DNC List Compliance: A Complete Guide for Insurance Call Centers

Understanding the National Do Not Call Registry

The National Do Not Call Registry, managed by the Federal Trade Commission (FTC), is the primary federal mechanism that allows consumers to opt out of receiving telemarketing calls. Created by the Do Not Call Implementation Act of 2003, the registry contains hundreds of millions of telephone numbers, covering a large majority of phone numbers in the United States.

For insurance agencies, the registry is not optional. If you make outbound calls for the purpose of selling insurance products, you are legally required to register with the FTC, purchase access to the registry, and scrub your calling lists against it before initiating any campaign. There is no small business exemption, no volume threshold, and no grace period for new agencies. The obligation begins the moment you make your first outbound sales call.

Once a consumer registers their number on the National DNC list, it remains there permanently—registrations no longer expire. Prior to 2008, registrations expired after five years and needed to be renewed. That expiration was eliminated, meaning every number that has ever been registered is still on the list unless the consumer explicitly requests removal.

Federal vs. State DNC Lists: Understanding the Dual System

One of the most common compliance gaps in the insurance industry is treating the National DNC Registry as the only list that matters. In reality, a number of states maintain their own separate DNC registries with their own rules, penalties, and registration requirements. Compliance with the federal registry does not guarantee compliance with state registries.

The National (Federal) DNC Registry

• Managed by: Federal Trade Commission (FTC)
• Registration requirement: All telemarketers must register at telemarketing.donotcall.gov
• Access fee: Based on the number of area codes accessed. First five area codes are free; additional area codes are charged per area code (fees updated annually)
• Scrubbing frequency: Lists must be scrubbed at least every 31 days
• Registration permanence: Numbers remain on the registry permanently
• Penalties: Up to $51,744 per violation (adjusted annually for inflation)

State DNC Registries

Several states maintain their own DNC lists that supplement the federal registry. Some of these state lists include numbers not on the federal list, and some states have stricter rules than the federal standard. Key states with independent DNC registries include:

How to Register and Scrub: A Step-by-Step Guide

If you are setting up DNC compliance for the first time—or if you need to verify that your existing process meets current requirements—here is the complete procedure:

Step 1: Register with the FTC

Visit telemarketing.donotcall.gov and create a profile for your organization. You'll need your company name, EIN, physical address, and the name of a responsible individual. Registration is free, but accessing the actual DNC data requires purchasing area codes at the current rates. Select all area codes in the states where you make outbound calls.

Step 2: Download the DNC Data

After registering, you can download the registry data for your purchased area codes. The data is provided as flat files containing phone numbers. You can download the full list (all numbers) or an update file (numbers added since your last download). The FTC updates the registry daily, so new numbers are available within 24 hours of registration.

Step 3: Scrub Your Calling Lists

Before launching any outbound campaign, compare every phone number on your calling list against the downloaded DNC registry data. Any number that appears on the registry must be removed from your calling list unless a valid exemption applies (see below). This scrubbing process must be completed within 31 days of the campaign launch. If your campaign runs longer than 31 days, you must re-scrub against a fresh download.

Step 4: Register with State Registries

For each state with an independent DNC registry where you make outbound calls, register separately with that state's administrator. Download or access the state's DNC data and include it in your scrubbing process. Track each state's update schedule and re-scrub accordingly—some states require quarterly scrubbing rather than the federal 31-day cycle.

Step 5: Document Everything

Maintain records of every scrub: the date, the data source, the number of records checked, the number of records removed, and the person who performed the scrub. This documentation is your evidence of compliance. If you're challenged—whether through an FTC inquiry, a state AG investigation, or a private lawsuit—your scrubbing logs are your first line of defense.

The Established Business Relationship Exemption

The Established Business Relationship (EBR) exemption is the most commonly relied-upon exception to DNC restrictions in the insurance industry—and the most commonly misunderstood. Here's exactly how it works:

What Qualifies as an EBR

An Established Business Relationship exists when a consumer has an existing relationship with your company based on a purchase, transaction, or inquiry. For insurance agencies, this typically means:

• Existing policyholders: A client who has an active policy with your agency has an EBR
• Recent policy lapses: A former client whose policy recently lapsed may still be within the EBR window
• Inquiry-based EBR: A consumer who submitted an inquiry (web form, phone call, etc.) has a 3-month EBR from the date of inquiry

EBR Time Limits

Critical Limitation: EBR Does NOT Override Direct Requests

This is the single most important thing to understand about the EBR exemption: it does not override a consumer's direct request not to be called. If a current policyholder calls and says "stop calling me," you must honor that request immediately regardless of your business relationship. The EBR exemption only applies to the National DNC Registry—it does not exempt you from honoring individual opt-out requests on your internal DNC list.

