Just as technology has evolved leaps and bounds, so have consumer communication preferences with that technology, especially when it comes to debt collection. So in 2021, the Consumer Financial Protection Bureau (CFPB) rolled out Regulation F under the existing Fair Debt Collection Practices Act (FDCPA). Regulation F seeks to provide additional clarity around the key FDCPA prohibitions covering everything from harassment, such as the 7-in-7 call caps, to sample language for the initial communication with enhanced disclosures and information to help consumers identify their accounts.
Now, one year after Regulation F has gone into effect, some organizations and lenders still have questions about these new rules and how they can impact their business overall.
To help elucidate the matter, TrueAccord’s Chief Compliance Officer and General Counsel, Kelly Knepper-Stephens, sat down with the CBANC Network to discuss Using Regulation F to Maximize Recovery.
Below are just a few highlights from the in-depth discussion, but we encourage you to watch the full on-demand webinar to learn more about:
Safe Harbors in Regulation F (and if they are worth it)
Social Media communication best practices
Rules on contacting consumers including from other laws like the TRACED Act
State and municipal laws applicable to debt collection
Highlights from “Using Regulation F to Maximize Recovery” with Kelly Knepper-Stephens*
We have found at TrueAccord that maintaining strong compliance with Regulation F doesn’t decrease your ability to recover defaulted debts from consumers. We know that consumers like digital collections, because we primarily communicate using digital channels.
At TrueAccord, we find that 65% of consumers are opening at least one email—and 35% click on the link in the email that directs the customer to the webpages with information about the account settlement offers and payment plans, how to dispute, et cetera. For TrueAccord, 96% of consumers resolve their account without any human interaction whatsoever because they find the information that they need through the self-serve platform.
The regulators understand the growing preference for digital and self-service methods, and have acknowledged in Regulation F that it is permissible for a debt collector to communicate with consumers via these digital channels, including adding rules about how to use social media in debt collection.
TrueAccord was very active in the CFPB’s Regulation F rulemaking process for this reason. We served on the small entity review board business panel in order to provide feedback as to the potential impacts of the draft proposal on our small business. We also provided a lot of data and information on how we designed our digital communications, such as having unsubscribe links in all email communications. This was important because at the time TrueAccord was one of the only companies in the industry using digital. The end result actually mimicked some of our best-practices practices.
Engaging the consumer is the fastest path to resolution, so no matter the channel—email, text message, phone calls, et cetera—using all channels compliantly to identify the right time, right channel, right message to engage the consumer is the ticket to success.
*Kelly serves as TrueAccord’s Chief Compliance Officer and General Counsel. This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
Whether you’re a startup or an established organization, understanding the laws and regulations that apply to debt collection can be overwhelming. Compliance is always evolving as new laws and regulations are passed, new technology is introduced, consumer preferences shift, and court decisions or regulatory guidance suggest modifications to best practices. Fortunately, the knowledgeable team at TrueAccord is here to help break down some of the top questions around compliance in the collections industry.
The Questions:
What are the major regulations lenders need to know about?
What are the consequences of non-compliance?
What kinds of businesses need to comply with these regulations?
What are the top challenges that you see ahead for compliance in collection?
What keeps a legal or compliance professional in collections up at night?
We asked some of the TrueAccord compliance professionals to provide insight to these top questions.*
*This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter
1. What are the major laws and regulations lenders need to know that govern debt collection (and debt collection service providers)?
Steve Zahn [SZ]: Right off the bat, obviously the Fair Debt Collection Practices Act, or the FDCPA, is the major law lenders need to know about for debt collection. There are also some similar state laws, but the FDCPA is the big one that governs debt collection activity.
Kelly Knepper-Stephens [KKS]: The CFPB just finished a rulemaking in 2021 related to the FDCPA, referred to as Regulation F, in an effort to modernize and work through some of the issues that occurred and played out in the courts over the last 45 years since the FDCPA took effect. The TCPA—the Telephone Consumer Protection Act—is another law that impacts debt collection. It doesn’t just regulate phone calls. It also regulates text messaging and it regulates leaving pre-recorded messages for consumers. So it’s important to be aware of how that impacts the types of consumer communications that a business will be using.
Lauren Valenzuela [LV]: One of the most important laws that sometimes gets overlooked is the Dodd-Frank Wall Street Reform and Consumer Protection Act. This is what created the Consumer Financial Protection Bureau, the CFPB. It’s also what created what we know as UDAAP—Unfair, Deceptive, or Abusive Acts or Practices. The CFPB gets its UDAAP authority from that particular law, and it also gave the CFPB authority to interpret and make rules for the Fair Debt Collection Practices Act.There are other laws that impact our work as well, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, Electronic Signatures in Global and National Commerce Act, known as the E-Sign Act, among others.
Leana Lares [LL]: Additionally, if a business is working with consumer personally identifiable information, private information, then they should definitely know about all of the different federal and state privacy and data security laws.
2. What are the consequences of non-compliance?
LV: Consequences of non-compliance are very vast. Non-compliance can lead to increased consumer complaints. It could also lead to enforcement by state or federal regulators, which could result in fines and penalties. It could result in consumer litigation. Non-compliance can also jeopardize an agency’s collection license and ability to conduct business in a particular state or locality. But most importantly, the consequences of non-compliance is erosion of consumer trust and also your client’s trust. So compliance is incredibly important for everybody and especially for us here at TrueAccord.
