Tag: legal

Do States Replace the CFPB? An Analysis in the Shifting Regulatory Authority in Consumer Finance

By on October 10th, 2025 in Compliance
The blog title set in front of a map of the US.

After its creation the Consumer Financial Protection Bureau (CFPB) had a broad mandate covering nearly all consumer financial products. The CFPB wielded expansive rulemaking, supervision and enforcement powers. As noted in their Fiscal Year 2024 Financial Report, in 2024 alone, the CFPB conducted 26 public enforcement actions through settlement, litigation or default judgment. With the administration change, the CFPB has entered a deregulatory phase. 

The new priorities represent a sharp contraction of their mission. In a memo to staff, the Bureau announced it will cut exams by half, refocus on the biggest banks, and pursue a narrower set of enforcement cases centered on clear, measurable fraud. They’ve taken a drastic step back, cutting staff, retracting years of guidance, and focusing on enforcement and some rulemaking. 

The philosophical core of this shift is a policy the CFPB calls “respect for federalism.” This is an explicit directive to avoid duplicative work and let states take the lead. The internal memo to staff confirmed this is a strategic decision to shift resources away from tasks states can handle. We even see this logic in the Bureau’s justification to rescind 67 pieces of guidance, some that had provided clarity to the industry, in part due to the existing authority of state regulators. This shows a clear, deliberate handoff of regulatory responsibility.  

It’s a mistake to view this as simple deregulation. In our dual-sovereignty system, a federal vacuum doesn’t lead to a void. It leads to a flurry of state-level activity. For a national company, this means replacing one predictable federal regulator with 50 unpredictable state ones.

And, not surprisingly, as a result, the states are picking up the baton and stepping up to fill the regulatory gaps. States are expanding their oversight and passing new legislation that is reshaping the compliance landscape for consumer finance and the debt collection industry. This has left many people asking the question, are states going to replace the CFPB? We’re here to help you find the answer. 

How State Enforcement Works for Consumer Finance and the Debt Collection Industry

The states have the legal authority, institution structures and legislative will to fill the CFPB void. As states are taking over the reins as the main enforcement authority, their actions mainly take place at two different levels: 

  • State Attorney Generals: They are the chief legal officers of their respective states and primary consumer protection enforcers. They wield broad authority on state Unfair Deceptive Abusive Acts and Practices statutes. They can investigate, subpoena, and sue for penalties and restitution.
  • State Financial Regulators: These are state-run agencies that oversee specific sectors of the financial industry. These agencies are usually responsible for licensing and supervising a wide range of non-bank entities, including mortgage lenders, debt collectors, and money transmitters. Some states are even hiring former CFPB employees to help get their regulations positioned to be more effective. New York, Pennsylvania and Maryland have actively recruited ex-federal workers to bolster their consumer protection efforts. 

It’s also important to know that state agencies don’t operate in a silo. Many of them coordinate their efforts through interagency bodies such as the Conference of State Bank Supervisors (CSBS). By paying attention to these interagency bodies, businesses can get a better sense of debt collection compliance trends to account for in their operations. 

What Are States Doing in This Enforcement Role?

Since the federal supervision activities are receding, states are taking the reins through their powers of supervision, enforcement and rulemaking. There has been a big surge in state-level legislative activity specifically aimed at areas where federal action has been slow. States are not just enforcing; they are actively writing the rules for the future: 

  • The Bank Partnership Model (True Lending): One area that states are cracking down on is the “rent-a-bank model”. More states are trying to move forward with closing this banking loophole by forcing companies that use the true lending model to attain the same standard as traditional banks. A main motivation for this is to help protect consumers from deceptive lending and credit practices. 
  • Regulation Around Fintech Products: States are moving faster than the federal government on creating rules around new financial products. As BNPL services continue to grow, New York has introduced new regulations including a new licensing system. Other states like Ohio have created “regulatory sandboxes” to see how new financial products could impact consumers before being rolled out statewide. 
  • Medical Debt: As the CFPB’s medical debt rule was struck down in the courts as an unlawful extension of regulatory authority, several states introduced similar legislation aimed to prevent medical debt credit reporting, to create state-funded debt relief programs, and to expand patient relief programs.  In several states, including California, Illinois, New York, Oregon and Washington the bills passed codifying in law restrictions on credit reporting medical debt.  
  • Artificial Intelligence: In response to federal inaction, states have crafted their own unique legislative solutions to the challenges and opportunities presented by AI.  Regulation of deepfake technology, particularly regarding non-consensual imagery, transparent disclosures when AI systems are used to interact with consumers, and formation of state-level task forces to study AI impacts and make policy recommendations. California, Colorado, Utah, Texas all have AI laws on the books with completely different requirements and definitions.

What Do These Changes Mean for Your Business and the Debt Collection Industry?

The idea that states are replacing the CFPB isn’t entirely accurate. States cannot replicate the CFPB’s most important function: creating a single, predictable set of rules for the entire country. The CFPB created a blanket of uniform rules which many states both formally and informally adopted. Today, the states are not creating a uniform floor but instead a patchwork of different requirements. This patchwork is more dynamic and, for industry, more complicated.  

For any business operating in more than one state, the primary challenge is inconsistency. What is legal in Texas might be illegal in New York. This makes national product rollouts and standardized compliance programs incredibly difficult and expensive. Furthermore, enforcement is not uniform. A handful of states are very active, while many others lack the resources to bring major cases. Finally, state enforcement can be more political, with priorities changing every time a new attorney general is elected.

All of this together means that businesses are going to have to devote more resources into ensuring their collection efforts follow all the rules in the states in which they operate. This means actively tracking legislation, new regulations, and enforcement trends in every state where you do business. This can no longer be an afterthought; it must be a core compliance function. Conduct detailed, state-by-state risk assessments. Don’t assume a product that is compliant in one state is compliant everywhere. Pay extremely close attention to the bellwether states—California, New York, Pennsylvania, and Massachusetts. What happens there often doesn’t stay there; it becomes the template for other states to follow.

Following the activities of the state AGs, who are the source of the broad UDAAP actions and novel legal theories, is a must. Along with the specialized financial regulators, who control your licenses and conduct the day-to-day examinations. These are two different sources of risk that require distinct monitoring strategies.

These changes demand a more sophisticated and adaptable compliance management system. Your systems must be flexible enough to handle different disclosure requirements, different collection rules, different UDAAPs interpretations, often on a state-by-state basis. Investing in this adaptability is the key to managing risk in this fragmented landscape.

Small compliance departments face an immense, constantly evolving task and often don’t have the capability to scale their efforts to match the sheer number of new regulations that can emerge. Companies like TrueAccord can help your business leverage digital communications that are compliant at the federal and state levels. 

Compliantly Scaling Your Debt Collection Efforts is Easy with TrueAccord

The regulatory landscape around financial services and debt collection will continue to evolve. While states aren’t a complete replacement for the CFPB, new state-level regulations will continue to be passed and make it more challenging for your business to stay compliant. 

One of the best ways to keep up with this dynamic landscape is to partner with TrueAccord for your debt collection needs. TrueAccord combines dedicated legal experts with code-based compliance to ensure debt collection efforts are by the book. Contact our team today to learn more about how your businesses can compliantly scale your collection efforts.

