FundScoutFundScout
Get early access
Sales rep at a desk with a phone and legal documents, looking at a laptop
FundScout Editorial·

The Phone Is a Liability. What Commercial Finance Brokers Need to Know in 2026.

Cold calling for commercial loans has never been more legally dangerous. TCPA exposure, DNC liability, W-2 vs 1099 classification, fake names, CashApp payments — here's what every ISO rep should understand before dialing or signing anything.

Looking for business funding?

One application. Matched to vetted lenders — no spam, no lead reselling, ever.

Get Early Access →
  • No cost to register
  • Vetted lenders only
  • Proprietary contact protection
  • No credit pull to apply

A lender? See lender details →

If you came up in commercial finance by dialing for dollars — buying lists, running power dialers, working through a hundred numbers before lunch — you already know the environment has changed. The calls go to voicemail. The carrier labels your number "Spam Likely" before it even rings. The rare person who picks up is hostile before you say a word. And somewhere out there, a plaintiffs' attorney is scanning call logs looking for TCPA violations at $1,500 per call.

The playbook that worked five years ago is a liability now. Not metaphorically. Legally.

This article is for brokers and reps who want to understand exactly where the risks are, what their contracts (or lack of them) actually mean for their exposure, and what approaches are building durable pipelines without the legal overhead.

Why the Phone Got So Dangerous

The Telephone Consumer Protection Act has been law since 1991, but two things changed the risk calculus dramatically in the last few years.

First, class action TCPA litigation exploded. TCPA filings were up 95% year-over-year in the first half of 2025. The statute awards $500–$1,500 per call, and those numbers aggregate fast in a class action. A plaintiff who can show a company made 50,000 calls using an autodialer without proper consent is looking at exposure of $25–75 million. Plaintiffs' attorneys have built entire practices around this math, and they are actively looking for targets in the commercial lending space.

Second, the FCC's attempt to fix the consent bundling problem was struck down, leaving the law ambiguous and litigation-friendly. Courts are now interpreting "prior express consent" on their own, without deference to FCC guidance, which creates uncertainty that favors plaintiffs. The Eleventh Circuit's January 2025 ruling that vacated the one-to-one consent rule did not reduce TCPA risk — it made the legal landscape hazier, and hazy law plus $1,500 per call is expensive for defendants.

Third, states are piling on. Florida, Maryland, Oklahoma, and others have enacted mini-TCPA laws with their own private rights of action, their own damage provisions, and their own consent standards. A call that might survive a federal TCPA challenge can still generate liability under Florida's Telephone Solicitation Act or Maryland's Stop the Spam Calls Act. If you're calling nationally, you are threading through multiple legal frameworks simultaneously.

What specifically triggers the exposure:

  • Using an autodialer or prerecorded message to call a wireless number without documented prior express consent
  • Calling numbers on the National DNC Registry without an established business relationship (less than 18 months for prior customers, 3 months for inquiries)
  • Calling before 8 a.m. or after 9 p.m. local time
  • Failing to honor a do-not-call request within 30 days
  • Not identifying yourself and the company you represent promptly on every call

The last one matters more than people realize. We'll come back to it.

B2B Is Not a Safe Harbor

A common misconception in commercial lending: TCPA doesn't apply to business-to-business calls.

This is partially true and dangerously misleading. TCPA's autodialer and prerecorded call restrictions apply to calls made to telephone numbers, not to categories of people. A wireless number used by a business owner for business purposes is still a wireless number. The small business owner who uses her personal cell phone for everything — which is most small business owners — is a consumer under TCPA when you call that number.

Business landlines have somewhat more TCPA latitude, but most small businesses don't have dedicated landlines anymore. They have cell phones. You are calling those cell phones. TCPA applies.

The practical implication: "we only call businesses" is not a compliance strategy. It is a misunderstanding that will not survive discovery in a TCPA lawsuit.

W-2 vs. 1099: Where the Liability Actually Lands

Most commercial finance reps work as 1099 independent contractors, not W-2 employees. This is the norm in the ISO world, and it creates a specific liability dynamic that many reps don't fully understand.

If you're W-2: Your employer is primarily liable for your TCPA violations committed in the course of your employment. If the company gave you a calling list, a script, and a power dialer, and you ran TCPA-violating calls, the company is on the hook under respondeat superior — the employer is liable for the acts of employees within the scope of their employment. This doesn't mean you're immune; you can still be personally named. But the company's resources, insurance, and legal team are primarily in the frame.

If you're 1099: The picture is more complicated, and not necessarily better for you personally.

