TCPA Compliance Made Simple: Key Rules for Communicating with Customers
Every phone call, text message, or fax your institution sends to a customer isn’t just a touchpoint—it’s a potential compliance risk. Under the Telephone Consumer Protection Act (TCPA), financial institutions must navigate strict rules governing outreach, with violations carrying significant fines and reputational damage.
In our latest What’s on Tap? episode, Attorneys Andrew Condiles, Scott Best, and Cameron Deane break down the key requirements of the (often misunderstood) TCPA while sharing guidance for communicating with customers in 2026 and beyond. Although the episode opened with a review of a Cape May IPA brewed on the southern tip of New Jersey, the real substance of the webinar was the team’s breakdown of the TCPA rules and the costly consequences of noncompliance.
Whether your organization regularly contacts consumers or you simply want to stay ahead of the evolving regulatory landscape, this webinar has you covered.
Understanding TCPA: Four core components
Our attorneys shared the foundational areas of the TCPA that impact everyday outreach:
- The national do not call (DNC) registry
- Call timing and content requirements
- Rules governing automatic telephone dialing systems (ATDS)
- Restrictions on prerecorded or artificial voice messages
Each category comes with detailed compliance expectations and potential risks if not followed closely. Here’s a quick recap of these core components of TCPA.
1. The national do not call list still matters—and it’s strict
The national “do not call” (DNC) list, maintained by the Federal Trade Commission (FTC), allows any consumer to block unwanted telemarketing calls. Once someone registers, the restriction follows the individual, not the phone number—important in an era when people frequently switch carriers or move while keeping the same mobile number.
The national “do not call” (DNC) list, maintained by the Federal Trade Commission (FTC), allows any consumer to block unwanted telemarketing calls. Once someone registers, the restriction follows the individual, not the phone number—important in an era when people frequently switch carriers or move while keeping the same mobile number.
Two major exceptions apply:
- Existing business relationship (EBR): Organizations may contact someone on the DNC list if a transaction occurred within the past 18 months.
- Debt collection: Calls solely for collecting a debt are exempt but cannot include marketing of any kind.
Beyond the national registry, organizations must maintain their own internal do not call list—and they must honor opt out requests within 10 days.
One more key point: The Fair Debt Collection Practices Act (FDCPA) cease-and-desist requests override DNC exemptions entirely.
2. Call timing and identification rules are simple, but easy to violate
The TCPA restricts calls to between 8:00 a.m. and 9:00 p.m. in the recipient’s time zone. This can cause unintended violations when mobile numbers don't reflect where a customer currently lives.
Additionally, every call must include:
- Caller’s name
- Organization’s identity
- Valid contact information
Any form of anonymous, misleading, or unidentifiable calls are prohibited.
3. ATDS rules are narrower post–supreme court, but still risky territory
The TCPA restricts using an ATDS to call cell phones without prior express consent. While the U.S. Supreme Court’s 2021 ruling narrowed the definition—requiring the system to use a random or sequential number generator—there is still risk.
Many consumers rely only on mobile phones, and any automated dialing without documented consent can lead to violations. Our attorneys emphasized that despite clearer legal definitions, courts continue to scrutinize dialing systems.
4. Prerecorded and artificial voice messages face limitations
Calling a customer’s cell phone with a prerecorded or artificial voice message requires prior express consent, unless it qualifies under narrow exceptions for urgent account issues such as:
- Fraud alerts
- Identity theft notifications
- Security breaches
It’s important to remember that these messages must not include marketing or sales promotions, be free to the consumer, clearly identify the institution, provide call back information, stay under one minute or 160 characters (for text messages), and not exceed three contact attempts within 30 days. Customers can revoke consent by any reasonable method, and organizations should treat every request seriously and promptly.
Remember: Penalties are harsh, but reputational damage is worse.
If you violate TCPA, the fines can be extremely costly at about $500 per violation or $1,500 per willful or repeated violation.
Since each call counts as a separate violation, costs scale quickly, especially in class actions. Our team shared cases involving millions of calls and attorney fee requests exceeding tens of millions of dollars.
Beyond financial exposure, violations can also lead to significant reputational harm and customer distrust. Rule breaking also triggers Consumer Financial Protection Bureau (CFPB) scrutiny or enforcement. Compliance is the best course for maintaining credibility and trust.
Final thoughts
This What’s On Tap? episode makes one thing clear: TCPA compliance is not optional. Even minor oversights can escalate into significant financial and reputational consequences. Organizations should regularly review their dialing technology, consent processes, opt out procedures, and documentation practices to protect themselves and strengthen customer relationships.
If you have more questions or need guidance related to TCPA compliance, reach out to Andrew, Cameron, or Scott any time.
This blog is not a solicitation for business, and it is not intended to constitute legal advice on specific matters, create an attorney-client relationship or be legally binding in any way.
