Press Enter to Search
Compliant Texting for Collections: 7 Things You Need to Know About Consent

Compliant Texting for Collections: 7 Things You Need to Know About Consent

This is the second post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.

 

For third-party debt collectors, texting can be a scary proposition. Overlapping requirements and restrictions, and the confusion surrounding them—not to mention the potential backlash from consumers—are enough for many ARM leaders to throw up their hands and say, “No thanks.”

Some agencies, however, have braved this new frontier and succeeded. This begs a simple question: are industry fears of texting overblown?

Previously, we outlined three reasons why adopting text messaging is essential for ARM businesses. Not only does digital communication improve collection results via personalized engagement and convenient self-service tools, but it’s also proving to be the only way to curtail the sharply rising costs associated with live agent calls, paper letters, and first-class postage.

At the heart of many ARM agencies’ compliance fears is uncertainty about how to obtain and manage consent. What constitutes proper consent, and what are the pitfalls to avoid? Here are seven things you need to know, and should discuss with legal counsel, before moving ahead with a text messaging program.

 

 

1. A Text Message Is the Functional and Legal Equivalent of a Phone Call

Text messages trigger the same legal and regulatory requirements as phone calls placed to mobile devices using an automated telephone dialing system (ATDS), prerecorded message, or artificial voice. The Telephone Consumer Protection Act (TCPA) applies to text messaging, as do the Fair Debt Collection Practices Act (FDCPA) and the requirements put forth by CTIA (formerly the Cellular Telephone Industry Association).

But not all text messages trigger state calling times and frequency restrictions.

In the case of self-service text message programs, consumers can request information about their accounts and make payments 24/7. These sorts of self-service actions are initiated by the consumer with the expectation and understanding on the part of the consumer an automated response will be provided to their self-service text request.

For example, if a consumer requests the balance on their accounts at 3:00 a.m., the consumer will immediately receive a text from the agency indicating the total balance due on all active accounts. The automated response sent by the agency’s text messaging service informing the consumer of the balance due should not be deemed a communication that must satisfy state calling times and frequency restrictions.

On the other hand, if the agency initiates a text to the consumer, any such text would trigger state calling times and frequency restrictions. For example, if the agency notifies the consumer their last payment failed, such a text would not be deemed a self-service request. It would be deemed an agency- initiated text similar to an agency initiated outbound call.

The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act complicates matters for collectors, as it fails to address ARM industry concerns about the TCPA and punts the ball for rulemaking to the FCC.

As we await the FCC’s proposed rules, which should be published in the coming months, the U.S. Supreme Court will revisit TCPA’s federal debt collection carve-out. This decision could have big implications for TCPA compliance when it comes to collecting debts owed to the Federal government and any other type of exemption from the TCPA based on the content of the message.

 

2. Inviting and Convincing Consumers to Text Can Be Challenging

Unless an ARM agency has received consent to text from the creditor (sometimes referred to as pass-through consent), the debt collector will want to create opportunities for the consumer to subscribe to its text messaging program. These opportunities could include the live-agent talk off, the inbound IVR script, a manual text invitation using a Zortman-type voicemail message, verbiage within the text of the collection notice, and the agency’s consumer portal.

If an agency has obtained pass-through consent to text from the creditor, the agency may initiate a text message inviting the consumer to subscribe to its text message service. The caveat to relying on pass-through consent is that this does not solve the reassigned number conundrum (see below).

Apart from compliance concerns, ARM agencies must somehow convince consumers to subscribe to their text messaging service. To the average consumer, the benefits of texting with a debt collector might not be immediately clear. I recommend starting off with a self-service text messaging program that allows consumers to choose the type and frequency of messages received and manage their accounts with ease.

 

3.  The Reassigned Number Conundrum Is Real, but the Risk Is Manageable

When a consumer relinquishes their mobile number to a carrier, the carrier will reassign the number to another consumer. The law remains unsettled as to whether a text or ATDS call placed to the new consumer using a mobile number for which the calling party once had consent is a violation of the TCPA after the number is reassigned.

At least one court recognizes the conundrum, holding that the calling party is not liable for the call placed in error. In Sandoe v. Boston Sci. Corp. (Civil Action No. 18-11826-NMG, 2020 U.S. Dist. LEXIS 2800 [D. Mass. Jan. 8, 2020]), the Court granted summary judgment in favor of the defendant, ruling a calling party may reasonably rely on consent associated with a mobile number

“This Court declines to contravene the FCC’s regulation by interpreting the TCPA as requiring callers to do what the competing expert reports in this case demonstrate is either impossible, or at least highly unreliable.”

