On July 10, 2013, the Consumer Financial Protection Bureau (“CFPB”) issued two bulletins detailing examples of particular conduct by collectors of consumer debt that may constitute either: (i) an unfair, deceptive or abusive act or practice (“UDAAP”) under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“DFA”) or (ii) a deceptive act or practice under the Fair Debt Collection Practices Act (“FDCPA”).1 CFPB Bulletin 2013-07 provides examples of conduct that may constitute a UDAAP under the DFA, while CFPB Bulletin 2013-08 describes CFPB observations of representations regarding the impact of debt payments on credit reports and scores that the CFPB believes may be either UDAAPs or deceptive acts or practices under the FDCPA.2 Based on these issuances, creditors, debt buyers, and third-party debt collectors subject to supervision and examination by the CFPB, as well as institutions that rely on the services of such entities, should review and update their policies, procedures, communications materials, scripts and training manuals (and, as applicable, third party vendor oversight) to ensure they comply with the guidance.

The DFA UDAAP Standard
Unfair Acts or Practices
Pursuant to the DFA standard for unfairness,3 an act or practice is unfair when:
  • It causes or is likely to cause substantial injury to consumers;
  • The injury is not reasonably avoidable by consumers; and
  • The injury is not outweighed by countervailing benefits to consumers or to competition.4
As noted in CFPB Bulletin 2013-07, “a ‘substantial injury’ typically takes the form of monetary harm, such as fees or costs paid by consumers because of the unfair act or practice. However, the injury does not have to be monetary.”5 Additionally, “actual injury is not required; a significant risk of concrete harm is sufficient.”6 An injury is not reasonably avoidable by consumers if “an act or practice interferes with or hinders a consumer’s ability to make informed decisions or take action to avoid that injury.”7 According to the CFPB, this includes injuries caused by a transaction that occurs without a consumer’s knowledge or consent, or “that can only be avoided by spending large amounts of money or other significant resources.”8
A “substantial injury” for UDAAP “unfairness” purposes typically takes the form of monetary harm.
Deceptive Acts or Practices
CFPB Bulletin 2013-07 further notes that an act or practice (which could take the form of a representation or omission) is deceptive when:
  • The act or practice misleads or is likely to mislead the consumer;
  • The consumer’s interpretation of the act or practice is reasonable under the circumstances; and
  • The misleading act or practice is material.9
To determine whether an act or practice has actually misled or is likely to mislead a consumer, the totality of the circumstances is considered.10 As noted in CFPB Bulletin 2013-07, the CFPB “also looks at implied representations, including any implications that statements about the consumer’s debt can be supported.”11 According to the CFPB, in determining whether a “consumer’s interpretation of the information was reasonable under the circumstances when representations target a specific audience, such as older Americans or financially distressed consumers, the communication may be considered from the perspective of a reasonable member of the target audience.”12 Finally with respect to materiality, the CFPB indicates that information is material if it “is likely to affect a consumer’s choice of, or conduct regarding, the product or service.13
In determining whether a statement is misleading, the CFPB will assess whether “implied representations” in statements to consumers can be supported.
Abusive Acts or Practices
The new “abusive” element added by the DFA to the traditional unfair and deceptive acts or practices (“UDAP”) standard under Section 5 of the Federal Trade Commission (“FTC”) Act14 appears to be somewhat superfluous given interpretations of acts or practices subject to the FTC Act UDAP standard. Nonetheless, the element was added, and tracking the statutory criteria, the CFPB provides that an act or practice may be deemed to be abusive if it:
  • Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or
  • Takes unreasonable advantage of:
    • A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
    • The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or
    • The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.15
The CFPB recently provided additional clarity on what may constitute “abusive” conduct when it filed a lawsuit against a debt relief services company.16 In that case, the alleged abusive conduct involved the debt relief company enrolling in its debt-relief programs consumers whose financial condition made it highly unlikely that they could complete the programs, which the CFPB alleged was specifically known by the company.17 Before enrolling consumers in its program, the company obtained detailed information on a consumer’s monthly income, expenses, and debts.18 Based on this information, the company was able to determine whether a consumer could sustain the monthly payments required by the program. Despite receiving financial information showing some consumers could not make the monthly payments beyond a limited timeframe, the CFPB noted that the debt relief company nonetheless collected “enrollment” fees from consumers and then failed to provide any debt relief services.19 Eventually the consumers had to drop out of the program, and as a result, spent their last savings paying fees for a service from which they did not benefit.
As noted in its recent lawsuit against a debt relief services company, the CFPB may consider whether the consumer actually received value in determining whether an act or practice is “abusive.”
An interesting additional aspect of CFPB Bulletin 2013-07 is a non-exhaustive list of conduct observed in the collection of consumer debt that the CFPB believes could constitute a UDAAP (that is, in addition to potential violation of the FDCPA). Qualifying these observations with the note that any determination will depend on the particular facts and circumstances involved, following are some of the practices the CFPB indicates it will be closely monitoring:
  • Collecting or assessing a debt and/or any additional amounts in connection with a debt (including interest, fees, and charges) not expressly authorized by the agreement creating the debt or permitted by law.
  • Failing to post payments timely or properly or to credit a consumer’s account with payments that the consumer submitted on time and then charging late fees to that consumer.
  • Taking possession of property without the legal right to do so.
  • Revealing the consumer’s debt, without the consumer’s consent, to the consumer’s employer and/or co-workers.
  • Falsely representing the character, amount, or legal status of the debt.
  • Misrepresenting that a debt collection communication is from an attorney.
  • Misrepresenting that a communication is from a government source or that the source of the communication is affiliated with the government.
  • Misrepresenting whether information about a payment or nonpayment would be furnished to a credit reporting agency.
  • Misrepresenting to consumers that their debts would be waived or forgiven if they accepted a settlement offer, when the company does not, in fact, forgive or waive the debt.
  • Threatening any action that is not intended or the covered person or service provider does not have the authorization to pursue, including false threats of lawsuits, arrest, prosecution, or imprisonment for non-payment of a debt.
One important note for entities involved in consumer debt collection is that the FDCPA applies to entities defined as “debt collectors” under the FDCPA, which does not include certain entities that collect consumer debt, such as first-party creditors collecting on their own debts, service providers collecting debts that were not delinquent when servicing began, and entities that only collect transferred debt originated by corporate affiliates.20 However, the UDAAP standard applies to all entities and service providers subject to the CFPB’s supervisory jurisdiction, and thus is applicable to certain debt collectors exempt from certain requirements of the FDCPA.

