DNC and TCPA Violations: What Every Pay-Per-Call Broker Needs to Know

In pay-per-call, compliance violations don't announce themselves. They accumulate quietly — one bad publisher, one unchecked campaign, one caller who shouldn't have been contacted — until they surface as a lawsuit, an FTC investigation, or a seven-figure settlement.

The penalties are not abstract. TCPA violations carry statutory damages of $500 per call, tripled to $1,500 for willful violations. The FTC's Telemarketing Sales Rule (TSR) allows DNC violations exceeding $50,000 per call (the FTC adjusts this figure annually for inflation). Class action lawsuits regularly settle in the millions.

If you're brokering pay-per-call traffic, this is your liability landscape. Here's what you need to understand and what to do about it.

What the TCPA Actually Regulates

The Telephone Consumer Protection Act (1991, amended) restricts how businesses can contact consumers by phone. For pay-per-call, the key provisions are:

Prior Express Written Consent (PEWC). Before making a telemarketing call or sending a telemarketing text using an automatic telephone dialing system (ATDS) or prerecorded voice, the caller must have the consumer's prior express written consent. This consent must be clear and conspicuous, include the specific phone number to be called, and cannot be a condition of purchase.

Revocation of Consent. Consumers can revoke consent at any time, through any reasonable means. Once revoked, all future calls must stop. "We didn't get the message" is not a defense.

Calling Hours. Telemarketing calls cannot be made before 8:00 AM or after 9:00 PM in the consumer's local time zone.

Caller ID Requirements. Telemarketers must transmit caller ID information and cannot block or spoof their numbers.

For pay-per-call specifically, the consent chain is critical. If a publisher generates a lead through a web form, the consent language on that form must specifically authorize calls from the parties who will actually be calling. Broad, vague consent language has been challenged successfully in court.

What the DNC Registry Requires

The National Do Not Call Registry, managed by the FTC, allows consumers to opt out of telemarketing calls. The rules are straightforward but the consequences of ignoring them are severe:

• Telemarketers must scrub their call lists against the national DNC registry at least every 31 days
• Calls to numbers on the registry are prohibited unless the caller has an established business relationship or prior express consent
• Each violation can result in penalties exceeding $50,000 (the FTC adjusts this figure annually for inflation)
• State DNC lists may impose additional requirements and penalties

The DNC rules apply to the entity making the call. In pay-per-call, this typically means the publisher or their upstream traffic source. But liability doesn't always stop there.

The Liability Chain in Pay-Per-Call

This is where it gets complicated for brokers. In a typical pay-per-call flow:

1. A publisher generates calls (through ads, SEO, outbound dialing, or lead forms)
2. The broker/network routes those calls
3. The buyer (call center) receives and handles the calls

Who's liable when a violation occurs? The short answer: potentially everyone in the chain.

Direct liability falls on whoever made or initiated the call. If a publisher is robocalling DNC numbers to generate "inbound" calls to your network, the publisher bears primary liability.

Vicarious liability is the bigger risk for brokers. Courts have held that companies can be vicariously liable for TCPA violations committed by their agents, vendors, or partners — even without direct knowledge of the violation. The FCC has continued to clarify and expand the scope of who qualifies as a "caller" under the TCPA.

Contractual liability adds another layer. If your buyer agreements include compliance warranties, a violation by your publisher can trigger breach of contract claims from the buyer — on top of the regulatory penalties.

The practical takeaway: "I didn't know my publisher was doing that" is a weak defense. Regulators and courts expect reasonable oversight.

Common Violation Scenarios in Pay-Per-Call

These are the situations that generate real liability in pay-per-call operations:

Publisher outbound dialing to generate "inbound" calls. A publisher runs outbound calls to generate transfers or callbacks. If those outbound calls target DNC numbers or lack proper consent, every resulting call that hits your network is a potential violation — and you routed it.

Stale or fabricated consent. A publisher claims to have web form consent for leads, but the consent language doesn't meet PEWC requirements, or the consent was obtained months ago and has since been revoked. The calls look like legitimate inbound traffic, but the underlying consent is defective.

Time zone violations. A publisher on the West Coast runs campaigns that generate calls to East Coast consumers. A call placed at 6:30 PM Pacific hits a consumer at 9:30 PM Eastern — a violation. This happens more often than brokers realize, especially with national campaigns.

Consent transfer failures. A consumer provides consent on a lead form for "Company A" to call them. The lead gets sold through a chain: lead gen company to aggregator to your network to the buyer. Unless the original consent specifically authorized each party in that chain, the consent doesn't transfer cleanly.

Internal DNC failures. A consumer calls into a campaign, explicitly says "don't call me again" or "put me on your do-not-call list," and then gets called again through a different campaign or publisher on the same network. The consumer's request to not be called creates an internal DNC obligation.

Why Documentation Is Your Best Defense

When a TCPA or DNC complaint is filed, the burden of proof effectively shifts to the defendant. You need to demonstrate that you had reasonable practices in place to prevent violations. That means documentation.

What to document and retain:

• Consent records. For every lead or call, you should be able to trace back to the original consent. What did the consumer agree to? When? On what form or recording?
• DNC scrubbing records. Proof that call lists were scrubbed against the national and relevant state DNC registries within the required timeframe.
• Publisher compliance agreements. Written contracts requiring publishers to comply with TCPA, TSR, and DNC requirements. These don't eliminate vicarious liability, but they demonstrate good faith oversight.
• Call recordings and transcripts. If a consumer says "stop calling me," you need a record of it — and a system that acts on it.
• QC review records. Evidence that you actively monitored call quality and compliance, not just payout metrics.

The pattern in successful TCPA defenses is consistent: companies that can show systematic, documented compliance practices fare better than those that can only show reactive responses after complaints.

Building Compliance Into Your QC Process

Most pay-per-call networks treat compliance and quality control as separate functions. Compliance is a legal checkbox (contracts, scrubbing, consent language). QC is an operational function (listening to calls, checking quality). In practice, they should be integrated.

Every call your QC team reviews is also a compliance data point. A caller who says "stop calling me" is both a quality issue and a DNC trigger. A caller who says "I never asked for this call" is both a bad lead and a consent red flag. A pattern of calls from a publisher that come in at 9:45 PM Eastern is both a quality anomaly and a regulatory violation.

The challenge is doing this at scale. If you're only reviewing a fraction of calls manually, you're not just missing fraud — you're missing compliance violations that could cost you hundreds or thousands per call in penalties.

Automating Compliance Monitoring

This is where AI-powered call analysis becomes a compliance tool, not just a quality tool. When every call is transcribed and analyzed automatically, you can systematically flag compliance-relevant language in the transcript: callers saying "stop calling me," callers expressing they didn't request the call, or callers who clearly don't match the campaign vertical.

An important distinction: tools like ConvoQC analyze what's said on the call and flag DNC and TCPA indicators in the transcript. This is different from DNC registry scrubbing (checking phone numbers against the Do Not Call list before dialing) — that's a separate process that publishers should already be doing on their end. What AI call analysis catches is the evidence that surfaces during the call: a consumer who says they're on the DNC list, a caller who clearly didn't consent to be contacted, or a pattern of unwanted calls from a specific publisher.

Both layers matter. DNC scrubbing prevents violations before the call. Transcript analysis catches violations that happened anyway — and gives you the documentation to prove you're monitoring for them.