Whether you’re a startup or an established organization, understanding the laws and regulations that apply to debt collection can be overwhelming. Compliance is always evolving as new laws and regulations are passed, new technology is introduced, consumer preferences shift, and court decisions or regulatory guidance suggest modifications to best practices. Fortunately, the knowledgeable team at TrueAccord is here to help break down some of the top questions around compliance in the collections industry.
- What are the major regulations lenders need to know about?
- What are the consequences of non-compliance?
- What kinds of businesses need to comply with these regulations?
- What are the top challenges that you see ahead for compliance in collection?
- What keeps a legal or compliance professional in collections up at night?
We asked some of the TrueAccord compliance professionals to provide insight to these top questions.*
*This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter
1. What are the major laws and regulations lenders need to know that govern debt collection (and debt collection service providers)?
Steve Zahn [SZ]: Right off the bat, obviously the Fair Debt Collection Practices Act, or the FDCPA, is the major law lenders need to know about for debt collection. There are also some similar state laws, but the FDCPA is the big one that governs debt collection activity.
Kelly Knepper-Stephens [KKS]: The CFPB just finished a rulemaking in 2021 related to the FDCPA, referred to as Regulation F, in an effort to modernize and work through some of the issues that occurred and played out in the courts over the last 45 years since the FDCPA took effect. The TCPA—the Telephone Consumer Protection Act—is another law that impacts debt collection. It doesn’t just regulate phone calls. It also regulates text messaging and it regulates leaving pre-recorded messages for consumers. So it’s important to be aware of how that impacts the types of consumer communications that a business will be using.
Lauren Valenzuela [LV]: One of the most important laws that sometimes gets overlooked is the Dodd-Frank Wall Street Reform and Consumer Protection Act. This is what created the Consumer Financial Protection Bureau, the CFPB. It’s also what created what we know as UDAAP—Unfair, Deceptive, or Abusive Acts or Practices. The CFPB gets its UDAAP authority from that particular law, and it also gave the CFPB authority to interpret and make rules for the Fair Debt Collection Practices Act.There are other laws that impact our work as well, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, Electronic Signatures in Global and National Commerce Act, known as the E-Sign Act, among others.
Leana Lares [LL]: Additionally, if a business is working with consumer personally identifiable information, private information, then they should definitely know about all of the different federal and state privacy and data security laws.
2. What are the consequences of non-compliance?
LV: Consequences of non-compliance are very vast. Non-compliance can lead to increased consumer complaints. It could also lead to enforcement by state or federal regulators, which could result in fines and penalties. It could result in consumer litigation. Non-compliance can also jeopardize an agency’s collection license and ability to conduct business in a particular state or locality. But most importantly, the consequences of non-compliance is erosion of consumer trust and also your client’s trust. So compliance is incredibly important for everybody and especially for us here at TrueAccord.
SZ: In litigation, penalties can include: (a) statutory damages, e.g., up to $1,000 for the FDCPA or $500-$1,500 per violation for TCPA; (b) actual damages, e.g., physical manifestations that are the result of emotional distress; and/or (c) punitive damages, if the conduct is so outrageous or intentional that it gives rise to addition damages designed to punish. In addition, the court or regulatory agency can award costs and attorney fees to the prevailing party and can also enter an order prohibiting or requiring certain conduct in the future. Finally, regulatory agencies have the ability to order disgorgement of funds collected and/or an award of damages to the agency itself.
3. What kinds of businesses need to comply with these regulations?
LV: Third party debt collectors need to comply with these laws and regulations, and sometimes so do servicers and first party debt collectors in some form or fashion.
For example, creditors are exempt from some of the laws, such as the federal FDCPA, and sometimes they’re not (such as the case with some state debt collection laws). So it really just depends on the specific law, but needless to say, everyone should really be aware of the laws and regulations that apply to this particular type of line of business. Because even if you don’t have to follow it, sometimes there’s a lot of best practices that can be found in these laws and regulations as well.
KKS: Not just debt collectors. It really depends on the type of work that a particular business conducts and whether or not a statute covers that conduct. For example, the TCPA governs entities making phone calls, sending text messages, or leaving pre-recorded messages for consumers, so it regulates any entity, public or private, using these forms of communication. For the FDCPA, it regulates the collection of a debt, so a business needs to look at what is the definition of “debt” and are these accounts “debts” under that definition. As well as, whether the activities of the business fall under the statute’s definition of a “debt collector” or any of the exemptions?
4. What are the top challenges that you see ahead for compliance in collection?
LL: Some of the top challenges that we see ahead in compliance definitely has to do with the ever-changing landscape of our industry. For example, consumer privacy laws are popping up everywhere. Here in the United States, many of the privacy laws borrow aspects of the GDPR. California adapted their privacy law, the California Consumer Privacy Act (CCPA), to mirror the concept of transparency and granting individuals new rights over their personal information. We are seeing many different states implement privacy laws and all the different states have different rules (e.g., California, Virginia, Utah, Colorado, Connecticut). Some of them parallel each other, some of them are drastically different. So it’s very important to keep up with all of these things, and TrueAccord does a great job of that.
LV: We’re seeing compliance professionals have to partner more and more with information security. It’s not a challenge so much as an area where I think compliance professionals in the industry are really going to have to increase their knowledge and competencies in the information security discipline. Also, making sure that they’re just staying ahead of the curve when it comes to best practices with cybersecurity and data privacy. We need information in order to conduct our business and to do it effectively;so making sure that you have all the necessary safeguards in place is of paramount importance.
Another top challenge for the collections industry at large is figuring out how to best use machine learning (a subset of AI)—not only learning how to use it, but also how to mature your compliance management system (CMS) so that it accounts for your use of it. If you’re using any type of analytics or algorithms, or if your service providers are using any type of analytics or algorithms, you need to evaluate your CMS to make sure you have proper oversight of that technology.
5. What keeps a legal or compliance professional in collections up at night?
KKS: Uncertainty with changing regulatory rules. It’s relatively easy to provide legal and compliance advice when you have clear rules of the road. But when there are statutes with different interpretations, regulators with different approaches, or a patchwork of differing court opinions on a given topic it is more challenging.
LV: The ability for a company to stay nimble while avoiding compliance fatigue. You have to be a cheerleader for compliance and keep up the energy, make sure everybody understands their compliance obligations so that they can adapt to it and operationalize it. Sometimes there can be ambiguity in the application of a certain law or a regulation to a particular set of facts or a particular technology or system. We often need to create clarity from ambiguity, while also doing what is best for consumers, what’s best for business, and lead the way in creating best practices when there may be ambiguity.
SZ: As an Associate General Counsel at TrueAccord, not much keeps me up at night. We have a tremendous system, compliance program, and corporate culture of compliance and striving to be polite and friendly with consumers.