With new regulatory changes, many organizations are still grappling with what that will mean for their workflows. How do you maintain compliance? Take, for instance, Regulation F which was promulgated in 2020 but will officially take effect in November of 2021. How will these changes impact how you approach the Fair Debt Collections Protection Act (FDCPA)?

There's a lot to unpack here. There's a great deal to know to maintain compliance and proactively prepare for your future. For large lenders and creditors, these updates will impact the way that you deal with third-party vendors, the way you approach collection strategies, and ultimately, the way that you maintain compliance. 

At NeuAnalytics, we're keenly aware of how these updates can impact your business. We specialize in providing solutions for large lenders across financial services and we're the only platform that delivers solutions across the entire consumer debt lifecycle. We have been diving deep into these regulatory changes and wanted to share a detailed overview so our audience can understand the history of these regulations, see where it is today, and what they can expect for their future.

CFPB New Rules and History

The Consumer Financial Protection Bureau (CFPB) was originally created in 2011. The agency's creation was a direct result of Dodd-Frank, which passed the previous year. There have been several court challenges to the agency since its inception. 

The 2007-2008 financial crisis was the spark that created the need for oversight and led to the creation of the CFPB. The US was facing the greatest economic uncertainty since the Great Depression, a time period aptly coined as "The Great Recession". This incident had far-reaching consequences. First, there were many Americans who took on risky loans. In some cases, the consumers didn't understand the terms of the loan and clearly could not afford the terms. These loans shouldn't have been approved in the first place.

Some consumers were fully aware that they were taking on too much debt and simply behaved irresponsibly. But there were many consumers who took on unaffordable loans because there were misleading promises attached to them. Aboveboard lenders were competing with dishonest lenders and many consumers in the middle simply made mistakes because they were misinformed. That was the true basis for the creation of the CFPB. And no one can dispute that poor lending practices over many years had a devastating impact on the overall economy.

Once the ball started rolling, even consumers who had practiced complete fiscal responsibility were paying a steep price for the mistakes of neighbors and the industry. Home values dropped, retirement funds lost value, and the job market shrunk as businesses started laying off people across many sectors.

In 2010, the Dodd-Frank Act was signed into law and soon thereafter the CFPB was officially established. The CFPB was created primarily to consolidate consumer financial protection into one agency. It had previously been a consideration by several federal agencies. But financial oversight and consumer protection had not been the primary focus of any of them. The CFPB gave the government a single agency to have oversight and work with regulatory changes to improve the financial markets while protecting consumers.

The agency has jurisdiction over credit unions, banks, mortgage services, and other financial companies in the United States with more than $10 billion in assets. The CFPB also has jurisdiction over any vendors for these institutions, as well as all payday lenders, private student lenders, mortgage originators and consumer debt collectors, to name a few. As part of a 4 pronged mission, they provide consumer education, examine policy, work with state regulators to enforce consumer protection, and perform data and research.

CFPB New Rules

The FDCPA was created in 1977. It provided rules for the way that agencies working for lenders and creditors were allowed to do when attempting to collect a debt or contact consumers. However, 1977 was a long time ago and there have been significant changes in the way these agencies do business. CFPB's new Reg F has been much anticipated because it brings us up to date with the times. 

It clarifies a lot of issues that were murky in the original act. It also updates the technology, for instance discussing the use of email and text messaging. It’s important to note that Reg F, detailed below, doesn’t change the FDCPA, it works in tandem to clarify the law. 

Debt Collection Practice Regulations for Enterprise Receivables Management Systems

The CFPB initiated the process to add rules that would become Reg F several years ago. This is the first substantial addition to FDCPA since 1977 and it does have some wide-reaching implications for creditors and lenders. Any enterprise receivables management system should be up-to-date with the new regulations to maintain compliance because it impacts lenders as well as third-party vendors.

Regulation F

Regulation F is an excessively big deal. It essentially clarifies the FDCPA in customer contact, records retention, and state opt-outs. We discussed this in a previous post, but we’ll give you a quick overview here. 

The consumer contact information in Reg F clarifies the number of times collections calls can be made before it’s considered harassment. The times of day haven’t changed. The rule maintains that no contact should be made prior to 8 am or after 9 pm unless the consumer specifies otherwise. Reg F added that collection contact attempts can be made up to seven times in the span of seven days. It also stipulates that the collector needs to wait seven days to contact a consumer after they have successfully communicated with that person. Because consumer consent trumps the default rules, however, one of the most challenging aspects is that consumers can essentially dictate when and how communication occurs. For example, if a collector makes consumer contact on a Tuesday but the consumer asks to be called tomorrow, the collector can attempt a call on Wednesday but not Thursday through the following Monday. So Reg F compliance will require a sophisticated, consumer-focused approach.

Reg F also clarifies the use of text messaging and email, if the consumer consents to those types of contact. The regulation stipulates that the communication should be on the customer’s terms. It also allows for a “limited content” voicemail, which is where a call to a consumer’s voicemail doesn’t count towards the call frequency rules if the collector leaves a message limited to certain specified information. 

