TCPA Call Recording Disclosure Script: Practical Guide

TL;DR — Call recording disclosure is governed by a patchwork of federal law and state wiretap statutes, not just the TCPA. Get the script wrong in a two-party consent state and you have evidence of a per-call statutory violation. This guide gives you the state map, three field-tested script variants in English and Spanish, and the mistakes we see most often in QA review.

Table of contents

• What the law actually requires
• Federal vs state: TCPA, ECPA, and state wiretap statutes
• The two-party / one-party state map
• Three disclosure script variants
• Spanish-language scripts
• Common scripting mistakes
• Inbound vs outbound vs IVR
• Checklist for QA review
• FAQ

What the law actually requires

The Telephone Consumer Protection Act (TCPA) is most often discussed in the context of robocalls, autodialed calls, and text messages — and the consent regime around them. The TCPA itself does not directly regulate call recording disclosure, but it is one piece of the broader call-monitoring framework, and the consent posture you take on dialing affects the consent posture on recording.

The Electronic Communications Privacy Act (ECPA) sets the federal floor: at least one party to the call must consent to the recording. Many states require all parties to consent. A handful go further and require explicit notice every time.

So a "TCPA call recording disclosure script" — the phrase compliance officers actually search for — really means: a disclosure script that satisfies TCPA-related call frameworks plus federal wiretap law plus the strictest applicable state law for the call you are on.

In practice, regulated financial firms — lenders, BNPL providers, broker-dealers, insurers — adopt an all-party-consent posture nationally because:

1. They cannot reliably geo-route every call.
2. The cost of getting it wrong in California, Florida, or Pennsylvania is enormous.
3. Class action exposure under state wiretap statutes is real and active.

Federal vs state: TCPA, ECPA, and state wiretap statutes

The relevant authorities you should know:

• 18 U.S.C. § 2511 (ECPA): One-party consent at the federal level for intercepting wire, oral, or electronic communications.
• TCPA, 47 U.S.C. § 227: Consent regime for autodialed and prerecorded calls; reassigned-number safe harbor; do-not-call registry.
• FCC regulations under TCPA: prior express written consent for marketing calls/texts using ADTS (automated telephone dialing systems).
• State wiretap statutes: vary state by state, with the strictest being California (Cal. Penal Code § 632), Florida, Massachusetts, Pennsylvania, Illinois, Maryland, Washington, and others.

A national call center cannot operate on the federal floor alone. The script must satisfy the strictest applicable state law, which almost always means an all-party-consent disclosure at the start of the call.

The two-party / one-party state map

The following is a practitioner's working summary as of 2026. Statutes evolve — confirm before relying.

All-party (also called "two-party") consent states: - California - Connecticut (civil) - Delaware - Florida - Illinois - Maryland - Massachusetts - Michigan (contested case law; treat as all-party) - Montana - Nevada (case law has clarified; treat as all-party) - New Hampshire - Oregon (for certain communications) - Pennsylvania - Vermont (no statute, but case law treats as all-party for in-state) - Washington

One-party consent states: most of the remaining states and the federal default.

Practical guidance: For any multi-state operation, default to all-party consent disclosure on every call. The marginal friction is small; the litigation exposure is not.

Three disclosure script variants

These are field-tested templates. Use them as starting points; have counsel approve final wording for your operation.

Variant 1: Standard outbound call (regulated financial services)

"Hello, this is [Agent Name] calling from [Firm Name]. Before we continue, I want to let you know this call may be monitored or recorded for quality assurance, training, and regulatory compliance purposes. Is it okay to continue?"

Key elements: - States the firm name early. - Discloses recording and monitoring (some scripts only disclose one). - Names the purposes — quality, training, and regulatory compliance. - Asks for affirmative continuation. Silence is not consent under most state statutes.

Variant 2: Inbound call with IVR pre-disclosure

If your IVR already discloses recording, the agent script can be lighter but still must confirm:

"Thank you for calling [Firm Name]. As our automated message mentioned, this call is being recorded for compliance and quality assurance. I am [Agent Name] — how can I help you today?"