New York City’s Proposed Digital Communication Regulations Negatively Impact Consumers, Creditors, and Collectors

By on May 22nd, 2025 in Compliance, Customer Experience, Industry Insights
TAC Blog NYC Comment scaled

New York City’s Department of Consumer and Worker Protection (DCWP) has been actively revising an amendment to their debt collection rules since November 2022. Multiple rounds of proposed amendments and public hearings have occurred, resulting in several revisions based on stakeholder feedback. In August 2024, DCWP published a notice of adoption of the final version of the amendment, initially effective December 1, 2024. Due to stakeholder confusion, requests for additional time, and a lawsuit filed by ACA International and Independent Recovery Resources, the DCWP extended the effective date to October 1, 2025. On April 10, 2025, the DCWP released additional changes to the amendments aimed to clarify “the applicability of rules to original creditors collecting their own debts, address trade practices and consumer protection concerns.” Any comments are due by June 10, 2025 and the amendment takes effect on October 1, 2025.

Though we have entered an era where digital communication is becoming the standard, New York City’s newly revised proposal still restricts debt collectors from using email and SMS without prior consumer consent. Additionally, the changes require original creditors, who already obtained consent to communicate electronically, to take additional steps after starting debt collection. While the changes are well-intentioned in their aim to “clarify the intent and applicability of recently adopted amendments” to the debt collection rules and ultimately address the industry concerns that resulted in a lawsuit over the first proposed amendment, the amendments still have the unintended consequence of making it more difficult for those who are struggling with debt to learn about and resolve their issues efficiently, effectively, and without added layers of frustration. Consumers, creditors, and collectors should all be concerned and seeking additional revisions.

Statistics and Court Rulings Reinforce the Benefits of Digital Consumer Engagement

In today’s world, 80% of consumers prefer a full digital banking experience, including when it comes to debt collection. Why? It’s simple: these communication methods are quick, convenient, and less intrusive. They allow consumers to engage with creditors or debt collectors on their own time, whether they’re at home, at work, or on the go—and it’s no surprise that 25% of consumers engage with emails after 9:00 pm and before 8:00 am.

Emails and SMS messages are particularly effective in reaching consumers who might not be available for a phone call or may be reluctant to open a letter. Email allows for easy documentation, while text messages offer a faster, less formal way to remind consumers of their debt obligations. This is why many consumers prefer these methods over phone calls, which can be disruptive and intrusive. The federal courts agree. A recent TrueAccord court victory in the Northern District of Illinois stated unequivocally that receiving an email about a debt is less intrusive to consumers than receiving a phone call. And a separate TrueAccord victory as email is silent unlike “noisy telephone rings.”

The Pitfalls of New York City’s Proposed Laws on Consumers

Despite statistics and court rulings, the New York bill in question would require debt collectors to get explicit consent before contacting consumers via text or email, limiting these convenient communication channels. While the law’s proponents argue that these measures are necessary to protect consumers from excessive communication, it overlooks the fact that the existing state and federal law already prohibits debt collectors from harassing consumers. It is illegal under existing New York City, New York state and federal debt collection laws to harass or communicate excessively thereby annoying consumers. The proposal ignores the significant benefits digital outreach provides consumers.

Digital communications are a step forward in consumer protection providing consumers with a written and documented record of communications. Digital channels offer protection from unwanted communication with easy ways to opt out. Email service providers launched one-click unsubscribe last summer, requiring senders to display a one-click unsubscribe button at the top of all emails. To opt-out consumers need only click on the one-click unsubscribe. Consumers can also mark emails as SPAM. When enough consumers take that action, the sender gets banned by the email providers. Consumers can just as easily reply STOP to opt out of SMS communications. The CTIA short code rules require senders to honor several different key word opt-outs and failure to do so results in suspension of the short code.

This proposed amendment ultimately makes it much harder to reach a consumer in the first place. Imagine being behind on payments and missing multiple calls from your creditor, only to later discover that you can no longer be contacted by email or SMS until you opt in. Requiring consent first introduces a significant hurdle. Getting a consumer to respond to a phone call at all (let alone to opt into email or SMS communication) is notoriously difficult, with 80% reporting they will block calls from unknown numbers, according to research from TransUnion. With that in mind, the New York law has the potential for many consumers to simply ignore the phone call to give their consent to be contacted digitally, and as a result, miss out on opportunities to resolve their debt.

This is problematic because the majority of consumers actually prefer digital communication with debt collectors. According to research, many debtors are more likely to engage with collection agencies when contacted by email or text message than by phone or traditional mail. The rise of these technologies has made it easier for people to manage their debts without feeling overwhelmed by the process. For consumers in New York, the proposed legislation could effectively take away a tool that could help them avoid debt-related anxiety, delays, and confusion.

The Pitfalls of New York City’s Proposed Laws for Business Operational Costs

Beyond consumer experience, the New York City proposed further amendment would negatively impact businesses’ bottom line. Studies have found that customers contacted digitally make 12% more payments than those contacted via traditional channels; this will be eliminated under the proposed amendment. Whether collecting in-house or using a third-party agency, the additional operational costs that go into traditional methods like outbound dialing and snail mail have always made initiating communication via digital channels a more cost-effective way to collect—an option that will no longer be afforded to New York City residents. 

Even before the release of the additional amendments, businesses and agencies executing outbound call strategies and leveraging dialer technologies faced the reality that 49.5% of consumers take no action after a collection call—and, again, that’s if you can actually get a customer to answer the phone. 

And for collectors relying on physical letters to make contact or gain consent, the process is even slower and easily ignored or lost by the consumer—and more costly for the business. Sending letters has become significantly more expensive with the cost of a single paper letter often exceeding 75 cents, depending on the number of pages per letter and volume. If you then take into consideration that contacting first through a customer’s preferred channel can lead to a more than 10% increase in payments and 59.5% of consumers prefer email as their first choice for communication—snail mail isn’t just expensive thanks to the price of paper and stamps, but it can also negatively impact repayment rates from late-payers who prefer digital contact. 

NYC Residents Should Receive the Same Digital Communications Benefits All Non-NYCers Receive

The primary goal of these regulations should not be to ban digital communication methods, but rather to regulate them in a way that safeguards consumers from harassment while maintaining their access to modern, efficient forms of communication. Digital communication offers consumers more control over how and when they are contacted, with email and text message platforms incorporating built-in features like unsubscribe options and opt-out mechanisms to prevent unwanted communication. New York City’s stricter rules would leave consumers at a disadvantage, especially those who are less likely to answer phone calls. 

In contrast, the rest of the country allows consumers to receive important information about their debts through digital means without additional barriers. For consumers outside New York City, debt collectors can proactively send communications through email and text, as long as these messages include clear opt-out options, such as “reply STOP” for text messages or unsubscribe links for emails. Strict penalties exist for failure to honor opt-out requests, ensuring that consumers retain the ability to control their communication preferences. Furthermore, digital communications in these areas are subject to the same frequency limitations as traditional methods under the Fair Debt Collection Practices Act (FDCPA) and Regulation F, which means consumers still have protections against excessive or harassing contact.

The overwhelming preference for a full digital banking experience, as mentioned above, means many consumers already opt-in and communicate through primarily digital channels with their creditors. Requiring consumers who have already opted-in to have to again opt-in to digital communications in order to discuss the same account with a collection agency adds burden to consumers. When a consumer provides their electronic contact information (email address or cell phone number) to the creditor, there should be little doubt that the consumer desires to communicate electronically. If the consumer does not, they can unsubscribe or opt out from continuing to receive messages through these channels.

Of the millions of email communications TrueAccord sends, only 0.10% of consumers unsubscribe, most using the unsubscribe link provided in the email. And out of the millions of text messages we send, all of which contain the phrase “Reply STOP to opt-out,” on average only 2.07% of consumers reply stop.

