News Articles

Notice of Proposed Rulemaking (NPRM) for the Fair Debt Collection Practices Act

News
The Consumer Financial Protection Bureau issued its long-awaited Notice of Proposed Rulemaking (NPRM) for the Fair Debt Collection Practices Act, providing the first regulatory clarity in nearly 40 years after the law’s enactment. Once published in the Federal Register, the rule will be out for public comment for 90 days.

The American Collectors Association has long advocated for policymakers to modernize and clarify the severely outdated Fair Debt Collection Practices Act that does not account for modern consumer preferences and impedes the free flow of information.

Here are a few high-level takeaways after our first glance at the rule:
- The Limited Content Voicemail Message will help provide clarity for the industry. The proposal would define, and provide example language that a debt collector could send by, for example, voicemail or text. The content of a Limited-Content Message would not be considered a “communication” and, if heard or observed by a third party, it would not constitute a prohibited third-party disclosure.
- The model validation notice will help provide clarity and safe harbors. It includes certain disclosures, including an itemization of the debt and plain-language information about how a consumer may respond to a collection attempt, including by disputing the debt.
- The proposal acknowledges and seeks to address modern communication methods such as email and text messaging, and provides clarity to allow debt collectors to lawfully use newer communication technologies, such as voicemails, emails and text messages. It also provides methods by which collectors may provide required disclosures electronically, for example, by email or text massage.
- For emails and text messages – the proposed rule also identifies safe harbor procedures for debt collectors who unintentionally communicate with an unauthorized third party about a consumer’s debt when trying to communicate with the consumer by email or text message. The proposed rule would require a debt collector to include, in emails, text messages, and other electronic communications, an option for the consumer to unsubscribe from future such communications. So, consumers have the right to opt out.
- Workplace email – the proposed rule would prohibit a debt collector from contacting a consumer using an email address that the debt collector knows or should know is provided by the consumer’s employer. For example, if a debt collector knows where the consumer works and that the email address appears to be a work email address, the debt collector knows or should know the email address is provided by the consumer’s employer.
- Social media – the proposed rule would prohibit debt collectors from contacting consumers through social media platforms except through a private messaging function.
- The Bureau also proposes a cap of seven calls per week. The proposal includes a limit on the number of calls a debt collector may place to a consumer about a particular debt within a seven-day period, subject to certain exceptions. The proposal would prohibit a debt collector from calling a consumer about a particular debt more than seven times within a seven-day period.
- The rule also prohibits suits and threats of suit on time-barred debts and requires communication with the consumer before credit reporting.
- The rule also requires a debt collector to refrain from reporting a debt to a consumer reporting agency unless the debt collector has already communicated with the consumer.
House Financial Services Committee Sets Hearing on Debt Collection Practices Legislation

News

Members of the House Financial Services Committee are slated to discuss legislation focused on debt collection practices during a hearing at 10 a.m. Eastern on June 25, according to the June calendar of hearings released by committee Chairwoman Maxine Waters, D-Calif.

The committee has not announced specific legislation scheduled for review during the debt collection practices hearing.

In addition to the debt collection practices hearing, the committee will convene for a legislative markup at 2 p.m. Eastern on June 11, with a possible continuation June 12.

The House Financial Services Subcommittee on Oversight and Investigations will meet at 10 a.m. Eastern on June 11 for a hearing on “An Examination of State Efforts to Oversee the $1.5 Trillion Student Loan Servicing Market.”

Two task forces established by Waters will also meet in June.

The Task Force on Financial Technology will convene a hearing, “Overseeing the Fintech Revolution: Domestic and International Perspectives on Fintech Regulation,” on June 25 and the Task Force on Artificial Intelligence meets to discuss “Perspectives on Artificial Intelligence: Where We Are and the Next Frontier in Financial Services” on June 26.
Concerns for the Accounts Receivable Management Industry on FCC Call Blocking and Labeling Efforts

News

Industry groups urge the FCC to seek public comment on declaratory ruling and order that would result in erroneous blocking of lawful calls.

As the Federal Communications Commission’s June 6 vote on its draft declaratory ruling and Further Notice of Proposed Rulemaking (FNPRM) on “Advanced Methods to Target and Eliminate Unlawful Robocalls” approaches, ACA International and several industry groups are continuing efforts to encourage the FCC to open public comment on the proposal and ultimately delay its decision.

