Skip to main content
VA Horizon
Book a Call
Compliance Guide

Is Texting Commercial Insurance Prospects Legal? TCPA Rules Agency Owners Need to Know

Where federal TCPA and state mini-TCPA law actually bind B2B text outreach, what a violation costs, and the questions to put in writing before any vendor sends a message under your agency's name.

Quick answer

Texting commercial insurance prospects is legal only when the outreach meets the TCPA's consent standard: there is no blanket B2B exemption for texts sent to a wireless number. Marketing texts sent through an autodialer generally need prior express written consent.

Violations carry federal statutory damages of $500 to $1,500 per message, with no cap, and at least a dozen states add stricter mini-TCPA rules on top. Vet vendor consent and opt-out practices in writing first.

An agency owner signs off on an SMS outreach campaign and assumes one thing protects them: they are texting other businesses, not consumers, so consumer-protection law does not apply. That assumption comes up constantly in vendor calls, and it is wrong on the exact point that carries the financial risk. The Telephone Consumer Protection Act does not carve out an exception for business-to-business text messages sent to a wireless number.

This post walks through where federal TCPA rules actually bind B2B SMS outreach, what the growing list of state "mini-TCPA" laws stacks on top, what a violation costs in real statutory damages, and the specific questions to put in writing before any vendor texts a single prospect under your agency's name.

One note before any of that: this is not legal advice. TCPA law is dense, the state overlays shift often, and the honest answer to most edge cases is "it depends on the exact fact pattern." Treat this as the map that tells you which questions to bring to a telecommunications attorney, and which vendor answers should worry you before you get that far.

Not legal advice. This article is educational only. TCPA and state mini-TCPA law change frequently and turn on specific facts (consent language, the technology used, the state a number is registered in). Consult a qualified telecommunications attorney before launching or approving any SMS outreach campaign.

Why "It's B2B" Doesn't Get You Out of the TCPA

The confusion has a real source. The FTC's Telemarketing Sales Rule does exempt most business-to-business calls from its coverage, so a pitch from one company to another can sidestep that particular rulebook. But the FTC's rule and the TCPA are two different statutes enforced by two different federal agencies, and the FCC does not extend a matching exemption to text messages. B2B calls and texts sent to a wireless number are subject to the same TCPA restrictions on autodialed and prerecorded outreach as consumer texts.

Consent, not who is on the other end of the line, is what determines whether a text is compliant. Even a business-owned cell phone, and even one the owner has posted publicly on a website or directory listing, still needs the outreach to clear the TCPA's consent bar before an autodialed or prerecorded text can legally land on it. Publishing a number is not the same as consenting to receive marketing texts at it.

What Federal Law Actually Requires

Two consent standards do most of the work under federal TCPA rules, and the difference between them matters more than almost anything else in this post.

The strictest bar, prior express written consent, a documented, signed or digitally confirmed opt-in, applies to marketing messages sent using an "automatic telephone dialing system" (an ATDS) or a prerecorded voice to a wireless number. Purely informational texts, ones that are not selling anything, can rely on the lighter "prior express consent" standard, satisfied once the recipient has already given a business the number for that purpose.

The legal definition of an autodialer narrowed considerably in 2021, when the Supreme Court ruled in Facebook, Inc. v. Duguid that a system only qualifies as an ATDS under the TCPA if it stores or produces phone numbers using a random or sequential number generator. A platform that simply dials down a fixed, already-collected list, the kind most appointment-setting vendors use, can arguably fall outside that narrower definition.

That narrowing has not made B2B SMS outreach safe by default, for two reasons. First, courts are still working out exactly which modern sending platforms clear the Duguid bar, and several have found that dialing software with list-management and auto-pacing features still qualifies as an ATDS depending on how it is built. Second, an existing business relationship or a publicly available number provides, at most, limited flexibility. Neither one overrides the underlying consent requirement for outreach to a mobile number on its own. The safest working assumption for a volume SMS campaign is the same one that applied before Duguid: treat prior express written consent as the baseline you require from any vendor, not the exception you hope a court grants you later.

What generally needs the strict written-consent standard

  • Marketing or sales texts sent through a platform that auto-sends to a stored contact list
  • Any text campaign run at volume through dialer or SMS software with pacing or list-management features
  • Outreach to a number with no prior relationship or documented opt-in on file

What sits in narrower, more defensible territory

  • Purely manual, one-at-a-time texts sent by a person, with no automated dialing component
  • Informational (non-marketing) texts sent to a number that already gave consent for that specific purpose
  • Replies inside a conversation the prospect actively started

Where State "Mini-TCPA" Law Adds a Second Layer

At least a dozen states have passed their own telemarketing statutes since 2021, several written specifically to close gaps that plaintiffs' firms saw open up after Duguid narrowed the federal ATDS definition. Some of these state laws define an autodialer far more broadly than the federal post-Duguid standard, and several add a private right of action, meaning an individual recipient (not just a state regulator) can sue directly.

LawStatutory penaltyPrivate right of actionTexting window
Federal TCPA$500 (negligent) / $1,500 (willful) per messageYes8am to 9pm recipient local time
Florida FTSA$500 (negligent) / $1,500 (willful) per messageYes8am to 8pm
Oklahoma OTSA$500 (negligent) / $1,500 (willful) per messageYes8am to 8pm
Texas SB 140Up to $5,000 per violationYesState-specific rules apply
MarylandUp to $1,000 ($5,000 for subsequent violations)Yes9am to 8pm
Washington$100 plus attorneys' feesYesState-specific rules apply
New YorkUp to $11,000 per violationNo (state enforcement only)State-specific rules apply

Penalty and texting-window figures compiled from a 2026 mini-TCPA compliance summary written for insurance agencies. Federal statutory damages independently corroborated by TCPA plaintiff-side legal counsel. Florida, Oklahoma, and Maryland also cap outreach attempts at roughly three per recipient within any 24-hour period, tighter than the federal law, which sets no per-recipient daily cap.

