On October 30, 2020, the Consumer Financial Protection Bureau (CFPB) issued a final rule (the Rule) amending Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA). The Rule modernizes requirements covering debt collection communications, which have changed significantly since the FDCPA was passed in 1977. The Rule becomes effective one year from when it is published in the Federal Register. Although the Rule has not been published as of the date of this alert, this will likely happen soon, making the effective date mid-to-late November, 2021.
Since the CFPB began the rulemaking process in 2013, one of the most closely watched issues has been whether a creditor collecting its own debt would be subject to the rulemaking. With welcome clarity, the CFPB issued the Rule based on its FDCPA rulemaking authority and not the more general Dodd-Frank section 1031 authority related to unfair, deceptive or abusive acts or practices. The net effect is that the Rule applies only to debt collectors, largely as defined in the FDCPA. The definition incorporates the United States Supreme Court’s holding in Henson v. Santander Consumer USA, that a person who collects or attempts to collect defaulted debts that the person has purchased, but who does not collect or attempt to collect debts owed or due, or asserted to be owed or due, to another, and who does not have a business the principal purpose of which is the collection of debts, is not a debt collector.
The Rule also includes a detailed and clearly-drafted Official Interpretation that accompanies each section. The Official Interpretation provides valuable detail that should be read in conjunction with the regulation to fully appreciate the breadth and nuance of the Rule.
Click below to jump down to the following sections:
Communications: Scope and Conduct Rules
There are numerous, subtle differences in how a debt collector’s interactions with debtors and third parties are regulated under the Rule and the FDCPA. The discussion below highlights the most noteworthy changes.
a. Limited Content Message
The Rule creates a new concept, which is the “attempt to communicate.” Readers will recall that the FDCPA regulates “communications”, which is the conveyance of information regarding a debt directly or indirectly to any person through any medium. The new definition of an attempt to communicate encompasses any act to initiate a communication or other contact about a debt with any person through any medium. This includes leaving a limited content message, which is described below.
A “limited content message” is a voicemail message for a consumer that must include all of the following information: (i) a business name for the debt collector that does not indicate that the debt collector is in the debt collection business; (ii) a request that the consumer reply to the message; (iii) the name or names of one or more natural persons whom the consumer can contact to reply to the debt collector; and (iv) a telephone number or numbers that the consumer can use to reply to the debt collector. The message may also include: (i) a salutation; (ii) the date and time of the message; (iii) suggested dates and times for the consumer to reply to the message; (iv) and a statement that if the consumer replies, the consumer may speak to any of the company’s representatives or associates.
The message cannot include any other information for it to be considered a “limited content message.” To be clear, this does not mean that including additional information will violate the FDCPA. However, the message would no longer be a limited content message, and it would lose benefits that come with this status.
Debt collectors must determine how to disclose its business name without indicating it is in the debt collection business. For example, it is common for collection agencies to include “collection service” or “receivable” in their business name. Debt collectors will need to consider if they can truly deliver limited purpose messages or consider options to utilize this communication method.
The definition of a limited content message is new and important. A debt collector may now leave a limited content message without risk that the voicemail would be considered a “communication” under the FDCPA. Doing so may eliminate the FDCPA litigation risk if a voicemail communication is overhead by a third party (i.e., Foti risk) and provide an alternative to the lengthy voicemail message many companies use based on the script developed in Zortman v. J.C. Christensen & Assoc., Inc. Note, however, that this solution does not permit debt collectors to ignore state laws that regulate the content of voicemail communications. Debt collectors will need to reconcile the limited content message script with state law disclosure requirements to determine how its communication will be classified under federal and state law.
[Leaving a limited content message] may eliminate the FDCPA litigation risk if a voicemail communication is overhead by a third party (i.e., Foti risk) and provide an alternative to the lengthy voicemail message many companies use.
b. Prohibition on Communications
Another new element of the Rule is the prohibition on communicating or attempting to communicate with a person through a medium if the person has requested the collector to not use that medium. Practically, this is a companion to the consumer’s right to request that debt collectors cease and desist, but the consumer can exercise this right without written notice. With limited exceptions, if a consumer tells a debt collector to stop calling or emailing, the Rule prohibits the debt collector from additional communications using that technology. The CFPB explained that between the FDCPA’s cease and desist requirement and the new Rule, the goal is to afford a consumer greater control over the communications they receive from a debt collector.
The Rule’s treatment of communications should look familiar. Not surprising, some of the consumer-protection regulations that historically apply to communications also apply to an attempt to communicate. Like the FDCPA, the Rule prohibits debt collectors from communicating or attempting to communicate with a consumer at unusual times or places, or at a time or place that the debt collector knows or should know is inconvenient to the consumer. In the absence of the debt collector’s knowledge of circumstances to the contrary, a time before 8:00 a.m. and after 9:00 p.m is inconvenient.