In May, FCC Chairman Ajit Pai issued a proposed declaratory ruling that would allow voice service providers to block calls using analytics that sweep in many legal calls. The proposed declaratory ruling would also require consumers to opt out of blocking services instead of opt in.

“In the draft declaratory ruling, the commission has somehow arrived at the point where it now appears to find it appropriate to mislabel lawful calls as scam or fraud; allow the blocking of legitimate and needed calls with no notice of the blocking, no required recourse, and no required correction; and impugn any call that is simply “unwanted.” Among countless other flaws in this approach, this ignores a congressional directive from as recently as this month in the Senate report accompanying the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (the TRACED Act),” said Leah Dempsey, ACA’s vice president and senior counsel of federal advocacy.

ACA strongly supports the FCC’s efforts to target the serious problem of illegal and fraudulent robocalls, but the draft declaratory ruling threatens lawful calls from ACA’s members, Dempsey notes in the letter. It also directly conflicts with the Consumer Financial Protection Bureau’s ongoing rulemaking efforts, which are open for public comment.

Consumers often need the information that ACA members provide them to maintain their financial health. Open communication can often lead to the most favorable outcome for consumers. While some of these calls may be “unwanted” by some consumers, they are legal and already heavily regulated. They also may be critical to help a consumer maintain their financial health and continue to access credit and services.

To further this message, ACA also joined several industry groups in a letter to Pai on the draft declaratory ruling’s potential impact on a variety of calls consumers want and need.

“Public safety alerts, fraud alerts, data security breach notifications, product recall notices, health care and prescription reminders, and power outage updates all could be inadvertently blocked under the draft declaratory order, among other time-sensitive calls. Therefore, we urge the commission to seek public comment on the draft declaratory ruling to avoid such unintended consequences,” the letter from the American Bankers Association, American Association of Healthcare Administrative Management, American Financial Services Association, Consumer Bankers Association, Credit Union National Association, Independent Community Bankers of America, Mortgage Bankers Association, National Association of Federally-Insured Credit Unions and National Retail Federation states.
FTC Proposes Stricter Standards for Safeguards Rule

News
The FTC has extended until August 2, 2019 a notice and comment period, first announced in March, to proposed changes to the Safeguards Rule (16 CFR 314) issued under the Gramm-Leach-Bliley Act. The proposed changes would essentially require all financial institutions to adopt the NY Department of Financial Services’ strict information security program requirements and impose, among other things, a requirement to encrypt all customer information both in transit and at rest.

If adopted, the revised Safeguards Rule would add new elements to the information security program that financial institutions are required to maintain under § 314.4, including:
- Designation of a single qualified individual responsible for overseeing and implementing the information security program (referred to as a Chief Information Security Officer or CISO)
- Basing the information security program on a risk assessment; such assessment must be written and must include the criteria for evaluation as well as a description of how identified risks will be mitigated or accepted. The assessment also must be repeated periodically.
- Implementation of safeguards including:
  
  Access controls
  
  Restriction of physical access
  
  Encryption of all customer information both in transit and at rest
  
  Secure development practices for applications developed in-house
  
  Multi-factor authentication for individuals accessing customer information
  
  Audit trails to detect and respond to security events
  
  Procedures for secure disposal of customer information
  
  Procedures for change management
  
  Policies and procedures to monitor activity of authorized users
- Regular monitoring and testing of the effectiveness of the safeguards
- Periodic assessment of service providers
- Establishment of a written incident response plan
The proposed changes would also supply definitions where required, and import the existing privacy rule definition of “financial institution” into the Safeguard Rule.

If adopted, the changes may not be significant for large institutions, most of which already follow the Federal Financial Institutions Examination Council (“FFIEC”) security requirements, including with regard to encryption. But they could have a large impact on FinTech companies and entities that traffic in GLBA data but are not themselves traditional financial institutions.

The regulator is also accepting comments on proposed changes to the Privacy Rule (16 CFR 313) until June 3, 2019. The proposed changes to the Privacy Rule would distinguish with regard to protecting privacy of financial institution customer information, that the FTC Privacy Rule governs motor vehicle dealers, while the CFPB’s Regulation P applies to financial institutions. This change would align the regulations to the Dodd-Frank Act, which changed the rulemaking responsibilities of these entities—though the FTC still has enforcement authority over all financial institutions. The changes would thus not result in significant substantive changes for financial institutions, which are already operating under Regulation P.
SSN Identity Verification Tool Being Developed

News

The Social Security Administration (SSA) has announced the development of a portal that would allow financial institutions to join a planned real-time electronic system for verifying the identity of credit applicants. The new Consent Based Social Security Number (SSN) Verification (eCBSV) service will be an important tool in the fight against identity theft and other financial crimes.