SZ: In litigation, penalties can include: (a) statutory damages, e.g., up to $1,000 for the FDCPA or $500-$1,500 per violation for TCPA; (b) actual damages, e.g., physical manifestations that are the result of emotional distress; and/or (c) punitive damages, if the conduct is so outrageous or intentional that it gives rise to addition damages designed to punish. In addition, the court or regulatory agency can award costs and attorney fees to the prevailing party and can also enter an order prohibiting or requiring certain conduct in the future. Finally, regulatory agencies have the ability to order disgorgement of funds collected and/or an award of damages to the agency itself.
3. What kinds of businesses need to comply with these regulations?
LV: Third party debt collectors need to comply with these laws and regulations, and sometimes so do servicers and first party debt collectors in some form or fashion.
For example, creditors are exempt from some of the laws, such as the federal FDCPA, and sometimes they’re not (such as the case with some state debt collection laws). So it really just depends on the specific law, but needless to say, everyone should really be aware of the laws and regulations that apply to this particular type of line of business. Because even if you don’t have to follow it, sometimes there’s a lot of best practices that can be found in these laws and regulations as well.
KKS: Not just debt collectors. It really depends on the type of work that a particular business conducts and whether or not a statute covers that conduct. For example, the TCPA governs entities making phone calls, sending text messages, or leaving pre-recorded messages for consumers, so it regulates any entity, public or private, using these forms of communication. For the FDCPA, it regulates the collection of a debt, so a business needs to look at what is the definition of “debt” and are these accounts “debts” under that definition. As well as, whether the activities of the business fall under the statute’s definition of a “debt collector” or any of the exemptions?
4. What are the top challenges that you see ahead for compliance in collection?
LL: Some of the top challenges that we see ahead in compliance definitely has to do with the ever-changing landscape of our industry. For example, consumer privacy laws are popping up everywhere. Here in the United States, many of the privacy laws borrow aspects of the GDPR. California adapted their privacy law, the California Consumer Privacy Act (CCPA), to mirror the concept of transparency and granting individuals new rights over their personal information. We are seeing many different states implement privacy laws and all the different states have different rules (e.g., California, Virginia, Utah, Colorado, Connecticut). Some of them parallel each other, some of them are drastically different. So it’s very important to keep up with all of these things, and TrueAccord does a great job of that.
LV: We’re seeing compliance professionals have to partner more and more with information security. It’s not a challenge so much as an area where I think compliance professionals in the industry are really going to have to increase their knowledge and competencies in the information security discipline. Also, making sure that they’re just staying ahead of the curve when it comes to best practices with cybersecurity and data privacy. We need information in order to conduct our business and to do it effectively;so making sure that you have all the necessary safeguards in place is of paramount importance.
Another top challenge for the collections industry at large is figuring out how to best use machine learning (a subset of AI)—not only learning how to use it, but also how to mature your compliance management system (CMS) so that it accounts for your use of it. If you’re using any type of analytics or algorithms, or if your service providers are using any type of analytics or algorithms, you need to evaluate your CMS to make sure you have proper oversight of that technology.
5. What keeps a legal or compliance professional in collections up at night?
KKS: Uncertainty with changing regulatory rules. It’s relatively easy to provide legal and compliance advice when you have clear rules of the road. But when there are statutes with different interpretations, regulators with different approaches, or a patchwork of differing court opinions on a given topic it is more challenging.
LV: The ability for a company to stay nimble while avoiding compliance fatigue. You have to be a cheerleader for compliance and keep up the energy, make sure everybody understands their compliance obligations so that they can adapt to it and operationalize it. Sometimes there can be ambiguity in the application of a certain law or a regulation to a particular set of facts or a particular technology or system. We often need to create clarity from ambiguity, while also doing what is best for consumers, what’s best for business, and lead the way in creating best practices when there may be ambiguity.
SZ: As an Associate General Counsel at TrueAccord, not much keeps me up at night. We have a tremendous system, compliance program, and corporate culture of compliance and striving to be polite and friendly with consumers.
Delivering communications to your customers has always been a compliance challenge with the plethora of laws, regulations, court decisions, and regulatory guidance in the debt collection space. Today with more communication channels available and regular communication from debt collection regulators—via consent orders, compliance bulletins, supervisory highlights, and even press releases—your compliance management systems and design must be flexible and easy to update.
To get expert insights on the newest compliance issues and opportunities that need to be front of mind when sending digital communications to effectively engage your customers, Associate General Counsel Lauren Valenzuela and Director of User Experience Shannon Brown teamed up to discuss the Future of Collections & Compliance in TrueAccord’s latest webinar.
Below are some of the key takeaways from their discussion, plus attendee poll results on top compliance questions.
*This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
The Current State of Compliance
Lauren Valenzuela [LV]: Needless to say, over the last 10 years the CFPB has fundamentally changed how we think about and approach compliance. That has really influenced our industry and how we think about communications in debt collection.
LV: Over the last decade the CFPB has taught us that compliance is an evolving thing. It’s not something that you can set and forget. It is something that is dynamic and that must constantly evolve and mature in order to be effective, because our environment is constantly changing.
Attendee Poll Question: What is the biggest compliance issue you face when trying to engage with your customers?
Changing Consumer Preferences for Collection Communications
LV: The CFPB recently published a blog and shared that it is a “mobile first” agency, meaning that most people who visit its website are using mobile devices or smartphones. Here at TrueAccord, what does our information show about mobile usage?
Shannon Brown [SB]: Consumer mobile use has skyrocketed. In 2016, about a quarter of our consumers were using their phones to read emails and visit our website—and that number has increased to consistently above 80%. We’ve put a lot of effort into making sure our emails and website are responsive to make sure we’re meeting the needs of our consumers who are overwhelmingly on mobile. We’ve made sure our pages are able to load faster for consumers that have less stable cell connections and really made sure our interactive elements are big and optimized for tapping with a finger instead of clicking with a mouse. As far as communications, our consumer research has really shown that most consumers don’t answer the phone and want to be contacted through digital channels—they want a multi-channel experience.
