Threats and Opportunities with The CFPB’s “Final” Debt Collection Practices Rule
A lot has been written recently about Regulation F or the Consumer Financial Protection Bureau’s Final Debt Collection Practices Rule (the ”Rule”) issued on October 30, 2020 that will be effective one year after publication in the Federal Register (not published yet). The Rule itself (including commentary and interpretation) exceeds 600 pages. Instead of summarizing the Rule or comparing the proposed rule to the Rule, I will explore certain opportunities and threats presented by the Rule.
My initial reaction to the Rule is that the seven (7) years it took to finalize the Rule resulted in the CFPB “solving” issues that are no longer the pressing issues facing either industry or consumers. For example, is there really a significant problem with third-party disclosures when using email or texts? Similarly, the CFPB creates a limited content message only for voice messages, but how many collectors still leave messages on voice mails or answering machines?
The CFPB’s approval of email, texts and other forms of “new” communication methods to communicate with consumers cannot be overstated. Nothing in the FDCPA expressly prohibits those modes of communications and the CFPB’s confirmation that they can now be used should remove whatever apprehension to them exists in the industry. Indeed, the CFPB confirms that collectors can send the validation notice required by 15 U.S.C. 1692g(a) in an email without having to comply with E-SIGN if that notice is the “initial communication” with the consumer. Taking advantage of these modes of communication will require dialogue with your creditor clients about consent to email and workflows if an email is rejected, and discussions with your IT and compliance departments and letter and other vendors, in addition to investing in reliable and compliant technology.
The right to use these “newer” mediums to communicate is not unfettered. First, nothing in the Rule alters the draconian liability for sending texts in violation of the federal Telephone Consumer Protection Act. Second, collectors must provide a simple and reasonable method for consumers to opt out of those methods (e.g., unsubscribe for emails and honoring a text from a consumer with “Stop”) and to immediately honor the opt out. The Rule clearly empowers consumers to notify collectors about their preferred or restricted modes and times of communication and collectors need to be acutely aware of any restrictions communicated to them.
It is the empowerment of the consumer’s ability to dictate their preferred communication channel that offers the most opportunity and risk. Many in the industry have already taken advantage of preferences either by: (i) working closely with creditors to ensure creditors gather those preferences at enrollment, they are assignable and communicated to them or (ii) using technology (websites/payment portals) to gather the preferences on their own. Obtaining those preferences maximizes efficiency and costs and reduces risks associated with unnecessary contacts that often lead to lawsuits or regulatory complaints.
With opportunity comes risk, however. The risk is that using more communication channels requires the ability to track and honor the preferences and restrictions about inconvenient times to be contacted. This risk is especially heightened with more consumers working from home and not necessarily working traditional 9-5 hours. Collectors will need to sharpen their listening skills and/or have excellent technology to catch and track the restrictions. Training programs will need to be revisited to ensure you are arming your employees with the appropriate guidance to recognize restrictions when expressed and, if necessary, ask appropriate questions to clarify the restrictions.
The same risk exists with tracking the limit on the number of collection calls to ensure you do not exceed the call cap. What if your collector makes a call on one account and that account and another account are discussed with the consumer? Does your technology track that calls were made, and conversations ensued on both accounts for purposes of restricting another call on both accounts until the seven (7) day call restriction expires? FDCPA lawsuits over contacts made after alleged restrictions have been expressed will almost certainly increase as a result of the Rule and “professional plaintiffs” will try to entrap collectors.
Don’t get enamored with or confused by the CFPB’s “safe-harbor” reasonable procedures to avoid third-party disclosures when using email or texts. First, they are not actual safe harbors. A true safe harbor means you are immune from legal or regulatory liability if you meet the conditions of the safe harbor. Safe harbors are often used or work well with model letters. If your letter is identical to the model/safe harbor letter, you cannot be liable for using the model letter. In that situation a lawsuit challenging the language in the letter is rarely if ever filed because it’s clear the safe harbor conditions were followed.
That is not the situation with the procedures for use of email and texts. The Rule establishes reasonable procedures (not the only reasonable procedures) to try to prevent third-party disclosures that, if adopted, qualify as a reasonable procedure under the FDCPA’s bona fide error defense. You will still be sued and may incur significant distractions and attorneys’ fees through discovery only to file a motion for summary judgment asking the Court to dismiss the case and there is no guarantee the case will be dismissed.
Second, nothing requires you to adopt these procedures (or any procedures at all) before using email or texts. They only provide you with a defense in the event you are sued over a third-party disclosure case with the use of email or texts.
If you are going to use the limited content message to leave voice messages, please remember to track the content of a consumer’s voicemail or answering machine. If you are trying to reach “Robert Jones” with a limited content message and you leave the message in response to a voicemail that indicates it belongs to someone other than “Robert”, the message will not be considered a limited content message.
The Rule establishes a mandatory retention period for call recordings (3 years from date of recording) and documents establishing compliance and non-compliance with the Rule (from inception of collection activity until 3 years after your last collection activity on the debt). Keep in mind that these retention periods may be different than the obligations owed to your creditor clients. If they are longer, you will need to address the conflict with your creditor clients and amend your contracts with them.
There’s been a lot of chatter about when and how companies should operationalize the Rule and whether some aspects can be left out. My initial reaction is we need to thoroughly digest and understand the Rule first. They were published less than a month ago. My second reaction is that after you conclude your thorough review you will probably learn there may be less work than you originally anticipated because many of the items the CFPB highlighted in the commentary and interpretations have (or should have) been best practices for years. Third, remember to rely on your compliance management system (“CMS”) in operationalizing the Rule. Your CMS should have a detailed procedure, including a risk management approach, for how to address, evaluate and implement regulatory changes and highlight or explain reasons for varying from any recommended procedures. Lastly, don’t forget your vendor management responsibilities to ensure that anyone collecting for you and your technology vendors are “up to speed” on the Rule and that you leave adequate time to evaluate/test new protocols or technology to ensure compliance with the Rule.
These are not the only threats and opportunities presented by the Rule. More will certainly be uncovered in the days and months ahead and we certainly expect the disclosure rules anticipated to be issued next month by the CFPB to raise others.