Beginner’s Guide to the TCPA

TCPA 101: Requirements, rules and penalties

TCPA compliance is a critical requirement for organizations that communicate with consumers by phone or text. The Telephone Consumer Protection Act (TCPA) regulates how businesses use calls, text messages and automated dialing systems, helping limit unwanted outreach while protecting consumer privacy.

For organizations that rely on outbound communication, understanding TCPA requirements is essential to reducing risk, avoiding penalties and maintaining trust.

What is the Telephone Consumer Protection Act (TCPA)?

TCPA was signed into law in 1991 as an amendment to the Communications Act. It works alongside the Federal Trade Commission’s Telemarketing Sales Rule (TSR) to regulate telephone communications in the United States.

At its core, the TCPA restricts how organizations can contact consumers, particularly when using automated technology such as autodialers or prerecorded messages.

Who must comply with the TCPA?

TCPA requirements apply broadly to organizations that engage in outbound communications, including:

• Telemarketers
• Financial institutions
• Healthcare organizations
• Debt collectors
• Any business using calls or text messages to engage consumers

If your organization contacts consumers using phone numbers — especially mobile numbers — you are likely subject to TCPA rules.

Origin of the TCPA

The Federal Communications Commission (FCC) was established in 1934 through the Communications Act to regulate interstate and international communications.

The TCPA, enacted in 1991, amended that law to introduce restrictions on telemarketing calls, text messages and the use of automated dialing technology. These updates expanded the FCC’s role in protecting consumers from unwanted communications.

Key TCPA requirements for calls and texts

Consent requirements

One of the most important aspects of TCPA compliance is obtaining prior express written consent before making marketing calls or sending marketing text messages using an autodialer (ATDS) or prerecorded voice.

Consent must be:

• Clear and conspicuous
• Tied to a specific purpose
• Not required as a condition of purchase

Consumers must take affirmative action to provide consent.

What is an ATDS (autodialer)?

An Automatic Telephone Dialing System (ATDS) is equipment that can:

• Store or produce telephone numbers using a random or sequential number generator.
• Dial those numbers without human intervention.

Even systems with the capacity to perform these functions may fall under TCPA rules.

Calling and texting rules

Organizations must also:

• Contact consumers only between 8 a.m. and 9 p.m. (local time)
• Display accurate caller ID information
• Treat text messages the same as calls
• Provide clear identification and contact details

Do Not Call (DNC) requirements

TCPA compliance includes strict Do Not Call requirements.

Organizations must:

• Suppress numbers on the National Do Not Call Registry
• Maintain an internal DNC list
• Honor opt-out requests
• Retain records for at least five years

Internal Do Not Call lists

Organizations must maintain internal lists of individuals who request not to be contacted.

To comply, businesses must:

• Maintain a written DNC policy
• Train employees to process requests
• Document and retain all requests

Exemptions to DNC requirements

Certain exemptions apply, including:

• Established business relationships
• Prior express consent
• Noncommercial or nonprofit communications

TCPA safe harbor provisions

Safe harbor protections may apply if organizations:

• Maintain written compliance procedures
• Train employees and vendors
• Maintain DNC lists
• Monitor compliance
• Retain records

Call abandonment rules

Organizations using automated dialing must:

• Keep abandonment rates below 3%
• Allow calls to ring for at least 15 seconds
• Provide a recorded message with identification and opt-out instructions

Reassigned numbers and compliance risk

Reassigned numbers create compliance risk when consent no longer applies to a new user.

The FCC’s Reassigned Numbers Database helps organizations verify ownership and reduce exposure.

Common TCPA violations

Common issues include:

• Contacting consumers without proper consent
• Failing to honor DNC requests
• Using autodialers improperly
• Contacting reassigned numbers
• Using unclear consent language

TCPA lawsuits, penalties and private right of action

Consumers can bring claims under the TCPA through a private right of action.

Penalties include:

• $500 per violation
• Up to $1,500 per willful violation

These violations often result in significant class action settlements.

Why TCPA compliance matters

TCPA violations can lead to:

• Financial penalties
• Reputational damage
• Loss of customer trust
• Increased regulatory scrutiny

How to maintain TCPA compliance

Organizations should:

• Implement clear consent processes
• Maintain accurate records
• Monitor internal and vendor activity
• Train employees regularly
• Document compliance efforts

TCPA compliance checklist

Use this checklist to evaluate whether your organization meets key TCPA requirements, including consent, DNC management and documentation practices. 

How Wipfli can help

Wipfli helps organizations strengthen TCPA compliance through advisory, monitoring and risk management services. Our team works with you to evaluate current practices, improve consent and communication processes and reduce exposure to regulatory and legal risk.

Our services include:

• Compliance assessments and gap analysis
• Consent and communication process design
• DNC policy development and monitoring
• Vendor oversight and risk management

Learn more on our TCPA services web page