CFPB Debt Collection Proposed Rule – Threats & Opportunities
On May 7, 2019, the Bureau of Consumer Financial Protection (“CFPB” or “Bureau”) released its long-awaited Notice of Proposed Rulemaking (the “Proposed Rule”), touching on a multitude of debt collection practices. The Proposed Rule would apply only to collection activities subject to the Fair Debt Collection Practices Act (“FDCPA”). Creditors and first-party debt collectors nevertheless must focus on the proposal, as these requirements (1) would apply to their vendors or assignees and (2) could apply directly to them to the extent that (a) they could be deemed to provide “substantial assistance” to vendors’ or assignees’ violations and (b) the Proposed Rule potentially could be used as a baseline to determine if their own debt collection activities violate State laws or constitute Unfair, Deceptive or Abusive Acts and Practices (“UDAAPs”).
CFPB Director Kathy Kraninger emphasized the benefits of the Proposed Rule in providing “clear rules of the road where consumers know their rights and debt collectors know their limitations.” Tipping the scale at over 500 pages, the Proposed Rule contains both elements addressing the concerns of consumer advocates (e.g., call limits) and those meeting the needs of the financial services industry (e.g., acceptance of email and text messaging for debt collection). Both groups have stressed areas where the Proposed Rule has fallen short of their expectations, however.
The next few months will be a time for companies to drill down on the Proposed Rule’s practical impact, potential shifts in business operations and vendor relationships in response to the threats and opportunities the Proposed Rule presents and to consider strategies for advocacy in the 90-day comment period provided by the Bureau. The CFPB has adopted a data-driven approach, emphasized by Director Kraninger and apparent throughout the Proposed Rule. Companies’ advocacy thus should be based on a solid foundation of data, especially data and analysis of the costs and benefits of the Proposed Rule. Concurrently, the Proposed Rule should prompt a review and reconsideration of existing collection strategies to assess compliance with the proposed limits, as well as opportunities to take advantage of collection activities blessed under the proposal, particularly in the use of new technologies. The following are among the key elements of the Proposed Rule.
Limitations on Number of Calls
The Proposed Rule imposes a “bright-line” rule on the number of permissible debt collection calls. Barely moving from the original six-call-limit proposal under former Director Richard Cordray, the Proposed Rule would prevent debt collectors from placing collection calls regarding an account more than seven times either within seven consecutive days or within seven days after having a conversation with the debtor. The CFPB rejected any “per-day” call limitation. Calls placed to a wrong number would not count toward the proposed limit.
Notably, the frequency limit would not apply to emails, text messages or other electronic communications. In declining to impose a limit on these other communication media, the CFPB commented that it has no data suggesting that electronic debt collection communications are excessive. Given the newness of electronic communication for debt collection, however, the CFPB stated that such communications may be deemed excessive in the future and that they remain subject to the FDCPA’s “abusive” and “harassing” standards.
Because the proposed limit would apply to any calls to a “particular person” regarding a “particular debt,” a separate calling limit would apply, for example, to collection calls to the debtor and collection calls to a third party for location information. The Proposed Rule defines a call as a “placed” call, including a “ringless” drop to voicemail. As to seeking location information from third parties, in addition to the seven-call-per-week limit, a debt collector may not communicate with a third party more than once unless the debt collector “reasonably believes” that an earlier response from the third party was “erroneous or incomplete” and that such person “now has correct or complete location information.” Demonstrating these reasonable beliefs presents obvious challenges.
Call frequency has been the subject of extensive litigation, not only under the FDCPA but also under State law and through UDAAP claims against both first-party and third-party debt collectors. The proposed seven-call limit thus increases litigation exposure for the industry regarding what constitutes harassment. The CFPB based its proposal on outbound calling data from a large collection agency, but rightfully cautioned that the limited data it obtained might not be representative of the market as a whole. Given the CFPB’s data-driven approach to this rulemaking, companies have the opportunity — indeed an imperative — to submit additional data regarding not only the practical impact of their calling activities but also a thorough cost-benefit analysis of the broad application of a strict seven-call limit.
“Inconvenient” Time, Place or Medium for Debt Collection
The Proposed Rule would prohibit debt collectors from communicating or attempting to communicate with a debtor at a time or place that the collector knows or should know is “inconvenient” to the debtor. The proposal provides that, depending on the facts and circumstances, a collector may be charged with such knowledge even if the debtor does not use specific words, such as the word “inconvenient,” to notify the collector. Debtors also can designate a particular medium, such as email, as one that cannot be used for debt collection communications.
The Proposed Rule does provide a “safe harbor,” however. If the debtor initiates contact with the collector during a time or at a place that he/she previously designated as inconvenient, then the collector may respond a single time at the time or place the debtor previously designated as “inconvenient.” The collector may not do so again, however, unless and until the debtor confirms that the time or place in question no longer is inconvenient.
