Text messaging compliance for insurance agents comes down to a few core moves: get documented consent before you text, register your number through 10DLC, honor opt-outs the moment they arrive, vet your lead sources, and keep records of everything. Do those, and texting becomes the fastest, highest-converting way to work the leads you already buy.
TCPA is the federal law. Marketing texts need prior express written consent. Informational texts like quotes and reminders need prior express consent. Penalties run $500 to $1,500 per text, and the law is strict liability, so intent doesn't matter.
10DLC is carrier registration for business texting. Skip it and your messages get filtered or blocked, even when you're fully TCPA-compliant.
CTIA and state laws add opt-in confirmations, HELP and STOP keyword support, and stricter rules in states like Florida and Maryland. Build to the strictest standard and apply it everywhere.
The six operational rules: documented consent, required disclosures, opt-out handling through any method, 8 AM to 9 PM texting windows in the lead's time zone, clean records, and vetted lead sources.
AI texting makes all of this the default instead of something an agent has to remember on lead number 50 of the day.
A text-first follow-up beats cold calling on speed, response rate, and cost. The catch: texting without compliance opens you up to fines of $500 to $1,500 per message, class-action exposure, and blocked delivery. In 2024 alone, 2,788 TCPA cases were filed, and the penalty is charged per text, not per campaign. For an insurance agent buying leads and handling sensitive data, that's operating reality.
There's real upside to learning and following the rules, though. Texting can become the fastest, highest-converting way to reach the leads you already pay for. This post breaks down what you need to know, and for even more insights and updates, check out our Compliance Center.
For insurance agents, the stakes run higher than for most businesses. You're contacting purchased leads, handling sensitive personal data, and working in one of the most regulated industries. The FCC and attorneys know it, and they're paying attention.
The TCPA treats every text the same way they treat a call. $500 per unintentional violation and $1,500 per willful violation, charged on every single message. And it's a strict-liability law, so there's no intent requirement. "We didn't realize the consent form was weak" or "the vendor told us the leads were opted in" won't get you off the hook.
Then there's deliverability, which is the part most agents miss. If your business number isn't registered through 10DLC (more on that below), carriers filter or block your messages before a prospect ever sees them. You can write the perfect follow-up and watch it never land. 79% of consumers have opted in to texts from businesses, but only 30% actually receive them. Close that gap and you're reaching leads your competitors can't.
You're not dealing with one rule. You're dealing with a stack: federal law, carrier requirements, and industry guidelines, all in effect at the same time. Here's how they break down.
The Telephone Consumer Protection Act (TCPA) is the federal law governing how businesses can text consumers. Two things matter most for agents.
Marketing texts require prior express written consent. The prospect has to actively agree to receive promotional messages from you, through a web form, a paper sign-up, or a digital opt-in. Verbal consent doesn't qualify for marketing.
Informational texts have a lower bar. Appointment reminders, policy updates, and service messages need prior express consent, not written. The prospect still has to agree; the standard is just less formal.
The distinction is practical. Texting a lead about a quote they requested sits in a different bucket than texting them a promotional offer. Know which one you're sending.
Consent has to be documented, specific, and revocable. Tell the prospect who's texting, what kind of messages they'll get, how often, and how to opt out.
One moving piece to watch: the FCC's one-to-one consent rule, which would have required consent specific to a single seller, was struck down by the 11th Circuit in early 2025. The safest thing to do is to get direct consent tied to your business rather than a shared lead form. That holds up wherever the rules settle.
Probably not, and that's good news, though it doesn't get you out of the consent requirement. In Facebook v. Duguid (2021), the Supreme Court narrowed the definition of an automatic telephone dialing system (ATDS) to equipment that uses a random or sequential number generator. Platforms that text from a stored list of your actual leads, which is how most AI texting works, generally fall outside that definition under federal law.
ATDS status affects which rules apply to you, but consent is required either way. Marketing texts still need prior express written consent and informational texts still need prior express consent, autodialer or not. Some state laws also define an autodialer more broadly than the federal standard, so a system that's clear federally can still be covered at the state level.
10DLC (10-Digit Long Code) is the carrier registration system every major US wireless carrier now requires for business texting. If you text leads from a standard 10-digit number, you need it.
Without 10DLC registration, your messages get throttled: lower throughput, lower delivery rates, and in some cases outright blocking. Registration means submitting your brand information, describing your use case, and passing carrier vetting, and it's absolutely required if you want to succeed in texting leads. Our carrier-by-carrier A2P 10DLC guide walks through the brand and campaign registration steps end to end (or you can hire Mav to do it, we handle this for all of our customers).
The payoff shows up in delivery. Since 10DLC stabilized in 2026, vetted brands see delivery rates above 97%, well ahead of unregistered senders. If your texts aren't landing, this is usually why.
TCPA and 10DLC aren't the whole picture. The CTIA, the wireless industry's trade association, sets self-regulatory standards: send an opt-in confirmation message, disclose message frequency, and support HELP and STOP keywords in every campaign.
