You bought 500 leads. Your sales team starts dialing. Three months later, you’re served with a TCPA lawsuit claiming you called someone without their consent.

Your lead vendor swears the leads were “TCPA compliant.” But when you ask for proof, all you get is a spreadsheet with timestamps.

That’s not going to save you in court.

If you’re buying leads in insurance, solar, home services, or any industry that involves outbound calling, this guide is for you. Not the sanitized, corporate-speak version — a practical, field-tested breakdown of what you actually need to do to protect your business.

The Stakes: Why This Matters Right Now

Let’s start with the numbers that should keep you up at night:

  • $500 per violation for negligent TCPA violations
  • $1,500 per violation for willful or knowing violations
  • One violation = one call or text. If you called someone 10 times, that’s 10 violations.
  • Class actions multiply the damage. A class of 5,000 plaintiffs at $500 each = $2.5 million. At $1,500 each = $7.5 million.

And here’s the part that catches most lead buyers off guard: you can’t outsource liability by outsourcing lead generation.

Vicarious Liability Is Real

In Weaver v. Urban Solar Energy, Inc., the court held that the company making the calls bore liability even though a third-party lead generator had allegedly obtained consent. The court’s reasoning was straightforward: the company that benefits from the calls is responsible for ensuring valid consent exists.

This principle has been reinforced across multiple circuits. If you’re the one dialing (or hiring someone to dial on your behalf), you’re the one on the hook. Telling a judge “but my lead vendor said the leads were compliant” is not a defense.

Understanding What the TCPA Actually Requires

Before we get to the checklist, let’s clarify what the law demands:

For telemarketing calls to cell phones (which is most lead-based calling), the TCPA requires prior express written consent that includes:

  1. A clear and conspicuous disclosure that the consumer agrees to receive calls/texts
  2. The specific seller the consumer is consenting to hear from
  3. The consumer’s signature (electronic signatures count)
  4. The phone number to which calls will be made
  5. Consent cannot be a condition of purchasing goods or services

Best practice — and the direction the regulatory landscape is heading — is that consent should be specific to a single seller. The old practice of burying 50 company names in fine print and claiming “consent” for all of them carries significant legal risk.

This means the lead form the consumer filled out should clearly identify your company as the entity that will be calling. Generic “marketing partners” language is increasingly challenged in court.

The Lead Buyer’s TCPA Compliance Checklist

✅ Before You Sign a Lead Vendor Contract

1. Demand consent documentation samples upfront.

Ask your prospective lead vendor: “Show me exactly what evidence you’ll provide that consent was obtained for each lead.” If they can’t show you a clear example, walk away.

2. Ask specifically how consent is captured.

The right questions:

  • “What does the consumer see at the moment they consent?”
  • “Is consent captured through an active checkbox, or is it embedded in terms and conditions?”
  • “How do you capture evidence that the consumer — not a bot — actually interacted with the consent mechanism?”
  • “Is my company specifically named in the consent language?”

3. Review the actual consent language.

Get a screenshot or recording of the form. Read the disclosure. Ask yourself:

  • Is it clear and conspicuous? (Not buried in 8pt font at the bottom of a page)
  • Does it specifically name your company?
  • Does it mention calls, texts, and/or autodialed calls specifically?
  • Is it clear that consent is not required to make a purchase?

4. Understand their verification method.

There’s a spectrum of consent evidence quality:

Evidence TypeWhat It ProvesLitigation Strength
Timestamp + IP addressSomeone visited a pageWeak
Consent certificateA form loaded in a browserModerate
Session recording with PII bindingA specific consumer actively consentedStrong

Push for the strongest evidence available.

5. Get contractual indemnification — but don’t rely on it.

Your contract should include indemnification for TCPA claims arising from bad consent. But understand: indemnification only works if the vendor is still solvent when you need to collect. And it doesn’t prevent the lawsuit from being filed against you in the first place.

✅ For Every Lead You Purchase

6. Verify consent documentation exists before calling.

Don’t assume. For every lead, confirm that consent evidence is accessible. If your vendor can’t produce documentation for a specific lead, don’t call that lead.

7. Check the consent date and your contact window.

Consent isn’t forever. Industry best practice is to contact leads within a reasonable time frame — typically within days or weeks of consent, not months. Stale consent is legally risky consent.

8. Confirm the consent is specific to your company.

Best practice: the consent should name you. Not “our partners.” Not “affiliated companies.” You, by name.

9. Scrub against the National Do Not Call Registry.

TCPA compliance isn’t just about consent. You must also scrub your call lists against the National DNC Registry at least every 31 days. Maintain your own internal DNC list as well.

10. Honor opt-out requests immediately.

When someone says “stop calling me,” stop. Immediately. Add them to your internal DNC list. Train every person who touches a phone to handle opt-outs properly.

