The Telephone Consumer Protection Act is the federal law that governs how and when businesses can contact consumers by phone and text message. For mortgage teams that buy leads — whether refinance, purchase, or reverse — TCPA compliance is not a suggestion, a best practice, or something your compliance department worries about while you focus on production. It is the legal framework that determines whether your outreach is lawful or whether it exposes your company to individual lawsuits, class actions, and regulatory penalties that can reach into seven figures.
The rules have tightened significantly in recent years, and the enforcement environment has become more aggressive. If you are buying leads and calling consumers, you need to understand exactly what is required — not approximately, not “close enough,” but exactly.
What TCPA Requires Before You Can Call or Text a Lead
The core requirement is simple to state and complex to implement: before you can call or text a consumer, you must have their prior express written consent. This consent must specifically authorize your company — by name — to contact them via phone calls and/or text messages. The consent must be obtained through a clear, affirmative action by the consumer (checking a box, clicking a button, signing a form). It cannot be pre-checked, implied, or buried in terms of service that nobody reads.
For telemarketing calls (which includes most lead follow-up), the consent language must be “clear and conspicuous” — meaning the consumer can easily see and understand what they are agreeing to before they take the affirmative action. The consent must disclose that the consumer may receive calls using automated technology and that providing consent is not a condition of purchasing any product or service.
If any of these elements are missing from the lead generation form that produced the lead you are calling, your outreach may violate the TCPA — even if the consumer genuinely wants to hear from you.
One-to-One Consent: The New Standard
The most significant recent development in TCPA law is the FCC’s push toward one-to-one consent. Under older interpretations, a single consent form could authorize contact from multiple companies — “by submitting this form, you agree to be contacted by our marketing partners.” A homeowner might fill out one form and immediately receive calls from five different lenders, all claiming valid consent from the same submission.
The regulatory trend — accelerated by FCC rulings and reinforced by court decisions — is toward requiring that the consumer specifically and individually consent to be contacted by each company that will call them. This means the lead form must display your company name (not just a generic “partners” reference), and the consumer must take an affirmative action that specifically authorizes your company.
For mortgage teams buying leads from third-party vendors, this has major implications. If your vendor is generating leads through a single form and selling them to multiple lenders under a blanket consent, you may not have valid one-to-one consent for your company. And if you do not have valid consent, every call you make is a potential TCPA violation — regardless of how legitimate your business or how interested the consumer might actually be.
What Compliant Consent Language Looks Like
Good consent language is clear, specific, and conspicuous. The consumer should see your company name. They should understand that they are agreeing to receive phone calls and text messages. They should know that automated dialing technology may be used. And they should understand that providing consent is not a condition of getting a quote, a rate comparison, or any other service.
The consent disclosure should appear near the submit button — not behind a hyperlink, not on a separate page, not in a scrollable terms-of-service document. The consumer should not need to take additional action to see the disclosure. It should be visible on the same screen, in readable font size, before they click submit.
The affirmative action should be unambiguous. An unchecked checkbox that the consumer must actively check is the gold standard. A clearly labeled submit button with the consent language immediately above it is also acceptable. A pre-checked checkbox that the consumer must uncheck to opt out is not valid consent under current TCPA interpretation.
Calling Time Windows and State-Specific Rules
Federal TCPA rules restrict calls to between 8:00 AM and 9:00 PM in the consumer’s local time zone. This means your dialer needs to be configured to respect time zone boundaries based on the lead’s location — not your office’s time zone.
Several states have stricter rules. Some limit calling hours to 9:00 AM to 8:00 PM. Some require specific disclosures at the beginning of calls. Some have their own mini-TCPA statutes with additional requirements and penalties. If you are calling consumers in multiple states — which most mortgage teams are — your compliance framework needs to account for the most restrictive state-level rules in each market you serve.
Your dialer or CRM should handle time-zone compliance automatically. If it does not, you need to build this into your calling workflow manually — and manual processes are where compliance violations tend to happen.
Do Not Call List Compliance
TCPA intersects with the National Do Not Call Registry. Even with valid consent, you must scrub your calling lists against the federal DNC registry and any applicable state DNC registries. An “established business relationship” (which a fresh lead does not constitute) provides some exceptions, but the safest approach is to scrub every list against the DNC registry before calling and to honor all opt-out requests immediately.
When a consumer asks to be removed from your calling list — by any means, including verbally during a call — you must honor that request. The timeframe varies, but best practice is to remove them immediately and confirm the removal. Continuing to call after an opt-out request is one of the most common and most easily proven TCPA violations.
Protecting Your Business: Documentation and Vendor Diligence
Your first line of defense is documentation. For every lead you work, you should be able to produce evidence of when consent was obtained, how consent was obtained (the specific form, page URL, and consent language the consumer saw), what the consumer agreed to, and that your company was specifically named in the consent disclosure.
Your lead vendor should be able to provide this documentation on demand. Ask to see the actual consent flow — the lead form, the disclosure language, and the technical process. If they cannot or will not show you, that is a significant red flag. You are putting your license and your business at risk by calling leads from a vendor whose consent process you have not verified.
Second: contractual protection. Your agreement with any lead vendor should include representations that their lead generation process complies with TCPA and applicable state laws, indemnification provisions that protect you if their consent process turns out to be deficient, and the right to audit their consent flows and documentation on reasonable notice.
What Happens When You Get It Wrong
TCPA violations carry statutory damages of $500 per violation (per call or text). For willful violations, damages triple to $1,500 per violation. A mortgage team that calls 1,000 leads without valid consent could face potential exposure of $500,000 to $1.5 million. Class action lawsuits aggregate these damages across all affected consumers, and settlements regularly reach seven and eight figures.
Beyond financial exposure, TCPA violations can trigger regulatory scrutiny from the FCC, the CFPB, and state attorneys general. For licensed mortgage professionals, regulatory action can jeopardize your license — which means not just financial penalties but the ability to continue operating.
How BuyRefiLeads Handles Compliance
At BuyRefiLeads, our lead forms are built with one-to-one consent language that specifically names our lender partners. Each submission is timestamped and the consent flow is documented and auditable. We do not use blanket consent, pre-checked boxes, or incentivized form submissions.
Learn more about how our lead programs work, or schedule a call to see our consent flows and documentation process firsthand. If you have general questions about the refinance process from the homeowner side, our FAQ page covers the most common ones.
Ready to explore your refinance options? Contact our team today for a free, no-obligation consultation tailored to your financial goals.