Yesterday, the Consumer Financial Protection Bureau (CFPB) announced an enforcement action against a medical debt collection company for mishandling consumer credit reporting disputes and preventing consumers from exercising important debt collection rights.
In the consent order the CFPB orders respondent Syndicated Office Systems, LLC (SOS) to provide over $5.4 million in relief to harmed consumers, correct its business practices, and pay a $500,000 penalty.
SOS does business as Central Financial Control and is a debt collection agency that primarily collects medical debt on behalf of hospitals, doctors, and other healthcare providers. The company is an indirect subsidiary of Conifer Health Solutions, LLC, which provides billing and other services to more than 600 hospitals nationwide. Tenet Healthcare Corporation, a publicly traded healthcare services company based in Dallas, Texas, is the parent company of Conifer Health Solutions.
CFPB Director Richard Cordray commented on the announcement: “Syndicated Office Systems mistreated consumers and prevented them from exercising critical debt collection rights. These violations are particularly egregious given the challenges many consumers already face who are attempting to navigate the medical debt maze. Today we are putting a stop to these illegal practices and getting consumers the relief they deserve.”
Yesterday’s announcement is interesting on a number of fronts. However, most interesting is that the action involves a medical debt collector. The CFPB currently has supervisory authority over any collection agency with annual revenues above $10 million (a Larger Market Participant, or “LMP”). But the CFPB LMP rule excludes medical debt from the $10 million threshold.
As a result of the LMP definition, many agencies that focus primarily on medical debt are under the naïve belief that the CFPB does not have any authority to review or regulate them. However, the CFPB does have jurisdiction to enforce the Fair Debt Collection Practices Act (FDCPA) and the Fair Credit Reporting Act (FCRA). Thus, a medical debt collector accused of FDCPA violations and FCRA violations does come under the CFPB jurisdiction.
There is a specific provision in the consent order that should be noted: “While the Respondent neither admits nor denies the findings of fact or conclusions of law in the Consent Order, except that Respondent admits the fact necessary to establish the Bureau’s jurisdiction over Respondent and the subject matter of this action.”
insideARM has previously reported that the CFPB was likely to include medical debt in its upcoming rulemaking process and that the above referenced medical debt exclusion could be at risk in the future.
The CFPB order charges the company with violating both the FDCPA and FCRA. The violations specifically include:
- Mishandling consumer credit reporting disputes: SOS failed to respond to more than 13,000 consumer credit report disputes within the 30-day timeframe required by law. On average, the company took more than 90 days to respond to consumers’ disputes and, in some cases, took over a year. The CFPB found that the company had no policies or procedures in place to investigate these consumer credit report disputes. Instead, the company treated consumer credit report disputes in the same way as other consumer complaints and had no deadline for responding.
- Preventing consumers from exercising important debt collection rights: SOS failed to send debt validation notices to more than 10,000 consumers. During this time, the company continued to collect over $2 million from consumers who did not receive the notices.
To address these violations, the CFPB order requires SOS to take the following actions:
- Provide over $5 million in relief to harmed consumers: SOS must identify all affected consumers and provide monetary relief. Consumers who were never sent a debt validation notice and who made payments to the company will receive a full refund and have remaining account balances forgiven. The company will pay $100 to consumers who were never sent a debt validation notice and did not make any payments to the company. The company must also pay damages ranging from $100-$1,000 to each consumer who did not receive a timely response to his or her credit report dispute. The amount that each consumer receives will correspond to the duration of the company’s delay in responding to the consumer’s credit report dispute. The company must submit a written plan to the CFPB for approval detailing how the company will identify affected consumers and provide relief.
- Correct errors on credit reports: SOS must identify all consumer accounts affected by its illegal business practices and fix any inaccuracies. The company must also update the account information it has furnished to the credit reporting companies and notify all affected consumers of this update, to the extent it has not already done so.
- End illegal credit reporting and debt collection practices: SOS must cease its illegal business practices and develop new policies to comply with federal consumer credit reporting and debt collection laws.
- Establish consumer safeguards: SOS must change how it does business and establish safeguards to ensure it has the staffing, facilities, systems, and information necessary to timely and completely respond to consumer credit report disputes. It must also establish a strong oversight program to identify any systemic inaccuracies to ensure that it informs consumers of their right to validate and dispute inaccurate debts in collection.
- Pay a civil monetary penalty of $500,000: SOS will pay a $500,000 fine for the illegal actions.
This case is noteworthy for a number of reasons.
First, this is a CFPB action against a medical debt collector. Any ARM firm with a primary focus on medical collections should take notice.
Second, the behavior described in the consent order seems to indicate:
- SOS did not have a robust Compliance Management System that included policies and procedures for 1) the timely processing of credit bureau disputes or 2) ensuring that certain specific types of accounts received the requisite FDCPA validation notices, or;
- Existing policies and procedures were not followed, or
- SOS did not have a robust internal audit mechanism to identify breakdowns in policies and procedures.
The key takeaway: A comprehensive Compliance Management System is essential to avoiding potential liability.