This proposal raises numerous practical challenges to implementation, including: (1) how to identify, verify and process relevant consumer communications; (2) how to track and comply with individual requests and follow-up communications from the collector; and (3) how to ensure continuing compliance as an account moves through the collection chain (e.g., from the creditor to a collection agency and from agency to agency). The vagueness of this proposal also raises the specter of endless litigation, similar to that surrounding the issue of consumer consent and withdrawal of consent under the Telephone Consumer Protection Act. Again, the submission of data and cost-benefit analyses will be vital to companies’ advocacy concerning this proposal.
The Proposed Rule would exclude certain “limited-content messages” from the definition of a “communication” under the FDCPA. This new category would allow debt collectors to leave useful information for debtors via voicemail, text or messages left with third parties (but not email), without incurring unnecessary compliance burdens and risks. One of the main benefits of limited-content messages would be that they need not include the “mini-Miranda” disclosure pursuant to section 807(11) (as implemented by proposed § 1006.18(e)), and a debt collector would not risk violating the FDCPA’s restriction on communicating information about the debt with third parties if someone other than the consumer heard or received the message.
To qualify, the message must include all of the following: the consumer’s name; a request that the consumer reply to the message; the name or names of one or more natural persons whom the consumer can contact to reply to the debt collector; a telephone number that the consumer can use to reply to the collector; and, if delivered electronically, a disclosure explaining how the consumer can stop receiving messages through that medium. A “limited-content message” also may, but need not, include a salutation, the date and time of the message, a generic statement that the message relates to “an account,” and suggested dates and times for the consumer to reply. No other information is permitted in a limited-content message.
This part of the Proposed Rule addresses the persistent industry conundrum of whether to terminate an attempted communication without leaving any message or to leave a useful message that complies with the FDCPA’s disclosure requirements but risks being heard by a third party. A tremendous amount of litigation has occurred over this issue. Some courts have concluded that there is no right to leave a message at all, while others have found that limited-content messages are acceptable. The Proposed Rule apparently seeks to find a workable middle ground.
Attempts to Communicate
The Proposed Rule would regulate attempts to communicate in addition to actual “communications” as defined under the FDCPA. According to proposed comment 2(b)–1, “attempts to communicate” include placing a telephone call (even if the caller does not speak to any person) and leaving “limited-content messages.” Proposed comment 2(b)–1 would also clarify that an act to initiate a communication or other contact with a person is an attempt to communicate regardless of whether the attempt, if successful, would be a communication that conveys information regarding a debt directly or indirectly to any person. Additional analysis will be necessary to demonstrate the impact of this expansion of communication “attempts.”
Collection Emails, Text Messages & Other Electronic Communications
The Proposed Rule expressly permits the use of electronic communications, such as emails and text messages, to collect a debt. The rules governing electronic communications would apply to any form of electronic communication that exists or may come to exist in the future. Debt collection through electronic communications such as social media, however, would not be allowed if they can be viewed by third parties. Although the proposal does not include any express limits on the frequency of emails or text messages, it does seek comment on whether such limitations should apply. While the CFPB’s imprimatur on the use of electronic communication for debt collection is most welcome and valuable for the industry in the adoption of new technologies for more efficient and less costly means of debt collection, the Proposed Rule also contains various compliance requirements that might be unclear and/or burdensome.
Within 30 days prior to using a non-work email address or telephone number (for texting), the debt collector must notify the consumer clearly and conspicuously (through a medium other than that non-work email address or telephone number) that the debt collector might use the email address or telephone number for debt collection communications via email or text message. Under the Proposed Rule, such notice must include the following: (1) the legal name of the debt collector; (2) the non-work email address or telephone number that the debt collector proposes to use for its collection communications; (3) one or more ways for the consumer to opt out of such communications; and (4) a specified reasonable period of time to opt out.
The Proposed Rule also allows a debt collector to use a non-work email address or telephone number if: (1) the creditor or a prior debt collector obtained the email address or phone number from the consumer to communicate about the debt; (2) the creditor or a prior debt collector recently sent communications to that email address or telephone number before the debt was placed with the debt collector; and (3) the consumer did not request that the creditor or prior debt collector stop using the email address or telephone number to communicate about the debt. In addition to the foregoing, the debt collector must have taken additional steps (unspecified under the Proposed Rule) to prevent communications using an email address or telephone number that the debt collector knows has led to a prohibited third-party disclosure.
Recognizing a greater risk of third-party disclosure, the CFPB would permit a debt collector to use a work-related email address or telephone number that a debt collector knows, or should know, was provided by a consumer’s employer only where the consumer “recently” (also unspecified under the Proposed Rule) used that email address or telephone number to contact the debt collector for purposes other than opting out of electronic communications. The most obvious telltale sign of a “work-related” email address is one associated with a domain name for a business, which often can be validated by inserting the domain name into a web browser. This validation method could pose a cumbersome and human-resource-heavy compliance burden, however. Of course, non-obvious work email addresses present even more difficult compliance challenges. Accordingly, companies should explore the availability and cost of a reliable electronic means for validating work-related email addresses, including by having consumers self-designate their work and non-work email addresses. Beyond segregating work-related email addresses and phone numbers, companies should conduct a careful assessment of the complexity, costs and risks involved in maintaining separate communication frameworks for work and non-work email addresses and phone numbers (particularly after transfers of the account from the original creditor through multiple additional parties). Once again, submission to the CFPB of a fulsome cost-benefit analysis of these requirements could form a vital part of advocacy in the rulemaking.
