Let’s face it – we’re all a bit weary of Regulation F news. For over a year now, it’s all the collections industry has talked about. At first it was the speculation about what the final rule would include, and then once the 653-page final rule was published, it was nonstop webinars, articles, blog posts, podcasts, speeches, and fireside chats about it.

Those of us who follow compliance – and even those who don’t – now have regular conversations about the 7/7/7 Rule, inconvenient times to contact, and the ever-popular Model Validation Notice.

However, with all the attention around Regulation F, it can be easy for creditors to take their eye off the ball with other laws that impact their collection agencies. As a quick refresher, creditors who use third-party vendors should still be regularly monitoring their compliance with the following laws:

The Fair Debt Collection Practices Act (FDCPA)

The FDCPA is the statute that underlies Reg F, but it still has other implications for our industry. The full text of the FDCPA can be found on the FCC website.

Most of the recent lawsuits in the collections industry have alleged an FDCPA violation. It’s still top of mind for consumer attorneys, and it should still be top of mind for your third-party agencies.

In the CFPB’s Annual FDCPA Report, the top consumer complaints were the same as the CFPB has been receiving since 2013:

  • Consumer claimed debt was not owed
  • Written notifications about the debt were insufficient
  • Taking or threatening a negative or legal action against a consumer with no intention of following through on it

Many FDCPA violations occur via a phone conversation. Consumer attorneys often coach consumers on what to say in order to “bait” a debt collector into a violation. Make sure to have call monitoring as a part of your collection agency audits, and request your own list of specific calls to listen to – don’t let your collection agencies choose for you. You want to hear both the good and bad to structure improvements effectively.

FDCPA violations are also still happening in written communications. With the newly suggested Model Validation Notice (in Regulation F), most collection agencies have switched to the new format to gain safe harbor when used correctly. But follow-up letters and other communications should also be regularly reviewed to ensure compliance with both the FDCPA and Regulation F.

The Telephone Consumer Protection Act (TCPA)

The full text of the TCPA can be found on the FCC’s website.

TCPA class actions are still one of the biggest opportunities for large settlements in the collections industry, with settlements frequently exceeding $50 million or even $100 million. The most common claims still most often involve failing to get a consumer’s express consent to call them on a line they’re paying for, and continuing to call a (known) wrong number.

The FCC is still very active in monitoring and considering updates to the TCPA. In February 2022, FCC Chairwoman Rosenworcel proposed to include ringless voicemails in the definition of calls covered under the TCPA. This would mean collection agencies and creditors would need to obtain express consent from consumers before launching a ringless voicemail to a cell phone. Even though the Facebook decision narrowed the definition of an ATDS (Automated Telephone Dialing System), every call center still has the potential to create tremendous legal risk (or defense costs), even if the claims don’t ultimately create liability.

Needless to say – your collection agencies should have solid procedural controls when using any type of dialer for contacting cell phones or leaving automated messages. For every consumer, best practice is to obtain their express consent to dial a line paid for per use and note consent for each line in the system of record. It is also crucial to have a solid process in place to track all possible channels where a consumer can revoke their consent (phone, voicemail, text, email, letter, in person, etc).

The Servicemembers Civil Relief Act (SCRA)

The full text of the SCRA can be found on the Department of Justice website.

If you or your third-party agencies take adverse action against consumers, make sure to scrub for active military status to ensure compliance with the Servicemembers Civil Relief Act (SCRA) guidelines. The SCRA protects active duty troops against specific actions, such as filing for a default judgment in court or having a vehicle repossessed. Co-signers, spouses, and dependents of active duty troops may also be protected in certain circumstances.

Before an adverse action, you can use this free look-up tool from the SCRA website to individually check for active military service. You can also perform regular batch scrubs past the database by submitting batches through the site. A few additional insights about the SCRA:

  • Vehicle repossession is a top complaint relating to SCRA.
  • In April 2022, the US DOJ filed a lawsuit in Virginia for a company failing to obtain a court order before auctioning off vehicles belonging to SCRA-protected servicemembers.
  • Charging excessive interest on servicemember’s loans was also recently in the news when a credit union settled with the Department of Justice.

The Fair Credit Reporting Act (FCRA)

The full text of the FCRA can be found on the FTC’s website.

If your third-party agencies are reporting your debt to credit bureaus, make sure they have the proper information to report and an established process in place for handling disputes.

  • Update reporting on discharged bankruptcy debt to remove negative connotations, zero out the balance, and show as “discharged in bankruptcy”.
  • Ensure that any third-party collection agencies reporting on your debt are monitoring accounts to properly report updates or changes in account status (i.e. paid).
  • Accounts in dispute must not be reported to the credit bureaus until the dispute is rectified. If an account is already reported, the credit report must be updated to show the account is in dispute.
  • Disputes sent to your agencies from the credit bureaus must be handled quickly as there is a timeline put forth by the FCRA. Make sure you provide your collection agencies with the required verifications and documentation as soon as possible.

As a reminder, Reg F also prohibits agencies from reporting to credit bureaus until after they have contacted the consumer.

Unfair Deceptive Abusive Acts or Practices (UDAAP)

The full text of UDAAP can be found in 12 USC §5531 and 5536.

In 2010, Congress passed a federal version of the familiar state laws that protect consumers against Unfair or Deceptive Acts or Practices (UDAPs), except the federal version added a new wrinkle: it included “abusive,” thereby updating it to Unfair, Deceptive, or Abusive Acts or Practices) via the Dodd-Frank Act. After years of enforcement actions that alleged abusive conduct without specifically defining it, the CFPB updated the description of Abusive in March of 2022 to include ‘discrimination’, and specifically called out discrimination in both servicing and collections.