State laws stack on top. Florida's mini-TCPA, the Florida Telephone Solicitation Act, limits texting to 8 a.m. through 8 p.m., requires written consent for automated sales texts, and gives consumers a private right of action with the same $500 to $1,500 damages. Maryland has passed a similar law, and more states are following. More than a dozen state privacy laws also overlap with the TCPA in how you collect, store, and use consent.
If you sell across state lines, and most agents do, you have to meet the strictest applicable rule. The clean way to handle it: build your process to the highest standard and run it everywhere.
You don't have to master every regulation. You need these six rules.
Collect documented consent at the point of lead capture, before the first text, not after. For marketing texts, written consent has to clear four bars: a clear disclosure that the prospect is agreeing to receive marketing texts, an affirmative signature (checking a box on a web form counts), your agency identified by name, and language making clear that consent isn't a condition of buying a policy or getting a quote.
Keep a record of every consent: a timestamped log, the source, and the exact opt-in language shown. If you can't prove written consent, you don't have it.
Every campaign needs an initial opt-in confirmation message. It has to state message frequency, note that message and data rates may apply, and tell people to reply HELP for info and STOP to opt out. Carriers and regulators both check for it.
Opt-out rules tightened in 2025, and most agencies haven't caught up. You now have to honor an opt-out sent through any reasonable method, not just the word STOP. "Please stop texting me," "remove my number," or a reply of "cancel," "unsubscribe," or "quit" all count. If your platform only watches for an exact STOP keyword, you have a live compliance gap.
When an opt-out comes in, act fast. You have up to 10 business days to honor it, and you're allowed one confirmation message, sent within 5 minutes, with no promotional content. After that, nothing else goes out, and you log the opt-out as you process it.
One more change is coming: a "revoke-all" rule that would treat an opt-out from one message as covering all your future texts to that person. The FCC has pushed its effective date to 2027 while it finishes rule making, so it isn't enforceable yet, but build for it now.
Text out only between 8 AM and 9 PM in your prospect's time zone, not yours. Some states tighten that to 8 AM to 8 PM. If you work leads across multiple time zones, use a system that tracks it automatically so a late send never slips through. If a lead texts you outside of the window, you can respond, you just can't run outreach outside of the window.
Keep a paper trail for every consent collected, every opt-out processed, and every message sent. Regulators and courts will ask for it. This is where manual processes fall apart. An agent working 50 leads a day can't reliably track consent status, opt-out requests, and message logs across spreadsheets. You need a system that does it for you.
If you buy leads, your compliance is only as strong as your vendor's consent. Get copies of the actual opt-in language and confirm it names your agency, not just "our partners" or "insurance providers." A broad lead-gen form won't shield you, and the vendor's gap becomes your liability. Before you send, scrub your list against the National Do Not Call Registry and run it through the Reassigned Numbers Database, since texting a number that's been handed to someone new is a violation even when your original consent was clean.
Manual compliance fails when humans forget or cut corners. An agent juggling 50 follow-ups misses a consent check before texting a new lead. A late reply goes out at 9:15 PM in the prospect's time zone. A STOP reply gets buried during a quoting call. One slip per lead, times hundreds of leads a month, adds up to real exposure, and you usually find out when the lawsuit arrives.
AI texting closes those gaps by making compliance automatic instead of something you remember to do.
Automatic consent verification. Before every text, the system confirms the prospect has valid, documented consent on file. No consent, no text.
Opt-out detection across every method. The system catches opt-outs whether someone replies STOP or says "please stop texting me" in plain language, then removes the number, logs it, and sends nothing further. That matters now that the rules count an opt-out sent any reasonable way.
Texting-window enforcement. The platform knows the prospect's time zone and won't send outside compliant hours. You don't have to check.
Guardrails against off-script responses and hallucinations. Mav keeps the AI from making unauthorized promises, inventing compliance language, or drifting off-script. It stays inside the boundaries you set.
Real-time conversation visibility. Copilot gives you full view into every conversation Mav has with your leads. You can review, step in, and audit without reading every text yourself.
Compliant handoff to a live call. When a lead is ready to talk, Party Lines transfers them to you on a live call, so the compliance chain stays intact from first text to warm transfer.
The result: you close, Mav chases, and compliance is built into the workflow instead of bolted onto it.
Compliance keeps you out of court. Speed is what makes it pay.
Contact a lead within 5 minutes and you can lift conversion by up to 400%. Texts pull a 45% response rate, far above cold calls and emails. Compliant, fast texting means you convert more of the leads already in your pipeline. See how SMS for insurance leads plays out in practice.
And you're not early to this. 93% of highly digital insurance agencies already text. 52% of millennials have used texting for policy service. Texting is table stakes now. The only real question is whether you're doing it compliantly.
The regulatory stack looks heavy on paper. In practice it reduces to a handful of moves: get consent, register your number, honor opt-outs, vet your sources, and keep records.
You can run that by hand. Or you can run it on a platform that handles it by default, so your time goes to closing instead of auditing consent logs.
Mav was built for agents who want a text-first operation that runs legally, confidently, and at scale, so you convert more of the leads you already buy without wondering whether the next message triggers a lawsuit.
Last Updated: June 2026