To avoid any issue over the validity of pass-through consent, debt collectors should conduct a scrub to ensure the consumer who originally granted the consent is still associated with the mobile number.

 

4. Text Consent Need Not Be Specific to Meet the Requirements of the TCPA

Under the TCPA, you do not need consumers’ specific permission to text as long as you properly obtain consent (whether verbally or in writing) to meet the minimum requirements of the TCPA. From a legal standpoint, consent to autodial, leave a prerecorded message, or use an artificial voice in an outbound communication to a mobile phone includes consent to text.

Nevertheless, most creditors and third-party collection agencies err on the side of caution by seeking express, specific consent to text—not just to avoid legal complications, but to be sensitive to consumers’ wishes. This is a smart move, especially now that service quality has become a leading differentiator in the ARM market.

 

5. CTIA—the Mobile Industry Standard for Short Code Text Messaging—Requires More Than the TCPA

CTIA (formerly the Cellular Telephone Industry Association) is the self-regulatory body governing the use of short code text messages. The CTIA’s consent-to-text requirements are more stringent than the TCPA’s.

Unlike the TCPA, which recognizes a consumer’s verbal permission to text, the CTIA requires consumers to affirmatively subscribe to or join a text message program. Consumers can do so by replying to a text message inviting them to participate or by initiating a text message to a short code using a keyword such as YES, ENROLL, or SUBSCRIBE.

Although the CTIA’s guidelines for text messaging consumers do not establish a private right of action,  operating outside of them could lead major carriers to block your text messages.

 

6. Prior Express Consent Gives Third-Party Collectors the Green Light to Text First

If you have received pass-through consent to text from the creditor, or the consumer provides their consent to text verbally, you are permitted to send a text message to that consumer’s mobile number inviting the consumer to agree to terms and conditions and opt into your text messaging program by way of a text message response.

 

7. Invitations to Text Should Be Transparent—with No Strings Attached

CTIA comes down hard on what it considers unfair practices—not just the failure to properly obtain consent, but also unreasonable claims and demands.

For example, carriers prohibit the use of the word “free” in describing a standard messaging rate texting campaign. Any messages a consumer receives from a business may trigger text and data charges for which the consumer must pay.

CTIA also prohibits a business from requiring a consumer’s consent as a condition of an opportunity—e.g., a settlement or type of payment. If you’re going to offer consumers the option to text, you must offer it as a service without demanding anything in return.

Clarity and transparency are key to a compliant, successful text messaging program. Make sure your invitation to text is worded in a simple, straightforward way, with no inflammatory language (intentional or not). This will help ensure consumers understand exactly what they’re consenting to—and help you avoid service failures, legal problems, and lost opportunities to collect.

 

Learn More About Compliant Texting for Collections

To successfully make the leap to digital communications, you’ll need to focus your efforts in three areas: 1) applicable laws, regulations, and industry standards; 2) consumer expectations for service; and 3) day-to-day compliance management.

I’ve outlined what you need to get started in our complementary eBook “Ready to Text 2.0: The Collection Professional’s Guide to Compliant Communication in 2020.” In it, you’ll learn why texting is important, what recent legal decisions mean for collectors, and how to mitigate your legal risks and serve consumers well.

If you missed my recent webinar “Game-Changing TCPA Cases & the TRACED Act: The Bottom Line for Collectors,” I encourage you to download the recording today so you can better understand how these laws intersect and the steps you should take to protect your business.

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2020 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Ready to Text in 2020?

Text messaging for collections is complicated. It’s also mission critical. Our brief ARM industry texting guide, newly updated for 2020, has the insights and advice you need to get your digital communications program up and running.

Don’t get left behind. Download your copy today!

Are You Ready to Text?

Take charge of compliance and start texting with confidence. This free eBook (newly updated for 2020) explains how.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

RMAI Recap: Top 4 ARM Industry Topics and Key Takeaways

RMAI Recap: Top 4 ARM Industry Topics and Key Takeaways

If the Receivables Management Association International’s (RMAI) 2020 annual conference was any gauge of the accounts receivable management (ARM) industry’s future, I would say business is in for another good run. More than 1,300 debt buyers, first- and third-party collectors, government officials, and service providers descended on Las Vegas for what I believe was the best education conference I’ve attended in years.

Session attendance was so strong, presentations were often made to standing room–only crowds, and the Exhibit Hall was no exception.

Over the course of the four-day event, certain themes dominated the conversation: digital consumer communications; diversity, inclusion, and ADA compliance; the CFPB’s new rules for debt collection; and new legal theories plaintiffs’ attorneys are formulating in the name of consumer protection.

