Editor's Note: This article is authored by Linda Straub Jones of NeuAnalytics and is published on insideARM with permission from the author.
It may be 12-18 months before the CFPB finalizes their new debt collection rules, but it’s never too early for financial institutions who place accounts with debt collection agencies to start thinking about what those rules will mean for them, and what changes may need to happen when the rules go into effect.
Although the proposed rules are being written for debt collectors, financial institutions need to be aware of the rules' requirements while auditing their agencies to ensure their agencies comply with the new standards. As we’ve seen many times before, financial institutions are held responsible for their vendor’s actions. With your reputation at stake, you want to validate that your agencies are fully in compliance. You don’t want to be the first to end up in the headlines for a lawsuit relating to the new CFPB rules.
Below are five items you can start thinking about now so you don’t have to rush to get everything done once the new rules are in place:
1. Obtain updated policies and procedures from vendors with any changes made due to the new rules (i.e., call frequency, copies of new letter wording and formats, texting, emailing, etc.)
2. Ensure your collection agencies update their internal policies and procedures relating to their communication methods.
3. Update your audit questions/procedures for your agencies to include additional communication methods and other requirements in the new rules, for example:
- Are your agencies now texting? If so, texts are considered a ‘call’ to a cell phone under the TCPA. Your agencies need to follow TCPA rules for express consent, including tracking consent and revocation. Also, the new rules outline ‘unsubscribe’ requirements, are those in place?
- Are your agencies now emailing? If so, what messaging are they sending via email? Is it secure? Have you reviewed the email templates to ensure compliance? How are the email addresses being verified? Do they have a process in place to avoid emailing at the consumer’s place of employment (unless it is documented that the consumer wants emails there)? Do they have the proper ‘unsubscribe’ procedures in place?
- If disclosures are emailed, are proper consent procedures in place?
- For both texting and emailing, your agencies may now be using a new external vendor to perform those tasks, do you have sub-vendor information updated for those new sub-vendors?
- Do your agencies use social media messaging? If so, do they have policies and procedures in place to ensure messages are only sent via a private messaging function?
- You may already have call frequency requirements for your agencies, but make sure they are in line with the CFPB’s new call frequency requirements.
- Do your agencies credit report your debt? If so, do they have a procedure in place that covers the proposed rule on communication with a consumer prior to reporting the debt?
- Have you reviewed your agencies’ validation notices and ensured they are compliant with the new rules?
4. Do you use a specialty vendor for collecting deceased debt? If so, do they have updated policies and procedures to follow the new guidelines on who they can contact about the deceased consumer’s debt, as well as the updated validation notice requirements? And have you included that checkpoint in your audit procedures?
5. As rules/regulations change, or as your internal requirements change or are updated, what process do you have in place to track updates and versioning of your audits and ensure your agencies are still in compliance?
It is important to keep in mind that the final rules may be somewhat different from the proposed rules, so it's important to be flexible. There are always a lot of moving parts when you outsource accounts to an agency, but taking a little time to think about the upcoming rules before they go into effect will go a long way to ensuring you can timely implement the new requirements without scrambling at the last minute.
Linda Straub Jones is a Sr. Account Executive at NeuAnalytics, a technology company that provides vendor management, audit, and compliance management solutions to financial institutions.