Additionally, email addresses offer a distinct advantage over physical addresses or phone numbers in that they remain consistent over time, while other contact details may change more frequently. For consumers who move often, such as military families, email ensures that they don’t miss important communications because of an outdated address or phone number. By allowing digital communication, New York can help ensure that important debt-related messages are delivered without the risk of missed communication due to address changes.

A balanced approach could allow debt collectors to reach consumers via email and SMS in a regulated manner, ensuring that consumers are protected from excessive or intrusive contact, while still enabling them to resolve their debts on their own terms.

TrueAccord’s Katie Neill Appointed to Debt Collection Advisory Committee by California’s DFPI

By on May 5th, 2025 in Company News, Compliance
KN DFPI

TrueAccord is proud to announce that Katie Neill, its General Counsel & Chief Compliance Officer, has been appointed to the Debt Collection Advisory Committee of the California Department of Financial Protection and Innovation (DFPI) for the 2025-2027 term.

This board is comprised of seven members who provide feedback to the DFPI for its debt collection licensing program. The diverse group includes a consumer advocate and representatives from the debt collection, debt-buying, third-party collection, and collection law industries. The committee advises the Commissioner on matters related to the debt collection business, including proposed fee schedules and other requirements.

TrueAccord has been previously represented in this group when its founder, Ohad Samet, served on the inaugural Debt Collection Advisory Committee in 2021. As the debt collection industry has evolved to meet consumer needs and technological advancements, the DFPI has focused on better protecting California consumers, promoting responsible innovation, reducing regulatory uncertainty for emerging financial products, and increasing education and outreach to vulnerable groups.

As a leader in digital-first debt collection, TrueAccord is invested in reinventing the industry for technology-enabled and consumer-friendly outreach that fundamentally changes the approach to debt collection. In her role at TrueAccord, Katie is instrumental in shaping the policies and controls necessary to ensure legal and regulatory compliance amidst the innovation that drives business goals.

“It’s an honor to be appointed to the Debt Collection Advisory Committee and have an opportunity to impact the future of consumer finance regulation in California,” said Katie Neill. “I look forward to contributing my expertise in consumer-focused, technology-driven debt collection practices to support the DFPI’s mission of protecting consumers and fostering responsible innovation within the industry.”

About TrueAccord

TrueAccord is the trusted industry leader in third-party debt collection, leveraging data science and technology to deliver superior results and a best-in-class consumer experience. Since 2013, TrueAccord has served more than 40 million consumers in debt with a more humane collection experience while delivering unmatched liquidation rates as the leader in digital-first collections for the Buy Now Pay Later, fintech, telecommunications and credit union industries, among others. Visit www.trueaccord.com and follow on LinkedIn to learn more.

Q1 Industry Insights: Started Strong, But “Considerable Turbulence” Leaves Consumers on Edge

By on April 28th, 2025 in Industry Insights
Q1 INDUSTRY INSIGHTS

What do canceled hair appointments and increased lipstick and beer sales have in common? These untraditional indicators, among other discretionary expenditure trends, often show consumer sentiments around finances well before a recession hits. Coming out of 2024, the average U.S. household owed $11,303 on credit cards, and while credit card charge-off rates and delinquencies both declined slightly, experts are not declaring a definitive turnaround given the ongoing economic uncertainties and high balances. Consumers today are confronted with new developments regularly, leading to “considerable turbulence” in the words of JPMorgan Chase CEO Jamie Dimon, and without much guidance on what the implications are for their personal financial outlook, which understandably affects their spending and budget considerations.

The main challenge in engaging with consumers in debt in today’s economic climate is how to offer them an affordable way forward. Other challenges for businesses’ debt collection operations come in the forms of regulatory changes impacting innovation and uncertainty about staying in compliance. 

As you try to keep up with your bottom line in a rapidly evolving consumer financial landscape, let’s look at what you should consider as it relates to debt collection moving forward in 2025.

What’s Impacting Consumers?

It’s important to note that this report is from data covering a period of time before the majority of new tariffs went into effect, and everyone from Wall Street to consumers are waiting to see what happens next. Against a backdrop of an erratic market and general unease about the future of the U.S. economy, inflation reports offered a bright spot showing cooling in March to close out Q1. The consumer price index (CPI), excluding volatile food and energy costs, increased 0.1% from February, climbing 2.4% from a year earlier—the least in nine months and lower than expected. The overall CPI declined 0.1% from a month earlier, the first decrease in nearly five years, reflecting a decline in energy costs, used vehicles, hotel visits, car insurance and airfares.

The overall jobs numbers from March signaled a solid labor market, with employers adding 228,000 jobs and the unemployment rate changing little to 4.2%. Job gains showed up

in health care, social assistance, transportation and warehousing, along with retail trade, which reflected the return of workers from a strike, while federal government employment declined as a result of wide-reaching layoffs.

The Federal Reserve (Fed) held rates steady at 4.25-4.50% in March. In its statement following the March meeting, the Fed stated that “uncertainty around the economic outlook has increased.” As a result, the Fed lowered economic growth expectations to 1.7% gross domestic product (GDP) growth in 2025, down from a 2.1% estimate, while upping the projected core PCE inflation rate to 2.8% from 2.5%. The next meeting is on May 6 and while many still expect two rate cuts this year, the outcome will reflect the bank’s outlook given the new landscape of tariffs and their anticipated impact on inflation.

In February, the Fed released its Quarterly Report on Household Debt and Credit for Q4 2024, which showed total household debt increased by $93 billion in Q4, to $18.04 trillion. The report also showed that people are having more trouble paying off that debt, with credit card balances increasing by $45 billion to $1.21 trillion and auto loan balances increased by $11 billion to $1.66 trillion. Delinquency rates ticked up 0.1% from the previous quarter, with 3.6% of outstanding debt now in some stage of delinquency. Transition into serious delinquency, or 90+ days past due (DPD), also increased for auto loans, credit cards and HELOC balances. 

Experian’s Ascend Market Insights from February 2025 data showed that overall delinquent balances (30+ DPD) increased by 16.67%, driven by a 537.4% increase in delinquent student loan balances, a 16.28% increase for first mortgages and a 4% increase for bankcard balances. The huge surge in delinquent student loans is due to an increase in the volume of 90 DPD data furnishers have started to report after the pause on student loan payments ended.

By the end of February, nearly 8 million people with student loans had missed resumed payments and were met with plunging credit scores. As it stands, 1 in 5 people who are supposed to be making payments on their federal student loans are more than 90 DPD, nearly double the percentage of delinquent borrowers since the pandemic hit and the government paused payments, with reasons for delinquency ranging from inability to pay and difficulties working with servicers to missed communications that never reached the recipient.

The CFPB, Regulations and Compliance are Evolving

While the Consumer Financial Protection Bureau’s (CFPB) normal activity has been disrupted due to changes in direction from the administration, it did release a report looking at national rental payment data from September 2021 to November 2024 showing that the percentage of renters who paid late fees in the last year reached 23% in February 2023. While the rate had declined to slightly less than 14% in November 2024, the CFPB’s analysis found that the median outstanding rental balance rose 60% between September 2021 and November 2024, suggesting increased financial distress among affected households.

Meanwhile, the Federal Communications Commission (FCC) is seeking public input on identifying FCC rules for the purpose of alleviating unnecessary regulatory burdens. In a public notice released March 12, 2025, the FCC announced the Commission is seeking comments on deregulatory initiatives to identify and eliminate those that are unnecessary in light of current circumstances. The FCC notice stated: “in addition to imposing unnecessary burdens, unnecessary rules may stand in the way of deployment, expansion, competition, and technological innovation.”