The practical effect for an agency that prospects across more than one state: you have to comply with whichever rule is strictest for wherever a given prospect's number is registered, not just the federal floor. A campaign built to satisfy only the federal 8am to 9pm window, for example, would still violate Florida's or Oklahoma's tighter 8am to 8pm cutoff on any number in those states.

What a Violation Actually Costs

Federal TCPA violations carry statutory damages of $500 per message for a negligent violation, rising to as much as $1,500 per message for a willful or knowing one. There is no cap on the number of violations a plaintiff can claim, and a recipient does not have to prove actual monetary harm, the statutory amount is available simply by showing an unauthorized text was sent.

The scale compounds fast at SMS volume. A single campaign of 10,000 non-compliant text messages can generate exposure of $5 million to $15 million once the per-message multiplier is applied. Most TCPA plaintiffs' attorneys work on contingency, which makes even a modest-sized non-compliant campaign an economically attractive target, and state mini-TCPA penalties, several of them shown in the table above, stack on top of the federal exposure rather than replacing it.

For a commercial insurance agency, the practical risk is not that a single stray text triggers a lawsuit. It is that a vendor running an entire campaign on bad consent practices, or without any state-by-state calling-window logic, exposes the agency to that per-message multiplier across the full list, all at once, and the agency's name is the one on the message the recipient received.

Six Questions to Put in Writing Before an SMS Vendor Texts Under Your Name

Before any SMS-based appointment-setting vendor sends a single message on your agency's behalf, get written answers to these six questions. A vendor that cannot answer clearly is asking you to absorb their compliance risk under your own name.

  1. How and where is consent captured and stored? Ask to see the actual consent record format, timestamp, and source, not just a verbal assurance that "it's all opted in."
  2. What technology sends the message? If the platform can automatically dial or select numbers from a stored list, the safer approach is to require prior express written consent as the baseline regardless of where the post-Duguid case law currently sits.
  3. Are opt-outs processed immediately and permanently? A "STOP" reply should remove the number from every future campaign the vendor runs, not just the one that triggered it.
  4. Do they scrub against federal and state Do Not Call registries before every send? This should happen on every campaign, not as a one-time setup step.
  5. What hours do they text in, and does that adjust per state? A vendor using one national default window is very likely violating Florida's, Oklahoma's, or Maryland's tighter cutoffs on numbers registered in those states.
  6. Who is contractually liable if a complaint or demand letter follows? Get indemnification language in writing before the first text goes out, not after the first complaint arrives.

These are the same six categories worth running through the rest of a vendor's contract too. Our full pre-contract checklist covers the broader vetting process, qualification standards, replacement policy, and pilot structure, in how to vet a pay-per-appointment vendor without getting burned.

What this means for you

  • There is no B2B exemption from the TCPA for texts to a wireless number. Consent is what determines compliance, not who the recipient is.
  • Statutory damages run $500 to $1,500 per message federally, with no cap, and several states layer their own penalties and stricter rules on top.
  • Get consent capture, opt-out handling, DNC scrubbing, texting-hour logic, and liability language from any SMS vendor in writing before the first campaign launches under your agency's name.

FAQ

Does the TCPA apply to B2B text messages, or only consumer marketing?
The TCPA's restrictions on autodialed and prerecorded messages to wireless numbers apply to B2B texts the same way they apply to consumer texts. Federal law and the FCC do not carve out a blanket business-to-business exemption for outreach to a cell phone, even a business-owned one. Some FTC telemarketing rules treat B2B calls differently, but that is a separate rulebook from the TCPA, and the TCPA is where the statutory damages live.
Do I need consent to text a commercial insurance prospect?
If the outreach is sent using an automatic telephone dialing system or a prerecorded voice to a wireless number, yes. Marketing texts sent that way generally need prior express written consent, a documented opt-in, not just a business card or a publicly listed number. Purely manual, one-at-a-time texting sits in a narrower gray area after the Supreme Court's 2021 Facebook v. Duguid decision narrowed the legal definition of an autodialer, but most SMS platforms built for volume outreach still fall inside the regulated category.
What are the penalties if a text campaign is not compliant?
Federal TCPA violations carry statutory damages of $500 per message for negligent violations and up to $1,500 per message for willful or knowing ones, with no cap on the number of violations. A campaign of 10,000 non-compliant texts can create exposure into the millions of dollars. Several states layer their own mini-TCPA penalties on top, some with higher per-violation figures than the federal law.
Are state laws different from the federal TCPA?
Yes, and materially so. At least a dozen states, including Florida, Oklahoma, Washington, Texas, Maryland, and New York, have passed their own telemarketing statutes since 2021 with stricter consent standards, broader autodialer definitions, tighter texting windows, or higher penalties than federal law. An agency operating in several states has to clear the strictest rule that applies to a given number, not just the federal floor.
What should I ask an SMS vendor before letting them text under my agency's name?
At minimum: how and where consent is captured and stored, what technology sends the message, whether opt-outs are processed immediately and permanently, whether they scrub against federal and state Do Not Call lists before every send, what hours they text in per state, and who is contractually liable if a complaint follows. If a vendor cannot answer these in writing before the campaign starts, the exposure sits with your agency's name on the message, not theirs.

Want a vendor who can answer these in writing?

Book a 15-minute call. We'll walk through exactly how consent, opt-outs, and DNC scrubbing work before you commit a single message to your agency's name.

Book a Call

Recommended next steps