TCPA Compliance for Mortgage Lenders: What You Need to Know Before Texting Borrowers

While SMS is one of the most effective channels for mortgage lead engagement, texting borrowers without a solid compliance foundation is risky. Violating the Telephone Consumer Protection Act (TCPA) can result in fines of up to $500 per negligent violation and $1,500 per willful violation, per text. For a lending operation sending thousands of messages, exposure adds up fast.

Not only is non-compliance a financial risk, it’s a reputational one too. In mortgage, where trust is central to borrower relationships, an outreach that feels intrusive rather than helpful can permanently damage a relationship that might have taken months to build.

Legal exposure and financial penalties are real consequences of TCPA non-compliance, but for lenders, borrower trust can be an even larger cost.

The good news: compliance is manageable when it’s built into your process from the start. This guide covers what mortgage lenders specifically need to understand about TCPA, how it applies to borrower texting, and what a compliant SMS program looks like in practice. For a broader compliance foundation, see our SMS compliance checklist.

Disclaimer: This blog does not constitute legal advice. It is intended as practical educational content only. Consult qualified legal counsel to ensure your specific SMS program meets all applicable federal, state, and carrier requirements.

What is the TCPA and why does it matter for mortgage lenders?

Enforced by the Federal Communications Commission (FCC), the Telephone Consumer Protection Act (TCPA) is a federal law that governs how businesses can contact consumers via phone calls, text messages, and faxes.

For mortgage lenders, the TCPA is particularly relevant because:

• Mortgage involves high-volume outreach to large lead lists
• Lenders frequently purchase or receive third-party leads, which carry their own consent complications
• The industry is already heavily regulated, and TCPA violations layer on top of existing compliance obligations
• A 2026 survey by National Mortgage News found that 34% of mortgage providers cite maintaining compliance across communications as a top operational challenge

Mortgage lenders need prior express written consent before texting prospects or leads. Sending an unsolicited marketing text to a borrower’s cell phone without proper consent is a violation.

Key TCPA compliance requirements for mortgage SMS

Prior express written consent

Before texting a borrower with marketing or promotional messages, you must have their prior express written consent. Per FCC guidelines, this means the consumer must have clearly agreed, in writing (which includes electronic form), to receive automated texts from your specific organization, for the specific type of message you’re sending.

Key points for mortgage lenders:

• Consent must be obtained before the first marketing text is sent
• Consent obtained for one purpose (e.g., a rate inquiry) does not automatically extend to all future outreach
• Consent language must clearly identify who is texting (your company name), what type of messages will be sent, and that consent is not required as a condition of purchase or service
• Third-party lead consent is a significant risk area. Just because a lead consented to be contacted by “lending partners” on a third-party form does not necessarily mean they consented to be texted by your specific company. Consult legal counsel on how to evaluate third-party lead consent for your program.

Opt-out requirements

Every text program must include a clear, functional opt-out mechanism. Under the TCPA and current FCC rules, consumers have the right to revoke consent at any time, through any reasonable means—not just by replying “STOP.”

What this means in practice:

• Standard opt-out keywords (STOP, UNSUBSCRIBE, CANCEL, QUIT, END) must be honored immediately
• Non-standard opt-out language (“don’t text me anymore,” “remove me,” “leave me alone”) must also be recognized and honored. (This is a requirement lenders can easily overlook when using basic automation tools.)
• Opt-outs must be processed promptly, as continued texting after an opt-out request is a clear violation
• Opt-out records should be retained as part of your compliance audit trail

Permitted contact hours

The TCPA restricts calls and texts to between 8am and 9pm in the recipient’s local time zone (not the business’s). For national mortgage lenders operating across time zones, this requires your system to determine and respect each borrower’s local time before sending.

State “mini-TCPAs” may also impose stricter hours. Some states restrict contact to narrower windows (for example, 8am–8pm). Your program must comply with the rules of the state the borrower is currently located in. See Verse’s state-by-state compliance resource for more on state TCPAs.

The Do Not Call (DNC) registry

The National Do Not Call registry (DNC) is a list of numbers that exists to protect consumers from unwanted calls. Businesses should not call or text numbers on the DNC registry.

DNC scrubbing a is practical risk-management step even where not legally required for SMS. Verse’s trustContact™ suite includes a DNC LitigatorScrub tool that identifies and removes serial TCPA litigators and professional plaintiffs from lead lists before outreach begins—a specific risk that’s worth understanding if you’re running high-volume mortgage SMS campaigns.