LV: So we’re seeing consumers increase use in mobile phones. Even the Bureau has seen that, and we’re seeing banks increase their use of digital technologies to communicate and facilitate transactions and engage with their consumers as well.
What’s the Role of the Legal Team in Your Collections Strategy?
LV: There needs to be a partnership between compliance and pretty much all core functions, and especially at a fintech company like TrueAccord where our technology and our digital communications platform are the center of what we do to help consumers. It’s really neat to see compliance interwoven, and I think that’s reflective of its compliance management system and company culture.
Compliance Management System Evolution
LV: Ten years ago, many collection agencies were likely in the undisciplined stage, where there was some type of compliance ongoing, but it didn’t have much structure—processes may be undocumented, potential exposure to vulnerabilities that expose themselves on lawsuits, for example.
The next iteration is reactive, meaning there is development of some policies and procedures, controls are identified, and the company is responding to issues and incidents reactively.
The next level is calculative. At this level, leadership is actively engaging the organization in compliance, risk assessment processes are maturing, corrective action plans are being developed and executed to remediate deficiencies.
This next level is proactive, meaning employees are trained and following clear policies and procedures, and such procedures have built in intentional redundancies. The organization is being proactive in identifying and responding to issues and incidents and is self-identifying deficiencies and essentially executing on comprehensive corrective action plans.
Generative means that there’s continuous improvement towards challenging goals, which are driven by data analysis. There’s critical evaluation of policies and procedures and controls, and risk is integrated in operations. Issues and incidents resolutions are driven by stakeholders and really enhanced controls.
Attendee Poll Question: Which category does your Compliance Management System (CMS) fall under today?
LV: So no matter where you’re at within your compliance management system and no matter what maturity level, the important thing to remember is that you don’t have to stay there—you can evolve. We can’t stress this enough. Compliance is an evolving and dynamic thing, and should be constantly evolving to stay effective in whatever environment it is in.
The fact that TrueAccord has a well-oiled compliance management system allows us to study that climate and then figure out how to translate it and make tangible improvements in our consumers’ experience. That’s something we encourage everyone to do: think about the consumer experience and the environment you’re collecting in, because it looks remarkably different than it did five years ago for example, and we should all be evolving.
The Product Perspective
LV: How has the CFPB influenced how we develop our products here at TrueAccord?
SB: Compliance has been built into our product development life cycle. Besides frequent meetings with our compliance team for feedback and approvals throughout the life cycle, we’ve designed and built our product so we can be nimble in responding to regulatory changes, which we know happen a lot.
LV: There are numerous federal, state, and local laws. Can you give some insight into how we at TrueAccord keep up with all of that?
SB: One of the ways we efficiently keep up with the requirements is through our code-driven approach.
But what does that mean practically? It means, for example, that for any phone call coming in, our agent knows exactly what disclosures need to be given to that consumer via our system, and then gives them an opportunity to log it. It means that any email that goes out has all the necessary disclosures appended, such as out of statute disclosures, state disclosures, et cetera, and these are all kept in our code base. Not only does it take the guesswork out of the equation for our agents and our content team that’s sending communication, it reduces human error. It also means that anytime anything needs to be updated, for example, a wording in a disclosure or when a new disclosure needs to be added, we can do it in one place instead of across a variety of templates and areas of the website. We can do it in one place and then that change propagates throughout the system. This helps us to react to changes really quickly.
Our compliance team is involved in every aspect of the process. They start as educators for the whole product team—we’re all aware of regulatory considerations and know where and when we need to ask for feedback and approvals from our compliance team. So they aren’t just making sure that agents are acting compliantly, but that the product team has that knowledge as well.
And as a product team, we have this wonderful research function that’s constantly talking to consumers and trying to understand their needs and asking for feedback, which we share with our compliance team so that they can go and advocate for consumers when they are talking with regulators and legislators
Future Forecast: Where is Compliance Heading in the Collections Industry?
LV: The next iteration of compliance can be seen in some of the recent CFPB and FTC activity. Last year in 2021 for example, the CFPB published a new section of its supervision and examination manual, specifically an information technology focused compliance management review section. The Bureau is looking at any type of technologies that you may employ, like machine learning models, algorithms, or analytics.
If you’re using any kind of algorithms or machine learning to help inform any aspect of your collection strategy—or if any of your service providers are using any type of algorithms or machine learning to help provide a service to you—you must pay attention to this section of the manual because it’s incredibly informative. We’re seeing the CFPB and the FTC addressing companies’ use of data and technology, wanting to make sure that companies have proper governance and oversight of it.
All of this recent activity shows how compliance within any company, more than ever before, must really take a cross functional approach to its work in order to keep up with the evolving environment. The compliance function should not be siloed. It really needs to be in partnership with all different disciplines and functions within the organization. We’re seeing right here and now and into the future, your information technology professionals, your information security professionals, your product professionals, your engineers, your data scientists, anybody who looks, touches, thinks about data and technology should all be working with compliance
Attendee Poll Question: Which of the following are you most interested in for the future of compliance and collections?
Three Key Takeaways
LV: Compliance is more than a department, it’s more than a program, it’s more than a system. It should be part of an organization’s cultural DNA. So when you think about compliance, wherever you are within an organization, think about how you can make it part of your organization’s DNA.