Another important point for insured depository institutions (“IDIs”) and other supervised entities is the exposure they may have both under the FDCPA and the new UDAAP standard under the DFA with respect to the acts or practices of third party vendors that are retained by the IDI or supervised entity to handle debt collection activities.

Potentially Deceptive Acts or Practices under the FDCPA

In addition to debt collector conduct that may constitute a UDAAP, in CFPB Bulletin 2013-08 the CFPB identifies certain conduct that may constitute a “deceptive act or practice” under the FDCPA which, among other things, makes it illegal for debt collectors to “use any false, deceptive, or misleading representation or means in connection with the collection of any debt.”21 In CFPB Bulletin 2013-08, the CFPB highlights concerns with respect to potentially deceptive conduct it observed during supervisory examinations and enforcement investigations of debt collection firms. Of particular note were representations made by collectors to consumers regarding the impact that debt collection payments may have on their credit reports and credit scores. These included statements indicating that:

  • Paying obsolete debt22 will remove that debt from a consumer’s credit report. The CFPB notes that this could be deceptive because the information regarding the debt will generally no longer appear on a consumer’s credit report even if the debt is unpaid.
  • Paying non-obsolete debt will improve a consumer’s credit report. The CFPB notes that payment on such debt will change credit reports only if: (i) the debt collector furnishes information about the payments to credit reporting agencies (“CRAs”), and (ii) such CRAs add the information to credit files and reports. If such information is not furnished to a CRA, then it could be deceptive for the collector to make representations that the payments will be reflected on the consumer’s credit report.
  • Paying debt will improve a consumer’s credit score. Making such a representation may be deceptive considering the numerous factors that influence an individual consumer’s credit score.
  • Paying debt will improve creditworthiness or improve a consumer’s chances of receiving a loan. Making such a representation may be deceptive, given that lenders use a variety of sources of information to determine the creditworthiness of prospective borrowers, including credit report or score, and may also evaluate such information differently in underwriting models to determine the creditworthiness of prospective borrowers. Such information is not available or known by the debt collector, and, thus, the debt collector may have no basis to make such claims.

The CFPB notes that the determination of whether an act or practice is deceptive depends on the particular facts and circumstances. For example, if a collector indicates that paying the debt “may” improve your credit score, depending on the actions of a third party, such a statement would be less likely to be deceptive. However, if a collector were to state that a consumer would “definitely” be approved for a mortgage loan if the consumer could just pay off the debt, that statement would be more likely to raise concerns at the CFPB. This may be particularly acute if a third-party debt collector is collecting on behalf of a financial institution that the consumer is directly dealing with for a new loan or other extension of credit.