UDAAP violations spring from all sorts of conduct, and in many cases, it is not clear when conduct crosses the line into an actionable UDAAP claim. It is by far and away the CFPB’s favorite enforcement vehicle, having been alleged in roughly half of all public enforcement actions. Best practice is to understand the breadth and depth of conduct that may be a UDAAP, and review your practices to ensure consumers are being treated fairly and have the ability to file complaints with your organization.

You should also review your third-party collection agencies’ policies and procedures, call scripts, letters, and any consumer communications with an eye toward UDAAP, because the CFPB has used UDAAP claims to assert liability where there is no other statutory basis, i.e. even if a creditor can’t be liable for an FDCPA claim, it can be liable under a UDAAP theory for failing to manage its agencies’ FDCPA compliance.

The Bankruptcy Act

The full text of The Bankruptcy Act can be found in Title 11 of the U.S. Code, under the familiar chapters 7 or 13 for individuals.

Once a consumer files for bankruptcy, the Bankruptcy Act’s automatic stay goes into effect. This means that you are no longer allowed to contact the consumer directly and must communicate through their attorney (unless they have filed pro-se) or bankruptcy trustee.

To ensure third-party collection agencies are not contacting a consumer and violating the automatic stay, best practice is to first scrub accounts before sending them to your third-party collection agencies. A batch process to scrub and identify potential bankruptcies can be done through many different data companies (LexisNexis, TLO, AIS, Experian, Equifax, etc.). It is essential for your third-party agencies to also scrub upon placement and monitor for new bankruptcies throughout the collection lifecycle to catch any bankruptcy that is filed post-placement.

Once a bankruptcy is identified, additional monitoring should be performed to identify any changes in the disposition of the bankruptcy. If your agencies file a proof of claims on your behalf, they will need to keep up to date on the disposition of the bankruptcy to ensure continued compliance.

If you take bankrupt accounts back in-house or outsource them to a specialized bankruptcy servicer, those known bankrupt accounts should continue to be monitored for changes. Often a bankruptcy will be dismissed, allowing collection activities to resume. However, those accounts should still be monitored carefully in case they are reinstated with the bankruptcy court, resuming the automatic stay.

As stated above, it is also important to update the consumer’s credit report when an account is discharged in bankruptcy.

State and Local Laws

Many states or local governments have enacted their own laws regarding collection practices, some of which build on federal laws while others differ from them. When these laws conflict with each other, the general rule is that federal law supersedes state law, and best practice is to comply with whichever regulation is stricter or more limiting.

New state and local laws are proposed often, and it’s crucial for creditors and third-party agencies to continually update their processes accordingly. One resource for keeping track of consumer protection legislation is the National Consumer Law Center. Their site lists and tracks the various state-level consumer protection legislation being proposed, as well as the consumer protection laws that have been passed.

Consumer protection attorneys are very aware of these laws and are often on the lookout for any financial services provider that violates them. An individual consumer complaint could quickly turn into a class-action lawsuit in the hands of an aggressive consumer attorney.

California’s Department of Financial Protection and Innovation implemented new requirements for both California-based collection agencies and any agencies collecting against California consumers. As of January 1, these collectors must now be licensed in the state, and beginning in July agencies must fulfill consumer requests to obtain the names of any previous debt collection agencies that serviced their account, as well as the most recent account statements showing the last payment or balance prior to sending the initial demand letter. Any creditor or collection agency caught unaware or unable to meet these requirements could quickly face legal action.

How can creditors keep track of all these laws?

For a creditor with even one third-party debt collection agency, keeping track of their compliance with a multitude of laws and regulations is already a full-time job. But when you consider most creditors have numerous third-party agencies to manage, it becomes overwhelming.

The answer is a formal, structured, and automated compliance management framework that includes monitoring your third-party agencies for compliance with the regulations, and corrective action when there’s indication of consumer harm. Gone are the days when merely sampling accounts from your third-party agencies for compliance is acceptable. The CFPB, in their Compliance Management Review, Supervision, and Examination Manual, has made it very clear that they expect creditors to have a compliance program that is commensurate with the company’s size, complexity, and risk profile (emphasis added).

At a minimum, your risk management program should include:

  • Board management and oversight
  • Regular audits of your third-party service providers, especially high-risk vendors like collection agencies
  • Regular reviews and updates to policies and procedures
  • Continual monitoring of new and changing consumer financial protection laws
  • Contractual language establishing compliance expectations and consequences of violations
  • Periodic reviews and updates to employee training
  • Monitoring for regulatory compliance (reviewing call frequency, letters, bankruptcy notifications, dispute and complaint handling, etc.)
  • Business continuity and disaster recovery planning
  • Information security safeguarding
  • Incident response and remediation plans
  • Insurance requirements

Creditors should also regularly look for updates to the CFPB’s exam procedures.

It’s impossible to comply with laws and regulations you don’t understand. Ensuring compliance with every federal, state, and local law can be overwhelming. But with a proper compliance program in place, and training and updating your staff on a regular basis, you’ll be ahead of the compliance curve.

New call-to-action


NeuAnalytics is the industry leader in operational risk and compliance management. Our solutions provide the world’s leading creditors with comprehensive business intelligence while continuously monitoring for compliance.

The NeuAnalytics Compliance Management System allows your staff to holistically manage compliance, down to the individual consumer level. It is a powerful set of tools for determining if vendors are acting on your behalf in compliance with the, at times, an overwhelming multitude of federal, state, and local consumer protection regulations.

With NeuAnalytics, you can avoid compliance-related fines and penalties that can result in reputational damage to your brand.

To learn more about how NeuAnalytics provides creditors compliance and auditing automation, visit us at www.neuanalytics.com.