SB: Concentrate on building your tools to be nimble to the regulatory changes. Things like the design systems and the component libraries that allow you to make those changes quickly and easily, and make sure that they’re made everywhere across the system so you don’t have those older disclosures hanging out somewhere that someone forgot to change. Build your tools so you can make changes in one place efficiently.
LV: As our environments get more sophisticated around us, compliance professionals need to collaborate cross functionally more and more with other disciplines within a company to be effective and stay ahead of the evolution.The more the industry uses data and technology, we have a responsibility to make sure that it is being used in accordance with the law and best practices.
Anyone working in the collections space should be familiar with the federal Fair Debt Collection Practices Act (“FDCPA”) and its regulation, Regulation F; but did you know that there are multiple debt collection laws and regulations at the state and local level too?
State and local laws and regulations often mirror aspects of the FDCPA, however, there are a handful which are remarkably different from the FDCPA. In fact, the FDCPA makes clear that it is not designed to “annul, alter, or affect, or exempt any person” from “complying with the laws of any State with respect to debt collection practices, except to the extent that those laws are inconsistent with any provision of [the FDCPA], and then only to the extent of the inconsistency” (refer to 15 USC § 1692n). The FDCPA goes on to clarify that “a State law is not inconsistent with [the FDCPA] if the protection such law affords any consumer is greater than the protection provided by [the FDCPA].” Therefore, debt collectors collecting nationally have to grapple with and reconcile a patchwork of federal, state, and municipal debt collection laws and regulations when collecting in multiple states.
It is no simple feat to build and maintain a compliance program which keeps a debt collector in compliance with this patchwork of differing and competing debt collections laws and regulations. Debt collectors take different approaches to stay in compliance—from training their collectors on each and every state law and regulation, to deciding not to collect all together in a particular state/locality. Ten years ago when I first started in the industry, I remember compiling a job aid of all the state and local laws debt collectors had to remember and abide by—it was long and nuanced.
For example, the FDCPA explicitly permits debt collectors to speak to a consumer’s spouse without such communication resulting in a third party disclosure (see 15 USC § 1692c(d)), whereas some states such as Arizona and Connecticut are silent on this issue and other states, such as Iowa, consider spouses as third parties. In those states, a consumer must provide their consent in order for a debt collector to speak with their spouse. Another example is communication frequency limitations. While Regulation F provides parameters for call frequency (i.e., calls made in excess of 7 times in a 7 day consecutive period, and calls within 7 days of having had a phone conversation, are presumed harassing), Massachusetts has an entirely different call frequency regime. Massachusetts outright prohibits debt collectors from engaging any consumer in a communication by phone (i.e., calls and texts) more than twice in a 7 day period. While these phone restrictions are similar, they are nuanced nonetheless (e.g., one applies only to calls while the other applies to calls and texts; one in a presumption of harassment and the other is an outright prohibition, etc.) These are just a few examples to illustrate how there may be little distinctions and differences between the FDCPA/Regulation F and state/local laws.
In an effort to simplify how many rules debt collectors have to learn and abide by, some debt collectors design and adopt policies which reconcile as many of the laws and regulations as it can for a particular topic. For example, choosing to adopt the strictest law/regulation as a company policy so that it applies across the board is one strategy some companies may adopt. While this approach will help a debt collector meet or exceed a state law requirement, this approach can unnecessarily limit a debt collector’s ability to communicate and/or collect in more places than necessary, thereby undermining those state economies that have no such restrictions.
While the patchwork may seem daunting, this is an area ripe for compliance innovation—where technology can be leveraged to automate controls and guardrails. For example, instead of requiring debt collectors to memorize multiple state laws/regulations, controls can be designed to automate guardrails for state laws in a collection system. Here at TrueAccord, compliance has a close partnership with its product and engineering teams, to help leverage technology when laws and regulations are introduced or changed. While technology will not replace a compliance monitoring team, it has the potential to increase the efficiency and efficacy of any human monitoring by helping front line agents understand their state by state requirements and compliance teams focus their auditing and monitoring efforts.
*Lauren serves as TrueAccord’s Associate General Counsel. This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
Just as technology has evolved leaps and bounds, so have consumer communication preferences, especially when it comes to debt collection. The Consumer Financial Protection Bureau (CFPB) recognized in Regulation F—rules updating the Fair Debt Collection Practices Act (FDCPA)—that consumers in debt want to communicate with debt collectors through digital channels, like email and SMS.
Under the FDCPA, Regulation F, and other state laws, these digital channels have the same compliance requirements as calls, such as no harassment or abuse, no false or misleading representations, and no unfair practices. Even though these additional channels have the similar compliance requirements, businesses must still manage these requirements across all channels and have the capacity to update requirements as new laws are passed, new cases come out, and new guidance is released from regulators causing a need to change in a compliance practice. How can businesses ensure compliance through the evolving regulatory landscape?
Code-based compliance is a critical component for the debt collection industry.
We interviewed five key stakeholders in this process to get different perspectives on what code-based compliance is and how it benefits businesses, lenders, consumers, and auditors. Read below for insights from: Eric Nevels, Director Operational Excellence; Hal Eisen, VP Engineering; Kelly Knepper-Stephens, Chief Compliance Officer and General Counsel; Michael Lemoine, Director Client Success; and Milo Onken, Director Quality Assurance.
What is Code-Based Compliance?
Eric Nevels: When an algorithm is used to help make decisions on consumer communications in debt collection, a code-based compliance system would be coded into that algorithm or work side-by-side with the algorithm to ensure that all digital communications fall within federal and state laws and regulations.