All electronic communications must contain a clear and conspicuous (i.e., readily noticeable and understandable) statement describing how the consumer can opt out of receiving further communications from the debt collector. Further, debt collectors may not require a consumer to provide any information other than the telephone number, email address or other electronic medium address subject to the opt out.
The Proposed Rule provides a number of safe harbors from civil liability. For instance, to avoid civil liability for disclosure of the debt to a third-party, the debt collector must show by a preponderance of the evidence that the disclosure was unintentional and that the collector adhered to the procedures specified by the Proposed Rule. Leveraging the FDCPA’s existing bona fide error defense in section 813, the debt collector can show, for example, that it maintained reasonable procedures to confirm and document that the email address or phone number used for electronic communication was recently used by the debtor to contact the debt collector (for purposes other than opting out of electronic communications).
While the requirements for using email addresses and telephone numbers are detailed and intended to encourage compliant communications with borrowers, some of the associated compliance burdens threaten to outweigh the benefits. In addition, compliance with safe-harbor provisions may not insulate a debt collector from litigation. Indeed, safe harbors sometimes can spawn new litigation theories if the safe harbor can be construed in such a way that compliance cannot be demonstrated at the pleading stage. See, e.g., Miller v. McCalla, Raymer, Padrick, Cobb, Nichols, & Clark, L.L.C., 214 F.3d 872 (7th Cir. 2000); Avila v. Riexinger & Assocs., LLC, 817 F.3d 72 (2d Cir. 2016).
Thus, while adoption of the Proposed Rule likely will increase the use of email, text messages and other electronic communication forms for debt collection, companies will need to scrutinize the corollary requirements closely both for purposes of advocacy in the rulemaking and for compliance and risk management.
Exemption for State Regulation
The Proposed Rule also enables States to apply to the Bureau for exemption from the FDCPA and the Proposed Rule for intra-State collection activity if an applying State demonstrates that it has a comparable or more strict statutory and regulatory regime. Appendix A to the Proposed Rule then sets forth the procedures under which States may request that the Bureau review the applicable State law for a determination that the State is exempt from the FDCPA and the Proposed Rule. Among other things, an applying State must provide a comparison of each provision of relevant Federal law with the corresponding provisions of the applying State’s law, along with an analysis of why the corresponding State’s law is substantially similar to, or provides greater protection than, the Federal law. Given the rise of State regulatory activity in the debt collection space, it is very possible that some States will apply for the exemption. That said, seeking exemption may not be as valuable to some States whose statutes already either mirror the FDCPA, or expressly incorporate its provisions (e.g., California), or expressly rely on interpretations of the FDCPA in interpreting its provisions (e.g., Florida).
To address debt collection practices that the CFPB deems harmful, among other provisions, the Proposed Rule would also:
- Specify certain information that the debt collector must or may provide at the initiation of the collection process (and in the debt validation notice if applicable) — including itemization of the debt and notification of the consumer’s right to receive information about the original creditor, to dispute the debt or to take certain other actions — and clarify how the disclosures can be provided electronically;
- Provide a model debt validation notice and a safe harbor if the debt collector complies with various steps in delivering the validation notice within an email that is the collector’s initial communication with the debtor;
- Prohibit the sale, transfer or placement for collection of a debt that a debt collector knows or should have known has been paid, settled, discharged in bankruptcy or reported as a subject of identity theft;
- Prohibit debt collectors from suing or threatening to sue over time-barred debt (while the CFPB continues to conduct testing and consider whether to adopt additional disclosure requirements for communications to collect time-barred debts);
- Prohibit debt collectors from furnishing information about a debt to a consumer credit reporting agency before communicating with the consumer about the debt;
- Provide various clarifications regarding whom a debt collector may contact and how to collect a debt from a deceased consumer’s estate;
- Establish a safe harbor for compliance with the standard for “meaningful attorney involvement” in debt collection litigation; and
- Establish a record retention requirement for compliance with the Proposed Rule from the point at which the debt collector begins collection activity until three years after (a) the debt collector’s last communication or attempted communication, or (b) the debt is settled, discharged or transferred to the debt owner or to another debt collector.
In sum, the Proposed Rule is rife with threats and opportunities, and companies will need to conduct extensive analysis regarding business impact and submit robust data to support advocacy in the rulemaking process. Although the Proposed Rule was very long in development, comments are due within 90 days from publication in the Federal Register, and the CFPB will strive to move briskly toward adoption of a final rule.
The attorneys of Stroock’s Financial Services Litigation, Regulation and Enforcement Group are well positioned to answer questions about the Proposed Rule, to assist with advocacy before the CFPB, and to support compliance and business planning efforts.
For More Information