In the meantime, two FCC Orders about the Telephone Consumer Protection Act (TCPA), which applies only to calls and texts made by an automated telephone dialing system (ATDS) and prerecorded or automated voice calls (aka robocalls or robotexts) come into effect. First, a 2024 Order released last February impacting revocation of consent to receive autodialed calls and texts and prerecorded or artificial voice calls. The 2024 Order conflicts with the CFPB’s Regulation F Debt Collection Rule about the scope of an opt-out. Second, is a 2025 Order released this past February aiming to strengthen call blocking of illegal calls, which may result in the blocking of lawful debt collection calls and texts.

Debt collectors and other companies impacted by these two orders may want to submit comments to the FCC identifying the particularly burdensome aspects that could be revisited and slightly revised to be consistent with consumer preference, consistent with other laws and regulations (like Regulation F), and less burdensome on companies.

Eyes will continue to be on the developments with the ever-evolving regulatory landscape and what happens with the CFPB, which will impact how businesses both comply with regulations and innovate through technology in consumer financial services.

Consumer Sentiment

The Fed’s March Survey of Consumer Expectations showed that inflation expectations increased by 0.5% to 3.6% at the one-year-ahead horizon while consumers’ expectations about their households’ financial situations deteriorated with the share of households expecting a worse financial situation one year from now rising to 30%, the highest level since October 2023. The report also showed Unemployment, job loss, earnings growth and household income growth expectations also deteriorated.

The latest University of Michigan consumer sentiment survey showed that sentiment fell to 50.8, down from 57.0 in March. The drop, a 10.9% monthly change and 34.2% lower than a year ago, was the lowest reading since June 2022 and the second lowest in the survey’s history since 1952. Respondents’ expectation for inflation a year from now jumped to 6.7%, the highest level since 1981. The current economic conditions index and expectations measure dropped by 11.4% and 10.3% from March respectively.

Similarly, the Conference Board’s Consumer Confidence Index in March fell by 7.2 points to 92.9. The Present Situation Index, based on consumers’ assessment of current business and labor market conditions, also decreased 3.6 points to 134.5 while the Expectations Index based on consumers’ short-term outlook for income, business and labor market conditions fell 9.6 points to 65.2, the lowest level in 12 years and well below the threshold of 80 that usually signals a recession ahead.

What Does This Mean for Debt Collection?

All of the economic indicators and pessimistic consumer outlook, especially given stock market turbulence that impacts many Americans’ retirement savings, makes it likely that consumers across all income brackets will pull back on discretionary spending. And for those already financially stressed, the added burden of increased inflation due to tariffs could make it harder for budgets to meet debt obligations. For lenders and collectors, here are some recommendations for your debt collection strategy in 2025:

  1. Ensure Your Messages Are Getting Through. If you’re calling someone who prefers to receive information by email, they likely won’t answer and get your message. Similarly, if you’re using digital channels and your email gets caught in a spam folder, your message won’t make it to the intended recipient. Best practices for email delivery and deliverability are just as important as using the right channel. Ensure your collection partners who claim to engage consumers via email can back it up with the metrics to prove that their messages actually make it through.
  1. Do More With Less. Technology exists today that can create efficiencies across many aspects of debt collection operations, which means increasing account volume doesn’t have to equal higher costs. Look for ways you and your collection partners can leverage new tech to streamline operations and you can reap the benefits of improved operational efficiency, compliance efforts and consumer experience.
  1. Get Your Lawyer on Speed Dial. Or ensure your debt collection partner is keeping tabs on the rapidly evolving regulatory and compliance landscape to inform their practices. There’s a lot going on, quickly, and if you miss something the repercussions of noncompliance could cost you financially or reputationally.

SOURCES:

Coast to Coast: the State of Privacy and Compliance in 2023

By on April 20th, 2023 in Compliance, Industry Insights, Webinars
Coast to Coast: The State of Privacy and Compliance in 2023

Disclaimer: The information provided in this blog post does not, and is not intended to, constitute legal advice. 

Protecting consumer privacy is not an unfamiliar concept in our industry and it’s something that should already be woven into our policies, procedures, and practices. With the rapid increase of state privacy laws across the United States, any company that collects, uses, transmits, or receives consumer data has to stay up-to-date on all related compliance issues.

In a previous webinar, Coast to Coast—the State of Privacy and Compliance in 2023, TrueAccord’s legal experts discussed the newest federal privacy laws and all the related compliance issues. Watch the full webinar on-demand now!

The passage of the FTC’s Safeguards Rule, amending the Gramm Leach Bliley Act (GLBA), has been a big topic in data security conversations across the financial services industry as businesses prepare to be in compliance on or before the extended effective date of June 9, 2023. Meanwhile, several states have actively been considering and passing new legislation requiring additional policies, controls, and practices not only in the data security space but also for data privacy and data breaches. It is important for Chief Information Security Officers, Privacy Officers, and Chief Compliance Officers to stay on top of this legislation, as well as Chief Executive Officers since we have seen many federal and state actions naming the CEO in their individual capacity for failing to properly secure and protect data or to properly delegate these responsibilities to the appropriate persons within their organizations. 

**Please note this article is not legal advice. This is not an exhaustive list of all laws. You should consult a lawyer if you have questions about federal and state data security, privacy or breach laws.

Data Breach Laws

All 50 states have data breach notification laws on the books. In 2022, 19 states considered enhancing their data breach laws.

Screen Shot 2023 04 19 at 11.39.11 AM

Those states that passed revised data breach laws, tightened up notification timelines, added additional definitions of what constitutes personal information, and expanded the notification requirements to include additional state agencies. For example, Arizona’s law HB 2146, amending Arizona Revised Statutes section 18-552, not only requires that notification be made to consumers but also to the Director of Arizona’s Department of Homeland Security. If the breach impacts more than one thousand people, then the law requires the notification also be given to the three largest nationwide credit reporting agencies, the attorney general, and now the Director of Arizona’s Department of Homeland Security. 

While most states are shortening the time frame in which a consumer must be notified of a data breach to 45 days or less, some of these laws include exceptions or a short list of situations in which a delay in notification is permissible. For example, Indiana’s revised law, H.B. 1351, amending Indiana Code 24-4.9-3-3, limits a permissible delay in notification three circumstances: (1) when the integrity of the computer system must be restored, (2) when the scope of the breach must be discovered, or (3) when the attorney general or a law enforcement agency asked to delay disclosure because disclosure will impede a criminal or civil investigation, or jeopardize national security.

Both Maryland (H.B. 962, amending Maryland Personal Information Protection Act and section 14-3501 of the Annotated Code of Maryland)and Pennsylvania (S.B. 696, amending the Pennsylvania Breach of Personal Information Notification Act) expanded the definition of “personal information” to include medical and health information, including a definition of “genetic information” in Maryland’s law.

Since the webinar, Utah Governor Spencer Cox signed into law Senate Bill 127 on March 23, 2023, which amends the state’s data breach notification statutes. The amendments go into effect May 2, 2023.*

Along with updates to states’ laws, Federal regulators are also providing additional guidance too. For example, the Office of the Comptroller of the Currency (OCC) recently released more information regarding when banks need to know from their vendors about data breach including ransomware notifications.

Data Privacy Laws

In addition to creating and updating laws to help consumers in the event of a data breach, states have also been enacting laws dedicated to protecting consumer privacy. There are six states with comprehensive data privacy laws: California, Connecticut, Colorado, Iowa*, Virginia, and Utah. These laws give consumers various rights over their personal information, such as the right to know what information companies collect and use, a right to correct their information, a right to opt-out of the sale of such information, and a right to request deletion. 