Michael Lemoine: Here’s an analogy to help explain code-based compliance: You lace up your new running shoes. You scoured all the online reviews and this pair provides the best ankle support. You ate a light but fuel packed breakfast, no mid run slump for you. You eyed the weather app on your phone, all clear and perfect temp. Hydrated, check. Headphones, check. Mood, great! You’ve got this, everything is under control and accounted for. Off…you… go!
Even if you’re not a big runner this sounds like a safe and productive way to start a day. But what if instead of checking for rain and eating a little oatmeal to make sure you had a good jog, you had to manually complete a full body diagnostic and perform microsecond electrical and chemical adjustments to your body just so you didn’t become disabled or even die while getting a little exercise? Not so safe and productive now. Is the risk of immediate death worth the effort and small reward of a single run?
Every second your body automatically, without thought or effort, reads your current condition and reviews thousands of risks and initiates controls, responses, and actions to keep you alive—called the autonomic nervous system. Code-based compliance is the autonomic nervous system of an organization’s risk and control program. Now, it’s not as dramatic as life and death, but code-based compliance can supercharge any compliance management system because once the code has been programmed and deployed the system always follows the programmed rules leading to consistency and accuracy.
How is Code-Based Compliance Different From More Traditional Approaches to Compliance?
Eric Nevels: In the absence of code, human beings would need to check against the various restrictions on communications. Anytime humans are involved, even with rules and procedures in place, it is possible for errors to occur. With a code-based system, it is impossible for that action to take place.
Kelly Knepper-Stephens: Certainly it’s better than manual compliance because with manual compliance you have an opportunity for human error. But it doesn’t mean that code-based compliance is “code it and forget it.” Your coders need a process to quality check the code. And your compliance team or a front line control team needs to monitor to make sure the coded compliance rules are working as you intended them to work.
How Does This Approach Benefit Collection Compliance Strategies?
Hal Eisen: Code-based compliance is great because it never gets tired or distracted and is not subject to any of the other human frailties. Done correctly, it can be efficiently applied to a wide range of software products without needing additional investment. Most compliance rules were written for the benefit of consumers. The better we comply, the safer consumers are. Consumers should have accurate disclosures, fewer annoying interactions and feel better about the whole experience.
Eric Nevels: Lowers operational risk and ensures compliance with regulations. Additionally, it is much easier to update the code when regulations are changed. It helps ensure that they are being treated within the bounds of the law, which is their benefit.
Milo Onken: The code-based approach ensures accuracy and tangible evidence for compliance audits. Collaboration with different internal teams and Legal ensures we check, implement, and follow industry compliance directives.
A Code-Driven Future for Debt Collection
Code-based compliance offers predictable and consistent collections methods when coupled with digital platforms. New technology can be mistaken as a risky investment, but digital debt collection systems offer more compliance security and more transparency—for consumers and creditors. Digital collection solutions not only evolve to meet consumer needs, but they can also continually adapt to changing regulations and quickly meet compliance requirements.
Beyond code-based compliance, what are compliance issues unique to collections that need to be front of mind when sending digital communications to effectively engage your customers?
Join us Thursday September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.
Reserve your space now for an interactive discussion on:
Cutting edge digital collection compliance
The role of the legal team in creating a digital collection strategy
Creating an effective compliance strategy is a crucial component of a business’s chance of success. Debt collection is highly regulated and must adhere to different regulations and laws like the FDCPA, Regulation F, and unique state laws—including regulations that may not be specifically focused on debt collection but still apply to the practice. Noncompliance with laws and regulations that govern or even parallel an industry can result in unhappy customers, litigation, reputational risks and/or enforcement actions.
Using a high-level overview of what an effective compliance strategy can look like, this article will help outline how to create a compliance management system to help your business mitigate risk and keep your customers happy.
What are the key elements to create a compliance strategy for collections?
Some of the key elements to an effective collections compliance strategy may seem like no-brainers but can be more complex than you realize. Being aware of what laws and regulations apply to your specific business, industry, state, and even local jurisdictions is a critical element. Equally, internal audits to make sure your business’ processes are working as intended is a great way to get a temperature check on your compliance’s health. Internal audits should be conducted on a routine basis.
Additionally, due diligence should be conducted on any third-party servicers you may work with for debt collection and recovery purposes: make sure they are legitimate, law-abiding, consumer-respecting businesses. For example, a great way to verify you’re working with a reputable debt collector is by searching the Receivables Management Association (RMAi) database. If a company is RMAi certified, that means they have passed and/or comply with the organization’s rigorous background checks, industry standards and best practices guidelines.
Beyond what can feel like the no-brainers of compliance strategy, another key element is having a Compliance Management System.
What is a Compliance Management System and what does it cover?
From a high-level view, a compliance management system (CMS) is how a company sets, monitors, and oversees its compliance responsibilities. The CFPB describes a CMS as how an institution:
Establishes its compliance responsibilities
Communicates those responsibilities to employees
Ensures that responsibilities for meeting legal requirements and internal policies and procedures are incorporated into business processes
Reviews operations to ensure responsibilities are carried out and legal requirements are met
Takes corrective action and updates tools, systems, and materials as necessary
What are the components of a Compliance Management System?
Board Management and Oversight
Allocate the right resources to compliance and risk management
Regular Board of Directors reporting
Policies and Procedures
Documented and updated at least annually by the business owner
Detect and minimize potential for consumer harm
Reviewed by Audit and Compliance to ensure followed and meeting requirements
Risk Assessment – Controls & Corrective Action
Documented and evaluated regularly by the business owner
Reviewed by Audit & Compliance to ensure mitigating risks and control gaps
Deficiencies remediated by business owner through corrective action plans
Training
Consistent with policies and procedures
Ready before a change or roll-out
Consumer Complaint Response
Recorded and categorized – used to improve processes
Independent – reporting shared with top management
Why is a Compliance Management System important?