The FCC's 2013 declaratory ruling established that companies can be vicariously liable for TCPA violations by contractors and agents — but that ruling works in both directions. Courts apply a multi-factor agency analysis: did the company control how the calls were made? Did they provide the list? Did they approve the script? Did they require use of specific dialing equipment? The more control the ISO exerted over your calling activity, the more likely they share liability.

But if you were a genuinely independent operator — you bought your own leads, wrote your own scripts, dialed on your own equipment — then the liability for those calls may rest primarily with you. Being 1099 does not create a liability shield. In some configurations, it eliminates the one you thought you had.

The practical question: if a TCPA plaintiff's attorney is deciding who to sue, they'll name everyone in the chain and sort it out in discovery. Your W-2 or 1099 status affects who has deeper pockets and who the primary target is. It does not determine whether you're in the case.

Your Contract — or the Absence of One

Many ISOs run their broker relationships on handshake terms. A conversation about commission structure, maybe an email confirmation, nothing signed. This is the standard practice in a significant portion of the industry, and it creates problems that go well beyond TCPA.

What no contract means for you:

Commission disputes have no resolution mechanism. If the ISO decides your commission should be calculated differently than you understood — based on net funded amount instead of gross, after a chargeback reserve you didn't know about, with a trailing residual that disappears if you switch funders — you have no written terms to rely on. Commission disputes in handshake arrangements consistently resolve in favor of the party with the lawyers.

Clawback risk is undefined. Most MCA deals include some form of chargeback provision — if a funded deal defaults within 60 or 90 days, the ISO wants some of the commission back. In a written agreement, the clawback terms are defined: what percentage, what timeline, what triggers it. With no agreement, the ISO defines those terms retroactively, when a default has already happened and they have every incentive to maximize what they recover from you.

Your client relationships belong to whoever wants to claim them. If you build a book of 40 business owners you've funded through a particular ISO and then separate, who owns those relationships? In the absence of a written agreement, this is a litigation question. ISOs frequently take the position that clients introduced through their platform are their clients. You may disagree. Without a contract, you're both right and neither of you is.

TCPA compliance responsibility is unallocated. A properly drafted independent contractor agreement specifies who is responsible for maintaining DNC compliance, whose lists are being used, whose consent records exist, and who bears liability for calls that generate complaints. Without that allocation in writing, both parties argue the other is responsible, and in TCPA litigation, plaintiff's counsel is happy to name everyone.

What a contractor agreement should include:

  • Commission rate, structure (upfront, residual, or split), and calculation basis
  • Payment timing — when relative to funding, what documentation is required
  • Chargeback/clawback provisions: percentage, trigger events, cure period
  • Explicit TCPA compliance obligations and who owns/scrubs the calling list
  • IP in client relationships and post-separation access
  • Non-solicitation scope and duration (typically 1–2 years for existing clients)
  • Non-compete scope (geography, product type) — push back on anything overly broad
  • Dispute resolution — arbitration vs. litigation, jurisdiction

If an ISO won't put commission terms in writing, that is information. It means the terms will be interpreted in their favor when it matters. Ask why the arrangement can't be documented, and be skeptical of the answer.

CashApp Is Not a Payroll System

Payment method tells you something about who you're working for.

Legitimate businesses pay independent contractors by check, ACH transfer, or wire. These create clear paper trails, reconcile against standard accounting systems, and generate the 1099-NEC forms that the IRS requires when paying a contractor more than $600 annually.

If an ISO is paying your commissions via CashApp, Venmo, or Zelle, pause and ask why.

The practical answers are rarely good ones. Payment apps are not inherently illegal for business use, but they are unusual for substantial, recurring commission payments from an operating business. The reasons a company might prefer payment apps over checks include: they don't want the payment recorded in their accounting system, they don't intend to issue you a 1099, they're managing cash in a way that doesn't survive audit scrutiny, or the entity paying you is not the entity with the operating accounts.

None of these are your legal protection. Your income is taxable regardless of how it's paid. If they're paying you $8,000 a month in CashApp and not issuing a 1099, the IRS obligation to report that income is yours, not theirs. If they're not issuing 1099s, that's their compliance failure — but you still owe the tax.

More importantly: a company that operates informally enough to pay contractors through Venmo is probably operating informally in other ways. Informal list acquisition. Informal consent documentation. Informal compliance generally. You are building your business on their infrastructure. Their exposure is your exposure.

The payment method is a proxy for operational maturity. An ISO paying commissions by official check with a remittance stub and a properly issued 1099-NEC at year-end is telling you something about how they run their business. An ISO paying in CashApp is telling you something too.