In 2022, Congress introduced a federal privacy law, HR 8152, the American Data Privacy and Protection Act; however, it did not make it to the finish line despite having bipartisan support. It contained some preemption of state privacy and data protection laws, which would have been a relief to many companies navigating the existing patchwork of state laws.  As of January 2023, many states have introduced privacy-related bills and this is likely to continue throughout the years to come. 

Screen Shot 2023 04 19 at 11.42.48 AM

California took the privacy law lead in passing the California’s Consumer Privacy Act of 2018 (CCPA) that went into effect in January of 2020 to protect the use and sharing of personal data. California recently expanded the CCPA with the California Privacy Rights Enforcement Act (CPRA) that took effect on January 1, 2023. The law created the new California Privacy Protection Agency and gave it the power, authority, and jurisdiction to implement and enforce CRPA. Additionally, businesses must regularly submit their risk assessment on the processing of personal information to this new agency. 

The four other states that followed suit have substantially similar laws with broad definitions of personal information. These laws typically apply to persons that conduct business in the state and processing a set minimum of consumer data records (typically 25,000 or more) or businesses who earn at least 50% of their revenue from the sale of consumer data. 

These laws give consumers various rights, such as the right to access their personal data, correct inaccurate personal data, delete personal data, in certain circumstances, obtain a copy of the personal data they previously provided to a controller, opt-out of the processing of their personal data if related to targeted advertising, sale of personal data or certain profiling activities, appeal a controller’s refusal to take action on a request, and submit a complaint to the attorney general if an appeal is denied. Interestingly, Colorado’s law makes clear that a consumer’s consent is not valid if obtained through the use of a “dark pattern.” 

These laws do not give consumers a private right of action but are enforced by the state’s attorney general with civil monetary fines calculated per violation. These laws also contain exemptions for data already protected by other laws, such as HIPAA, FCRA, and GLBA.

Virginia’s law took effect January 1, 2023. Both the Connecticut and Colorado Data Privacy Acts will go into effect July 1, 2023. The Utah Consumer Privacy Act takes effect December 31, 2023. The Iowa privacy bill (SF 262) was signed into law by Gov. Kim Reynolds on Tuesday, March 28, 2023. The legislation is set to take effect Jan. 1, 2025.*

Best Practices for the Future of Data Security & Privacy 

Having good security practices in place is not only beneficial for both consumers and businesses, but is absolutely critical to stay compliant with all the new laws and amendments being introduced. 

So what are some of the best privacy and security practices to implement to protect customers, companies, and stay compliant? 

  • Practice data minimization.
  • Know where personal information lives at all times by creating a data map of where the data goes and is stored throughout your systems, which includes knowing your vendor’s data security and privacy practices and controls. 
  • Know who has access to personal information and routinely examine if that access is necessary to complete that job function.
  • Be intentional with how data is organized and stored so it can be easily segmented and treated differently if need be (think network segmentation). 
  • Have a public facing Privacy Notice–and make sure it accurately reflects your practices for use, collection, deletion and correction.
  • Conduct an annual data security and privacy risk assessment to continually reassess areas for improvement and where you may need additional controls.
  • Ensure contracts with parties whom you receive and/or give personal information to specifically address each parties’ obligations and restrictions for how personal information is used, shared, disclosed, stored, and sold (if permitted).

Compliance with data privacy and data security requirements will continue to progress as new laws and regulations are passed. Best practices will continue to evolve as well, as we continue to learn more about the expectations from Federal and state legislators and regulators, and as companies navigate evolving threats and vulnerabilities. Watch the full Webinar: Coast to Coast— the State of Privacy and Compliance in 2023 here »»

Learn more in our Compliance & Collections Resource Center or schedule a consultation today

Footnotes: 

*The Iowa privacy bill (SF 262) was signed into law by Gov. Kim Reynolds on March 28, 2023 after TrueAccord’s Coast to Coast webinar. 

*The data breach law for Utah was passed on March 23, 2023 after TrueAccord’s Coast to Coast webinar

Compliance & Collections: 22 Essential Terms to Know

By on September 8th, 2022 in Industry Insights, Compliance
Blog Compliance Glossary

The world of regulatory compliance can be a complicated place, especially when it comes to debt collection. It can be tricky for non-security and compliance professionals. To help quickly get you up to speed on what auditors are referring to, we’ve put together a glossary, covering some of the most important compliance terms and acronyms.

  • Action Plan: A plan to identify and facilitate remediation steps of current operating practices. 
  • Audit: An unbiased and comprehensive examination of an organization’s compliance and adherence to regulatory guidelines. 
  • Benchmarking: The process of analyzing an organization’s performance data and comparing it against the industry standard. Used to see the effectiveness of a compliance program and if there are any areas that need improvement. 
  • Best Practices: When law and/or regulation is unclear, a “best practice” policy may be implemented to safeguard a business’s compliance.
  • Bona Fide Error Defense: An unintentional mistake or violation that occurred despite the maintenance of procedures reasonably adapted to avoid the mistake/violation. A debt collector may be able to assert a “Bona Fide Error Defense” in a lawsuit alleging violations of the federal Fair Debt Collection Practices Act (FDCPA). 
  • CCPA: The California Consumer Privacy Act (CCPA) gives consumers in California rights over the personal information that businesses collect and process about them.
  • CFPB: The Consumer Financial Protection Bureau (CFPB) is an agency of the United States government responsible for consumer protection in the financial sector.
  • Code of Ethics: A document or guide that is composed of an organization’s values, standards commitments, and a set of principles. 
  • Compliance: The state of adhering to established guidelines or specifications such as a policy, standard, specification, or law.
  • Compliance Management System: A series of integrated policies, processes, tools, internal controls, and functions designed to help an organization manage, monitor, and test  compliance with applicable laws and regulations (e.g., federal, state, local/municipal). A fully functioning compliance management system is designed to continuously minimize risk, prevent consumer harm and limit financial or reputational harm to the organization. An essential in the modern business world.
  • Compliance Risk: Captures the legal, financial, and reputational dangers for failing to act in compliance with laws and regulations.
  • Conflict of Interest: A conflict that happens in a decision-making situation in which an individual or organization is unable to remain impartial and where serving an interest would harm another.
  • Controls: A checks put in place to ensure compliance with a policy and procedure. A control could be automated or manual.  
  • Dodd-Frank Act: Dodd-Frank Wall Street Reform and Consumer Protection Act is a US federal law that governs the financial industry by enforcing transparency and accountability with rules for consumer protection, such as its Unfair Deceptive Acts and Practices provision. 
  • FDCPA: The Fair Debt Collection Practices Act (FDCPA) is a consumer protection law passed by Congress in 1977 to eliminate abusive debt collection practices and insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged.
  • Fraud: The act of intentionally lying and cheating in order to obtain an unauthorized benefit. 
  • Governance: A formal framework made up of policy rules, processes, procedures and controls used to control risk and ensure accountability and transparency. 
  • Gray Area: A situation where the rules are not clear and can be open to interpretation.
  • Regulation F: A rule implemented by the Consumer Financial Protection Bureau (CFPB)  providing rules governing activities covered by the Fair Debt Collection Practices Act (FDCPA). It seeks to clarify and expand on the FDCPA, including requiring  collection agencies to provide additional information to consumers as part of the validation disclosure and clarifies rules for the use of digital communications. 
  • Remediation: The process of recognizing a compliance issue or deficiency and implementing an action plan to correct the deficiency or enhance/strengthen an area of compliance.  For remediation to be successful, the new or revised policies, processes or controls must address the deficiency or issue and to minimize risk. 
  • Risk Assessment: The process of identifying and analyzing all potential risks that an organization can face in relation to its legal and regulatory obligations. The results of risk assessments are prioritized based on severity and then used to determine areas of focus for risk mitigation.
  • Safe Harbor: A provision in a statute or regulation that protects against legal or regulatory liability in situations where the safe harbor provision conditions are met.
  • Transparency: The act of being open and honest while disclosing as much information about policies, procedures, and activities as possible.