Implications for Creditors, Debt Buyers and Debt Collectors

The CFPB’s July 10, 2013 guidance offers helpful insight into the particular acts or practices the CFPB may find troublesome from a UDAAP perspective as it commences its supervision and examination of certain participants in the consumer debt collection industry. It is important for debt collection firms and other entities involved in consumer debt collection that are subject to the CFPB’s jurisdiction to understand and continue to closely monitor the CFPB’s supervisory and enforcement activities, as well as any future guidance, related to its UDAAP authority and/or enforcement of the FDCPA. This should be of particular concern for IDIs and other supervised entities that rely on third-party service providers to conduct debt collection activities on their behalf. We expect that the scope and application of federal UDAAP authority will continue to evolve. Accordingly, industry participants in the debt collection sector, as well as financial firms that provide other consumer financial products and services, should continue to follow the CFPB’s (and other agencies’) activities in the UDAAP context.

Developing a UDAAP and FDCPA Compliance Action Plan

While we see considerable potential UDAAP risk for debt collection firms, they are not alone. An important consideration for debt collection firms and others who rely on their services is to remain vigilant with respect to compliance, training, oversight, quality control, and other aspects of a strong and effective UDAAP compliance program. In this regard, debt collection firms and other financial firms with similar or collateral UDAAP and FDCPA compliance exposure should consider implementing a UDAAP and FDCPA compliance action plan that includes the following elements, which are based on criteria from the CFPB’s Examination Manual:

  • Training Materials. Review customer call representative training materials to identify potential UDAAP/FDCPA compliance issues based on the CFPB’s existing guidance discussed herein.
  • Customer Call Scripts. Periodically review and update customer call center scripts, as appropriate, to address UDAAP/FDCPA compliance risks.
  • Debt Collection Call Monitoring. Monitor and periodically review recorded debt collection calls for UDAAP/FDCPA compliance and quality control, including ensuring that controls are in place to avoid repeated telephone calls to annoy, abuse, or harass a consumer.
  • Add-on Product Review and Fee Structure. Review any additional products or services provided in connection with debt collection activities, and assess the fee structure and adequacy of disclosures regarding such products and services to ensure that:
    • Fees/charges are disclosed in a manner that is not misleading,
    • Consumer payments are posted in a timely manner,
    • Payments are applied in a manner that does not inappropriately increase consumer payments, and
    • Consumers are only charged for amounts and for products/services that are specifically agreed to.
  • Compliance Policies and Procedures. Review existing compliance policies and procedures addressing UDAAP/FDCPA compliance issues related to the imposition of controls on collection activities.
  • Internal Compliance Controls. Assess the effectiveness of internal compliance controls and ensure that UDAAP/FDCPA compliance programs provide for periodic review and testing.
  • Compensation and Incentive Arrangements. Monitor and periodically review compensation arrangements and incentive programs available to customer representatives.
  • Consumer Complaint Monitoring. Monitor consumer complaint systems to identify potential UDAAP/FDCPA compliance risks, and maintain documentation regarding corrective actions required to address compliance deficiencies and related issues.
  • Third Party Vendor Management. Monitor the activities of third party vendors and service providers responsible for core/key areas of consumer debt collection activities, and ensure the adequacy of supervision and oversight of the same.
  • Customer Privacy Protections. Ensure that policies and procedures are in place to ensure that customer representatives and third-party contractors do not disclose the existence of a consumer’s debt to the public without the consent of the consumer, except as permitted by law.
  • Customer Data Protections. Periodically review the effectiveness and adequacy of customer information protection controls and security systems, and conduct testing on the same, as appropriate.
  • Internal/External Risk Reviews. Conduct periodic internal and external UDAAP/FDCPA compliance risk reviews.
  • Board/Management Oversight. Ensure that the Board and/or senior management are kept informed of UDAAP/FDCPA compliance risks and vulnerabilities and are consulted, as appropriate, regarding program deficiencies and potential vulnerabilities, as well as with respect to solutions addressing the same.
  • Customer Representative Disciplinary Procedures. Assess the adequacy and effectiveness of customer call representative disciplinary policies and procedures to address inappropriate UDAAP/FDCPA compliance behavior.
  • Customer Notification and Disclosure Procedures. Ensure systems are maintained to ensure compliance with the substance and timing of applicable customer notification procedures and disclosure requirements required by the FDCPA and related laws.