What should a CROA compliance checklist include?

A complete CROA compliance checklist should cover 6 areas: (1) TSR compliance — DNC registry checks, no advance fees on calls, call recording and retention; (2) CROA core requirements — written contracts, total cost disclosure, service descriptions, estimated completion dates; (3) advance fee prohibition — zero fees before documented results, 6+ month threshold enforcement; (4) required disclosures — Consumer Rights Statement, 3-day cancellation notice in correct position above signature, verbatim statutory language; (5) consumer rights — no false statements to CRAs, no identity misrepresentation advice, complaint tracking; (6) AI automation coverage for each section.

How often should I audit my credit repair compliance?

At minimum, run a full compliance audit quarterly. The FTC's standard audit lookback is 24 months — but you should also audit whenever you change sales scripts, modify your fee structure, update contract templates, onboard new staff who handle client calls, or add new services. Compliance gaps typically open up when business processes change, not when laws change. Between formal audits, maintain a living checklist that your team can use as a daily reference.

What disclosures are required under CROA?

CROA requires two categories of mandatory disclosures: (1) A standalone Consumer Rights Statement — delivered as a separate document before any contract is signed, in boldface type, using CROA's verbatim statutory language including the DIY dispute rights disclosure. (2) In-contract disclosures — the verbatim 3-day cancellation notice placed immediately above the consumer's signature line in bold. Both must use exact statutory language; paraphrasing is not permitted. Missing either disclosure creates independent CROA liability.

What is the TSR and how does it relate to CROA?

The Telemarketing Sales Rule (TSR), 16 CFR Part 310, governs phone-based sales across all industries. In credit repair, the TSR applies the moment you discuss your services on a phone call — even for inbound inquiries. The TSR enforces the same advance fee prohibition as CROA, but adds its own restrictions: no calls before 8 AM or after 9 PM local time, mandatory Do Not Call registry scrubbing, accurate caller ID, call abandonment rate below 3%, and call recording retention. Violations under TSR and CROA can stack — one bad transaction = two violations.

How do CROA advance fee violations happen in practice?

Most advance fee violations occur when credit repair businesses unknowingly collect payment too early. Common triggers: charging a consultation fee on the first sales call, collecting card details during enrollment, billing for the first month before disputes are filed, charging a setup or "activation" fee, or running a subscription model that charges before the 6-month results threshold has been met. Even a "refundable" fee during a sales call violates the TSR. The fix is simple: move all payment collection to a self-service portal and enforce a 6+ month hold before any billing occurs.

CROA Compliance Checklist for Credit Repair Businesses

The FTC doesn't announce audits. You find out you're under investigation when an attorney shows up, bank accounts are frozen, and a press release with your name is already drafted. In 2024, that's exactly what happened to companies that had done the same thing you're doing — running a credit repair business — but hadn't checked these boxes.

This is the complete CROA compliance checklist for credit repair businesses. It covers every major requirement under the Credit Repair Organizations Act (15 U.S.C. § 1679 et seq.) and the Telemarketing Sales Rule (16 CFR Part 310). Each section is an independent pass/fail gate — one unchecked box is enough for enforcement action.

If you want the deeper "why" behind any of these requirements — the case law, the exact penalty amounts, and how real businesses got caught — read our CROA compliance guide alongside this checklist.

Section 1: Telemarketing Sales Rule (TSR) Checklist

The TSR (16 CFR § 310.4) applies to any credit repair business that uses the telephone to sell, solicit, or close clients — including inbound calls. "Telemarketing" under the FTC's definition is broader than most consultants realize.

📋 Legal Scope

The TSR applies if you: (a) make or receive telephone calls, AND (b) discuss your credit repair services during those calls. If a prospect calls you and you explain what you do, you are engaged in telemarketing under federal law. This is not optional, regardless of whether you consider yourself a "telemarketer."