Now armed with your glossary of terms, get ready to investigate the world of compliance in collections further in our upcoming webinar. Join us Thursday, September 29th at 1pm ET for our interactive webinar, The Future of Collections & Compliance, hosted by TrueAccord Associate General Counsel Lauren Valenzuela and Director User Experience Shannon Brown.  

Reserve your space now for an interactive discussion on:

  • Cutting edge digital collection compliance
  • The role of the legal team in creating a digital collection strategy
  • How cutting edge compliance drives collection revenue
  • The future of digital compliance

Register now for the upcoming webinar»»

Webinar Compliance Footer 1

TrueAccord Names Kelly Knepper-Stephens as Chief Compliance Officer and General Counsel

By on October 27th, 2021 in Company News, Compliance
TrueAccord Blog

Lenexa, KS – Oct. 27, 2021 – TrueAccord Corporation, a debt collection company offering AI-powered digital recovery solutions, is proud to announce the appointment of Kelly Knepper-Stephens as chief compliance officer and general counsel. TrueAccord started in 2013 as a digital-first collection agency built to fundamentally change collections into a recovery and reconciliation process. TrueAccord was the first to offer digital solutions to the sector and continuously proves itself to be a trailblazer in an industry still dominated by traditional call-and-collect agencies. Knepper-Stephens’ appointment further confirms the company’s consumer-focused mission by tapping into one of the industry’s most sought-after counsel and compliance leaders.

“​​Compliance is at the forefront of TrueAccord’s mission, and Kelly guided the development of our robust digital collection compliance systems,” said Mark Ravanesi, CEO of TrueAccord. “TrueAccord’s investment in compliance is a win-win all around: it protects TrueAccord, it protects our clients, and—most importantly—it allows us to do right by consumers.”

An expert in debt collection law, Knepper-Stephens joined TrueAccord in 2018 as vice president of legal and compliance, where she has focused on civil litigation, government regulation, and compliance.  During her tenure, TrueAccord secured federal court victories showcasing TrueAccord’s legal compliance in two of the main FDCPA court decisions involving the use of email in debt collection: Green v. TrueAccord and Zuniga v. TrueAccord.

“As demonstrated in Regulation F, TrueAccord is the industry leader in email compliance,” Knepper-Stephens said, “I’m excited to join the mission-driven executive leadership team as TrueAccord continues to lead best practices for digital collections and beyond—empowering consumers to resolve their accounts according to their preferences.” 

Knepper-Stephens started her career in the collection space in 2011. Collections Advisor Magazine named her as one of the top 25 Women in Collections in 2016 and top 20 in 2018. She currently serves on the Board of Directors for RMAI, on the Steering Committee for the Consumer Relations Consortium, and as an ACA-certified instructor. She received her Juris Doctor degree from the George Washington University Law School and is currently barred in California, the District of Columbia, Illinois and Maryland.

A key benefit of TrueAccord is the scalability provided by the flexibility of code-based compliance, overseen by Knepper-Stephens and her team to ensure its programming is adjusted to new laws, regulations, and court decisions. The company’s patented machine-learning algorithm, HeartBeat, is augmented by its compliance checker software, mitigating risk by ensuring regulatory requirements are met before sending communications. 

Knepper-Stephens is a Receivables Management Association International (RMAI) certified receivables compliance professional and has earned the Credit & Collection Compliance Officer designation from the American Collectors Association (ACA). Prior to joining the industry, she worked as a Visiting Professor of Law at George Washington University Law School, teaching the Criminal Appellate Clinic, and as a San Diego Public Defender. Her long-standing dedication to helping others plays an integral part in her success.  

To learn more about TrueAccord’s mission and digital debt collection solutions, visit www.TrueAccord.com and follow @TrueAccord on Twitter and LinkedIn.

About TrueAccord

TrueAccord is the intelligent, digital-first collection and recovery company that leaders across industries trust to drive breakthrough results while delivering a superior consumer experience. TrueAccord pioneered the industry’s only adaptive intelligence: a patented machine learning engine, powered by engagement data from over 16 million consumer journeys, that dynamically personalizes every facet of the consumer experience – from channel to message to plan type and more – in real-time. Combined with code-based compliance and a self-serve digital experience, TrueAccord delivers liquidation and recovery rates 50-80% higher than industry benchmarks. The TrueAccord product suite includes Retain, an early-stage collection solution, and Recover, a full-service post-charge off recovery platform. 

TrueAccord discusses adapting to work-from-home

By on May 21st, 2020 in Industry Insights, Company News, Webinars
man working at desk next to laundry basket

TrueAccord’s Director of Service Operations, Cassie Cox, and our General Counsel & Chief Compliance Officer, Tim Collins, hosted a webinar on May 13th, 2020 to talk through collections continuity in light of the COVID-19 crisis. The team discussed adjusting to regulatory changes, how to effectively manage a work-from-home approach in collections, and what the future of the industry may look like. 

How are federal and state regulations changing?

Federal-level regulatory updates

The pandemic has prompted the US federal government to examine how it can work to aid Americans in need. Following the CARES Act, the House has proposed a new, $3 trillion relief package, and we are likely to see other potential stimulus packages discussed as the Senate proposes their own stimulus plan. Major industry organizations like insideARM and the ACA International are watching these unfold closely, as should we all. 

The Consumer Financial Protection Bureau’s activity has not slowed during the pandemic, and they are on track to meet their examination goals this year. Remote auditing processes are in place and buzzing. They may not be in your offices, but the CFPB’s teams are still actively working to ensure the industry remains compliant.

State-level regulatory updates

Several states, including Massachusetts and New Jersey, are pursuing legislation that directly impacts the ability of collectors to reach consumers. Massachusetts’ Attorney General recently enacted an emergency law that outright banned collections efforts.

This was fought by the ACA, and the law was declared too broad and in violation of First Amendment rights, but the changing playing field does not end there. New Jersey has worked to pass similar legislation which has now been narrowed to primarily impact medical debt collection practices. 

There will also likely be a heightened focus on state budgets and an increase in understanding how to bolster state economies. 

As of this writing, forty-seven US states are either reopening or partially reopening by lifting shelter-in-place orders. Twenty of these state legislatures are now back in session and may begin to make other changes that collectors should keep an eye on. There will also likely be a heightened focus on state budgets and an increase in understanding how to bolster state economies. 

One major change that seems to be for the better is the newfound flexibility for collection agencies and other companies to allow employees to work from home. This behavior is being echoed by Rhode Island’s new “stay healthy” order which has started the reopening process but is strongly encouraging employees to work from home when possible. Collections is beginning to adapt to the changing need, and TrueAccord was able to adapt quickly.

How is collections operations changing?

Maintaining control and information security in a work-from-home environment

TrueAccord’s team began to prepare for potential risk to our operations in early March by reviewing and updating our practices, policies, and procedures to make sure all of our teams could effectively work from home. 

Here are some of the standards we established as we transitioned 80% of our agents to work from home full-time:

  1. Replicate an effective office space
    1. Agents must have a private area in their home and commit to working their shift uninterrupted.
    2. Agents must have a minimum internet speed of 50Mb/s in order to maintain high sound quality on calls.
  2. Enhance work from home agent information security
    1. Agents do not take payments over the phone. All payments are received via IVR or guided through our secure payment portal.
    2. Agents are not permitted to have cell phones near their workplace.
    3. Agents are monitored by their supervisors via webcam with at least two random checks throughout the day. 
    4. Calls are randomly monitored by supervisors to ensure continued commitment to exceptional customer service and quality.

