If you’re generating or buying mortgage leads, TCPA compliance isn’t a nice-to-have — it’s the difference between a profitable marketing channel and a class-action lawsuit. The Telephone Consumer Protection Act governs how businesses contact consumers by phone and text, and mortgage lead generation sits squarely in its crosshairs. Here’s what you need to know to stay compliant.
Why TCPA Matters for Mortgage Leads
TCPA violations carry penalties of $500-$1,500 per unsolicited call or text. For a lender who calls 100 leads without proper consent, that’s $50,000-$150,000 in potential liability — from a single campaign. Class-action TCPA lawsuits against mortgage companies regularly result in multi-million-dollar settlements.
The risk is real and growing. Regulatory scrutiny of mortgage lead practices has increased, trigger-lead restrictions are tightening, and consumer awareness of their TCPA rights is at an all-time high. Compliance isn’t about checking a box — it’s about protecting your business.
The Core TCPA Requirement: Prior Express Written Consent
Before you can call or text a consumer using an auto-dialer or prerecorded message, you need their “prior express written consent.” For mortgage lead generation, this means the consumer must have completed a form (online or paper) that clearly identifies who will contact them, states that they may be contacted by phone, text, or auto-dialer, confirms that consent is not a condition of purchasing any service, and includes the consumer’s phone number.
This consent must be obtained before the first contact. Buying a list of phone numbers and calling them is not consent. Purchasing leads from a vendor who didn’t collect proper consent transfers the liability to you.
What Compliant Lead Generation Looks Like
Clear, prominent consent language on every form. Not buried in a terms-of-service link. Not in 6-point gray text. The consent language should be visible, readable, and unambiguous. The consumer should know exactly what they’re agreeing to before they submit.
Named parties in the consent. The consent should name the specific companies (or categories of companies) that will contact the consumer. “BuyRefiLeads and its participating licensed mortgage lenders” is specific. “Various third parties” is not.
Recordkeeping. Maintain records of each consumer’s consent for at least 5 years, including the form version they completed, the timestamp of their submission, the IP address and device information, and the exact consent language displayed at the time of submission.
Opt-out mechanism. Every call and text must include a clear way to opt out. For texts, “Reply STOP to unsubscribe” is standard. For calls, “Press 2 to be removed from our list” works. Once someone opts out, you must stop contacting them within a reasonable timeframe (typically 24-48 hours).
Red Flags That Signal Non-Compliant Leads
When buying leads from any vendor, watch for: consent language that doesn’t specifically mention phone contact or auto-dialers, leads generated from data-append services (phone numbers added to names/addresses without the consumer’s knowledge), vendors who won’t show you their forms or consent language, leads where the consumer says “I never filled out a form” — a sign of fabricated or recycled data, and batch-delivered leads with no timestamps or submission records.
If you receive a lead and the consumer has no recollection of submitting their information, stop calling immediately. That lead was likely generated through non-compliant means, and continuing to call creates liability for you — not just the vendor.
How to Protect Your Business
Vet your lead vendors thoroughly. Ask to see the exact forms and consent language used. If they won’t show you, don’t buy. The 7 questions every lender should ask before buying leads covers this in detail.
Add your own consent layer. When a lead enters your system, consider sending a confirmation text: “Hi [name], you requested refinance information through BuyRefiLeads. Reply YES to connect with a licensed lender.” This creates an additional consent record that’s directly tied to your company.
Train your team. Every LO should understand TCPA basics: never call from a suppressed number, always identify yourself and your company, honor opt-out requests immediately, and document every contact attempt.
Use compliant technology. If you’re using a dialer, ensure it’s TCPA-compliant — particularly regarding auto-dialing regulations, which have been tightened by recent court rulings. Manual dialing (where a human initiates each call) carries less regulatory risk than auto-dialers.
BuyRefiLeads builds TCPA compliance into every lead flow — clear consent language, named parties, timestamped records, and real-time delivery with full documentation. For details on how our compliance framework works, visit our lead programs page or review our privacy policy.
Ready to explore your refinance options? Contact our team today for a free, no-obligation consultation tailored to your financial goals.
Refinance Leads Available by State
We generate high-intent refinance leads in metros across the country. Start with the states where your team is licensed:
- California — Los Angeles, San Diego, San Francisco, Sacramento
- Texas — Houston, Dallas, San Antonio, Austin
- Florida — Miami, Tampa, Orlando, Jacksonville
- New York — NYC, Buffalo, Rochester, Syracuse
- North Carolina — Charlotte, Raleigh, Durham, Greensboro
See all 50 states and 1,000+ city pages for full market coverage.