Best Practices for Managing Third-Party Vendor’s Communications Under Regulation F

Managing Collection Agencies for Regulation F

The CFPB released their new Debt Collection Rules (Regulation F) on October 30, 2020.  The rules were printed in the Federal Register on November 30, 2020, making their effective date November 30, 2021.  In the new rules, the FDCPA was updated to reflect contact methods that were not in existence when the FDCPA was originally enacted back in 1977.  Many consumers prefer to be contacted in newer, digital methods such as email, text and cell phones.  The updates to Regulation F Bring the FDCPA into the 21st Century.

Managing Collection Agencies for Regulation F

While Regulation F specifically says that the rules are not for first party creditors collecting on their own debt (page 32 of the rule), creditors, as a covered entity under the CFPB, are still required to manage their service providers and ensure they are in compliance with the regulations. The CFPB makes this clear in their Bulletin 2016-02 relating to service providers.

Additional Responsibilities

With the new options for digital communication come additional activities creditors should monitor their third-party collection agencies (“Agencies”) for. While many creditors have an Omni-Channel Communications Strategy in place with their Agencies, Regulation F now requires certain requirements around those alternative communication channels. 

Creditors will need to update their Agency monitoring and audits to address the new rules.  While the new rules won’t be in effect until November 30, 2021, there will be additional IT considerations for both the creditor and Agency, and additional/updated information will be required from your Agencies in order to ensure they are following the new rules.  IT projects take time and getting a jump start on those projects will ensure you are not behind when the rules go into effect.

The additional communication options also come with opt-out requirements.  If your agencies will be using email and/or texting communications, opt-out options for those specific types of communications must be provided.  But remember, the general provisions of the FDCPA for ceasing all communications also applies.  There are a few situations to consider:

  • A consumer may opt-out of one method of communication, but still be OK with other types of communications (don’t text me, but you can still email or call me)
  • A consume may opt-out of MULTIPLE communication methods (do not text or email me, only call me)
  • A consumer may opt-out of ALL communication methods (do not contact me any more about this debt)

You must be able to track all communication methods and opt-outs as well as the overall cease communications both at your agencies and at the creditor.

The 7/7/7 Rule

A new rule limiting contact with consumers for debt collection purposes is being dubbed the 7/7/7 Rule.  It can be found in section 1006.14 of the new rule, entitled “Harassing, oppressive or abusive conduct”.  The rule states you cannot contact a consumer more than 7 times in 7 consecutive days, and once you have made contact with a person in connection with the collection of such debt, you cannot contact the consumer again for a period of 7 days, unless the consumer gives their permission for that contact. 

The 7/7/7 Rule applies to EACH debt.  Therefore, if an agency has 3 debts for a consumer, they can call a total of 21 times in 7 days, 7 times for each debt.  However, if contact is made, and they discuss more than one of these debts in that contact, each debt discussed must be noted and counted as a contact.  (NOTE: an exception to this rule is made for student loans, if there are multiple disbursements made under one account number, they are all considered one debt).

Additionally, if there is more than one signer on an account, each contact with either person is considered a contact for purposes of 7/7/7.  For example, if there are 2 signers on an account, and you call both of them on a given day, that means 2 of your 7 contacts within the 7 days have been made. 

The new rule also defines a new term related to communications relating to a debt – “Limited Content Message” (LCM).  LCM’s that are left for a consumer are not counted towards the 7/7/7

Rule.  The definition of an LCM can be found in section 1006.1(j). 

The LCM is a voicemail message left for a consumer that includes the business name for the debt collector, a request that the consumer reply to the message, the name of one or more natural persons who the consumer can contact to reply and a phone number or numbers the consumer can use to reply.  There are also some optional things the message may include; a salutation, the date/time of the message, suggested dates/times for reply and a statement that if the consumer replies the consumer may speak to any of the company’s representatives. 

There are some exceptions to the rule that should be noted – the following do not count towards the 7/7/7:

  • If the consumer provides permission for contact, however, you must make that contact within 7 days of receiving permission from the consumer. (Example: You reach the consumer on the phone and they say “I’m right in the middle of something, can you call me back tomorrow at 2:00?” The call tomorrow at 2:00 doesn’t count toward your 7/7/7.  However, if the consumer asks you to call back in 2 weeks – that is outside of the 7 days and that call will count towards the 7/7/7). 
  • If you are not connected to the dialed number (busy signal, tri-tone, no answer)
  • If the consumer calls you
  • A Limited Content Message

Best Practice Tips:

  • Require your agencies to track each call attempt, result of the call attempt and person contacted.
  • Require your agencies to note all express consent received from a consumer with the date, time and instructions for the call-back.
  • If your agency uses Direct Drop Voicemail technology, this counts towards the 7/7/7 rule.
  • Track all direct drop voicemails sent, and count toward the 7.
  • Note that the rule says contact with ‘a person’, that doesn’t just mean the consumer who owes the debt, it includes anyone the collector initiates a conversation with and also includes any voicemail left, including a Limited Content Message (see definition below).
  • Update your Agency audit procedures and monitoring for compliance with this rule.

Request updated policies & procedures from your agencies relating to this rule.

