In case you missed it, on August 17, 2021, the CFPB issued a press release in which it announced it filed a proposed settlement agreement to resolve a lawsuit against Fair Collections and Outsourcing (FCO). The settlement would require FCO to pay $850,000 and overhaul its policies and procedures. 

The lawsuit filed by the CFPB on September 25, 2019, alleged that FCO violated the Consumer Financial Protection Act of 2010, the Fair Credit Reporting Act (FCRA), Regulation V (the Credit Furnisher Rule), and the Fair Debt Collection Practices Act (FDCPA) by:

  • Failing to establish or implement reasonable policies and procedures regarding the accuracy and integrity of the information furnished to consumer reporting companies, specifically concerning indirect disputes (disputes submitted by consumers to credit reporting agencies);
  • failing to conduct reasonable investigations of indirect disputes;
  • continuing to furnish information about disputed accounts alleging ID theft without conducting an investigation; and
  • along with owner, Michael Sobota, telling consumers they owed certain debts when FCO did not have a reasonable basis to assert that the consumers owed those debts.

In addition to paying a civil penalty of $850,000 the settlement will require FCO and Sobota to:


  • Establish, modify, update, and implement policies and procedures regarding the accuracy and integrity of information furnished to consumer reporting agencies.
  • Establish internal controls to identify practices or activities that could compromise the accuracy or integrity of the information it furnishes and to evaluate the effectiveness of its furnishing policies and procedures.
  • Establish an identity theft report review program to identify instances in which FCO received identity theft reports from consumers and take steps to ensure that they handle those reports as required by the FCRA.
  • Have written intake policies and procedures designed to evaluate the quality, completeness, accuracy, and integrity of account information before FCO commences collections.
  • Establish policies and procedures to monitor, evaluate, and address trends in disputes and other indicia of unreliability on accounts for which FCO collects.
  • Retain an independent consultant with specialized experience in consumer-information furnishing and debt collection, approved by the CFPB, to conduct an independent review of FCO’s furnishing and debt collection activities and to make recommendations on policies and procedures, among other things.

The CFPB seemed particularly disturbed by the inaccuracies in consumer’s credit reports. Regarding FCO’s alleged violations, Acting Director Dave Uejio stated, “As we recover from the economic devastation caused by COVID-19, credit reports play a huge role in consumers’ financial lives. Inaccurate information, such as information related to tenant debt, can be devastating for someone who’s applying for a loan, seeking a new place to live, or trying to get a new job. We will not tolerate companies that put inaccurate data on consumers’ credit reports or fail to investigate consumers’ disputes.”

insideARM Perspective:

This enforcement action and proposed settlement agreement exemplify the principle that written policies and procedures are crucial. It is no longer ok (and hasn’t been for quite a while) to have vague outlines of procedures or relay critical operational information by word of mouth. To have a sufficient compliance management system, ARM entities must document their policies, include written specific procedures, train employees, and audit procedures to ensure they are working. 

The lawsuit filed against FCO is instructive in determining the CFPB’s expectations; it provides a tremendous amount of detail into FCO’s missteps as perceived by the CFPB. For example, among other allegations, in support of its assertion that FCO’s policies and procedures were inadequate, the CFPB noted training materials provided to employees, (1) were limited and did not cover many types of disputes; (2) had not been updated in at least seven years; (3) did not advise employees to review the substance or details of disputes; and (4) were not audited.

Another interesting point to note here is that this lawsuit and settlement agreement imply that a debt collector is responsible for vetting information received from its clients. Per the lawsuit, FCO should have noticed high rates of disputes on certain portfolios, and these high dispute rates should have alerted FCO and its sole owner Michael Sobota that there was a problem. According to the CFPB’s allegations, attempting to collect those debts without consulting its clients about the reliability of their information was false, deceptive, and misleading in violation of the FDCPA.

However, before anyone assumes the CFPB is trying to impose a debt substantiation requirement on debt collectors, it’s important to note that Reg F was published less than a year ago - after the CFPB filed its lawsuit against FCO. If the CFPB really wanted to impose a substantiation requirement, they certainly could have found a way to do so in Reg F.

That said, like with all CFPB related things, ARM entities should continue to watch for trends and at least implement the basic things we know, such as developing, maintaining, and auditing policies and procedures.  We cannot stress this enough: a company that fails to implement basic policies, procedures, training, and auditing does so at its peril. 

Next Article: Are “No Injury” FCRA Lawsuits in The ...