Presented by Matthew Clark, Esq., Legal and Compliance Director

Agency Compliance

“Update 2015”

2

Creditors, Collection Agencies, Debt Buyers CFPB Compliance Management System Areas of Risk TCPA - cell phone calling violations FCRA – inaccurate credit bureau reporting

violations FDCPA – 3rd party disclosure and other violations Bankruptcy Stay Violations Identity Theft Adding Unauthorized Collection Fees New Technology: email, texting, social media Compliance Summary

Table of Contents

3

Regulated By Many Agencies

Industry Specific Public Utility Commission – PUC U.S. Department of Education, Higher Education Opportunity Act Health Insurance Portability and Accountability Act - HIPAA

State Fair Unfair Trade Practice Laws State Debt Collection Laws Local Attorneys

Federal Federal Trade Commission - FTC Fair Credit Reporting Act - FCRA Fair Debt Collection Practices Act - FDCPA Consumer Financial Protection Bureau – CFPB*

Creditors, Collection Agencies and Debt Buyers

AT&T Mobility to pay $45 million to settle

violation of the Telephone Consumer Protection Act (TCPA).

TeleCheck to Pay $3.5 Million for Fair Credit Reporting Act Violations

World's Largest Debt Collection Operation Settles FTC Charges, Will Pay $3.2 Million

Penalty

CFPB Orders Chase and JPMorgan Chase to Pay $309 Million Refund

CFPB Orders American Express to Pay $85 Million Refund to Consumers Harmed

CFPB Fines Sprint $105 Million

Capital One to pay $210 million in fines for misleading consumers

4

New Sheriff in Town A Force to Be Reckoned With!CFPB

5

Created in response to the financial meltdown of 2008 Prevent future financial crises Created a new federal agency - CFPB

Consumer Financial Protection Bureau (CFPB)

- Tasked with monitoring and responding to consumer complaints

- Has enforcement authority over creditors, debt collectors and rule-making authority under the FDCPA

- Office of Enforcement to provide periodic bulletins re: policies and priorities

6

CFPB expectations for compliance: Top down compliance – a meaningful commitment

from top level executives Clear policy statements regarding consumer

compliance Governed by agency-wide standards, policies and

procedures Compliance oversight should be independent from

business line; have sufficient resources and clear authority to identify and resolve compliance issues.

Consumer Financial Protection Bureau (CFPB)

7

Board of Directors oversight – one consistent voice from the top Ensuring compliance with consumer financial laws and regulations

and addressing and prevent associated risks of harm to consumers Sets policies, procedures, and standards to prevent violations and to

detect and prevent associated risks of harm to consumers Ensures that responsibilities for meeting legal requirements and

internal policies are incorporated into business processes Reviews processes for the identification of new regulatory

requirements, changes in requirements, and planning for implementation

Communicate compliance responsibilities to all employees Formal complaint process to assist consumers; provide timely and

appropriate response to consumer complaints Take corrective action; update tools, systems, and materials as

necessary

CFPB Compliance Management System

Create a Culture of Compliance

On Going Compliance initiative

One consistent message from the top

Promote a culture of compliance within the organization

Clear policy statements regarding consumer compliance

Governed by agency-wide standards, policies and procedures

8

CFPB Compliance Management System

9

Create Four Interdependent Control Components:1. BOD/Management Oversight2. Compliance Program

Policies and Procedures Training Monitoring Timely and appropriate corrective action

3. Response to consumer complaints4. Compliance Audit – Independent from

Operations

CFPB Compliance Management System

Role of ALL employees:

Act in compliance with all applicable laws and regulations

Follow all policies and procedures

Focus on excellent customer service

Generate fewer complaints and lawsuits

Generate a more positive image for other employees

Generate a more positive image for all clients

10

CFPB Compliance InitiativeA Culture of Compliance

TCPA prohibits using autodialer or prerecorded message to call a consumer‘s wireless phone without obtaining the prior express consent of consumer.

Okay to use autodialer if given prior consent of the cell phone subscriber to call the number (express consent)

Okay to use autodialer if the consumer knowingly released the number to the client and the client provided that number to agency (FCC/ implied consent)

Okay to manually dial cell phone number (collector can get express consent at inception of call)

Manual calls made without the use of an autodialer will not violate the TCPA.

11

TCPA (Telephone Consumer Protection Act)

Policies and Procedures should be in place to comply with the TCPA

Phone numbers provided by client upon placement are acknowledged in an identified field (implied express consent)

Phone numbers located through skip-tracing efforts are placed in a separate field (no prior express consent)

Utilize available technology (cell phone scrub) for unidentified skip-traced phone numbers

Manually dial cell numbers and request express permission at beginning of call

12

TCPA Policies & Procedures

Any business entity reporting consumer information to a credit reporting agency (CRA) is a data furnisher for purposes of FCRA.

A data furnisher must report accurate information and has a duty to

update or correct information previously reported. Data furnishers must establish and implement reasonable written

policies and procedures regarding the accuracy and integrity of consumer information provided to a CRA.

Consumers have a right to directly dispute inaccurate information in their consumer report with the furnisher of information.

13

FCRA (Fair Credit Reporting Act)

Agency is data furnisher under FCRA

Agency makes a good faith effort to determine the accuracy of all account information reported to the credit bureaus

- Agency policy-do not report if an account does not have a social security # in order to ensure proper reporting

- Agency policy-do not report skip traced data to the credit bureaus – this eliminates errors

Contacts the original creditor or other reliable source to verify accuracy and integrity of disputed information

Agency should have reasonable written policies and procedure to prevent such errors

14

FCRA Written Polices & Procedures

Purpose: to eliminate abusive debt collection practicesGoverns all communications regarding collection of consumer debtCommunications: the conveying of information regarding a debt directly or indirectly to any person through any mediumBroad definition is intended to encompass every possible means of communication regarding a debt

Conflicting Provisions of FDCPAVoicemails are first step in a process designed to communicate with debtor about a debt.