Emailing

The new rules also address emailing with consumers (Section 1006.6). While Email can be an effective way to communicate with consumers, and may be the preferred contact method, there are rules to consider, not only about the email address used, but also the content of the email. 

The CFPB mentions E-SIGN in their rules as well, as it relates to email communications.  If you are not familiar with the E-SIGN rules, engage your legal team to ensure you are properly monitoring your agencies for compliance with E-SIGN. 

Permission is required for Emailing a consumer, but the CFPB provides various ways that permission can be granted. 

  • Consumer used the email address to communicate with the debt collection about the debt and the consumer has not since opted out of communications to that email address
  • Debt collector has received prior consent directly from the consumer to use the email address to communicate about the debt and consumer has not withdrawn consent.
  • Email can be passed from the creditor to the Agency – provided:
    • The creditor has used the email address to communicate with the consumer about the debt, and consumer did not ask creditor to stop using the email address.
    • Prior to the Agency using the email address, the creditor must first send a written or electronic notice to the consumer advising that:
      • The debt will be transferred to the Agency (agency must be named)
      • The email address will be provided to the Agency
      • If others have access to the email address, they may see communication from the agency
      • The consumer has the right to opt out – and creditor must provide the method(s) of opt out
      • Notice that the opt-out request must be received by the Agency or creditor within 35 days after the first notice was sent.
    • The previously stated 35-day opt out period must expire before the Agency may communicate with the consumer via the email.
  • Email can be passed from a previous Agency to the current Agency – provided:
    • The immediately prior debt collector used the email address to communicate with the consumer about the debt; and
    • The consumer did not opt out of such communications.
  • Time and place rules apply. The time attached to the email is the time it was sent by the agency.
  • Opt-out options must be provided to allow the consumer to opt out of email communications.

While there is no limit on the quantity of email communications, UDAAP still applies and agencies must ensure their communications will not constitute harassment.

Additionally, regular FDCPA Mini-Miranda rules apply to email communications.

Best Practice Tips

  • If your Agencies will be using email to communicate with consumers, updated policies & procedures surrounding email addresses, communications, content and procedures should be obtained from your Agencies.
  • Update your auditing rules to check for email permissible purpose and opt-out tracking.
  • If you will be transferring emails to your Agencies, ensure you have a process in place to send the notification to the consumer, and audit for the 35 day hold time with your Agencies.

Texting and SMS

Section 1006.6 also addresses texting.  While there is no limit on the number of texts that can be sent to a consumer, other regulations still apply.  The TCPA considers a text to be a call to a cell phone, so TCPA rules apply.  Additionally, UDAAP rules on unfair, deceptive and abusive acts apply.  So, spamming a person’s phone with texts is not recommended. 

Additionally, proper disclosures must be provided, similar to a phone call or message.  Opt-out options must be provided to allow consumers to provide their wishes on discontinuing contact via text.   

Time and place rules still apply.  Since you cannot control when the consumer opens or looks at the text – the time stamp for the text is the time the text is sent, not necessarily read. 

Prior to texting, you must gain consent from the consumer.  Consent cannot be passed from the creditor like Email consent can be passed. 

When using text, you must check the validity of the phone number every 60 days to ensure it has not been reassigned to another person.  [The rules mention the FCC’s reassigned number database, which is not in effect as of the posting of this blog].

Per the rules – the following apply to the phone number used for the debt collection text:

  • The consumer must have used the telephone number to communicate with the debt collector about the debt by text message, and the consumer has not since opted out of text message communications to that phone number; and
    • Within the past 60 days the consumer has either sent a text message relating to the debt in question, or sent a new text message to the debt collector from the number; or
    • The debt collector confirmed using a ‘complete and accurate database’ that the telephone number has not been reassigned from the consumer to another user since the date of the consumer’s most recent text message; or
    • The debt collector received prior consent to use the telephone number to communicate about the debt directly from the consumer, and the consumer has not withdrawn that consent.
  • Opt-out options must be provided to the consumer to allow for opting out of text messages.

And again, as with email, the FDCPA disclosures apply to text messaging.

Best Practice Tips for Texting & SMS

  • Determine if you want your Agencies texting consumers.
  • If so, create work standards surrounding texting including frequency, content and opt out.
  • Review your Agency’s technology for sending texts to ensure it complies with your standards
  • Review your Agency’s policies and procedures surrounding texting.
  • Add a section to your Agency audit procedure for compliance with your texting work standards, TCPA requirements and opt-out tracking.

The new rules help to provide some clarification surrounding consumer communications and puts control of communications with the consumers.  This is a welcome step in the right direction, which will hopefully create an environment where consumers feel more comfortable speaking with debt collectors. 

However, if your agencies will be using these communications, your financial institution will need to update your work standards, policies & procedures and audit and risk assessment processes to ensure proper compliance. 

Disclaimer: These are suggestions for additional regulatory monitoring.  This is not an exhaustive review of the new rules, or of any section of the rules.  Please work with your attorneys and fully read the new rules.

NeuAnalytics provides an advanced and unique Software-as-a-Service solution for financial institutions and large corporations to manage receivables and mitigate compliance risk.  Our modular-based platform allows our customers to choose the products they need to create a customized toolset that allows them to increase efficiencies, reduce compliance risk and increase dollars collected.  Click below to request more information or a demo of the NeuAnalytics platform.