✅ Ongoing Compliance Operations

11. Maintain your own records.

Don’t rely solely on your lead vendor to store consent evidence. Obtain copies and store them yourself. If a lawsuit arrives in three years, you need to be able to produce records independently.

12. Audit your vendors regularly.

At least quarterly, pull a random sample of leads and verify that consent documentation exists and meets your standards. Mystery-shop your own lead forms. Look at what consumers actually see.

13. Document your compliance process.

If you’re ever sued, demonstrating that you had a systematic compliance process — not just good intentions — can be the difference between a negligence finding ($500/violation) and a willful violation finding ($1,500/violation).

14. Train your team.

Everyone who makes calls needs to understand:

  • What TCPA consent means
  • How to handle opt-outs
  • What to do if someone says “I never agreed to this call”
  • How to document objections

Red Flags: When to Walk Away from a Lead Vendor

🚩 “All our leads are TCPA compliant.” Every vendor says this. It means nothing without evidence to back it up.

🚩 They can’t produce consent evidence for individual leads. If they can only show you a sample form and say “trust us,” you’re exposed.

🚩 The consent language is generic. “By submitting this form, you agree to be contacted by our partners” — vague language like this is increasingly challenged in TCPA litigation.

🚩 Pre-checked consent boxes. If the consent checkbox is pre-checked, it’s not valid consent under the TCPA. Period.

🚩 Unusually cheap leads. If leads are priced significantly below market, ask yourself why. Often, the answer is that the vendor is cutting corners on consent — and you’ll pay the difference in legal fees.

🚩 No contractual indemnification. If a vendor won’t indemnify you against TCPA claims arising from their leads, they’re telling you something about their confidence in their own compliance.

🚩 They discourage you from auditing. Legitimate vendors welcome scrutiny. If your vendor pushes back when you ask to review their consent capture process, that’s a problem.

🚩 High complaint rates. If consumers regularly tell your sales team “I never signed up for this,” you have a lead quality problem that is also a legal liability.

The Real Cost of Non-Compliance

Let’s do the math on a realistic scenario:

  • You buy 1,000 leads per month
  • 2% have defective consent (not uncommon with low-quality vendors)
  • You call each lead 3 times on average
  • That’s 60 potentially violating calls per month
  • Over 12 months, that’s 720 violations
  • At $500 each: $360,000 in potential damages
  • At $1,500 each: $1,080,000 in potential damages

And that’s before legal fees, business disruption, and reputational damage.

Now compare that to what it costs to work with a vendor who provides strong consent verification: typically a modest per-lead premium that amounts to a rounding error compared to the litigation risk.

What “Good” Looks Like

The best lead buyers we’ve seen in the industry share common practices:

  • They treat consent verification as a procurement requirement, not an afterthought. It’s in the RFP alongside price, volume, and conversion rates.
  • They maintain independent records. They don’t rely on vendors to store consent evidence. They pull it at time of purchase and archive it themselves.
  • They audit relentlessly. Random spot checks, mystery shopping, regular vendor reviews.
  • They pay for quality. They understand that the cheapest leads are often the most expensive in the long run.
  • They have a compliance playbook. Written procedures, trained staff, documented processes. Not just “we try to do the right thing.”

Responding to a TCPA Complaint

When (not if) you receive a TCPA complaint or demand letter:

  1. Don’t panic, but don’t ignore it. TCPA claims have strict response deadlines.
  2. Immediately pull all consent documentation for the complainant.
  3. Preserve everything. Do not delete any records related to the complainant — calls, texts, lead data, consent evidence. Spoliation of evidence makes everything worse.
  4. Contact your attorney before responding to the complainant or their lawyer.
  5. Notify your lead vendor and request their cooperation and any indemnification obligations.
  6. Review the strength of your evidence. This is where the quality of your consent documentation determines whether you settle for nuisance value or face a six-figure judgment.

Key Takeaways

  • You cannot outsource TCPA liability. If you make the call, you own the risk — regardless of who generated the lead. (Weaver v. Urban Solar Energy)
  • Consent certificates alone are increasingly insufficient. Courts want evidence of actual consumer behavior, not just page-load timestamps.
  • Seller-specific consent is the safest approach. Consent should name your specific company, not a list of “marketing partners.”
  • Audit your vendors like your business depends on it — because it does. Pull consent evidence regularly, review forms, mystery-shop.
  • Document your compliance process. Systematic procedures can be the difference between $500 and $1,500 per violation.
  • Do the math. The cost of proper consent verification is a fraction of the cost of a single TCPA lawsuit.

The strongest compliance posture starts before you buy the first lead. If you can’t verify consent for every lead you purchase, you’re dialing with a blindfold on.