Between the FDCPA’s cease and desist requirement and the new Rule, the goal is to afford a consumer greater control over the communications they receive from a debt collector.
The Official Interpretation clarifies that a consumer is not required to use any specific wording to convey that a time or place is inconvenient, but that a debt collector may ask follow-up questions to better understand when a time or place is convenient. A debt collector may also respond one time to a consumer-initiated communication during a time or at a place previously described as inconvenient. Additionally, the Rule prohibits debt collectors from communicating with any person other than the consumer except in limited circumstances, including with a person for the purpose of acquiring location information.
When a debt collector communicates with a person for the purpose of acquiring location information, the collector must identify himself or herself individually by name, not state that the consumer owes a debt, and state that he or she is confirming or correcting the consumer’s location information, and, only if expressly requested, identify his or her employer. Additionally, the debt collector must not communicate more than once with such person unless requested to do so by the person, or unless the debt collector reasonably believes that the earlier response of such person is erroneous or incomplete and that such person now has correct or complete location information.
c. Call Frequency
A debt collector must not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of a debt. As one of the most highly-anticipated developments, the Rule states that a debt collector is presumed to have complied with the FDCPA’s and Rule’s prohibition on excessive calls if the debt collector does not place a telephone call to a particular person in connection with the collection of a particular debt more than seven times within seven consecutive days, or within a period of seven consecutive days after having had a telephone conversation with the person in connection with the collection of such debt. The date of the telephone conversation is the first day of the seven-consecutive-day period. However, telephone calls placed to a person do not count in some circumstances if they are placed with the person’s prior consent.
A debt collector is presumed to have complied… if the debt collector does not place a telephone call more than seven times within seven consecutive days.
The standard considers the number of calls per debt, not per consumer, with the exception of student loans serviced under a single account number. The Rule is also noteworthy because it does not establish a bright-line rule for compliance. The Rule creates a rebuttable presumption of reasonableness that a consumer may challenge based on the facts and circumstances. In other words, although a debt collector may make exactly seven calls in seven days, as specified by the Rule, a consumer may rebut the presumption that this conduct is reasonable. Finally, this frequency standard applies only to telephone calls, but it does not apply to an electronic message (e.g., text message or email). Although a debt collector does not have to include electronic messages when evaluating its compliance under the Rule, consumers still may allege excessive emails or text messages constitute harassment.
d. Other Considerations
- In connection with the collection of any debt, a debt collector must not communicate or attempt to communicate with a person through a medium of communication if the person has requested that the debt collector not use that medium to communicate with the person.
- A debt collector must not use any false, deceptive, or misleading representation or means in connection with the collection of any debt. However, a debt collector’s employee may use an assumed name when communicating or attempting to communicate with a person, provided that the employee uses the assumed name consistently and that the debt collector can readily identify any employee using an assumed name.
- A debt collector must not employ unfair or unconscionable means, including accepting from any person a check or other payment instrument postdated by more than five days unless such person is notified in writing of the debt collector’s intent to deposit such check or instrument not more than ten, nor less than three, days prior to such deposit; or solicit any postdated check or other postdated payment instrument for the purpose of threatening or instituting criminal prosecution; or deposit or threaten to deposit any postdated check or other postdated payment instrument prior to the date on such check or instrument.
A consequence of navigating a 1970-era law is that companies and courts are uncertain how to apply consumer protection standards to new communication tools, like email, text message, and social media. The lack of clarity has prevented many companies from using these tools. The CFPB addressed this challenge by providing relevant guidance on how to comply with the FDCPA when using modern technology.
a. Email and Text Message Safe Harbor
The Rule establishes procedures that a debt collector may rely on to communicate by email or text message without risk of third-party disclosure. The safe harbors require that the collector adhere to detailed processes ensuring that the consumer wishes to receive collection communications via email or text. The CFPB declined to provide a safe harbor for other communication channels, like social media and voicemail, so companies will need to consider whether and how they use other technology.
- A debt collector may send an email communication if it maintains procedures that demonstrate it: (i) relies on direct receipt of a consumer’s prior consent to use that email address and the consumer has not opted-out; (ii) uses an email address obtained from the creditor, the creditor notifies the consumer that the debt collector will be communicating about the debt and includes other required information in the notice, provides an opt-out period, and the email address must be one available for general public use; or (iii) relies on an email address obtained from the prior debt collector that was used for collection and the consumer did not opt-out.
- A debtor collector may send a text message communication if it maintains procedures that show it: (i) relies on a number that the consumer used to communicate with the debt collector by text message about the debt and the consumer has not opted-out of messages and, within the prior 60 days, the consumer sends a text message about the debt or the debt collector confirms that the number has not been reassigned, using a complete and accurate database (i.e., the FCC’s Reassigned Numbers Database or other commercially available database); or (ii) receives prior consent directly from the consumer to communicate by text message about the debt and, within the prior 60 days, the consumer provides this consent or the debt collector confirms the number has not been reassigned. If followed, this process provides debt collectors with an FDCPA safe harbor. However, following this process does not affect a debt collector’s potential liability under the Telephone Consumer Protection Act.
