insurance, but it shifts risk to you. If the lead vendor obtained consent improperly, you face the lawsuit—not them. It is vital that you understand what the lead vendor is actually selling you.
Lead Vendor Due Diligence Checklist
☑️ Obtain the exact consent disclosure language used to generate the lead
☑️ Verify the lead specifically names your company (one-to-one consent)
☑️ Confirm the lead source URL is "logically and topically" related to insurance
☑️ Request TrustedForm certificates or equivalent consent documentation
☑️ Verify the vendor scrubs against the National DNC Registry
☑️ Include TCPA compliance warranties and indemnification in your vendor contract
TCPA compliance for insurance agents requires understanding how consent obligations vary based on your calling technology and message type. While an Established Business Relationship exempts you from Do-Not-Call rules for manual calls, it provides no protection when using autodialers—even for existing clients.
Insurance agencies face elevated TCPA risk due to high call volumes, reliance on third-party leads, complex distribution chains that create vicarious liability exposure, and professional plaintiffs who specifically target the industry. Protecting your agency requires rigorous lead vendor due diligence, documented compliance training, proper producer agreements with indemnification clauses, and maintaining both national and internal DNC lists.
Don't wait for a demand letter to assess your agency's TCPA exposure. Whether you're evaluating lead vendors, updating consent language, or building a compliance program from scratch, Henson Legal can help you protect your agency before problems arise. Schedule a consultation to review your current practices and identify gaps before they become costly litigation.