Internal DNC Lists: Your Most Important Compliance Tool

While the National DNC Registry gets most of the attention, your internal DNC list is arguably more important from a compliance and litigation perspective. Every agency must maintain its own internal list of consumers who have specifically requested not to receive calls from your company.

Building and Maintaining Your Internal DNC List

• Capture every request: Whenever a consumer says "don't call me," "take me off your list," "stop calling," or any similar variation, their number must be added to your internal DNC list
• All channels count: DNC requests can come via phone calls, emails, web forms, social media messages, text replies (STOP), or even written letters. All must be captured.
• No expiration: Unlike the EBR exemption, internal DNC requests do not expire. Once a number is on your internal list, it stays there permanently unless the consumer explicitly asks to be removed
• Honor within 30 days: Federal rules require that DNC requests be processed within a reasonable time, typically interpreted as 30 days maximum. Best practice is to process them within 24 hours
• Document the request: Record the date, time, channel, and exact wording of every DNC request. Call recordings that capture verbal DNC requests are invaluable evidence

Integrating Your Internal DNC with Your Dialer

Your internal DNC list must be operationally integrated with your dialing system so that flagged numbers are automatically excluded from all calling campaigns. Manual cross-referencing is error-prone and unsustainable at scale. A TCPA-compliant dialer should allow agents to flag a number as DNC during a call with a single click, automatically remove that number from all active and future campaigns, and prevent the number from being re-imported through lead uploads.

DNC Violation Penalties

DNC violations carry substantial penalties under both federal and state law. The financial exposure is significant because penalties are assessed per violation—meaning per call—and they can compound rapidly in a large campaign.

To put this in perspective: if your agency calls 500 numbers on the DNC list over the course of a campaign, your potential federal exposure is over $25 million in FTC penalties alone. Even in the more likely scenario of a private TCPA lawsuit, the exposure is $250,000 to $750,000—an existential risk for most insurance agencies.

Common DNC Compliance Mistakes

DNC violations are almost always preventable. Understanding the most common mistakes helps you build processes that avoid them:

• Infrequent scrubbing: The most common mistake. Agencies scrub their lists once and then continue using them for months without re-scrubbing. Numbers are added to the DNC registry every day—your 60-day-old scrub is already out of compliance.
• Ignoring state registries: Many agencies scrub only against the federal registry and are unaware that certain states maintain independent lists with separate compliance obligations.
• Failing to maintain an internal DNC list: Some agencies rely entirely on the national registry and do not track individual opt-out requests, leaving them exposed when a consumer who previously said "stop calling" is called again.
• Misunderstanding the EBR exemption: Agencies that over-rely on the EBR exemption—especially by applying it to inquiry-based EBRs beyond the 3-month window or ignoring direct opt-out requests from existing customers.
• Re-importing DNC'd numbers through new lead uploads: Even if a number is on your internal DNC list, a fresh lead upload from a vendor may re-introduce that number into your active calling queue. Your system must check new imports against your internal DNC list.
• Not scrubbing cell phones: Some agencies incorrectly believe the DNC registry only applies to landlines. It applies to all phone numbers, including cell phones.
• Failing to document scrubbing: Without logs showing when and how you scrubbed, you have no defense if challenged. "We scrubbed the list" is worthless without documentation proving it.

Best Practices for Insurance Agency DNC Compliance

Building a bulletproof DNC compliance program requires a combination of technology, process, and culture. Here are the best practices that the most compliant insurance agencies follow:

1. Automate Everything

Manual DNC scrubbing is unreliable at scale. Use a dialer platform or compliance service that automatically scrubs every calling list against the federal and applicable state DNC registries before a campaign launches. The system should block calls to DNC numbers automatically—not just flag them and rely on agents to skip them. Automation eliminates human error, which is the root cause of most DNC violations.