The CFPB added record-keeping requirements to Reg F. This is a stipulation that essentially makes it clear that collection agencies need to maintain up-to-date records and evidence for regulators. Not maintaining these records is a violation of the FDCPA, but it’s likely that you’re already complying with this requirement if you’ve been operating in an ethical way. 

Reg F also allows states the option to opt-out of the FDCPA, if the state or city requirements are the same or more stringent than those laid out at the federal level. Reg F stipulates how the state can apply for an exemption and the criteria they must meet.

Fair Debt Collection Practices Act (FDCPA)

The FDCPA gives the parameters for what debt collectors are allowed to do when collecting a debt. It’s a consumer protection law that prevents collection agencies from using unethical practices or engaging in unfair, deceptive or abusive acts and practices to recover debts. The FDCPA pertains to consumer debts, not business debt. Debt collection agencies, businesses that buy debts, and lawyers working as debt collectors are all subject to the FDCPA regulations.

The act specifically prohibits collection companies from using deceptive practices and does not include lenders or the original creditor in these regulations, unless a significant part of the lender’s regular business is debt collection. However, lenders should be aware of these regulations as it pertains to third-party vendors that may be collecting debts on their behalf. 

The FDCPA regulates the collection practices used for medical debts, credit card debt, mortgages, car loans, and other personal debts. There is a current update for renters (May 3, 2021) stating that creditors attempting to collect on behalf of a landlord may need to give notice on a CDC eviction moratorium due to the COVID-19 pandemic.

The FDCPA stipulates the type of communication a debt collector can have with a consumer, the times they may contact the consumer, and other parameters to protect the consumer from harmful practices. 

Unfair or Deceptive Acts or Practices (UDAP)

The UDAP is a section of the Federal Trade Commission Act (Section 5). The FTC defines “deceptive” as “involving a material representation, omission or practice that is likely to mislead a consumer acting reasonably in the circumstances. An act or practice is “unfair” if it “causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

The statutes included in Section 5 also discuss violations, which should be treated like trade regulation violations under the FTC Act. This makes them subject to civil penalties by the consumer.

Each state also has consumer protection laws that govern the practices that collections agencies are allowed to use in collecting debts. Each state is different, but the statutes are universally called Unfair and Deceptive Acts and Practices, or UDAP statutes. These statutes were developed to protect consumers, though they are not uniform in each state. Some states are far more rigid than others.

You can find an overview of the UDAP statutes by state on the National Consumer Law Center website.


Even though it varies quite a bit from jurisdiction to jurisdiction, UDAP laws have been around a long time and our understanding of UDAP compliance has been fairly well developed over time. The passage of the Dodd-Frank Act, however, introduced a new wrinkle: for the first time, “abusive” acts are now illegal as well. 

Unfortunately, the CFPB provided no clear definition of what an abusive act is, as opposed to an unfair or deceptive act (Dodd-Frank has general standards, such as “taking unreasonable advantage of someone’s lack of understanding” but without decades of case law to help define). Instead, under Richard Cordray, the CFPB tried to demonstrate what an abusive act was through enforcement actions, but often the agency would describe an act using all three terms, and so the industry did not have much clarity for what constituted a discretely abusive act. Under Kathy Kraninger’s leadership, the CFPB narrowly defined its policy towards abusive acts, but this guidance was promptly undone under David Uejio’s tenure – presumably because the CFPB felt it limited their enforcement ability – and so again the industry is in a “wait and see” posture until the abusiveness standard is better defined. 

State and City Debt Collection Laws

Many states have their own debt collection regulations, some rely on the general UDAP laws that would apply to any person, and even some cities have individual regulations. State collection laws can be different from the rules put forth by the FDCPA, though debt collectors need to at minimum adhere to the regulations set forth by the FDCPA. But the state laws might apply to things that fall outside of the scope of the FDCPA. For instance, a state law might regulate lenders collecting debts that are owed to them, which is not regulated by the FDCPA. The FDCPA only regulates businesses engaged in the collection of debt owned by others.

State collection laws can also regulate specific licensing, which is not part of the FDCPA. State laws can also have provisions that are identical to the FDCPA but stipulate that a violation of the FDCPA is also a violation of state law and subject to additional fines paid to the state.

All of this means that debt collectors need to consider the state collection laws, whether they track with FDCPA regulations, include additional penalties, or diverge from FDCPA in meaningful ways. 

The FDCPA discusses state law in 15 USC §1692n. As an overview, it does not prevent entities from adhering to state laws unless the law is inconsistent with the FDCPA. Not to mistake this, they make the clear ruling that the state law can’t be considered inconsistent if it provides greater protection for the consumer than the FDCPA law. So basically, they’re stating that the creditors must, at minimum, follow the FDCPA regulations, and the more stringent state regulations where they exist.

Under Reg F, individual states can request exemption from the FDCPA. The state law needs to be equal to or greater than the protections set forth by the FDCPA in order to qualify for exemption.

For any company engaging in debt collection, or any lender working with third party debt collectors, it’s important to understand the state and city laws in order to maintain compliance in debt collections, particularly if the agencies work in multiple states.