📞

TSR Compliance — 8 Items

Telemarketing Sales Rule requirements for credit repair

No upfront fees collected by phone
You cannot request or receive payment during or after a telemarketing call for credit repair services. Not a deposit. Not a consultation fee. Not a "setup" charge. Zero dollars until results are documented.
No credit card numbers taken by phone
Collecting card details over the phone — even to "hold on file" — violates the TSR's advance fee ban. Payment must flow through a self-service portal after eligibility is confirmed.
Do Not Call (DNC) compliance in place
You are subscribed to the National DNC Registry, scrub your outbound list before every call campaign, and document each scrub with a timestamp. Non-compliance: $51,744 per violation.
No misrepresentation of results on calls
Agents (human or AI) do not promise specific point increases, specific timelines, or guaranteed deletion of accurate negative items. Every statement about outcomes is framed as a possibility, not a certainty.
Caller ID is accurate and not spoofed
Your outbound calls display your real business number or a number registered to your business. Spoofed or misleading caller ID is a separate TSR violation with its own penalty tier.
Call abandonment rate below 3%
If you use predictive dialers, less than 3% of answered outbound calls can be abandoned (no live agent available). Abandonment must be measured per campaign per day. Document it.
Internal DNC list maintained and honored
Consumers who ask not to be called again must be added to your internal DNC list within seconds and never called again. This is separate from the National DNC Registry and has no expiration.
Call recordings retained for 24+ months
The FTC's standard audit lookback is 24 months. All call recordings, transcripts, and consent logs must be retrievable on demand. A missing recording is treated the same as a prohibited one.

⚡ How AI Voice Agents Automate TSR Compliance

ClearCall's AI voice agents handle inbound inquiries without discussing fees, eliminate human agents from the payment conversation entirely, and auto-log every call with timestamped transcripts. Your TSR audit trail is built automatically — no manual recordkeeping required.

Section 2: CROA Core Requirements Checklist

CROA (15 U.S.C. § 1679 et seq.) governs the content of your contracts, what you can and cannot promise, and your structural obligations to every client. These aren't best practices — they're federal statutory requirements.

⚖️

CROA Core Requirements — 7 Items

Credit Repair Organizations Act structural obligations

Written contract for every client engagement
Every agreement to provide credit repair services must be in writing, signed by the consumer, and dated. Verbal agreements are void under CROA § 1679d. A signed copy must be delivered to the consumer before any work begins.
Contract states the total payment owed
CROA requires the contract to specify the full amount the consumer will pay — not "starting at," not "up to," not a range. The exact total must be stated. If the total isn't known, you cannot charge until it is.
Contract describes every service to be performed
The contract must enumerate exactly what services will be provided: which bureaus will be disputed, which account types, what documentation will be submitted. "Credit repair services" as a description is insufficient.
Estimated completion date included
The contract must include an estimated date by which the services will be completed or the estimated duration of the engagement. This is a hard requirement under CROA § 1679d(b)(2)(C).
No guarantee language in contracts or marketing
You cannot guarantee: specific score increases, deletion of specific items, specific timelines, or any particular outcome. "We guarantee results" is a federal violation. Audit every ad, every landing page, every script.
Signed consumer copy delivered before work begins
The consumer must receive a signed, dated copy of the contract before you perform any credit repair services. Email delivery with a delivery confirmation (not just "sent") satisfies this requirement.
Contract terms are not waivable
Any contract clause that attempts to waive CROA rights — "consumer agrees to waive 3-day cancellation," "consumer waives right to sue" — is void on its face and also exposes you to additional liability for attempting the waiver.

Section 3: Advance Fee Prohibition Checklist

The advance fee prohibition is the most common — and most expensive — CROA violation. It operates under both CROA (§ 1679b) and TSR (§ 310.4(a)(2)) simultaneously, which means violating it once generates penalties under two separate federal statutes.

💰 Penalty Exposure

TSR violations: up to $51,744 per violation. CROA statutory damages: $5 per day per affected consumer plus actual damages plus attorney fees. With 1,000 clients, a single advance fee violation generates $5,000/day in ongoing statutory liability — plus TSR exposure. Key Credit Repair: $50 million on 40,000 clients.