Key elements: - References the IVR disclosure so it is not buried. - Affirms recording is active now, not theoretical. - Continues the call only after the customer has reached the agent — meaning they had the option to disconnect after the IVR notice.

Variant 3: Sales or marketing call with prior express written consent

If you are calling a consumer who provided prior express written consent (TCPA-regulated marketing context), the disclosure should reference that consent explicitly:

"Hi, [Customer Name], this is [Agent Name] from [Firm Name]. I am following up on your request for information about [Product]. This call may be recorded for quality and compliance purposes. Is now still a good time?"

Key elements: - References the customer's prior action — closing the loop on consent. - Avoids implying this is a cold call. - Asks for continuation, which doubles as a consent moment for recording.

Spanish-language scripts

For lenders, BNPL providers, and any operation with a meaningful Spanish-speaking customer base, the recording disclosure must be available in Spanish and used when the customer interacts in Spanish. Translating only at the end of the call does not cure the disclosure obligation.

Variant 1 (standard outbound), Spanish:

"Hola, le habla [Nombre del agente] de [Nombre de la empresa]. Antes de continuar, quiero informarle que esta llamada puede ser monitoreada o grabada con fines de control de calidad, capacitación y cumplimiento regulatorio. ¿Está bien si continuamos?"

Variant 2 (inbound with IVR), Spanish:

"Gracias por llamar a [Nombre de la empresa]. Como le indicó nuestro mensaje automático, esta llamada está siendo grabada por motivos de cumplimiento y control de calidad. Soy [Nombre del agente] — ¿en qué puedo ayudarle hoy?"

Variant 3 (prior consent), Spanish:

"Hola, [Nombre del cliente], le habla [Nombre del agente] de [Nombre de la empresa]. Le llamo en seguimiento a su solicitud de información sobre [Producto]. Esta llamada puede ser grabada con fines de calidad y cumplimiento. ¿Es un buen momento para hablar?"

A note on dialect: avoid hyper-regional phrasing. The script should be neutral Latin American Spanish that an agent from any background can deliver naturally.

Common scripting mistakes

These are the issues we see most often in QA review of recorded calls.

Mistake 1: Recording starts before disclosure. The recording captures the disclosure itself, which means the moments before the disclosure were also recorded. In a two-party state, that segment is potentially unlawfully captured. Solution: the recording system should engage after the disclosure is delivered and consent obtained — or you should have a unified posture that recording begins at call connect with the disclosure as the first words.

Mistake 2: Burying the disclosure. "Welcome to [Firm], hold for the next available agent, your call may be recorded for quality" — delivered in 3 seconds at the front of a 6-minute IVR. Courts and regulators have called this insufficient. The disclosure must be clear, audible, and at a normal speaking pace.

Mistake 3: No affirmative continuation. Scripts that say "this call is recorded" and proceed without asking the customer to acknowledge. In all-party-consent states, you want a verbal "okay" or continuation of the conversation that is unambiguously consent. Best practice: ask the question, wait for the answer, capture both in the transcript.

Mistake 4: Disclosing only "monitoring" or only "recording." These are legally distinct in some jurisdictions. Disclose both.

Mistake 5: Generic purposes. "For quality" is weaker than "for quality assurance, training, and regulatory compliance." The latter signals that the recording is part of a supervised compliance program — which matters if the recording is ever offered as evidence of compliance with another rule (TCPA, UDAAP, FINRA).

Mistake 6: Failing to re-disclose on transfer. When a call is transferred to a different department, line, or vendor, some firms re-disclose. Whether legally required depends on state and circumstance, but it is defensible practice for sensitive lines (collections, retention).

Mistake 7: Disclosure that doesn't match the actual recording. The script says "monitored for quality." The recording is actually used for training the sales team's compensation review. The disclosure must accurately describe how the recording is used.