Why mortgage lenders face heightened TCPA risk

Mortgage is a particularly high-risk environment for TCPA non-compliance for several reasons:

Third-party lead volume. Many mortgage teams rely heavily on purchased leads. Consent obtained at the point of a third-party lead form is an evolving area of TCPA interpretation. Legal guidance on how to evaluate this consent for your specific use case is strongly recommended.

Personal device texting. A 2026 National Mortgage News study found that only a third of loan officers exclusively use an approved central platform for SMS, meaning the majority are texting from personal devices. This creates compliance blind spots: no opt-out handling, no contact hour enforcement, no audit trail, and no way to ensure consistent consent language. An individual LO texting a borrower from their cell phone can lead to unforeseen compliance exposure.

High message volume. TCPA penalties are per-message. A large-scale SMS program sending tens of thousands of texts compounds risk exposure quickly if consent, opt-out, or contact hour requirements aren’t met systematically.

Serial litigators. A small industry of professional TCPA plaintiffs specifically targets high-volume texting industries, including mortgage. These individuals submit lead forms specifically to generate contact attempts they can then claim as violations. Scrubbing lead lists against known litigator databases is an increasingly common risk mitigation step for mortgage SMS programs. For more on this risk, read this blog on why SMS compliance matters.

A2P registration and carrier compliance

Beyond the TCPA, mortgage lenders sending SMS at scale must also comply with carrier requirements. The major carriers require businesses sending Application-to-Person (A2P) messages to register their brand and campaigns through The Campaign Registry (TCR).

What A2P 10DLC registration involves:

• Brand registration: Registering your business with TCR to establish a trust score
• Campaign registration: Registering the specific use case for your messages
• Compliant message content: Carrier filtering can flag or block messages that use spam-like language, deceptive content, or fail to include required opt-out language

Unregistered or improperly registered brands face reduced deliverability, message filtering, and potential blocking by carriers, meaning your texts simply won’t get through. Registration is not optional for any mortgage lender running a business texting program.

Verse handles A2P registration and 10DLC setup as part of our trustContact™ compliance suite, including obtaining your brand trust score through TCR.

Building a compliant mortgage texting program

For a full breakdown of each step, see Verse’s SMS compliance checklist. For mortgage-specific programs, top priorities include:

Before your first text:

• Consult legal counsel if unsure about any part of compliance
• Obtain prior express written consent with compliant opt-in language before any outreach begins
• Complete A2P brand and campaign registration through TCR
• Scrub lead lists against DNC and known litigator databases
• Configure contact hour enforcement based on each recipient’s local time zone

In your messages:

• Include your business name
• Include opt-out instructions (e.g., “Reply STOP to opt out”)
• Avoid language that carriers flag as spam (excessive capitalization, misleading claims, pressure tactics)

Ongoing:

• Honor opt-out requests immediately and retain records
• Recognize non-standard opt-out language (not just “STOP”)
• Monitor deliverability and opt-out rates
• Stay current on TCPA rule changes and state mini-TCPA updates, as this is an actively evolving regulatory area

How Verse helps mortgage lenders stay compliant

According to a recent study, 89% of mortgage lenders cite compliance as a barrier to AI adoption.

Verse’s trustContact™ compliance suite was built specifically to address that concern, so lenders can use SMS confidently without building a compliance program from scratch.

What Verse manages on your behalf:

• TCPA and FCC compliance: All outreach is structured around consent requirements, opt-out handling, and contact hour restrictions
• A2P registration: Verse manages brand and campaign registration with TCR, including trust score acquisition
• Opt-out detection: Verse’s AI recognizes both standard and non-standard opt-out language and processes requests automatically
• DNC LitigatorScrub: Lead lists are screened against known serial litigators before outreach begins
• SHAKEN/STIR: Ensures call deliverability meets FCC caller verification requirements
• Messaging audits: Verse’s compliance team reviews scripts and campaigns before launch
• Ongoing deliverability monitoring: Opt-out rate spikes are flagged and investigated proactively

Verse also helps clients design compliant opt-in language for their own lead capture forms. Ready to start texting borrowers and leads compliantly? Book a demo or check out our self-serve demos today.

Key takeaways: TCPA compliance for mortgage