🚫

Advance Fee Prohibition — 6 Items

No payment before results are proven

Zero dollars collected before services are performed
No consultation fees, setup fees, application fees, or deposits of any kind. The advance fee ban is absolute: not one dollar before you perform the promised credit repair service.
Payment only after documented results, 6+ months post-completion
Under TSR § 310.4(a)(2)(i), you cannot charge until: (a) results have been achieved, AND (b) a credit report showing those results is dated more than 6 months after the results were obtained. Both conditions must be satisfied simultaneously.
Results documented with dated bureau reports
Your proof of results must be an official consumer report (TransUnion, Equifax, or Experian) — not a screenshot, not a third-party monitoring service summary. Store the original report with the date prominently visible.
No "subscription" or recurring billing before results threshold
Monthly subscription models that charge before the 6-month results window are advance fee violations. "We charge for ongoing monitoring" doesn't create an exemption if the credit repair service hasn't met its legal result threshold.
No third-party payment collection during sales calls
Using a third-party payment processor on a live call — including links sent via text or email during the call — constitutes collection of an advance fee during a telemarketing transaction.
Payment eligibility tracked per client with timestamps
Your system must record: (1) when results were achieved, (2) the date of the documenting credit report, and (3) when the 6-month window expires. This creates the audit trail that proves you didn't charge too early.

Section 4: Required Disclosures Checklist

CROA mandates two categories of disclosures: a standalone written statement of consumer rights provided before signing any contract, and specific in-contract disclosures that must appear verbatim. Missing either category — even if you've done everything else right — creates independent liability.

📄

Required Disclosures — 8 Items

CROA § 1679c mandatory disclosure requirements

Consumer Rights Statement provided before any contract is signed
CROA § 1679c requires you to provide a standalone written document — separate from the contract — disclosing consumer rights before any agreement is executed. This is not optional and cannot be embedded in fine print.
Consumer Rights Statement uses CROA's exact statutory language
CROA specifies the exact wording for the Consumer Rights Statement. Paraphrasing is not permitted. The statement must be provided verbatim as written in § 1679c(a), including the DIY rights disclosure.
3-day cancellation notice appears in contract, above signature line
The cancellation disclosure must be: (a) in the contract itself, (b) in a conspicuous location immediately above or adjacent to the consumer's signature line, (c) in bold-faced type. Location matters — the FTC has cited contracts where the disclosure was technically present but not "conspicuous."
3-day cancellation notice uses exact statutory language
The notice must read: "You may cancel this contract without penalty or obligation at any time before midnight of the 3rd business day after the date on which you signed the contract." Abbreviations or rewording are not compliant.
DIY disclosure included: consumers have the right to dispute themselves
You must disclose that consumers can dispute credit report inaccuracies themselves for free, without paying a credit repair organization. This disclosure must be prominent — not buried in footnotes.
Disclosure delivery confirmed and timestamped
The FTC expects you to prove a disclosure was delivered, not just that you sent it. Email read receipts, electronic acknowledgment checkboxes, or signed receipt forms — all acceptable. "We emailed it" without proof is insufficient.
No false statements about consumer credit rights
CROA prohibits making false or misleading statements to a consumer about their rights regarding credit. This includes understating what consumers can do themselves, or overstating what you can do for them versus what a consumer can legally do for free.
Cancellation form or instructions provided with contract
Best practice (and common CFPB expectation): include a separate cancellation form with the contract package. The consumer should not have to figure out how to cancel — the process must be clearly documented upfront.

Section 5: Consumer Rights Obligations Checklist

Beyond the disclosure requirements, CROA creates ongoing obligations around how you treat consumers during the service period. These often catch consultants off guard because they feel more like "policy" than "law" — but they're enforceable federal requirements.