SSA has traditionally been resistant to the idea that SSNs should serve as the nation’s universal personal identifier. However, the Economic Growth, Regulatory Relief and Consumer Protection Act, which was signed into law last year, directed the SSA to develop a database for accepting and comparing fraud data that is submitted electronically by financial institutions, or those financial institutions’ service providers, subsidiaries, affiliates, agents, subcontractors, or assignees.

Financial institutions must first obtain consumers’ signed consent to verify their identities, but under the eCBSV service, such signatures may be electronic, if compliant with ESIGN, rather than wet signatures. This will be a major shift away from the SSA’s prior time-consuming approach that required handwritten consent from consumers for financial institutions to confirm the consumers’ identities using SSA records.

SSA has set a deadline of July 31st for financial institutions to apply to join the eCBSV service during the initial enrollment period of the program. For the initial rollout, SSA will select a limited number of permitted entities, based upon the earliest date and time of the receipt by SSA of a fully completed application. The service will be made available to the selected number of applicants in June 2020. Thereafter, the number of users will be expanded within six months.

Any financial institution that submits a valid application prior to the close of the stated deadline, but is not selected for the initial rollout, will have an opportunity to re-submit a full application and user agreement for the later expanded rollout. However, any financial institution that does not submit a valid application before the deadline, will not have the opportunity to apply for the expanded rollout in late 2020, and must wait until the next open enrollment period, which could be as long as a two-year wait. Financial institutions unable to participate in the new program must continue to rely on the existing paper-based system, which can delay credit decisions.
All 50 State AGs Announce Partnership With 12 Carriers to Fight Robocalls

News
The attorneys general of all 50 states and Washington, D.C., announced a partnership yesterday with 12 major telecom carriers to join together and fight the proliferation of robocalls through a set of shared “principles.”

News of the partnership was shared at a press conference yesterday in Washington, D.C. Leading the charge from the state AGs side were Josh Stein, Gordon MacDonald, and Curtis Hill, the attorneys general of North Carolina, New Hampshire, and Indiana, respectively. Joining the AGs are AT&T, Bandwidth, CenturyLink, Charter Communications, Comcast, Consolidated Communications, Frontier Communications, Sprint, T-Mobile, U.S. Cellular, Verizon, and Windstream Services.

The principles that were adopted were:
- Offer Free Call Blocking and Labeling
- Implement STIR/SHAKEN
- Analyze and Monitor Network Traffic
- Investigate Suspicious Calls and Calling Patterns
- Confirm the Identity of Commercial Customers
- Require Traceback Cooperation in Contracts
- Cooperate in Traceback Investigations
- Communicate with State Attorneys General
On its face, the principles do not seem to be too much different than what the companies and the AGs were already doing. The Federal Communications Commission, for example, has already mandated that carriers comply with STIR/SHAKEN by the end of the year. As well, the FCC has given the carriers the opportunity to offer free call-blocking services to their customers.

MacDonald did say that the AGs ability to “protect the public through investigation and enforcement” has been limited, and that the partnership will result in increased usage of call blocking and authentication technology and an increased cooperation between carriers and regulators going forward.

For the credit and collection industry, the concern is that legitimate calls — such as those from collectors — are inadvertently blocked or mis-labeled as spam or fraud, and result in an individual either not picking up the phone or the call not even being connected. While everyone is saying that the idea of this partnership and other efforts is to stop the proliferation of illegal robocalls, there are legitimate concerns that other calls could be blocked, too, especially if consumers are given the power to label callers as spam or possibly fraudulent.
FCC Consumer Advisory Committee Issues Recommendations for Clearer Call Blocking Programs

News
The Federal Communications Commission’s Consumer Advisory Committee recommends call blocking program changes that will provide consumers additional information that through their use, legitimate calls, such as those from health care providers and financial services, may be blocked, according to an article from Paul C. Besozzi, senior partner, Squire Patton Boggs, on TCPAworld.com.

