The Consumer Financial Protection Bureau (Bureau or CFPB) on October 30 issued the first part of its long-awaited debt collection final rule, which restates and clarifies prohibitions on harassment and abuse, false or misleading representations, and unfair practices by debt collectors when collecting consumer debt. The rule, which is set to take effect in November 2021, focuses on debt collection communications and gives consumers more control over how often and through what means debt collectors can communicate with them regarding their debts. The rule also clarifies how the protections of the Fair Debt Collection Practices Act (FDCPA) apply to newer communication technologies, such as email and text messages.
The rule, which is the result of a rulemaking process spanning more than seven years, marks one of the most significant developments in the debt collection industry—a multibillion dollar industry with more than 8,000 debt collection firms in the United States—since the FDCPA was enacted in 1977. Until the Dodd-Frank Act’s establishment of the Bureau, no federal agency was authorized to issue regulations to implement the substantive provisions of the FDCPA. Courts have issued opinions providing differing interpretations of various FDCPA provisions, and the lack of clarity concerning how the FDCPA applies to newer communication technologies has resulted in considerable uncertainty.
SUMMARY OF KEY PROVISIONS
The rule focuses on clarifying how debt collectors can permissibly engage in various types of debt collection communications and seeks to provide consumers with more control over how often and through what means debt collectors can contact them regarding their debts. In general, the rule:
- Clarifies restrictions on the times and places at which a debt collector may communicate with a consumer, including by clarifying that a consumer need not use specific words to assert that a time or place is inconvenient for debt collection communications.
- Clarifies that a consumer may restrict the media through which a debt collector communicates by designating a particular medium, such as email, as one that cannot be used for debt collection communications.
- Clarifies that a debt collector is presumed to violate the FDCPA’s prohibition on repeated or continuous telephone calls if the debt collector places a telephone call to a person more than seven times within a seven-day period or within seven days after engaging in a telephone conversation with the person. It also clarifies that a debt collector is presumed to comply with that prohibition if the debt collector places a telephone call not in excess of either of those telephone call frequencies. The rule also provides non-exhaustive lists of factors that may be used to rebut the presumption of compliance or of a violation.
- Clarifies that newer communication technologies, such as emails and text messages, may be used in debt collection, with certain limitations to protect consumer privacy and to protect consumers from harassment or abuse, false or misleading representations, or unfair practices. For example, the rule requires that each of a debt collector’s emails and text messages must include instructions for a reasonable and simple method by which a consumer can opt out of receiving further emails or text messages. The rule also provides that a debt collector may obtain a safe harbor from civil liability for an unintentional third-party disclosure if the debt collector follows the procedures identified in the rule when communicating with a consumer by email or text message.
- Defines a new term related to debt collection communications: limited-content message. This definition identifies what information a debt collector must and may include in a voicemail message for consumers (with the inclusion of no other information permitted) for the message not to constitute a “communication” under the FDCPA. This definition resolves a longstanding ambiguity under the statute and permits a debt collector to leave a voicemail message for a consumer so long as the debt collector meets these requirements.
- The FDCPA requires that a debt collector provide certain disclosures to the consumer. The rule clarifies the standards a debt collector must meet when sending the required disclosures in writing or electronically.
- The rule addresses certain other consumer protection concerns in the debt collection market. For example, the rule includes provisions clarifying debt collectors’ obligation to retain records evidencing compliance or noncompliance with the FDCPA and Regulation F; generally prohibiting the sale, transfer for consideration, or placement for collection of certain debts if the debt collector knows or should know that the debt has been paid or settled or discharged in bankruptcy; and clarifying debt collectors’ obligations when responding to duplicative disputes. The rule also clarifies that the personal representative of a deceased consumer’s estate is a “consumer” for purposes of a particular FDCPA provision that addresses communications in connection with debt collection. This clarification generally allows a debt collector to discuss a debt with the personal representative of a deceased consumer’s estate. The rule also clarifies how a debt collector may locate the personal representative of a deceased consumer’s estate.
The CFPB plans to release the second part of the rulemaking in December 2020, which will contain final rules on certain consumer disclosures (i.e., the validation notice and time-barred debts), as well as debt collector furnishing of consumer repayment information to consumer reporting agencies.
