← Field notes
January 8, 2026Devan SPcrmcompliancedata

Your CRM doesn't know which leads are dialable, and how to fix it in a weekend

Most mortgage CRMs store consent as a free-text note, a boolean that means something different in every state, or not at all. Here's the audit every brokerage should run this quarter.

Ask a broker-owner to show you the TCPA-consent column in their CRM. You get one of three responses:

  1. "It's in the notes field for each contact."
  2. "We have a checkbox but I'm not sure what it means legally."
  3. "We have a report but it hasn't been updated since 2023."

All three are the same problem with different cosmetics. Your CRM doesn't actually know which contacts can legally be dialed. And without that information, a voice-AI motion (or any dialing motion) walks into a legal minefield.

What dialable means

A contact is dialable when you can prove, at the moment of the call:

  • They gave prior express written consent for loan-related outreach (TCPA)
  • They are not on the current federal DNC registry
  • They are not on any state-level DNC registry relevant to their residence
  • Your state doesn't have a specific time-of-day restriction you're about to violate
  • The number is not reassigned (FCC database)
  • The consent hasn't been revoked

"In the notes field" does not produce this information quickly enough to scale.

The weekend audit

Saturday morning. Export every contact record with phone and a consent-related field (whatever you have). Open the file. Add four new columns:

  • consent_source — web form, inbound call, in-person, referral, unknown
  • consent_date — when was the checkbox checked
  • consent_scope — loan-related, marketing, both, unknown
  • revocation_date — nullable

Saturday afternoon. Go through the unknowns. For contacts that came from web forms, check your form backups — most form platforms (Gravity, Typeform, HubSpot) retain submission logs with timestamps. That's your consent_source and consent_date together.

For contacts that came from inbound calls, check your call-log platform. The fact that they called you first is effectively implied consent for reasonable callback — but you want the record.

For contacts you can't source with confidence, they become a separate bucket. Don't dial that bucket until you re-solicit consent via email.

Sunday. Run a DNC scrub. Commercial services do this for $0.001-0.003 per record. On a 5,000 record database, that's $25.

Sunday night you have a clean list that can be dialed with documented consent. You have a dirty list that needs new consent or just gets archived. Most brokerages are surprised by the ratio — usually 60-70% of the database is cleanly dialable, and they were treating 100% of it as "maybe."

Why the voice-AI vendor should do this with you

When we onboard a brokerage for a Reactivation Sprint, the first two days are this exact audit. We don't dial anything we can't defend. The scrubbed list becomes your permanent "approved-dial" segment — you get to keep using it long after the sprint ends.

The audit is doable in a weekend, but most brokerages never do it because it's not urgent enough until it is. Beat the urgency curve. Run it with us as part of the sprint intake.

Book a 15-min demo