The committee met Sept. 16 and without discussion unanimously recommended that the FCC and its Consumer and Governmental Affairs Bureau consider the following as part of its Third Further Notice of Proposed Rulemaking (FNPRM) on Advanced Methods to Target and Eliminate Unlawful Robocalls, according to the article:
- “Telecommunications providers should clearly disclose to consumers what types of calls will be blocked and that there is a risk that legitimate calls will be blocked.”
- “Any blocking program should have clear opt out instructions and consumers should be able to manage their blocking preferences through an easy to use online portal, through customer service representatives on the phone and in-person at retail stores.”
- “Consumers should be notified when a call is blocked and have access to a log of all blocked calls.”
- “Consumers should be able to easily identify erroneously blocked calls.”
- “The FCC should work with the Federal Trade Commission, state attorneys general and consumer groups to educate the public about the opt out program.”
- “The Critical Calls list (calls that will not be blocked) should remain narrow and only involve government numbers and focus on emergency communications, government benefits and government services. The FCC should review the list periodically and keep in mind that the larger the list becomes, the higher likelihood of erroneous blocking or fraud.”
The FCC requested comments from the public and industry on these topics as it considers its ongoing rulemaking.

In the FNPRM on Advanced Methods to Target and Eliminate Unlawful Robocalls, the FCC seeks to encourage implementation of a framework for authenticating calls (SHAKEN/STIR framework) by proposing a safe harbor from liability under the call completion rules for voice service providers that choose to block calls, or a subset of calls, that are not authenticated under that framework. The commission also proposes to mandate adoption of SHAKEN/STIR if major voice service providers do not do so voluntarily by December 2019, and to create a mechanism to provide information to consumers about the effectiveness of providers’ “robocall solutions.”

Dozens of comments filed on the FCC’s call authentication and blocking proposals in June and July show numerous industry concerns about widespread call blocking by carriers; the level of safe harbor protections for carriers; and implementation of the call authentication framework.

Comments from the caller side, including industry associations ACA partnered with to file comments on the proposed rulemaking, show the FCC needs to strike a balance between call blocking that protects consumers and a framework that allows legitimate businesses to reach those consumers and easily correct erroneously blocked calls.

Carrier comments, including from AT&T, T-Mobile and Sprint, include support of a strong, broad, safe harbor allowing blocking of illegal robocalls; implementation of the SHAKEN/STIR call authentication framework by all carriers; and further definition of “critical calls” by the FCC with input from all industry stakeholders, including carriers and public safety departments.
Pennsylvania Gives Telephone Subscribers New Protections Against Telemarketers/Robocallers

News
Pennsylvania has enacted House Bill (HB) 318,¹ which expands and extends the protections given to Pennsylvania residential and wireless telephone subscribers by the 1996 Telemarketer Registration Act (TRA) in connection with telephone solicitation calls.² The bill’s main sponsor, Rep. Lori Mizgorski, described the legislation as “giving consumers the ability to sign up for the [Pennsylvania] telemarketing ‘do-not-call’ [DNC] list without requiring them to re-register every 5 years [and] prohibit[ing] telemarketing on legal holidays and calls initiated by computerized autodialers (robocalls).”³ Pennsylvania Gov. Tom Wolf signed the bill into law on Oct. 4, 2019.
Pennsylvania has enacted House Bill 318, which expands and extends the protections given to Pennsylvania residential and wireless telephone subscribers by the 1996 Telemarketer Registration Act (TRA) in connection with telephone solicitation calls.

With specific respect to robocalls, the new law requires telemarketers to establish procedures to allow called persons to opt out of receiving future telephone solicitation calls and be immediately taken off the list.

The new law becomes effective on Dec. 3, 2019, providing only a short period of time for telemarketers to upgrade their systems to meet the new requirements.

The TRA, among other things, requires telemarketers to register with the Pennsylvania Attorney General’s Office, prohibits telemarketers from engaging in certain telemarketing acts and practices declared in the law to be unlawful, and imposes written contractual requirements on them with respect to any sale of goods or services made during a telemarketing call.⁴ Among the acts and practices that are specifically prohibited by the TRA are the following:

initiating “outbound telephone solicitation calls” (calls made for the purpose of soliciting the sale of consumer goods or services, or obtaining information that may or could be used for such solicitation or for obtaining credit for that purpose) to persons who previously stated they did not wish to receive such a call from or on behalf of the seller whose goods or services were being offered

blocking caller ID and other telemarketer screening products or services

initiating telephone solicitation calls to a residential or wireless telephone number that is on the Pennsylvania DNC list (individuals and businesses can enroll their telephone numbers on the DNC list by completing the enrollment form)

using the Pennsylvania DNC list for any purpose other than determining whether or not a telephone number is on the list

failing to provide the telephone subscriber with the name of the caller and the person on whose behalf he or she is calling and, upon request, a telephone number (other than a 900 number) or address at which the person or entity may be contacted⁵

