TCPA Compliance Checklist: Best Practices for Call Centers

Key takeaways

• TCPA compliance is constantly evolving, especially after federal court rulings in 2025.

• Clear, documented consumer consent remains the cornerstone of compliance—and it’s not one-size-fits-all.

• Best practices extend beyond consent, covering communication limits, opt-outs, and Do Not Call list management.

• State “mini-TCPAs” and STIR/SHAKEN rules add layers of complexity that call centers must manage, especially when balancing consent rules with caller ID reputation management.

• Partnering with legal counsel and using compliance-first dialer software (like Convoso) helps minimize litigation risk.

What is the TCPA?

The Telephone Consumer Protection Act (TCPA) is the cornerstone federal law regulating telemarketing and outbound communications. Since 1991, it has governed how businesses can contact consumers through auto-dialed calls, prerecorded messages, text messages, and even unsolicited faxes.

The goal of the TCPA is simple: Protect consumers from unwanted or abusive communications. In practice, compliance is complex. Over the years, new FCC rules, court decisions, and state-level laws have continually reshaped how the TCPA is interpreted and enforced.

For call centers and lead generation businesses, this means:

• Consent is not optional—it’s the foundation of every compliant campaign.

• Rules vary depending on the technology you use (e.g., autodialers, prerecorded messages, SMS).

• Court rulings like Facebook v. Duguid and McLaughlin v. McKesson continue to redefine compliance requirements.

The bottom line: Simply “knowing about” the TCPA isn’t enough. Call center leaders need clear policies, strong recordkeeping, and the right tools to stay compliant in an environment where the rules are always shifting—and they should rely on legal counsel experienced in TCPA nuances.

TCPA consent best practices (6 tips for compliance)

Consent is the backbone of TCPA compliance. Without it, even well-meaning businesses face major risks. These best practices will help ensure your team obtains, manages, and documents consent properly.

1. Get clear consent for marketing communications

Clear, verifiable consent is the cornerstone of TCPA compliance. Every form, script, and lead source should make it obvious who the consumer is agreeing to hear from, how their data will be used, and what kind of communications they can expect.

Avoid vague, bundled, or overly broad consent language that could be challenged in court. Make sure consent is specific to the type of communication (calls, texts, prerecorded messages) and the purpose of contact. Regularly review and update your lead forms and agreements to stay aligned with evolving TCPA interpretations and state laws..

2. Understand how courts are reshaping FCC guidance

In McLaughlin v. McKesson (June 2025), the Supreme Court ruled that FCC interpretations are not automatically binding on federal courts. Judges may choose to follow FCC guidance – or not. The result is a fragmented compliance landscape. To minimize risk, adopt conservative policies that go beyond FCC rules and can withstand judicial scrutiny.

3. Use the right technology for compliant dialing practices

In Facebook v. Duguid (2021), the Supreme Court narrowed the definition of an autodialer. This allowed compliance-first platforms like Convoso to place calls without written opt-in consent. However, opt-in is still required when using prerecorded messages or intelligent virtual agent (IVA) technology. 

Regardless of technology, opted-in consent remains the best practice, both for compliance and for consumer experience.

4. Obtain consent for non-marketing communications

Not all outreach is promotional—but even routine business communications require attention to consent. According to TCPA compliance experts Mac Murray & Shuster LLP, when a consumer voluntarily provides their phone number—directly or through an intermediary—they generally consent to be contacted for normal business communications related to that transaction or relationship.

However, this implied consent is limited and only applies when:

• The consumer has not provided instructions to the contrary (e.g., opted out or requested no contact).

• The communication is closely related to the original purpose for which the number was provided.

This consent doesn’t last forever. To stay compliant, document when and how each number was collected, monitor for revocation requests, and ensure your team only contacts consumers within the expected scope of their relationship.

5. Maintain detailed records of consent

Documentation is your defense. Records should capture:

• Date, time, and method of consent

• The specific seller(s) and products/services consent covered

• Supporting proof (e.g., TrustedForm certificates with replay data)

Remember: The FTC extended Telemarketing Sales Rule (TSR) recordkeeping to 5 years in 2024, while the TCPA statute of limitations runs up to 6 years. Some state laws go even further. Check with your call center software provider about long-term storage capabilities.

6. Provide clear opt-outs

Consumers must have an easy way to withdraw consent. Courts may differ on how revocation can be made, but the safest strategy is to accept oral, written, or electronic opt-outs. Have internal processes to promptly honor requests and scrub contacts from lists.Consistent opt-out handling not only protects your business from penalties but also demonstrates respect for consumer choice.

Communication compliance under the TCPA

TCPA compliance doesn’t end with consent—it also governs how and when you communicate with consumers.

