Menu

Compliance Controls for the New Age of Collections

  • Written by Debra J. Ciskey

ciskey debra jIn a “be careful what you ask for” kind of way, the CFPB has suggested in its proposed Regulation F that debt collectors may communicate with consumers in ways that consumers may prefer over telephonic communication, namely, via email and text messaging. By the time readers see this article, readers have most likely attended numerous webinars, online classes, and face-to-face sessions at collection industry conferences and gatherings that discussed the provisions of the proposed regulation. New vocabulary such as opt-out, eSign, clear and conspicuous, and non-work have become part of our daily conversations. Some of us have had at least preliminary conversations with letter vendors, telephone vendors and bulk text messaging vendors about the technical innovations necessary to make 21st century communication possible.

The New Communication Methods

Compliance controls around the use of electronic communication will be key to risk avoidance. The proposed rule references the maintenance of procedures that include steps to reasonably confirm and document controls that will prevent third-party disclosure, allow emails only to email addresses that the consumer has not opted out of using for debt collection communication, allow text messages only to phone numbers that the consumer has not opted out of using for debt collection communication, prevents email and text messages from being sent to work email addresses and telephone numbers, and ensuring that initial emails used were recently used by consumers to communicate with the debt collector or creditor.

Controls are generally preventative in nature. They are designed to prevent avoidable risk and noncompliance. Consider how controls can prevent non-compliance related to email. Will you aspire to limit email communication to system generated notices, such as payment reminders? Will collectors be allowed to generate emails? If so, will you have counselapproved templates in place to prevent free-form additional comments by individual collection staff? If additional comments are allowed, what will the process be to review additions to prevent overshadowing, false representations and threats, and deceptive practices? How will you prevent emails being sent to opted-out email addresses? What could go wrong with the use of email? What could be unintended consequences of using it? Each idea your team generates as the result of brainstorming might be the basis for a policy and procedure to control risk.

Essential Detective Controls

Detective controls are designed to uncover what went wrong. Who will be responsible for testing emails and text messages before they are sent out to consumers? Detective controls test whether your preventative controls are strong enough. If emails and text messages are sent by a vendor using immutable templates, is the same amount of scrutiny applied to emails sent by individuals in your organization? What mechanism will you have to put into place to conduct quality assurance and compliance audits on emails and test messages? Will you test only emails that your system perceives are not consistent with the provided template, or will you review every email that is generated?

The protections for consumers provided in the proposed rule will require innovative thought and potential modifications to account management systems, especially those that never anticipated that electronic communications with consumers would occur. At the most basic level, systems will need to add fields to contain an email address, or multiple fields for multiple email addresses the consumer may use to generate emails to a debt collector. Indicators will be required for the opted-in or opted-out status of the email address. What if the consumer uses an opted-out email address to generate an email to the debt collector? Does that reopen that email address as a “receiving email” address to which the debt collector may send subsequent emails until it receives another opt-out from the consumer? Consumer behavior is often unpredictable and often contradictory.

TCPA Isn’t Addressed?

The proposed rule does not address Telephone Consumer Protection Act provisions related to consent and revocation of consent for calls and messages to wireless numbers. The ACA Declaratory Ruling, issued by the Federal Communications Commission in 2015, said a party who provides his/her wireless number to a creditor as part of a credit application “reasonably evidences prior express consent by the cell phone subscriber to be contacted at the number regarding the debt,” and this applies to the creditor and any third party acting on behalf of the creditor. (ACA Declaratory Ruling, 23 FCC Rcd at 564, para. 9.) The burden of proof related to the source of the consumer’s number falls upon the caller. Innovative technological solutions will be required to sort this out for collectors who feel emboldened to text consumers with reminders or other messages.


Debra is the Executive Vice President at The Collections Coach, LLC. She began her nearly 40 year career in the collection industry in 1980 at ACA International in the federal affairs department, then leading the association’s Education initiatives as Director of Education. As an ACA instructor since 1983, Debra has taught nearly 200 ACA Seminars, and she served on ACA’s Board of Directors for 2 terms spanning 2012 to 2018. In 2000, Debra was inducted into ACA’s International Fellowship of Certified Collection Executives, and was named ACA’s Instructor of the Year in 2005.