Information about the new law, including frequently asked questions, how to enroll a telephone number on the do-not-call list and how to file a complaint, can be found on the Pennsylvania Attorney General’s website. Information concerning where and how to register as a telemarketer also is available.

The new law amends the TRA in a number of different ways.

It adds a prohibition against making telephone solicitation calls on a legal holidays.⁶

It extends all of the protections in the TRA to “business telephone subscribers,” which are individuals or entities that subscribe to telephone service at a business location within Pennsylvania where the service provider classifies the line as a business line.⁷

It removes the five-year renewal requirement for keeping a phone number on the Pennsylvania DNC list, thereby giving consumers and businesses the ability to register their phone number(s) on the list permanently.⁸ (Consumers who have previously registered their phone number on the list need not take any action to have their numbers appear on the list permanently; i.e., they are not required to re-register or renew.)

It defines “robocalls” (telephone solicitation calls made to a large number of people using a computerized autodialer to deliver a prerecorded telemarketing message) and places various obligations upon telemarketers that choose to make such calls.⁹

With specific respect to robocalls, the new law requires telemarketers to establish procedures to allow called persons to opt out of receiving future telephone solicitation calls and be immediately taken off the list. Telemarketers must also provide notice to any called number, at the beginning of the call, stating how the recipient of the call can opt out, as well as offer a mechanism by which the recipient can do so immediately or at any time during the call (the Immediate Opt-Out Mechanism). The Immediate Opt-Out Mechanism must be available to the recipient through “an automated, interactive voice-activated or key-press-activated opt-out mechanism … including brief explanatory instructions on how to use the opt-out mechanism, within two seconds of disclosing the name of the caller and the name of the person or entity on whose behalf the call is being made.”

The recipient’s written consent may not be required to opt-out, and the act of opting out cannot be considered as creating an “established business relationship.” (Calls made to a telephone subscriber with which the telemarketer has an established business relationship within the past 12 months preceding the call are excluded from the definition of a telephone solicitation call.)

Finally, when a robocall is left on an answering machine or a voicemail service, the message must provide a toll-free telephone number that enables the called person to call back at a later time and connect directly to the Immediate Opt-Out Mechanism and automatically record the called person’s number to the do-not-call list of the telemarketer or telemarketing business.¹⁰

The enforcement provisions in the TRA have not been changed.¹¹ The TRA is enforced by the Bureau of Consumer Protection (BCP) in the Office of Pennsylvania Attorney General, which is empowered to receive and investigate complaints from the public, as well as to bring actions to impose civil penalties upon violators and seek other relief, including injunctive relief, under the Pennsylvania Unfair Trade Practices and Consumer Protection Law (UTP/CPL).¹² Willful violations of the UTP/CPL carry a civil penalty of up to $1,000, or $3,000 if the person contacted is age 60 or older.¹³ Ten percent of any penalty the BCP collects, up to a maximum of $100, must be remitted to the complainant.¹⁴ In addition, failure to register as a telemarketer as required by the act constitutes a misdemeanor of the second degree.¹⁵ The TRA does not appear to give consumers a private right of action for violations.

Although the telemarketing law applies on its face only to telemarketers and “telemarketing businesses” (business entities that are or have engaged in the business of telephone solicitations and employ at least one telemarketer), a financial institution looking to engage the services of such an individual or entity should conduct thorough due diligence to verify that the service provider understands and is capable of complying with the TRA’s provisions, and periodically monitor the service provider’s performance.¹⁶ The financial institution must also keep in mind that telemarketers acting on its behalf who fail to comply with the provisions of the TRA can subject the institution to serious reputational harm.

The new law provides only a short period of time for telemarketers to upgrade their systems to meet these new requirements. It becomes effective on Dec. 3, 2019.¹⁷

Privacy Policy

State and Federal Disclosures

This communication is from a debt collector. This is an attempt to collect a debt and any information obtained will be used for that purpose.