National SOC Month

CFPB Examination Procedures for Consumer Debt Collection

  • Written by Collection Advisor

The following is an abridged version of the CFPB Examination Procedures for Consumer Debt Collection emphasizing Module 1. It outlines the audit collection agencies will undergo if they have more than $10 million in annual receipts. Go to www. to view the complete procedure, which includes steps to determine if an entity is a debt collector as well as additional procedures if entity engages in debt buying and selling.

Prior to using these procedures examiners complete a risk assessment and scope memorandum. Depending on the scope, and in conjunction with the compliance management system review procedures, each examination will cover one or more of the following modules: 1- Entity Business Model, 2-Communications in Connection with Debt Collection, 3-Information Sharing, Privacy, and Interactions with Consumer Reporting Agencies, 4-Consumer Complaints, Dispute Resolution, and Debt Validation, 5-Payment Processing and Account Maintenance, 6-Equal Credit Opportunity Act, 7-Litigation Practices, Repossession, and Time-Barred Debt

Examination Objectives

• To assess the quality of the regulated entity’s compliance management systems, including its internal controls and policies and procedures, for its debt collection business.
• To identify acts or practices that materially increase the risk of violations of Federal consumer financial laws in connection with debt collection.
• To gather facts that help to determine whether a regulated entity engages in acts or practices that violate the requirements of Federal consumer financial laws.
• To determine, in accordance with CFPB internal consultation requirements, whether a violation of a Federal consumer financial law has occurred and whether further supervisory or enforcement actions are appropriate.


As they seek to collect debt from consumers, the entities that the CFPB supervises must comply with various laws to the extent applicable, including:
• The Fair Debt Collection Practices Act (FDCPA)
• The Fair Credit Reporting Act (FCRA)
• The Gramm-Leach-Bliley Act (GLBA)
• The Electronic Fund Transfer Act (EFTA)
• The Equal Credit Opportunity Act (ECOA)

To carry out the objectives set forth in the Examination Objectives section, the examination process also will include assessing other risks to consumers. These risks may include potentially unfair, deceptive, or abusive acts or practices (UDAAPs). The particular facts and circumstances in a case are crucial to the determination of UDAAPs.

General Considerations

Completing the following examination modules will allow examiners to develop a thorough understanding of the regulated entities’ practices and operations. To complete the modules, examiners should obtain and review the following as applicable:
Organizational charts and process flowcharts;
Board minutes, annual reports, or the equivalent to the extent available;
Relevant management reporting;
Policies and procedures;
Notes and disclosures;
Telephone recordings;
Operating checklists, worksheets, and review documents;
Monitoring procedures;
Compensation policies;
Relevant computer program and system details;
Consumer files, including original loan documents, and payment records systems;
Historical examination information;
Audit and compliance reports, and management responses to findings;
Training programs and materials;
Scripts for employee use;
Third-party contracts and oversight materials, including monitoring reports and findings;
Written correspondence with consumers;
Court documents; and
Consumer complaints and disputes, including those submitted to CFPB Consumer Response Center, Consumer Sentinel, the Better Business Bureau, or other sources as appropriate.

Depending on the scope of the examination, examiners should perform transaction testing using sampling procedures, which may require use of a judgmental or statistical sample. Examiners should also conduct interviews with management and staff to determine whether they understand and consistently follow the policies, procedures, and regulatory requirements applicable to debt collection, and implement effective controls.

Examiners should review relevant consumer complaints in scoping and conducting examinations, as appropriate. In many instances, depending on the nature of the complaints, examiners should interview consumers.


 Module 1 – Entity Business Model

This module assesses whether the entity is a “debt collector” under the FDCPA and therefore subject to that Act. In addition, this module addresses other aspects of the entity’s business model, including affiliate and vendor relationships, internal controls, and related account management issues.

Nature of Operations for FDCPA Purposes

1. Assess whether the entity is a “debt collector” for purposes of the FDCPA.

Affiliates and Third-Party Relationships

2. Ascertain whether the entity is affiliated with any other entities. If so, determine the identities of the affiliates and the nature of their business activities, including whether any of the affiliates engage in debt collection.

3. Determine whether the entity uses any service providers in conducting its debt collection activities. If so:
    ❏ a. Identify who the service providers are, whether they are affiliated with the entity, and what services they perform, and
    ❏ b. Assess whether the entity:
        ❏ i. Requests and reviews the service providers’ policies, procedures, internal controls, and training materials to ensure that the service providers conduct appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;
        ❏ ii. Includes in its contracts with its service providers clear expectations about compliance with Federal consumer financial laws as well as appropriate and enforceable consequences for violating any compliance-related responsibilities;
        ❏ iii. Establishes internal controls and on-going monitoring to determine whether its service providers are complying with Federal consumer financial law; and
        ❏ iv. Takes prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate. See CFPB Bulletin 2012-03 (April 13, 2012).

Internal Structure, Controls, & Compliance Management

4. Review the organizational chart to determine the reporting structure and the responsibilities of key managers for debt collection activities.

5. Review the qualifications, experience levels, and training programs that the company requires or uses for staff who interact with consumers.

6. Evaluate compensation practices and programs.
    ❏ a. Evaluate the quality and impact of controls on the compensation program.
    ❏ b. To the extent that the entity’s compensation program creates incentives for behaviors or practices that result in heightened risk to consumers, determine whether the policy also includes disciplinary procedures such as reductions in compensation or termination if an employee is found to engage in such risky behaviors or practices.

7. Review the entity’s general compliance management system using the compliance management review section of the CFPB Supervision and Examination Manual.

8. Review the entity’s policies and procedures for monitoring both incoming and outgoing communications.

9. Review the entity’s policies and procedures for gathering and maintaining underlying information regarding the underlying debt(s).

Debt Purchases

10. Determine whether the entity collects on any debt it purchased from another party. If so:
    ❏ a. Review the account information that the entity received regarding the debt when it purchased the debt. Consider in particular whether the entity received information sufficient to determine the consumer’s identity, the amount due, whether any fees charged were permitted by contract, and the original creditor.
    ❏ b. Review sale contracts, considering in particular the following items:
        ❏ i. Provisions that describe the nature of the account-level information that is provided by the seller;
        ❏ ii. Any representations or disclaimers made relating to the accuracy of the accountlevel information that is provided by the seller; and
        ❏ iii. Whether the entity can request additional account-level information upon request, including how long the additional accountlevel information will be available and how much it will cost.
    ❏ c. Determine whether the entity has reason to doubt the accuracy of the account-level information it received from the seller (for example, if there were patterns of disputes, unusual gaps of information, or known problems with account maintenance).
    ❏ d. Determine whether the information received is sufficient to substantiate representations made to consumers regarding the debt and the consumer’s liability for the debt.

Go to to view the complete procedure, which includes steps to determine if an entity is a debt collector as well as additional procedures if entity engages in debt buying and selling.