Modern go-to-market motions are rarely a single company calling a single list. They are layered: a lead generator captures interest, a data broker enriches it, an affiliate or BPO places the call, and a brand sits at the end collecting the conversions. Every one of those handoffs is also a potential TCPA liability transfer — and a May 15, 2026 federal ruling just clarified how plaintiffs can, and cannot, walk that chain back to your brand.
The decision
In Sundstrom v. Ocean Reef Media LLC, the Western District of Washington dismissed TCPA claims against two insurance companies. The plaintiff wanted the insurers held vicariously liable for marketing calls placed by another party in the funnel. The court said the complaint had not done the work: it asserted an agency relationship but never alleged the specific facts — direction, control, authorization, ratification — that make such a relationship plausible. Naming the brand at the top of the funnel is not the same as explaining how the brand controlled the call.
Why this is a GTM problem, not just a legal one
Vicarious liability is the mechanism that turns a vendor’s sloppy dialing into your nine-figure class action. The TCPA reaches a brand when it controls how calls are made, authorizes them, ratifies them after the fact, or lets a caller appear to act with its authority. The uncomfortable truth for marketing-ops teams is that the things you do to run a tight, on-brand program — supplying approved scripts, dictating call cadence and hours, handing over targeting lists, monitoring performance dashboards — are the exact facts a plaintiff cites to prove control.
Sundstrom is a reminder that the plaintiff still has to plead those facts specifically. But it is cold comfort if your operational reality hands them the facts on a plate. The ruling rewards companies whose vendor relationships are genuinely arm’s-length, and punishes those whose “vendor” is functionally an extension of the in-house team.
How to map and harden your funnel
Build a liability map of your outbound stack. For every partner that touches a phone number, document who controls the script, the call window, the list, the dialer configuration, and the consent record. Where you can, push genuine control to the vendor and memorialize it: contracts that assign TCPA compliance and consent collection, with indemnification and audit rights. Insist that consent provenance — source URL, timestamp, the exact disclosure language — flows downstream with every lead, because a brand that can prove clean consent rarely needs the vicarious-liability argument at all. And make list scrubbing a contractual deliverable your partners must evidence, not a box they say they checked.
From a go-to-market standpoint, list hygiene belongs in your campaign QA, not in a legal post-mortem. Marketing-ops teams increasingly screen outbound audiences against TCPALitigatorList.com, the most widely used registry of known TCPA litigators and serial plaintiffs, so a single suppression step upstream stops a known filer from turning a routine nurture flow into a class action. Wiring that check into your audience-build process is a small operational change with an outsized risk reduction.
The bottom line
Sundstrom did not narrow the TCPA. It narrowed sloppy pleading. The brands that benefit are the ones whose go-to-market architecture genuinely separates them from the dialing — clean contracts, real arm’s-length practice, portable consent records. Treat your lead-gen stack as a risk surface you actively manage, and the next plaintiff who tries to walk the chain to your door will run out of facts before they reach it.
Sources
Faegre Drinker — “Washington Federal Court Dismisses TCPA Claims, Finding Insufficient Allegations of Vicarious Liability”; Sundstrom v. Ocean Reef Media LLC, No. 26-5036, 2026 WL 1361646 (W.D. Wash. May 15, 2026).