A compliance management system is important because it’s the checks and balances of the business you’re operating. One of the most important parts of a CMS are the policies and procedures—these help to manage risk by setting a framework and infrastructure to proactively and reactively respond to incidents, issues, and change, such as:
Changing product and service offerings
New legislation, regulation, interpretations, court decisions, etc. that address developments in the marketplace and are relevant to the product and service offerings of the organization
Unexpected incidents (data breach, global pandemic, etc.)
How can you ensure your compliance strategy is effective?
A compliance strategy is not “set it and forget it”—the strategy needs to be tied to the evolving consumer preferences and corresponding new compliance requirements to be effective. This helps businesses be proactive versus reactive. Ensuring checks and balances are in place helps establish proactive stance in case normal policy fails, gaps are discovered, or other unforeseen issues arise.
What can you do to ensure compliance strategy is effective for the future?
Want to learn more about the different facets of what makes a compliance strategy effective in collections? Join us Thursday September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.
Reserve your space now for an interactive discussion on:
Cutting edge digital collection compliance
The role of the legal team in creating a digital collection strategy
*Leana serves as TrueAccord’s Paralegal Operations Analyst II. This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
Trying to keep up with regulations in debt collection can feel overwhelming especially with new cases and federal guidance coming out regularly interpreting the law and states actively amending or creating new laws that impact debt collectors, original creditors, and current creditors.
Here are four common compliance myths and misconceptions for collections debunked (no detective work needed)!
Myth #1: Under Regulation F consumers are not protected from harassment
False! The Fair Debt Collection Practices Act (FDCPA) absolutely prohibits harassment of consumers see 15 USC 1692d. No matter how a debt collector reaches out to a consumer, by phone call, email, SMS, voicemail, even social media—a debt collector cannot harass a consumer through one channel or through a combination of channels. Regulation F made clear that harassment is the totality of the circumstances, “the cumulative effect of all [communications – calls, emails, text messages] may constitute a violation of the harassment provision.”
Email and cell phone providers offer additional built in protections for their customers to help with rogue actors who fail to abide by the harassment provisions in the FDCPA. These service providers have their own rules and will prevent or block companies who try to harass consumers. In fact, collectors or marketers who use emails to harass will experience a less than 5% chance of their email reaching the consumer’s inbox (“inboxing rate”) essentially barring them from using email to reach consumers. Consumers have the power to not only unsubscribe (as required in Regulation F from these digital channels) but also have the power to mark inbound messages as spam which will impact the inboxing rate essentially barring abusers from the ability to deliver messages at all.
As a result, digital channels offer consumers significantly better protection from unwanted or harassing communications. Digital communications allow consumers to quickly register their preferences by clicking on an unsubscribe link or replying stop to opt out. Digital communications also offer search and archiving options, automatically creating a paper trail of communications between the consumer and the collector. There is no unsubscribe or reply stop option for calls or letters.
Myth #2: Debt collection requirements are only governed by federal laws
False! Individual states and even cities or municipalities have been implementing their own more restrictive laws governing debt collection. For example, New York law requires a debt collector to obtain consent to email a consumer about their debt, a requirement that does not exist in the federal FDCPA or Regulation F. Washington, DC just revamped their debt collection rules with new restrictions on calls, emails, texts and social media including communication caps for each of these methods that take effect on January 1, 2023 when the temporary ban on collections (implemented during the pandemic) end.
In addition to state and local debt collection rules, other regulations can apply as well, even if they aren’t specific to the industry. Some of the most anticipated regulations rolling out state-by-state focus on information security and data privacy, which greatly affect debt collection information security practices despite not being named outright.
Even if debt collection regulations are followed meticulously, businesses can still fail to meet compliance requirements if they don’t perform due diligence on other laws applicable to their operations.
Myth #3: Business must send the initial communication by letter
False! The FDCPA spells out that a debt collector must provide the validation notice in the initial communication or in writing within 5 days of that initial communication see 15 USC 1692g(a). This means that when the full validation notice is provided over the phone in the initial conversation or in the initial communication by email (as confirmed in Regulation F), a debt collector satisfied their obligation. The requirement to send the disclosure in writing is only triggered if the disclosure is not provided in the initial communication.
Fortunately, the CFPB provided a model disclosure notice in Regulation F that can be adopted to send by email and permits the use of hyperlinks. The ability to use hyperlinks in the model debt validation notice allows for consumers to communicate their preferences immediately and more effectively than when using the disclosure by US mail. For example, a consumer can use the dispute flow links in the email to explain why they are disputing the debt while looking at the additional details about the account that are visible in an online portal whereas the check boxes on the model validation letter do not allow for this flow of information and must be mailed back to the debt collector for processing. This is another example of the advantages of digital communications over letters and calls.
Myth #4: Meeting compliance obligations is more difficult for digital debt collection practices
False! As long as you have a solid team of legal compliance advisors and a mature compliance management system, digital communications actually make it easier to comply. Digital is faster (making it easier for consumers to respond or opt-out by just replying to an email or text. Digital provides a written history of communications between the consumer and the collector that can be archived automatically through existing features in email cell phone services. Digital communications are easily controlled by consumer and more tightly managed by providers, with built in mechanisms to discourage and blacklist harassers.
Plus, there are a growing number of federal court cases highlighting best-practices in digital compliance:
The District of New Mexico held that whether a webpage is confusing to the least sophisticated consumer is evaluated by the totality of all linked pages in the flow
Compliance can get complex quickly, especially for debt collectors and any lender trying to recover delinquent funds—and that complexity will only continue to grow over time as technology and consumer preferences evolve. How can your business keep up today and tomorrow?