Inbound vs outbound vs IVR

The disclosure pattern shifts slightly by call type:

• Outbound dialed calls: Agent delivers full disclosure within the first 15 seconds. No IVR pre-roll, so this is the only disclosure moment.
• Inbound calls answered by IVR: IVR delivers the primary disclosure; agent confirms when the call is picked up. Both moments must be logged.
• Inbound calls answered directly by agent (no IVR): Agent delivers full disclosure within the first 15 seconds, same as outbound.
• Transferred calls: Best practice is re-disclosure at transfer, especially when the transfer crosses entities (e.g., to a servicing partner or vendor).

Three recent enforcement examples

• A national lender settled a California Invasion of Privacy Act class action in 2023 related to call recordings where the disclosure was delivered after the substantive conversation began. Settlement was in the tens of millions.
• A debt collection operation entered a CFPB consent order that included findings on call recording and disclosure practices, with UDAAP claims tied to the misrepresentation of how recordings would be used.
• A trading platform was the subject of state-level enforcement action over recording disclosures that did not adequately inform customers that conversations would be used for sales coaching and analytics, beyond the disclosed "quality" purpose.

A 7-item checklist for QA review

1. Is the disclosure delivered within the first 15 seconds of the agent picking up?
2. Does the disclosure name the firm, mention both monitoring and recording, and state the purposes?
3. Is there an affirmative continuation moment (verbal or unambiguous behavior)?
4. Does the agent's actual recording engagement timing match the disclosure?
5. Is the script available and used in Spanish when the customer is Spanish-speaking?
6. Is the disclosure re-given (or documented as not required) on transfers?
7. Are all of the above sampled in your QA program at least monthly, with results trended?

How leading firms automate this with Sedric

Reviewing 100 percent of call recordings for disclosure compliance is not feasible with manual QA — sampling at 2 to 5 percent is standard, which means most missed disclosures never get caught.

Sedric's communications surveillance applies the same compliance-dedicated language model to every call, flagging missing or late disclosures, deviations from approved script wording, language-mismatch issues (the customer is speaking Spanish but the agent delivered the English script), and patterns by agent or team. Every flag links to the underlying rule, so a reviewer sees not just that the disclosure failed but which statute and which clause is implicated.

The win at exam time is that the firm can show 100 percent coverage of call disclosures and a trended remediation record by team — instead of a 2 percent sample and a hope.

FAQ

Q: Do I need to disclose recording on every call, or once per customer relationship? On every call, in every jurisdiction that requires it. A one-time consent at account opening does not satisfy state wiretap statutes for subsequent calls.

Q: Does the disclosure need to be at the very start of the call? It needs to be before any substantive conversation. "First 15 seconds after connection" is a defensible operational standard.

Q: What if the customer objects to being recorded? You have a process choice: end the call, continue without recording (which may be operationally difficult), or offer an alternative channel. Most firms end the call after attempting to explain the purpose, then document the disposition.

Q: Are text messages governed the same way? SMS does not have a "recording disclosure" issue — the message itself is the record. But the TCPA's prior express written consent regime applies to marketing texts to mobile numbers. Separate framework.

Q: Do internal calls (employee to employee) need disclosure? State law varies. Many firms apply a uniform internal-recording disclosure policy at hire, which combined with the call connection covers it. Calls to or from external parties always require the customer-facing disclosure.

Q: Can the disclosure be delivered by IVR only, with no agent restatement? Yes, in most jurisdictions, provided the IVR disclosure is clear, audible, and not buried. Best practice for sensitive lines is agent restatement.

Q: How does this interact with the TCPA's prior express written consent for autodialed calls? They are separate consent moments. Prior express written consent (PEWC) authorizes the dial. The recording disclosure addresses recording the resulting conversation. You need both.

Q: Does recording disclosure apply to digital interactions like chat or video? Yes. Chat transcripts and video calls are recordings under most state wiretap statutes. Disclose at the start of the session.

See Sedric in action

Sedric is the AI compliance platform for regulated marketing and communications. Every flag is mapped to the specific rulebook provision, every override is logged with reasoning, and the audit trail is the format regulators expect on first request. Book a 30-minute demo and we will walk through your specific compliance footprint.