2. Scrub More Frequently Than Required

The legal minimum is every 31 days. Best practice is every 7–14 days, or ideally every time new leads are loaded. The cost of additional scrubs is negligible compared to the cost of a single DNC violation. Some compliant cold calling platforms offer real-time DNC checking that verifies each number at the moment of dialing—the gold standard for DNC compliance.

3. Make Internal DNC Management Frictionless

Give agents a one-click option to add a number to your internal DNC list during any call. Make it impossible for them to forget or skip this step when a consumer requests it. Configure your system to automatically capture DNC requests from text replies (STOP, UNSUBSCRIBE, etc.) and process them without human intervention. The easier you make it to add numbers to your internal list, the more compliant you will be.

4. Vet Your Lead Vendors

If you purchase leads from third-party vendors, ensure those vendors are scrubbing against DNC registries before delivering leads to you. Get this commitment in writing in your vendor agreements, and include indemnification clauses that protect your agency if a vendor delivers DNC-listed numbers. Then scrub the leads again yourself—never rely solely on a vendor's scrubbing.

5. Train Your Team

Every person who handles leads or makes outbound calls should understand DNC requirements. Training should cover what the DNC registry is and why it matters, how to handle a verbal DNC request, how to use the internal DNC flagging tool, what the EBR exemption covers (and what it doesn't), and the potential consequences of DNC violations for the agency and for them personally. Conduct this training at onboarding and refresh it annually.

How Automated DNC Scrubbing Works

Modern compliance-focused dialer platforms automate DNC scrubbing as an integrated part of the calling workflow. Here's how a properly configured automated system operates:

• Lead import scrub: When leads are uploaded to the platform, they are automatically checked against the federal DNC registry, all applicable state registries, and your internal DNC list. Non-compliant numbers are flagged and quarantined before they ever enter a calling queue.
• Campaign-launch scrub: Before a campaign goes live, the system performs a fresh scrub of all numbers in the campaign against the most current DNC data. This catches any numbers that were added to registries since the lead import.
• Real-time dialing check: At the moment of dialing, the system performs a final verification that the number is not on any DNC list. This catches edge cases where a number was added to the registry between the campaign launch and the actual call.
• Internal DNC enforcement: When an agent flags a number as DNC during a call, the system immediately removes that number from all active campaigns and prevents it from being dialed in any future campaign. The system also blocks the number from being re-imported through subsequent lead uploads.
• Audit logging: Every scrub, every block, and every DNC flag is logged with timestamps and user information, creating a complete audit trail that can be produced on demand during regulatory inquiries.

DNC Compliance Checklist

Use this checklist to audit your agency's DNC compliance program:

• Your agency is registered with the FTC's DNC registry at telemarketing.donotcall.gov
• You have purchased access to all area codes in states where you make outbound calls
• You are registered with all applicable state DNC registries
• Calling lists are scrubbed against the federal registry at least every 31 days (ideally more frequently)
• Calling lists are scrubbed against applicable state registries per their requirements
• An internal DNC list is actively maintained and integrated with your dialer
• Agents can add numbers to the internal DNC list with a single click during calls
• Text message opt-outs (STOP) are automatically processed
• DNC requests are honored within 24 hours (30 days maximum)
• New lead imports are checked against both federal/state and internal DNC lists
• EBR exemptions are properly documented with transaction dates
• All scrubbing activity is documented with dates, data sources, and record counts
• Lead vendor agreements include DNC scrubbing requirements and indemnification
• All calling agents receive annual DNC compliance training

Conclusion: DNC Compliance Is Non-Negotiable

DNC compliance is the most fundamental obligation of any outbound calling operation. The rules are clear, the penalties are severe, and the enforcement landscape is active. But the good news is that DNC compliance is also one of the most automatable aspects of telemarketing regulation. With the right technology stack, DNC scrubbing becomes invisible—an automatic, continuous process that protects your agency without slowing down your operations.

Don't cut corners. Don't rely on manual processes. Don't assume your lead vendors are handling it for you. And don't treat the EBR exemption as a blanket pass to call whoever you want. Build a DNC compliance program that is automated, documented, and integrated into every step of your calling workflow. The investment in proper compliance infrastructure is trivial compared to the cost of a single enforcement action or class action lawsuit.

For a broader view of telephone compliance requirements, see our TCPA Compliance Guide 2026, which covers consent requirements, auto-dialer rules, and AI-powered compliance monitoring in addition to DNC obligations.