Join us Thursday September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.
Reserve your space now for an interactive discussion on:
Cutting edge digital collection compliance
The role of the legal team in creating a digital collection strategy
*Kelly serves as TrueAccord’s Chief Compliance Officer and General Counsel. This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
A reply email with notice of attorney representation applies only to the individual account
A new District Court opinion weighs in on digital debt collection efforts, making clear that a notice of attorney representation provided in reply to an email about an account only applies to that specific account. In Tamika Gilbert v. TrueAccord Corp., Case No.: 1:21-cv-00486, the United States District Court for the Eastern District of Illinois, dismissed the case in favor of TrueAccord. This is another in a small line of cases relating to digital collection of debt. See, for example, the case of Greene v. TrueAccord, in which the court upheld TrueAccord’s use of email for the initial notification, also codified in Regulation F.
The Case
Ms. Gilbert sued TrueAccord alleging (1) TrueAccord made a false or misleading statement when it failed to inform her that an account was past the statute of limitations and (2) TrueAccord had contacted her after being informed that she was represented by counsel. After conducting discovery, both Gilbert and TrueAccord filed motions seeking summary judgment – a decision by the court without the need for trial that will be granted only if there are undisputed facts that permit a judgment under the law.
The parties agreed that:
TrueAccord emailed Gilbert on January 10, 2021 regarding Creditor A’s account;
TrueAccord emailed Gilbert by email on January 19, 2021 regarding Creditor B’s Account;
Gilbert’s attorney forwarded to TrueAccord a copy of the collection email regarding Creditor B’s account, stating, “I am representing this consumer. Do not contact her again.”
TrueAccord emailed Gilbert on January 24, 2021 regarding Creditor A’s account.
The Ruling
The court ruled in TrueAccord’s favor on two grounds.
First, the court found that Gilbert did experience harm when she said that the emails caused her to “shake with rage.” The Court ruled that these allegations of physical manifestations of harm were sufficient harm to confer standing to bring the lawsuit. While annoyance, stress, or anger are not sufficient harms without more, an alleged physical reaction to the emotion is sufficient harm for Gilbert to have standing to pursue the second claim.
On the merits of the communication-after-notice of attorney representation claim, the Court ruled in favor of TrueAccord and dismissed the claim. The Court found that Section 1692c(a) of the Fair Debt Collection Practices Act prohibits a collector from communicating with a consumer whom it knows to be represented by counsel with respect to such debt. The Court noted that the communication by Gilbert’s attorney was regarding the specific Creditor B account. Absent an express intent to represent a consumer regarding all accounts or a list of specific accounts, TrueAccord’s knowledge was limited to her representation with regard to the Creditor B account only. As the subsequent communication was regarding another account owed to a different creditor where TrueAccord had no knowledge of attorney representation, no violation occurred. TrueAccord did not send any further communications with respect to Creditor B’s account on which TrueAccord knew Gilbert to have counsel.
Second, with respect to the claim that Gilbert was confused by the notice stating that the account had passed the statute of limitations for the purpose of filing a lawsuit (a requirement of law), the court found that Gilbert had not alleged sufficient harm to have standing to bring the first claim. The court noted that Gilbert’s damages were the time lost allegedly contacting an attorney regarding the Out Of Statute (OOS) language. While lost time can be an injury that supports a claim, here the time allegedly lost was time was solely time spent consulting an attorney as doing so would permit anyone to create standing by retaining counsel.
Key Takeaways
This case is important because it reaffirms that attorney representation must be clear to be account specific, not consumer specific. It also adds another in a line of cases finding that a plaintiff must have sufficient harm to have the standing to bring a claim in federal court.
These key takeaways from the ruling help further clarify the parameters of digital debt collection communication for both creditors, collectors, and consumers. This wasn’t just a win for TrueAccord, but for the industry as well.
Want to learn more about the different facets of compliance in collections? Join us Thursday September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.
Reserve your space now for an interactive discussion on:
Cutting edge digital collection compliance
The role of the legal team in creating a digital collection strategy
How cutting edge compliance drives collection revenue
*Steve Zahn serves as TrueAccord’s Associate General Counsel. This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.
The world of regulatory compliance can be a complicated place, especially when it comes to debt collection. It can be tricky for non-security and compliance professionals. To help quickly get you up to speed on what auditors are referring to, we’ve put together a glossary, covering some of the most important compliance terms and acronyms.
Action Plan: A plan to identify and facilitate remediation steps of current operating practices.
Audit: An unbiased and comprehensive examination of an organization’s compliance and adherence to regulatory guidelines.
Benchmarking: The process of analyzing an organization’s performance data and comparing it against the industry standard. Used to see the effectiveness of a compliance program and if there are any areas that need improvement.
Best Practices: When law and/or regulation is unclear, a “best practice” policy may be implemented to safeguard a business’s compliance.
Bona Fide Error Defense: An unintentional mistake or violation that occurred despite the maintenance of procedures reasonably adapted to avoid the mistake/violation. A debt collector may be able to assert a “Bona Fide Error Defense” in a lawsuit alleging violations of the federal Fair Debt Collection Practices Act (FDCPA).
CCPA: The California Consumer Privacy Act (CCPA) gives consumers in California rights over the personal information that businesses collect and process about them.
CFPB: The Consumer Financial Protection Bureau (CFPB) is an agency of the United States government responsible for consumer protection in the financial sector.
Code of Ethics: A document or guide that is composed of an organization’s values, standards commitments, and a set of principles.