The Fake Name Problem

Using a work name — a name that isn't your legal name — when making sales calls is common in the ISO world and more legally dangerous than most reps realize.

The FTC's Telemarketing Sales Rule (TSR) requires telemarketers to truthfully identify themselves and the company they're calling on behalf of promptly at the beginning of any call, and when asked. "Promptly" in FTC guidance means before the sales pitch, not when convenient.

"Truthfully identify" means your actual name, or a name that is genuinely associated with you in a way that allows identification. A consistent work name used publicly and associated with your actual legal identity — a radio name, a professional pseudonym — is a different situation than a disposable alias used to avoid identification on a complaint.

The distinction matters in practice: if a call generates a TCPA complaint and the plaintiff's attorney is conducting discovery, they will ask who made the call. "John from Capital Funding" does not exist in any corporate directory, any 1099 record, or any employment file. The absence of a real person attached to the call does not make the call go away — it adds a layer of misrepresentation on top of the underlying violation.

Using a fake name also has practical consequences for your business relationships. The signed IC agreement is in your real name. The 1099 is in your real name. If you're operating in the field as someone else, there's a legal discontinuity between the entity with the contract and the entity making the calls. That discontinuity is yours to explain when it matters.

If the reason you're considering a work name is that you're worried about a hostile contact tracing a call back to you personally — that's the clearest possible signal that the call is one you should reconsider making.

What Actually Works Now: Old School and New School

The alternative to a phone-first strategy is not giving up on prospecting. It's prospecting through channels where the legal risk is lower and the conversion rates are often better.

Knock on Doors

Face-to-face prospecting is experiencing a quiet revival in commercial finance specifically because everyone else has retreated to phones and email. TCPA does not apply to in-person solicitation. No autodialer, no prerecorded message, no wireless number.

The logistics are straightforward. Identify a target geography — a commercial district, an industrial park, a strip mall cluster — and walk it. Business owners who are actually running their businesses are physically present. A conversation that starts face-to-face bypasses every barrier that kills phone prospecting: carrier spam labeling, voicemail screening, caller ID hostility.

Restaurants are underserved by conventional funding channels and usually receptive to a conversation. So are auto repair shops, medical and dental practices, contractors with variable cash flow, and retail businesses with seasonal patterns. All of these can be found in commercial real estate you can walk.

What makes door prospecting work: a short, honest opening that doesn't sound like a pitch. "I work with small businesses on short-term financing options — mind if I leave something and ask you a quick question?" Most business owners will give you two minutes. Two minutes of in-person attention is worth more than thirty phone dials that go to voicemail.

What makes it fail: showing up unprepared, not knowing anything about the business category, or going straight to "how much do you need." Do your geography first. Know what types of businesses are in the area and what their typical financing needs look like.

Some states require door-to-door salespeople to carry and present identification on request. Know the rules in your operating area.

Build a Referral Network

The highest-quality commercial finance leads come from trusted referrals, and referral sources in this space are underworked.

CPAs and bookkeepers know which clients are cash-flow tight, which ones have growth opportunities, and which ones have been turned down by banks. A CPA who refers a client to you is also implicitly endorsing the client's viability. Referral fee arrangements for CPAs require care — some state CPA licensing rules restrict referral compensation — but informal relationships where you treat their clients exceptionally well and they mention your name are unrestricted.

Insurance agents see small business owners constantly. Commercial lines agents, workers' comp specialists, and health insurance brokers all work the same client base you do. Cross-referral is natural.

Commercial real estate brokers encounter businesses at moments of change — expansion, relocation, new lease — when capital needs are acute. A broker who just helped a business owner sign a lease on a larger space knows that business owner may need capital for buildout, inventory, or the cash flow disruption that comes with moving.

Equipment dealers and vendors who sell to small businesses see capital needs at point of sale. A relationship with a restaurant equipment dealer who refers customers who can't pay cash is a pipeline with a natural conversion funnel.

These relationships take longer to build than buying a list. They also don't generate TCPA liability, and they produce clients who were pre-qualified by someone with direct knowledge of their business.

Direct Mail

Unfashionable and effective. Mail addressed to a business owner — not a generic "business owner" but someone whose business and general profile you've targeted through commercial data — lands in a world with no competition from other commercial finance brokers. Everyone else is emailing and calling.

USPS Every Door Direct Mail (EDDM) lets you target by carrier route without a list — useful for geographic prospecting in commercial areas. Commercial data providers (D&B, InfoUSA, Acxiom) sell business lists segmented by SIC code, revenue range, years in business, and geography.