Applies to information conveyed directly or indirectly.

A voice message is a communication under the FDCPA

Agency must provide meaningful disclosure (identify agency and provide mini-Miranda

Agency must not disclose information regarding a debt to third parties (third party disclosure)

Leaving meaningful disclosure may cause a third party disclosure violation if someone other than consumer listens to the message.

15

FDCPA (Fair Debt Collections Practices Act)

Vendors must provide meaningful disclosure (identify agency and provide mini-Miranda)

Vendors must not disclose information regarding a debt to third parties (third party disclosure)

Vendors must remove phone number from system once consumer notifies we have reached the wrong party (wrong number contacts)

Falsely representing the character, amount or legal status of a debt (collecting debt included in automatic BK stay or discharged by an order of the BK court)

16

FDCPA

“This message is for [debtor name]. If we have reached the wrong number for this person, please call us at [phone #1] to remove your phone number. If you are not [debtor name], please hang up. If you are [debtor name], please continue to listen to this message. (pause for 3 seconds)

“[Debtor name], you should not listen to this message so that other people can hear it as it contains personal and private information. (Pause)

This is [collector name] from [ABC]Collection Agency. This is an attempt to collect a debt by a debt collector. Any information obtained will be used for that purpose. Please contact me about an important business matter at [phone #2]”.

17

ACA International Recommends Foti Compliant Message

18

1. Automatic stay prohibits almost all collection activity, including legal action, garnishment, and contact by phone or mail in an attempt to collect a debt.

2. Automatic stay is very broad and applies to nearly every attempt to collect on a pre-bankruptcy debt, there are a few exceptions where the automatic stay does not apply: some child support actions, some state and federal tax debts, debts incurred after the bankruptcy case was filed. It is important to know whether the automatic stay applies to the collection action.

3. If a collections attempts continue to collect violates the automatic stay, it may also violate other state or federal laws including:

State unfair trade practice laws Federal Fair Debt Collection Practices Act  State fair debt collection practices laws, or Fair Credit Reporting Act.

Bankruptcy Stay Violation

Caveat: No fail safe course of action

Establish a bona fide error defense

- Violation must not be intentional

- Maintain procedures reasonably adapted to avoid such errors

Use ACA International’s recommended Foti-compliant message

Agency should have written policies and procedures prohibiting collectors from disclosing debts to third parties

19

FDCPA Agency Compliance

Industry leaders believe that the overall most important issue to be dealt with is privacy and security of data.

Identity theft means fraud committed or attempted using the personally identifiable information of another person without

authority.

Consumer‘s Identifiable Information: First, middle, or last name Date of Birth Address Telephone or wireless number Social Security Number Government issued identification number Maiden name Account number

20

Identity Theft

Agency should have reasonable written policies and procedures in place to detect, prevent and mitigate the risk of identity theft

Agency may adopted the ACA International Model Identity Theft Prevention Program

Training and employee awareness decrease internally caused breaches.

21

Identity Theft Written Policies & Procedures

22

The question: Can collection costs legally be added to a debt?

FDCPA, Section 808(1) forbids “the collection of any amount (including any interest, fee, charge or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.” This includes collection costs.

The answer: It is forbidden under FDCPA regulations unless…..

Such amount is expressly authorized by the agreement creating the debt or,

It is permitted by law

Laws evolve as court rulings, regulations and opinions are decided •

FDCPA Adding Unauthorized Collection Costs

23

The Federal Trade Commission (FTC) Official Staff Commentary says,

“A debt collector may attempt to collect a fee or charge in addition to the debt if either (a) the charge is expressly provided for in the contract creating the debt and the charge is not prohibited by state law, or (b) the contract is silent but the charge is otherwise expressly permitted by state law.”

“Conversely, a debt collector may not collect an additional amount if either (a) state law expressly prohibits collection of the amount or (b) the contract does not provide for collection of the amount and state law is silent.”

Can collection costs legally be added?

Benefits Money saved on letter printing costs & postage Speed of electronic communication Trend toward primary source of communication

Risks No current law on point Not secure Consent issues Disclosure requirements Risk of 3rd party disclosure

Compliance Communication – FDCPA applies Can’t misrepresent or communicate in a false or deceptive way Must obtain prior express consent Must provide required disclosures Risk of 3rd party disclosure

24

New Technology email, text, social media

Agency should have policies and procedures in place to address new technology and comply with current law

Trains and monitors collections staff for compliance

Keeps abreast of trends and latest developments in the law

25

New Technology

Agency Compliance

26

Steps to Ensure Compliance

Compliance Initiative/Customer Service Focus

On Going

Nation-wide call recording and speech analytics

National standardized training and auditing

Policies and Procedures implemented to prevent and/or mitigate risk

Bankruptcy (automated/manual)

Credit bureaus reporting (automated/manual)

Cell phone calling (automated/manual)

Adding authorized fees and costs (automated/client contract)

3rd party disclosure (automated/manual)

Wrong party contacts (automated/manual)

Client contracts – risk reduction plan

Thank You!Matthew Clark, Esq., Legal and Compliance DirectorEOS781-753-4414Matthew.Clark@EOS-CCA.com