Compliance: The state of adhering to established guidelines or specifications such as a policy, standard, specification, or law.
Compliance Management System: A series of integrated policies, processes, tools, internal controls, and functions designed to help an organization manage, monitor, and test compliance with applicable laws and regulations (e.g., federal, state, local/municipal). A fully functioning compliance management system is designed to continuously minimize risk, prevent consumer harm and limit financial or reputational harm to the organization. An essential in the modern business world.
Compliance Risk: Captures the legal, financial, and reputational dangers for failing to act in compliance with laws and regulations.
Conflict of Interest: A conflict that happens in a decision-making situation in which an individual or organization is unable to remain impartial and where serving an interest would harm another.
Controls: A checks put in place to ensure compliance with a policy and procedure. A control could be automated or manual.
Dodd-Frank Act:Dodd-Frank Wall Street Reform and Consumer Protection Act is a US federal law that governs the financial industry by enforcing transparency and accountability with rules for consumer protection, such as its Unfair Deceptive Acts and Practices provision.
FDCPA: The Fair Debt Collection Practices Act (FDCPA) is a consumer protection law passed by Congress in 1977 to eliminate abusive debt collection practices and insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged.
Fraud: The act of intentionally lying and cheating in order to obtain an unauthorized benefit.
Governance: A formal framework made up of policy rules, processes, procedures and controls used to control risk and ensure accountability and transparency.
Gray Area: A situation where the rules are not clear and can be open to interpretation.
Regulation F: A rule implemented by the Consumer Financial Protection Bureau (CFPB) providing rules governing activities covered by the Fair Debt Collection Practices Act (FDCPA). It seeks to clarify and expand on the FDCPA, including requiring collection agencies to provide additional information to consumers as part of the validation disclosure and clarifies rules for the use of digital communications.
Remediation: The process of recognizing a compliance issue or deficiency and implementing an action plan to correct the deficiency or enhance/strengthen an area of compliance. For remediation to be successful, the new or revised policies, processes or controls must address the deficiency or issue and to minimize risk.
Risk Assessment: The process of identifying and analyzing all potential risks that an organization can face in relation to its legal and regulatory obligations. The results of risk assessments are prioritized based on severity and then used to determine areas of focus for risk mitigation.
Safe Harbor: A provision in a statute or regulation that protects against legal or regulatory liability in situations where the safe harbor provision conditions are met.
Transparency: The act of being open and honest while disclosing as much information about policies, procedures, and activities as possible.
Now armed with your glossary of terms, get ready to investigate the world of compliance in collections further in our upcoming webinar. Join us Thursday, September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.
Reserve your space now for an interactive discussion on:
Cutting edge digital collection compliance
The role of the legal team in creating a digital collection strategy
How cutting edge compliance drives collection revenue
The Consumer Financial Protection Bureau (CFPB) quietly published on its website additional frequently asked questions (FAQs) on the Debt Collection Rule (i.e. Regulation F) relating to electronic communications and communicating during unusual or inconvenient times or places.
The FAQ answers multiple questions, ranging from “is a debt collector required to honor a consumer’s request to opt out of electronic communications if the request does not conform to the debt collector’s opt-out instructions?” to “does an automatically generated electronic communication (such as a payment confirmation) sent at a time the debt collector knows or should know is inconvenient to the consumer, which is sent in response to a consumer action (such as a payment), meet the limited exception for responding to consumer-initiated contact?”
While many of the responses to the FAQs can be found in the Official Interpretation section of Regulation F, there are some points worth highlighting:
A consumer is not required to use the debt collector’s preferred or stated opt-out method. This means, for example, an email opt-out can come from a non-email channel, an SMS opt-out can from a non-SMS channel, etc.
A consumer does not need to use specific terms contained in a debt collector’s opt-out instructions in order for their opt out to be effective. For example, if the instructions tell a consumer to reply with “stop” to opt-out, and the consumer replies with “quit” instead of “stop,” the debt collector must still honor that opt-out.
Email addresses and mobile telephone numbers are not necessarily associated with a “place.” This means that the prohibition on communicating or attempting to communicate at unusual or inconvenient places does not prohibit a debt collector from communicating or attempting to communicate with a consumer through email or mobile phone. However, if the debt collector knows, or should know, that the consumer is at an unusual or inconvenient place, then the prohibition still kicks in.
What should creditors look for in their debt collection partners?
Creditors should check to see if their debt collection agencies train their staff and design their processes so that they promptly and effectively identify and process opt-out requests. Since opt-out requests can come in various forms and fashions, debt collectors need dynamic procedures to capture any and all opt-outs. Debt collection agencies also need processes and technologies to help them implement controls for inconvenient time and place restrictions – which may be a little tricky when applied to email and mobile phone numbers.
What is TrueAccord’s take?
At TrueAccord, our goal is to make the debt collection experience friendly and easy for consumers. That is why we engage consumers on their preferred communication channels and make it easy to opt-out of electronic communications. We take a broad approach to honoring a consumer’s opt-out request no matter how we get it or what specific words they use.
While the new FAQs clarified that the Debt Collection Rule does not require debt collectors to communicate electronically with consumers, we pose this question back:
If a consumer reaches out to you electronically, why wouldn’t you want to communicate with them on the channel they prefer?
TrueAccord is a machine-learning and Al-driven 3rd-party debt collection company that is reinventing debt collection. We make debt collection empathetic and customer-focused and deliver a great user experience.
Our digital-first approach to debt collection creates a cycle of collections growth:
1. Improve the perception of the industry
2. Provide a personalized experience
3. Build brand equity and collect