Response rates from targeted direct mail in B2B finance run low — 1–3% is a realistic expectation. But a 2% response rate from a mailing to 500 qualified businesses is 10 inbound leads, and inbound leads convert at a fundamentally different rate than cold outreach.

LinkedIn

LinkedIn outreach is not covered by TCPA. Business decision-makers are on it, searchable by industry, company size, geography, and title. A personalized connection request followed by a brief, specific message is received differently than a cold call — it can be ignored, considered, or responded to at the recipient's convenience, which reduces hostility.

The rules for effective LinkedIn outreach are similar to effective door prospecting: don't pitch immediately, don't send the same message to everyone, and offer something worth reading before you ask for anything.

Email Outreach

CAN-SPAM applies to commercial email but its requirements are minimal: accurate sender information, no deceptive subject lines, a working unsubscribe mechanism, and physical address. Statutory damages are far lower than TCPA and there is no private right of action — only FTC enforcement. B2B email has more practical latitude than consumer email.

Cold email works when the targeting is specific, the value proposition is clear, and the volume is manageable enough to be personal. Mass commercial email blasts to generic lists produce spam complaints and deliverability damage. Targeted sequences to defined segments of real businesses produce conversations.

The Risk-to-Revenue Calculation

The honest framing for a broker building a practice in 2026: the phone is not gone as a tool, but it is no longer a low-risk, high-volume activity. The legal environment has made it a tool that requires genuine compliance infrastructure — documented consent, scrubbed lists, recorded disclosures, defensible call logs — or it should not be used for cold prospecting at all.

The brokers building sustainable pipelines are combining referral cultivation, in-person prospecting, and content-based inbound (useful social content, LinkedIn presence, basic SEO for terms business owners actually search). These approaches produce fewer leads per week than a power dialer, and substantially better leads — people who came to you because they had a reason, not people you ambushed on their cell phone at 11 a.m.

The other thing worth naming directly: your personal liability as a broker is real. You are not insulated by your contractor status. You are not protected by a fake name. You are not safer because you were following your ISO's script on their list. If you make TCPA-violating calls, you can be personally named in a class action, and the defense costs alone — even if you ultimately prevail — are in a range that would end most individual brokers' careers.

The phone calls that are highest risk are the ones that feel routine. The list you bought from a data vendor. The dialer the ISO gave you access to. The script you've been running for two years. Each of those elements requires documentation and compliance infrastructure to be legally defensible.

If you don't have that infrastructure, the question isn't whether the risk exists. It's whether it materializes before you've decided to do something about it.

The reps building something durable have already decided.

Sources

  1. Telephone Consumer Protection Act (TCPA)47 U.S.C. § 227; $500–$1,500 per call; applies to wireless numbers regardless of B2B classification
  2. TCPA class action filings up 95% (H1 2025 vs. H1 2024): WebRecon LLC TCPA Litigation Tracker — webrecon.com
  3. Insurance Marketing Coalition v. FCC, No. 24-10277 (11th Cir. January 24, 2025) — vacated FCC one-to-one consent rule; courts now interpret "prior express consent" without Chevron deference
  4. FCC 2013 Declaratory Ruling on vicarious TCPA liabilityFCC 13-54; established that companies can be vicariously liable for contractor/agent TCPA violations under agency law principles
  5. Florida Telephone Solicitation Act (FTSA)Fla. Stat. §§ 501.059, 501.616; $500–$1,500 per violation; private right of action; enacted 2021, amended 2023
  6. Maryland Stop the Spam Calls Act (2023, effective January 1, 2024) — Md. Code, Com. Law § 14-3201 et seq.; up to $10,000 per violation
  7. Oklahoma Telephone Solicitation Act (OTSA) — Okla. Stat. tit. 15 § 775A.1 et seq.
  8. FTC Telemarketing Sales Rule (TSR)16 CFR Part 310; requires truthful identification of caller and company promptly on every call
  9. 1099 contractor TCPA vicarious liability — multi-factor agency test applied by courts; see Kristensen v. Credit Payment Services Inc., 879 F.3d 1010 (9th Cir. 2018)
  10. IRS 1099-NEC reporting requirement — required for payments to contractors exceeding $600 annually; IRS Publication 1220
  11. USPS Every Door Direct Mail (EDDM) — carrier-route targeting without a list; usps.com/business/every-door-direct-mail.htm
  12. CAN-SPAM Act15 U.S.C. § 7701 et seq.; B2B email requirements; FTC enforcement only; no private right of action