🛡️

Consumer Rights Obligations — 6 Items

Ongoing CROA obligations to enrolled clients

Cancellation honored within 3 business days — no penalties
A consumer who cancels within 3 business days must receive a full refund of any amounts paid (applicable only if you somehow collected prior to the window). Threatening chargebacks, citing "anti-cancellation" clauses, or delaying the refund are independent violations.
No false statements made to consumer reporting agencies
CROA § 1679b(a)(1) prohibits making any statement to a CRA that you know or should know is false or misleading. This includes dispute letters that fabricate circumstances, claim identity theft falsely, or contest accurate information as inaccurate.
No advising consumers to misrepresent their identity to CRAs
Advising a consumer to use a different Social Security number, create a "new credit identity," or misrepresent any identifying information to a bureau is a federal crime under CROA § 1679b(a)(3). This has resulted in criminal convictions, not just civil fines.
Consumer can cancel after 3 days — cancellation policy is clear
CROA gives consumers the right to cancel after the 3-day window too — subject to the contract terms for post-window cancellation. You must have a documented post-window cancellation process and honor it without retaliation.
No waiver clauses in consumer contracts
CROA § 1679f explicitly voids any waiver of rights by a consumer under the Act. Contracts that include "I hereby waive my right to cancel" or "I waive my right to sue" are not just unenforceable — the attempt to include them is itself a CROA violation.
Consumer complaints tracked and responded to in writing
There is no explicit CROA response-time requirement, but CFPB examination standards expect written complaint tracking. Every complaint goes in a log: date received, nature of complaint, response date, resolution. Unresolved complaints that escalate to the CFPB will surface your complaint log.

How AI Voice Agents Automate Compliance

Running through this checklist manually — for every client, every call, every contract — is operationally expensive. Most solo consultants don't have a compliance officer. The result: things get missed, usually in the TSR and advance fee sections, because those are the ones that require consistency at scale.

AI voice agents like ClearCall were built specifically to eliminate the human error points in CROA/TSR compliance. Here's how the automation maps to this checklist:

⚡

What ClearCall Automates

From the checklist above — handled by default

No fees discussed or collected on calls
AI agents are designed to never discuss pricing or collect payment. Prospects are directed to self-service enrollment. TSR § 310.4 advance fee risk: eliminated at the call layer.
Every call recorded, transcribed, timestamped
24-month call retention happens automatically. Every inbound and outbound call is stored with full metadata: caller, duration, transcript, timestamp. Your TSR audit trail builds itself.
No prohibited language in agent responses
Agent prompts prevent guarantee language, specific score promises, and misleading timelines. CROA § 1679b(a)(3) misrepresentation risk: blocked at the prompt level.
DIY disclosure served before enrollment
Before any client signs anything, ClearCall displays and logs the consumer's acknowledgment of their right to dispute independently. Delivery timestamp is stored.
Contracts generated with correct 3-day cancellation language
Contracts include the verbatim CROA cancellation statement in the required location. No customization that might accidentally remove required language.
Payment gates locked until results + 6-month threshold
The billing system won't process payment until you confirm documented results. The advance fee prohibition is enforced at the payment layer, not just as a policy.

The sections ClearCall doesn't automate — DNC scrubbing for outbound campaigns, post-window complaint handling, contract service descriptions — are the ones that require your business-specific judgment. Those are yours to manage.

The Compliance Bottom Line

This checklist has 35 items. The FTC doesn't need all 35 to build a case. They need one. The five that produce the most enforcement actions:

✓ No advance fees — not one dollar before results are documented
✓ 3-day cancellation in bold, above the signature line, verbatim statutory language
✓ Consumer Rights Statement delivered and acknowledged before signing
✓ Zero guarantee language anywhere — ads, calls, contracts, landing pages
✓ Every client interaction logged with a retrievable audit trail

For the detailed enforcement breakdown — exactly how each of these violations was prosecuted, with dollar amounts and company names — read the full CROA compliance guide.

Let ClearCall Enforce Your Compliance Checklist

Stop relying on memory and good intentions. ClearCall automates the highest-risk compliance requirements at the system level — so the rules are enforced even when you're not watching.

✅ TSR-safe calls — no fees, no prohibited language, every call logged

✅ Advance fee locks — payment disabled until results are confirmed

✅ CROA contracts — correct disclosures, correct placement, every time

✅ Audit-ready dashboard — 24-month call history, FTC-ready reports

✅ DIY disclosure flow — timestamped consumer acknowledgment before enrollment

✅ No guarantee language — AI prompts prevent prohibited claims by default

See how ClearCall automates your compliance →

Resources

Federal Law FTC: Credit Repair Organizations Act (Full Text) →
Federal Regulation FTC: Complying with the Telemarketing Sales Rule →
Enforcement Actions CFPB Enforcement Actions Newsroom →
DNC Registry National Do Not Call Registry →
Related Guide 5 TSR Violations That Get Credit Repair Businesses Fined →
Tool Free CROA Compliance Checker →

CROA Compliance Checklist forCredit Repair Businesses