Each electronic communication, including email or text messages, must include an opt-out that is easy for the consumer to see and exercise. The Official Interpretation to the Rule provides a significant amount of valuable detail that cannot be consolidated in this alert. Companies that intend to use email and text messages to collect debt should carefully review this additional detail before implementing the applicable policies.
The CFPB declined to provide a safe harbor for other communication channels, like social media and voicemail, so companies will need to consider whether and how they use other technology.
b. Electronic Delivery of Notices
A debt collector may send the FDCPA validation notice electronically, provided the debt collector does so in accordance with the E-Sign Act. A debt collector must also make sure the disclosures are provided in a manner that is reasonably expected to provide actual notice and in a form the consumer may keep and access later. The CFPB deliberately declined to address if the debt collector must directly obtain the consumer’s E-Sign consent or may rely on consent provided to a creditor or prior debt collector. These issues may be addressed in the CFPB’s supplemental rulemaking on disclosures. In any event, this provision of the Rule is less clear than others.
With limited exceptions, the FDCPA and the Rule require that a debt collector stop collection activity upon receipt of written notice that the consumer refuses to pay or wants the collector to cease communication. The CFPB interprets the E-Sign Act to allow the consumer to send this written cease communication notice using an electronic communication to any portal or electronic means that the collector uses to accept consumer communications. The Rule recites the statutory rule that there are certain exceptions, including when the communication is to notify the consumer that certain remedies may or will be invoked.
c. Social Media
A debt collector cannot communicate or attempt to communicate with a person, not just the debtor, in connection with the collection of a debt using social media if the communication is viewable by the public or person’s contacts. Collecting debt using social media is still relatively rare, but the CFPB recognizes there are unique consumer concerns if a debt collector interacts with a consumer via direct messages or other connections. The Rule does not directly address social media, but the Official Interpretation of false and deceptive collection activity provides helpful examples. A debt collector that attempts to connect with a debtor on social media would have to disclose they are a collector to avoid making a false request. The Rule also provides guidance on how a debt collector must disclose its identity if communicating on social media with a third-party to obtain location information. Perhaps of greater interest, the CFPB states that it will continue to closely monitor the use of social media by debt collectors.
The CFPB issued guidance in 2013 stating that certain acts or practices related to a creditor’s collection of consumer debt could constitute UDAAPs prohibited by the Dodd-Frank Act. However, the Rule specifically declined to expand the rule to apply to first-party debt collectors who are not FDCPA debt collectors, and it also declined to clarify whether any particular actions taken by a first-party debt collector who is not an FDCPA debt collector would constitute an unfair, deceptive, or abusive practice. Nevertheless, as provided in the previous guidance, many of the Rule’s standards are likely to establish compliance benchmarks for first-party creditors. And deviation from those benchmarks could constitute a UDAAP. The Rule, like the FDCPA, does not need to codify this for it to be true. The existing prohibition against practices constituting UDAAPs would provide the necessary authority. Consequently, a creditor’s debt collection practices that do not meet the Rule’s standards are likely to create compliance risk for first-party creditors.
As provided in the previous guidance, many of the Rule’s standards are likely to establish compliance benchmarks for first-party creditors.
There are a few important parts of the Rule that are not yet finalized. The CFPB reserved space to address time-barred debt and consumer disclosure issues, including Bureau-approved model disclosures. The supplemental rulemaking and model forms will also address if and how a debt collector may furnish information to a consumer reporting agency before communicating with the consumer about the debt.
Debt collectors should evaluate the Rule and their practices to determine if changes in their processes may be required to comply with the Rule’s provisions. We anticipate that many companies will want to rely on the email or text message safe harbor, so enhancing policies and procedures to accommodate this should be a priority. Similarly, first-party creditors should evaluate the Rule’s provisions and determine whether changes to their processes may be necessary to avoid UDAAP allegations.
The Rule applies to third-party debt collectors, but there may be opportunities for creditors to reduce UDAAP risk. As discussed above, the evaluation should include calling practices, the use of aliases, and how post-dated checks are collected, among other things.
To be clear, the Rule applies to third-party debt collectors, but there may be opportunities for creditors to reduce UDAAP risk. As discussed above, the evaluation should include calling practices, the use of aliases, and how post-dated checks are collected, among other things. Best practices may include enhancing a company’s compliance management system in all of the usual ways, by developing written policies and procedures, incorporating the new requirements into existing monitoring programs, training employees how to comply, and reviewing complaints for consumer dissatisfaction, which may help to identify isolated or systemic risks. Creditors will also want to revisit their vendor management protocols to make any necessary changes to debt collector oversight required by the Rule.