Larger participants in the debt industry need to prepare for CFPB supervision, and an essential part of that preparation will be to establish a formal compliance management system. The CFPB expects a company’s compliance management system to be fully documented through written policies and procedures. In reviewing these policies, the CFPB focuses on a company’s ability to detect, prevent, and correct practices that may present a significant risk of violating federal consumer financial protection laws or could cause consumer harm. According to the CFPB, effective policies and procedures should allow a company to self-identify any issues and initiate corrective action without regulatory intervention. Policies should also be approved by a company’s leadership, whether it is the Board of Directors or other senior management, as the CFPB will hold the company’s Board ultimately responsible for overseeing such policies.
The CFPB has not dictated a particular format for compliance management policies, but debt collection companies should be mindful of common elements when drafting them. Not only should policies be in place to address the Fair Debt Collection Practices Act (FDCPA) and other relevant consumer financial protection laws (e.g., the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, etc.), but companies also should have policies to address other consumer protection issues. These include unfair, deceptive, or abusive acts or practices (UDAAPs) and other collection practices that are not addressed by existing laws or regulations (e.g., time-barred debt, the use of data brokers, including skip tracers, etc.). Companies should be mindful that policies that are merely a recitation of the law will likely not pass muster with the CFPB. The CFPB has advised that policies should be sufficiently detailed to provide guidance to employees about how to carry out relevant compliance-related responsibilities.
Once comprehensive policies have been put into place, companies must ensure they are being followed. This should include providing appropriate employee training, monitoring implementation of each policy, and assessing to what extent policy revisions may be needed in response to consumer complaints. The CFPB has even recommended that companies consider whether to utilize transaction testing, including mystery shopper programs, to confirm that actual practices are consistent with written policies. To the extent that any one employee may not be following company policies, be sure to document any disciplinary actions taken to ensure that any violations are addressed.
Companies should also ensure that policies are dynamic. Policies should be continuously assessed to ensure that they meet current business strategies as well as respond to consumer needs. The CFPB has indicated that it will review company policies for outdated content or other indicators that the policies lack specificity or are not tailored to the company’s needs and practices. This means that company policies should be updated annually to cover any new services or business practices, as well as to reflect industry developments and trends. In addition to a set review schedule, policies should also be reviewed in response to major legal and regulatory developments, such as the CFPB’s upcoming debt collection rulemaking, FDCPA amicus briefs, enforcement actions, and other bulletins and guidance.
CFPB activity that companies may wish to monitor and incorporate into company policies includes:
- Litigation: The CFPB has filed suits challenging the collection practices of different companies. Debt collectors should review their practices against the ones challenged by the CFPB.
- Amicus briefs: The CFPB actively submits amicus briefs in cases addressing debt collection topics, including time-barred debt. Debt collectors should monitor these cases carefully for insight into the CFPB view of the FDCPA.
- Enforcement actions: The CFPB has brought a number of enforcement actions against entities based on their debt collection practices, including those practices of third-party debt collection vendors, such as in the recently announced consent order with ACE Cash Express.
- Credit reporting: CFPB Bulletin 2013-08 addressed representations about the effect of debt payments on credit reports and scores; debt collectors should review their scripts and letters for compliance.
- Medical debt: In May 2014, the CFPB released a report on the impact of medical collections on consumer credit scores. Companies may want to consider what policies could be implemented proactively to address CFPB concerns, such as being alert to consumer validation requests arising from medical debt and consistent reporting of medical debt disputes to credit bureaus.
- UDAAP: CFPB Bulletin 2013-07 addressed unfair, deceptive, or abusive acts or practices in the collection of consumer debts, specifically with regard to originating creditors. Debt collectors should monitor closely for future CFPB guidance in this area.
- Vendors: CFPB Bulletin 2012-03 addressed expectations regarding oversight of third-party service providers; debt collectors may be third party service providers for other covered entities and may themselves employ third-party service providers.
On multiple occasions CFPB Director Richard Cordray has expressed his concerns about the system-wide problems that pose risks to consumers that he perceives to exist in the debt collection market . Companies can proactively respond to these concerns through voluntary self-regulatory measures, such as the implementation of strong internal policies and procedures.
Kim Phan is an associate at Ballard Spahr. She provides guidance to clients on CFPB activity. Join Ms. Phan, Ronald Canter of the Law Offices of Ronald S. Canter LLC and Anita Tolani of Weinberg, Jacobs & Tolani at ARM-U (October 14-15 in Washington, DC) for a panel discussion of what the regulatory future looks like for debt collectors – including the huge role the CFPB will play – and how agencies can prepare for the future right now. This exclusive event will bring together senior compliance and operations officers, collection attorneys and HR/training experts, and allow them to learn from each other, discuss pitfalls and identify areas of improvement.