Debt Validation Notices

Reg F clarifies and expands the required debt validation notice that debt collectors use when contacting a consumer about a debt. The new regulation stipulates that the debt collector can provide the debt validation notice in either electronic form or written form. So, debt collectors can send a written letter, or contact the consumer via email, depending on the preferred method agreed to by the consumer. The validation notice can be the initial communication. If the initial communication is in another manner, the debt collector must send written or electronic notification within five days.

The new regulation lays out content requirements for the debt validation notice. The notice should contain a disclosure that the communication is an attempt to collect a debt. The collector’s legal name and mailing address need to be included. The name of the consumer and the original creditor also needs to be clearly stated in the notice, as well as the amount of the debt.

Reg F makes it clear that the debt collector must give the consumer all information on responding to the correspondence, including the proper ways to dispute the debt. This information is all required. The CFPB also lets the debt collector include additional information as long as it’s not prioritized above the required information.

The new Reg F also includes a debt validation notice template with all of the new content guidelines. Debt collectors that use the template or model form receive limited legal protection against accusations that they are using a deceptive or confusing form. This safe harbor form only applies to the debt validation notice and does not protect the debt collector if they are not in compliance with the prescribed communication methods and time frames mandated by the regulation.

A further update to the debt validation notice is the ability to send this communication in any language. It’s stipulated that the notice must be in English as well as the other languages included. 

What Are the Implications for Creditors?

The implications for creditors are fairly wide. While, as we’ve noted, Reg F doesn’t actually change the FDCPA, it does clarify it in ways that will mean some changes to the way that creditors deal with vendors, multi-state compliance, and communication. 

Previously, the FDCPA did not affect creditors that were collecting a debt they were owed. Third-party collectors were regulated under FDCPA. Reg F enhances this. If the creditor has a third-party debt collector, does the creditor have oversight responsibilities? In most cases, the answer is yes. The creditor is responsible for making sure that their third-party vendors are in compliance with all regulatory frameworks, and this includes FDCPA. As a lender or creditor, it’s important to research and vet third-party vendors to make sure that they are in compliance with Reg F, and particularly on an ongoing basis – preferably every day.

There are also some laws that might apply to first-party creditors. Federal and state laws on UDAP may stipulate that they apply to first-party creditors, so it’s important to fully understand each state regulation where you do business/have consumers. Another possible consideration is that the CFPB did not clarify whether first-party collectors were included under UDAAP. Some first-party collectors may choose to mitigate risks by adhering to Reg F.

Vendor Relationships

Creditors may need to reassess the role they take with their third-party collection vendors. There are several choices that the vendor might make regarding safe harbor procedures. They are required to verify the methods of contact that are preferred by the consumer. These might include telephone calls, email, written communication via letters, or text message. The creditor needs to make sure that their vendors follow the specific notice requirements for each choice to qualify for the safe harbor exemption.

Reg F also stipulates that there is more information needed in the debt validation notice so that the consumer is fully aware of the creditor and itemization of the debt. This means that the creditors need to provide more information to debt collectors so that they can collect debts in compliance with the regulations.

Multi-State Compliance

It’s uncertain how many states might opt out of the FDCPA. It is certain that any creditor or debt collector needs to reassess how they approach multi-state compliance in their collection practices. The state laws can significantly change the way that collections can be handled, and then possibly fine if there are any violations.

Collection Strategies

Collection strategies will need to be considered and changed. While Reg F is fairly clear, and it improves the ability to read the FDCPA accurately, it is far more complex than it might appear on the surface. All material, templates, and material guidance on the new regulations should be thoroughly reviewed by all creditors and debt collectors. 

Creditors should also reassess all vendor relationships and ask specific questions about compliance with the updated regulations when that information has not been forthcoming. Both collectors and creditors can (and should) consult with their attorney or a regulatory attorney about these changes and any needed amendments to their current collection strategies.

Role in Third-Party Collections

Third-party collection vendors will need to update their collection strategies to reflect the changes to FDCPA. This will include how they deal with multi-state collections, the information that they receive from their creditors in order to communicate with consumers, and the way they approach contacting consumers. 

Reg F may mean developing a more cohesive partnership with creditors in order to ensure that the collection efforts and decisions are agreed upon. Options to use safe harbor models can differ depending on circumstance and it’s important that strategies are in place in advance to avoid any errors. Compliance will be a large consideration for both the third-party collection agency and the creditor, especially with the intricacies of different state regulations and possible additional fines.

Looking for a Trusted Partner for Your Compliance Management System?

If you're looking for a trusted partner that offers an industry-leading approach, contact NeuAnalytics today.

We provide solutions for large lenders and creditors across industries, including banking, automotive, energy, and retail. We provide patented dynamic distribution technology and our platform scales with your growth to provide the latest in fintech solutions. NeuAnalytics assists creditors and lenders in managing their receivables, working with 3rd party vendors, and increasing debt recovery. We arm you with all the tools you need to maintain compliance on all levels. In fact, our compliance management system can help you eliminate 99% of your operational risk and boasts a 100% audit pass rate.

At NeuAnalytics, we're proud to be the only vendor in the industry to provide solutions across the entire consumer debt lifecycle. Contact us for more information or schedule a demo today.

New call-to-action