KEY DIFFERENCES FROM THE PROPOSED RULE
- The rule is adopted pursuant to the Bureau’s authority under the FDCPA and not its UDAAP authority under the Dodd-Frank Act, which provides some assurance to creditors and other first-party collectors that they are not generally subject to the rule. In addition to expressly stating that the rule does not apply to those parties, the CFPB removed the Dodd-Frank Act’s UDAAP provision as one of the legal bases for the rulemaking. The Bureau also included a comment in the preamble to the rule stating that its rulemaking process did not consider whether and how any of the rule’s provisions should be applied to creditors and other first-party collectors. While the statutory scope of the FDCPA does not reach first-party creditors, instead applying only to entities collecting “debts owed or due … another,” there was some concern that the CFPB might attempt to use its UDAAP authority to apply the standards set forth in its proposed rule industry-wide in light of the CFPB’s October 2018 consent order with Cash Express LLC, where the CFPB used its UDAAP authority to apply provisions of the FDCPA to a non-debt collection company.
- The rule retains a safe harbor procedure for the use of limited content messages, but that protection now only covers voicemails, and no longer includes emails, text, or live calls with third parties as the Bureau had originally proposed.
- Because the rule does not necessarily provide uniform requirements and limitations across the different communication mediums—whether via phone, email, or text—the industry will need to pay special attention to ensure that each of their communication channels is in compliance. For example, while the rule includes a process for transferring creditor consent to a consumer being contacted by email, it does not provide a similar mechanism for transferring creditor consent to a consumer being contacted by text.
- The rule retains the requirement to obtain E-SIGN consent to send legally required notices to consumers via email, while it completely removes the proposed rule’s prior, alternative approach to “confirming” any E-SIGN consent given to the creditor. However, the rule does appear to permit sending a debt validation notice via email absent E-SIGN consent (although the CFPB omitted its proposed safe harbor allowing this) so long as the email constitutes the debt collector’s initial communication with the consumer.
- With respect to debt sales and placements, the CFPB removed the prohibition against selling debts subject to identity theft claims because it believes that the FCRA already prohibits such activity, and amended the prohibition involving bankrupt accounts to permit the sale or placement of such accounts when secured by an enforceable lien.
- Despite the CFPB’s explicit assurance that the rule does not apply to creditors and other first-party collectors, the rule explicitly leaves open the question of whether activities that would violate the rule, when undertaken by entities not subject to the FDCPA, may violate UDAAP. The Bureau also declined to clarify whether any particular actions taken by a creditor or first-party debt collector would constitute a UDAAP. In certain places in the rule, the Bureau states that where it has identified conduct that violates the FDCPA, the Bureau does not take a position on whether such practices also would constitute a UDAAP under Section 1031 of the Dodd-Frank Act. There are also state debt collection laws that may impliedly or explicitly incorporate the rule’s provisions as to creditors. Understandably, the CFPB did not comment on what states may choose to do in terms of incorporating elements of the rule into state laws that apply to creditors. Thus, it remains unclear whether creditors must (or should as a best practice) adhere to portions or the entirety of the rule as a matter of UDAAP or state law compliance.
- While the rule provides important clarifications regarding scope and coverage, the rule also has important implications for how creditors handle their internal collection operations and interact with debt collection agencies going forward. For example, the rule provides a safe harbor method for allowing debt collectors to communicate with consumers via email, but a creditor must first send a notice to the consumers involved and give them a 35-day opt-out right before providing the email address to the debt collector. Moreover, the email addresses are only transferable (in terms of consent) to the debt collector if they are on a publicly available domain. Creditors also will need to incorporate elements of the rule into their oversight of debt collectors, and both creditors and debt collectors will face decisions about whether to conduct activities that are not expressly prohibited by the rule, but as to which there is no guidance or safe harbor.
- Although the rule does not impose numerical limits on email and text messages (as it does for telephone calls), the CFPB has added a statement to the official commentary indicating that communications using these methods can violate the FDCPA, either by themselves or in combination with communications through other channels.
- The rule takes effect one year after publication in the Federal Register (although the Bureau states that it will assess the effective date of the forthcoming disclosure-focused final rule and, if necessary, will consider adjusting the effective date of this rule). Industry should take note that the rule requires updated policies and procedures and significant employee training and programming changes that will take time to identify, program, and test. For example, the rule provides a new requirement that if a debt collection communication occurs in more than one language, the mini-Miranda disclosure must be provided in all of those languages, which may present compliance burdens to implement.
- Given that the rule provides a measure of certainty for the debt collection industry with respect to permitted/prohibited practices, while simultaneously advancing consumer protection interests, it seems unlikely that the bill will face a meaningful legislative attempt to overturn it through the Congressional Review Act. However, a potential change in leadership at the CFPB following the November 3 presidential election may lead to attempts to bolster the consumer protections set forth by the rule, whether through agency interpretations of the rule, the setting of the agency’s supervisory agenda, or enforcement activity.