These were only made possible by bringing on new technologies and building processes before we dove in headfirst. We also made sure that all of our agents fully understood these new practices in advance, and they signed off on the policies ahead of time. The 20% of our team members that are still in-office (at safe distances) continue to meet the same standards as the other agents. 

Our contact centers directly support our omni-channel approach to the industry. Here’s information on three other channels we use to reach consumers.

The remaining 20% either opted to not work from home due to a lack of interest or they were not permitted due to their homes not meeting security requirements (e.g. not having a private space, not having a fast enough internet speed, etc.). 

Managing agent performance standards remotely

Call centers are filled with high-energy individuals that are driven by their wins. Maintaining the same hum and energy of an office space without sharing the same space is difficult, and we’ve taken steps to keep our agents excited about their work.

Meet (virtually) Face to face 

A robust virtual management system has been put in place to keep building our team’s connectivity. The webcams we provided to our agents not only help with security monitoring but also increase our ability to build team morale. All of our agents are dialed into (and muted on) a Google Hangout or Zoom meeting throughout the day so that at any point they can turn and see their teammates working hard. 

This practice has also extended to our new management strategy. All of our contact center team meetings are required to be on camera so that we get face time with each other. These meetings include small group meetings, individual coaching sessions, and any other 1:1 meetings as well. 

Encourage conversation

Look for opportunities to create additional team touchpoints. Our current structure includes:

  • Weekly coaching sessions
  • Weekly team meetings
  • Random, weekly 15-minute huddles

We also have a wide range of Slack channels in place for sharing anything from anecdotes to best practices. In an office environment, it’s easy for folks to look over their shoulder and share tips and tricks, and those conversations drive positive change. Slack (and other work chat tools) also provide ways to circulate urgent updates with ease.

Keep the excitement up

We’ve increased our budget for intra-day chachkes, small giveaways, and rewards. Our in-office management style was largely visual: performance trend boards, goal setting boards, and team-based competitions were huge drivers for us. Now, we’re turning to setting up more contests. In this environment, a $10 gift card can get almost as much traction as a $50 card. It’s the thrill of the win, not necessarily the prize itself. Keep the energy up!

Monitor issues closely

The first two weeks of the work-from-home experiment were an amazing honeymoon period. There were three, consecutive days of perfect attendance in our contact center. Typical efficiency metrics like production volume per hour and average handle time have remained consistent. Keeping the same levels of performance is another story entirely, and close performance management is critical to making work-from-home, well, work.

We continue to track month to date metrics and just as closely monitor individual daily performance. Though many of our agents had no issue moving to a home environment, just as with any contact center, the bottom 10% of our group semi-frequently underperforms. It’s more essential now to keep a careful eye on red flags and correct underlying issues immediately. 

The biggest concern was properly tracking things like call or work avoidance or time card manipulation. Thankfully, with all of our systems are aligned and our supervisors actively checking on their teams, the only instance we found was caught immediately. 

Terminating a remote employee

Unfortunately, this is a necessary part of any operations manager’s role. In a work-from-home world, we still want to make it as direct an experience as possible. The full investigation, conclusion, and termination conversation should all be conducted via video conference.

Beyond the human aspect of termination, there are data and security considerations that should be tested ahead of time. Your team should understand how and when data should be cleared from a remote employee’s computer, and systems should be in place for the employee to either drop off or otherwise return their gear. Remember to accommodate for the possibility of lost assets. Some folks, even under contract, may not return your stuff.

What is coming next?

Changes in the office

The COVID-19 pandemic prompted a lot of changes to the way companies operate in general. While it continues to unfold, we are likely to see more change. That said “Right now, maintaining [business continuity] means not changing anything,” said Cox. 

As shelter-in-place rules begin to lift, and we see some employees return to their offices, we will see physical changes:

  • New desk layouts
  • A possible return to cubicles or dividers and a shift away from open-plan offices
  • New air filtration standards for enclosed spaces

Changes in the industry

While the US economy recovers, we expect to see a massive wave of customers that are unable to pay their bills. Unemployment rates will continue to drive payments from slightly overdue to collections, and debt collection agencies and internal recovery teams are likely to struggle to meet the account volume. 

“Collections has long been driven by human capital,” said Collins in discussing the need for contact center agents. “Technology will have to step in and fill a new, higher demand.” He went on to add that alongside the increase in volume, we expect a change in collections mentality. In order to overcome the disparity between payment deadlines and consumers unable to meet them, there will be a rise in customizable payment plans, hardship plans, and digital, self-service tools.

Crises drive rapid evolution and change. Many business practices and technologies that were slowly gaining traction in a pre-COVID-19 world are now fast-tracked. Working from home is a must at the moment, and the collections industry has to embrace that. Moving forward, we’re likely to see new innovators that are reinventing an aging industry, and it’s time for collections to adapt. 

Greene v. TrueAccord further refines email best practices

By on May 19th, 2020 in Compliance
pen on a notebook

The Northern District of California has confirmed what the law makes clear: a debt collector may send the initial communication by email (except in New York).

In Greene v. TrueAccord, Case No. 19-cv-06651 (N.D. Cal. May 19, 2020), the Plaintiff claimed the initial email she received and opened violated the Fair Debt Collection Practices Act (FDCPA) and the Electronic Signatures in Global Commerce Act (E-SIGN) because she never consented to receive email from TrueAccord.

As the District Court made clear, consent is not a factor when an initial communication contains the validation notice in the body of the email. Only one week after final submissions on the motion to dismiss the Complaint, the District Court dismissed the case with prejudice also finding TrueAccord’s validation notice met the requirements of the law and TrueAccord’s emails sent during the 30-day validation period did not overshadow the initial demand.

The case

Sending the initial communication and validation notice by email

A debt collector must provide a consumer with a notice about how to dispute an account.  The law states the notice must be given either in the initial communication or in writing within 5 days of that first communication.  The FDCPA does not state what methods a collector can use to provide the validation notice in the initial communication—it only indicates that a “communication” is conveying information about a debt through any medium.  Many debt collectors have hesitated to use email and other modern forms of communications that consumers prefer because these modes are not addressed in the FDCPA.  

In this case, Plaintiff argued that TrueAccord violated the FDCPA by sending the validation notice in an initial communication by email without the consumer’s consent.  Plaintiff argued that TrueAccord did not follow the E-SIGN Act, which outlines the requirements for obtaining consent to email a consumer documents that must be provided in writing.  

However, as the Court recognized, the E-Sign Act applies to notices that must be provided in writing.  Under the FDCPA, the validation notice is not required to be provided in writing if it is given in the initial communication.  Since TrueAccord provided the validation notice in the body of the initial communication, E-SIGN does not apply.  The Court ruled TrueAccord properly delivered the validation notice in the body of the initial email.

“The Court also agreed with the CFPB’s proposal on the fact that the subject line should contain the name of the creditor and one additional piece of information about the debt other than the amount.”

The Court, in finding that an initial communication can be made electronically, pointed to the fact that “a communication” is broadly defined and can be sent across any medium. Additionally, the Court pointed out that despite amending the FDCPA in 2006 Congress has not made any effort to amend the statute to account for newer communication technologies that have developed.  The Court also recognized the CFPB’s proposed rulemaking permits a validation notice as part of an initial communication in the body of an email. 

