×
Stop Feeling Overwhelmed. Build Stronger Connections with Customers. Boost Sales & Efficiency with Primo Dialler

The Two Regulators You're Actually Answering To (FCC vs. FTC)

US Outbound Dialling Compliance: What BPOs Need to Know in 2026

The Two Regulators You're Actually Answering To (FCC vs. FTC)

Jul 16, 2026
|
2 min to read

Reputation on the Line: What US Outbound Dialling Compliance Actually Means for Your Call Centre

Ask most call centre directors what keeps them up at night about US outbound campaigns, and you'll get some version of the same answer: it's not the fine, it's the phone going quiet. Not because customers stopped needing your product, but because your number quietly got labelled “Spam Likely” three weeks ago and nobody noticed until the answer rate had already cratered.

That's the reality of running outbound in the US right now. Compliance and reputation used to be two separate conversations. One for legal, one for ops. They've collapsed into one problem. If you're managing a BPO floor dialling into the US, here's what's actually worth understanding, and where you need to go verify things yourself before you bet a client relationship on them.

A quick caveat before we get into it: this space moves fast, and parts of it are genuinely contested in court right now. I'll flag the bits I'm confident about versus the bits you should double-check on fcc.gov or ftc.gov before repeating them to a client. Better that than passing off a stale rule as current fact.

The two regulators you're actually answering to

Everything traces back to two bodies. The FCC enforces the Telephone Consumer Protection Act -the TCPA which covers autodialled calls, prerecorded messages, texts, consent, and caller ID. The FTC enforces the Telemarketing Sales Rule, the TSR, which is where the Do Not Call Registry, abandonment limits, and disclosure rules live.

In practice, most of the pain and most of the lawsuits come from the TCPA side, because it carries a private right of action. That means it's not just regulators who can come after you; it's the person you called, through their own lawyer, and there's a cottage industry of firms built around exactly that.

Consent is where campaigns actually die

If there's one thing worth spending real budget on, it's your consent trail. Not because it looks good in an audit, but because it's the thing that determines whether a lawsuit has any legs at all.

The general shape of it: autodialled or prerecorded calls to mobile numbers need prior express consent, and telemarketing calls specifically need that consent in writing. Where it gets messier is third-party leads like comparison sites, aggregators, anywhere a consumer ticked a box that supposedly covers dozens of downstream sellers. The FCC has been trying to close that loophole for a while, and there was a widely discussed “one-to-one consent” rule meant to require consent tied to a specific seller rather than a blanket checkbox.

Here's where I want to be honest rather than confident: I believe that rule ran into legal challenges and at least part of it was vacated or delayed by a court, somewhere around early 2025. I'm not certain that's still the current state of play, and I don't have live access to check it right now. If you're putting anything about one-to-one consent in front of a client, please verify it against the actual FCC order and any court rulings first. This is exactly the kind of thing that's easy to get confidently wrong.

What doesn't change regardless of how that litigation shakes out: leads you didn't collect yourself are riskier than leads you did. If your consent record is a timestamp, the specific number, and the specific campaign it applies to, you're in a defensible position no matter which way the rule lands. If it's “the lead vendor said it was fine,” you're exposed.

The Do Not Call list, and the one people forget

Everyone knows about the National DNC Registry. Fewer people treat their internal, entity-specific DNC list with the same seriousness but legally it matters just as much. If someone tells your agent directly to stop calling, that request has to stick, immediately, across every campaign touching that number, not just the one it was said on.

Registry scrubs need to happen on a fairly short cycle. I've seen 31 days cited as the requirement, but I'd confirm that number against the current TSR text rather than take my word for it.

Abandonment rate: the metric that's really about reputation

The TSR caps call abandonment at 3% over a rolling 30-day window, with a safe harbor if abandoned calls trigger a compliant recorded message quickly enough. I'm fairly confident in that 3% figure, but the safe harbor conditions around it are detailed enough that a summary like this shouldn't be your only source before you build policy on it.

What's worth pointing out to an ops audience specifically: abandonment isn't just a legal metric anymore, it's a reputation metric. Carriers and call-analytics companies are watching the same behaviour like silent calls, dead air, repeated attempts to the same number and it feeds directly into whether your number gets quietly flagged as spam. You can be fully within the legal abandonment limit and still be training the carrier's algorithm to distrust you.

Answering machine detection sits in the same bucket. It's genuinely useful for efficiency, but if it's tuned aggressively it produces the exact call patterns like brief connects, dead air, no agent that both regulators and carrier reputation systems treat as red flags. Worth a joint conversation between compliance and whoever owns the dialler configuration, rather than leaving it purely as a technical setting.

Why your calls aren't connecting even when you've done everything right

This is the part that catches experienced ops managers off guard, because it has nothing to do with the TCPA or the TSR directly. Carriers now authenticate caller ID through a framework called STIR/SHAKEN, and voice providers have to register in the FCC's Robocall Mitigation Database or risk having their traffic blocked by other carriers entirely.

On top of that, there's a whole layer of call-analytics companies scoring your numbers based on volume, answer rate, complaints, and abandonment patterns like the same signals that decide whether a call shows up as “Spam Likely” on someone's phone. That's not a regulatory action. Nobody at the FTC flagged you. It's an algorithm, and once it's decided your number is suspicious, getting the reputation back can take weeks even after you've fixed whatever caused it.

For a BPO, this means number reputation monitoring and rotation strategy have quietly become as important as the legal compliance checklist. You can win every audit and still lose the number.

What this actually looks like day to day

None of this needs to be complicated, but it does need to be deliberate:

Consent gets logged at the point of collection, tied to a specific number and campaign, not inherited from a lead vendor's word. Internal DNC requests get honoured instantly and everywhere, not just on the campaign where they were made. Registry scrubs happen on schedule, and someone actually owns that schedule. Abandonment gets tracked per campaign in real time, with an alert before you get anywhere near the ceiling, and AMD settings get reviewed with compliance in the room. Someone checks your provider's STIR/SHAKEN attestation and Robocall Mitigation Database status, because if they haven't filed, your calls suffer for it. And somebody, ideally not just once a year, is watching how your numbers are being scored by carrier and third-party reputation tools because that score is arguably the most immediate thing standing between you and a connected call.

The regulatory side of this is real, and it's worth taking seriously on its own terms. But for most ops teams, the more urgent problem is the quieter one: your number's reputation is being decided algorithmically, in real time, based on how you're actually dialling — and that verdict lands long before any regulator does.

Relevant Trade Bodies