Highlights

A new Consumer Financial Protection Bureau (CFPB) final rule directly regulates “debt collectors” as defined by the Fair Debt Collection Practices Act

The CFPB provides a safe-harbor mechanism for debt collectors’ email communications with consumers

Additionally, the CFPB plans on releasing a final rule in December to address validation notices, consumer disclosure requirements, and time-barred debt

The Consumer Financial Protection Bureau (CFPB) issued a final debt collection rule at the end of October, just prior to the holiday shopping rush, to clarify how and where debt collectors can contact consumers. This final rule also makes clear that the CFPB only applies to “debt collectors” under the Fair Debt Collection Practices Act (FDCPA) definition.

When the proposed rule was released in May 2019, creditors worried that it may be broadly applied to all creditors under the CFPB’s authority to address unfair, deceptive, or abusive acts or practices (UDAAP) via the Dodd-Frank Wall Street Reform and Consumer Protection Act. However, the language in the new rule specified, that the CFPB “declines to expand the rule to apply to first-party debt collectors who are not FDCPA debt collectors.”

This final rule still may have implications for creditors and UDAAP violations. The CFPB declined “to clarify whether any particular actions taken by a first-party debt collector who is not an FDCPA debt collector would constitute a [UDAAP violation].” Additionally, the CFPB stated that it does not take a position on whether practices it has identified as violating the FDCPA also constitute UDAAP violations, so creditors should still decide what portions of the CFPB’s final rule, if any, they should adopt to avoid UDAAP violations.

In addition, the bureau intends to issue a disclosure-focused final rule in December 2020 to implement and interpret the FDCPA’s requirements regarding consumer disclosures and certain related consumer protections.

Safe Harbor Protections

Another key aspect of this final rule is that it provides safe-harbor protections for debt collectors against third-party disclosures when communicating with consumers via email. But the CFPB emphasized that the safe harbor guidance is not the only way for debt collectors to comply with the FDCPA. If debt collectors deviate from the safe-harbor mechanism, they lose safe harbor protections, but that does not mean the debt collectors are automatically noncompliant with the FDCPA. Before a debt collector can take advantage of the safe harbor against third-party disclosure by sending an email to a consumer, at an email address the consumer provided to the creditor, the creditor must send a notice to the consumer providing 35 days to opt-out of such email communications.

Among other things, the notice must be sent by the creditor and must clearly and conspicuously disclose that the debt has or will be transferred to the debt collector. Additionally, a creditor can only transfer an email address to a debt collector if it is on a domain available to the general public. Because a debt collector’s safe harbor relies, in part, on action by the creditor, this final rule affects the way debt collectors and creditors interact. Thus, creditors should consider establishing processes to issue notices of opt-out rights and to verify that the email address domains they send to debt collectors are generally available to the public.

This final rule also contemplates the creditor transferring consent to text messaging a consumer to a debt collector, but it does not provide a safe harbor mechanism for doing so.

In December, the CFPB plans to release an additional final rule, which is expected to contain the provisions relating to validation notices, consumer disclosure requirements, and time-barred debt. The final rule is likely to suggest imposing several obligations on creditors related to validation notices, such as providing itemizations of credits and charges after the “itemization date.”