The Court explained that when using email to send the initial communication the notice must be reasonably conveyed to the consumer. This requires the notice to appear in the body of the email—not in an attachment where it could be “hidden from the eyes” of the consumer. 

The Court also agreed with the CFPB’s proposal on the fact that the subject line should contain the name of the creditor and one additional piece of information about the debt other than the amount. This ensures “the consumer’s attention is focused on the email . . . as many . . . make decisions to read, ignore, or delete emails on the basis of the subject line.” 

While TrueAccord’s subject line did not contain this information (it read “This needs your attention”), the Plaintiff received the email and opened it.  While the Court noted that the subject line did not convey that the purpose of the email was to collect a debt, the Plaintiff still opened the email with the validation notice in the body.  Therefore, Plaintiff had no standing to make an argument that the subject misled her from opening and receiving the notice when she actually opened it. 

Use of the term “send” instead of “mailed”

Plaintiff also argued that the validation notice in the body of the email was incorrect and misleading because the statute reads “a copy of such verification . . . will be mailed to the consumer.” Yet, the notice in TrueAccord’s email used the word “send” instead of the word “mailed.” 

When evaluating whether or not a collection communication violates the FDCPA, Courts use the “least sophisticated consumer standard.”  This standard is designed to protect all consumers in the spirit of the FDCPA, not just the consumer who filed a lawsuit.  

In looking at the challenged language under this least sophisticated consumer standard, the Court held that there is no requirement for a validation notice to track the language of the statute verbatim.  The Court stated that: 

“…the fact that TrueAccord’s notice departed from the statutory language could not plausibly have deceived or misled the least sophisticated consumer reading the notice.” 

Instead, the consumer would understand from the use of the word “send” that a copy of the verification could be physically mailed or electronically mailed; as the Court noted, electronic mailing of validation documents is permitted in compliance with the E-SIGN Act.

Subsequent email communications did not overshadow the validation notice

Plaintiff also claimed that multiple demands for payment during the thirty-day validation period violated the FDCPA because these emails overshadowed the initial communication containing the validation notice.  The FDCPA protects consumers from collection efforts and communications sent during the thirty-day validation period that overshadow the consumer’s right to dispute.  Typically, communications that demand immediate payment or offer deadlines prior to the expiration of the thirty days constitute overshadowing.

In dismissing Plaintiff’s theory, the Court found that the FDCPA does not put any limits on the number of times a debt collector can communicate with a consumer during the validation period.  The Court noted that while it is possible that the number and timing of communications sent to a consumer could be relevant in an evaluation of whether the communications overshadow the notice, the number of communications in this case—seven within a 30day period—is not excessive. 

The Court also looked at the content of all these emails.  The emails clearly conveyed that TrueAccord would like a payment. They did not include:

  • Language requiring a payment
  • Language suggesting that a payment should be made prior to the expiration of the 30-day validation period

The Court noted there was no real expression of urgency and all emails had a prominent out of statute disclosure stating that, because of the age of the debt, the creditor will not sue Plaintiff or report it to a credit reporting agency.  By taking this “non-threatening content” of the communications in consideration with the number of emails sent, the Court did not find it plausible that the least sophisticated consumer could be misled or that the emails overshadowed the validation notice.

What lessons can we learn from this case?

Greene is only the second case ever to evaluate how to properly provide the validation notice by email.  It provides good guidance to follow:

  • Placing the notice in the body of the email, not behind a password or through a link with seven steps to download (like in LaVallee) and
  • Including the name of the creditor and one additional piece of information in the subject line. This step brings the consumer’s attention to the initial email as relating to the debt (this is also forthcoming in the CFPB rule).

Greene is also the first case ever to evaluate the content of email communications sent during the validation period.  It provides good guidance to follow regarding appropriate tone, frequency, and payment requests.  Of interest, the Court noted that TrueAccord included a “Dispute this Debt” link on all emails.  The Court felt that it’s smaller font size and placement at the footer of the emails “buried” the link; but ultimately that fact:

“…did not mean that the original validation notice ha[d] been overshadowed, particularly given the specific facts before the Court.”  

The text appeared in the footer of all emails, along with our mailing address, phone number, office hours, and Privacy Policy.  

Email is a core part of an omnichannel, digital collection strategy, but it doesn’t evolve overnight. It’s important that you have the experience and infrastructure in place to send and deliver emails on a mass scale so that they’re delivered to the consumer’s inbox. Cases like this are shaping the future of digital debt collection practices and how consumers interact with their debts. 

Want to learn more about how TrueAccord remains at the forefront of regulatory change? Reach out to our team!

3 things to avoid with in-house collections teams

By on May 6th, 2020 in Compliance, Industry Insights
danger do not proceed sign

When more than one-quarter of American consumers have debts in collections it’s easy to see the rising need for any company to have a collections strategy. Working to get a dedicated internal team up and running to collect effectively can be a resource-intensive project, especially for small businesses. 

Creating the infrastructure for a collections team includes building extensive policies to protect your business from compliance violations, carefully training agents (or building incredibly complex digital infrastructure), and hiring collections and recovery experts to support these new efforts.

Once you have the logistics of your collections department sorted out, it’s time to start reaching out to your customers. Here are important things to avoid when you get started.

Wait to start collecting

“Too late” can come all too soon when it comes to recovering on aging accounts. A series of small payments or even a single large payment can cause issues for small businesses, but missed payments—especially in a recession—can pile up quickly for anyone. Avoid getting too far behind (and potentially sabotaging your growing email strategy) and get ahead of the problem.

While you gradually build an internal collections team, you can also consider partnering with a third-party debt collection agency. Having a partner on retainer can prepare you for working with a growing number of accounts as your business expands. These strategies aren’t mutually exclusive either, and you can gain greater insight into the performance of both teams by comparing their respective strategies and methods.

Reveal a debt to a third party

The Fair Debt Collection Practices Act (FDCPA) clearly states that it is illegal to expose an individual’s debt to third parties—including friends, family, neighbors, co-workers, and employers. The FDCPA was established in 1977, and it primarily focuses its regulation toward traditional call-and-collect debt collection agencies (with a team of collectors calling consumers on the phone). 

Though the FDCPA was primarily focused on call-and-collect technologies, its rules still apply to other communication channels. Collectors attempting to call consumers must be wary of leaving voicemail messages that directly state that they are calling to collect a debt due to the potential risk of someone else listening to it. The law regulates how your teams can (and cannot) use social media to get connected with consumers. 

Use confusing or unclear verbiage

Even if you are sending messages directly to a consumer’s inbox you can potentially violate communication compliance regulations. In the case Lavallee vs. Med-1 Solutions, that the defendant (Med-1 Solutions) did not provide the consumer with the required initial disclosures. The consumer received an email and had to click an unknown link and navigate a series of tasks before accessing information related to their debt. The email did not convey any information about the debt, and the court ruled that this series of steps meant that the email did not constitute a “communication” for the purpose of collections.

Any communication to a consumer from a debt collection agency must explicitly state who it is coming from and why (read more on the mini Miranda here), and masking that intent (either purposefully or not) can lead to more compliance troubles. While it is strongly recommended that you borrow metrics from marketing teams to enhance digital communications, be careful with taking too many queues from marketing language. All content sent by TrueAccord’s teams are processed through a legal review before they’re ever sent to a consumer.

As a collector, your first step to reaching your collection goals is having a well-organized team to support your efforts. Collections and recoveries at major companies can account for hundreds of employees, but a new department won’t appear overnight. Remaining careful as you scale your team and their strategy can save you from potential lawsuits and ensure a positive consumer experience. 

Are you looking for a debt collection partner to help answer some questions? Talk to our team today to see how we can help build your digital collections strategy together.