Restrict calls to compliant (and effective) times

Federal TCPA rules limit telemarketing calls to 8:00 a.m. – 9:00 p.m. local time. Many states add stricter limits, such as ending at 8:00 p.m. Automated scheduling tools help enforce these restrictions while also optimizing for when leads are most responsive.

Limit your redialing

Excessive redials frustrate consumers and increase complaint risk. Use workflow automation to rest leads after a set number of attempts and consider adding SMS or email as alternative channels.

Honor requests to stop calling

Ensure agents are trained to immediately capture Do Not Call (DNC) requests and enter them into your internal DNC list. This protects your business from legal exposure and shows respect for consumer preferences.

Respect consumer preferences

Compliance is not just about laws – it’s about trust. Consumers who feel disrespected are more likely to take legal action. Embed respect into scripts, training, and company culture.

List and campaign management: TCPA compliance best practices

Your campaigns are only as compliant as your lists. The TCPA and related laws dictate who you can legally contact and how often.

Check the National Do Not Call Registry

Scrub leads against both the national DNC list and your internal company DNC list. Also check the Reassigned Numbers Database to avoid dialing numbers that no longer belong to the consumer who originally gave consent.

Scrub your lists for litigators

Predatory plaintiffs and serial litigators actively look for TCPA violations. Protect your campaigns by removing known litigators’ numbers with tools like Contact Center Compliance or The Blacklist Alliance.

Distinguish between cell and landline numbers

Different rules apply depending on the type of number. Choose a predictive dialer that automatically separates mobile and landline contacts to manage rule enforcement.

Review prerecorded scripts regularly

TCPA rules for prerecorded messages require:

• Identification of your company and purpose at the start

• A callback number for DNC requests

• An interactive opt-out mechanism

As of January 2024, AI-generated content is considered an “artificial voice” under the TCPA—so ensure scripts using AI tools also comply.

Beyond TCPA: other key call center compliance rules

STIR/SHAKEN and Caller ID Flagging

Since STIR/SHAKEN was introduced in 2019, carriers have taken on the role of filtering calls to reduce spoofing and robocalls. They now rely on opaque algorithms to decide whether a number should be labeled Spam or Scam Likely.

The result? Even businesses with proper consent often struggle to reach consumers. Calls are flagged, contact rates drop, and revenue opportunities are lost.

That’s why caller ID reputation management is now essential. Compliance alone isn’t enough – you need tools that actively monitor number health and prevent calls from being mislabeled.

This is where Convoso Ignite™ changes the game. Ignite automates the entire DID lifecycle, using AI to score number health across a broad spectrum and select the best-performing numbers for each call. By pairing TCPA best practices with proactive caller ID reputation management, businesses can protect themselves legally while maximizing performance.

State “mini-TCPAs”

The rise of state-level telemarketing laws—often called ‘mini-TCPAs’—has created an increasingly complex compliance environment. In response to federal rulings, many states have passed their own TCPA-style laws, often stricter than the federal standard. These “mini-TCPAs” create a patchwork of rules that outbound teams must navigate.

Example states codifying new regulations include Arizona, Connecticut, Florida, Maryland, Oklahoma, and Washington. Recent legislation illustrates the trend:

• Texas (2025): Expanded to cover SMS, requiring registration and increasing penalties

• Oregon (2026): Tightened restrictions on calling times and daily attempt limits

• New York (2025): Strengthened disclosure rules for unsolicited calls

The real challenge is complexity: A campaign compliant in one state may put you at risk in another.

Tools like Convoso’s StateTracker automate compliance checks for each state, reducing the risk of human error and costly violations.

How to strengthen compliance with outside expertise

• Consult with legal counsel: Regulations evolve quickly. Partner with attorneys specializing in contact center compliance to guide your policies.

• Perform regular audits: Conduct quarterly internal reviews and periodic third-party audits to identify gaps.

• Vet your data providers: Only source leads from reputable providers that have compliance safeguards in place and audit third-party data regularly.

• Choose the right software partner: Best-in-class dialers combine conversion optimization with built-in compliance automations and safeguards.

Convoso’s platform includes a suite of compliance-first tools so sales teams can focus on performance with peace of mind.

Ready to strengthen your TCPA compliance strategy?

Staying compliant doesn’t have to slow down performance. With Convoso’s compliance-first platform, outbound teams can automate consent tracking, manage state-by-state regulations, and protect caller ID reputation — all while improving contact rates.

Request a Demo to see how Convoso helps call centers stay compliant and competitive

DISCLAIMER: The information on this page, and related links, is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel for compliance advice. Any quotes are solely the views of the quoted person and do not necessarily reflect the views or opinions of Convoso.