Let’s dive into each of these RMAI themes one by one.

 

Digital Communications

One-way and two-way text messaging, along with email communications and the use of secure URL links, are coming of age for debt collectors. Yet E-Sign consent remains a challenging topic both conceptually and technically for the industry as a whole.

To properly obtain a consumer’s consent to substitute the digital delivery of a legally required disclosure or legally required written document (such as a validation notice or post-dated payment reminder), a collector must require the consumer to demonstrate their ability to send and receive the information at the mobile number or the email address they choose for this purpose. E-Sign consent is not valid until the demonstration is complete.

 

Diversity, Inclusion, and ADA Compliance

Three years ago, these topics would not have been included in a session agenda for an ARM industry conference. Today, they’re among the industry’s hottest topics.

First- and third-party collectors employ over 130,000 people of diverse backgrounds. Understanding how to manage individuals who vary by age, socioeconomic status, race, gender, and religious beliefs has become critically important to organizational success. By including people from diverse groups in the decision-making process—from the front line all the way to the C suite—companies can positively impact their employee retention rates, brand reputation, and profitability.

ARM businesses should be equally focused on meeting the needs of diverse consumers—including those with disabilities. The Americans with Disabilities Act (ADA) has traditionally applied to brick-and-mortar businesses, but the 9th Circuit made the ADA come alive for the ARM industry in the matter of Domino’s Pizza LLC v. Robles.

Domino’s argued that companies were not required under the law to make their websites and mobile apps fully accessible so long as they offered customers with disabilities other options for accessing the goods and services, such as a telephone hotline.

The 9th Circuit disagreed. The Court held the ADA applies to a company’s website and mobile app as well as any brick-and-mortar presence it may have. In the Court’s opinion, the ADA “applies to the services of a place of public accommodation, not services in a place of public accommodation” (emphasis added).

 

CFPB’s New Rules for Debt Collection

The RMAI conference buzzed with the unofficial announcement that the Consumer Financial Protection Bureau (CFPB) will be publishing its final rules for debt collection in Q2 or Q3 of 2020. The new rules will take effect one year after the date of publication in the Federal Register.

If the CFPB is true to its “word,” albeit unofficial, this means agencies will have months, not years, to adapt—i.e., update their policies and procedures, reengineer their software applications, modify creditor-client contracts, embrace technology to communicate digitally, and incorporate artificial intelligence in their contact management workflow.

Attendees also learned the CFPB plans to publish a new rule for out-of-statute debt. In its notice of proposed rulemaking for debt collection, the CFPB reserved the right to study issues pertaining to the collection of out-of-statute debt. After many months of research, the CFPB has identified disclosure requirements for the collection of out-of-statute debt. The new rule for out-of-statute debt collection, once final, will be included in the comprehensive final rules for debt collection.

 

New Legal Theories and Claims

One of the required courses for RMAI certification is the ever-popular Hot Topics session presented by a panel of RMAI-certified attorneys. This year’s Hot Topics included an explanation of a new claims attacking the validity of a judgment on the grounds:

  • The judgment was obtained by an unlicensed debt buyer;
  • An incorrect interest rate was applied to the judgment total; or
  • The underlying debt was not valid, and the original service of process was insufficient.

Other hot topics included a discussion of the difference between convenience fees charged by agencies and convenience fees charged by third-party processors as well as issues relating to credit reporting and trade line deletion practices.

 

Final Thoughts

Throughout the conference, Solutions by Text did a fantastic job updating the attendees with information about the networking events and providing them with access to PowerPoint decks and materials for the sessions.

For additional information about the RMAI conference or any of the topics mentioned above, visit https://rmaintl.org/.

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2020 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Ready to Text in 2020?

Text messaging for collections is complicated. It’s also mission critical. Our brief ARM industry texting guide, newly updated for 2020, has the insights and advice you need to get your digital communications program up and running.

Don’t get left behind.

Download your copy today!

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

What the TRACED Act Means for Third-Party Collectors—and 5 Tips for Protecting Your Business

What the TRACED Act Means for Third-Party Collectors—and 5 Tips for Protecting Your Business

During the waning hours of the first session of the 116th Congress, robocall practices were attacked with lightning speed in the form of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. Sponsored by South Dakota Republican Senator John Thune and New Jersey Democratic Congressman Frank Pallone, this bipartisan bill was signed into law by President Trump on December 30, 2019.
 
Arguably hidden behind its stated purpose, which was to modify sections of the Telephone Consumer Protection Act at 47 U.S.C. § 227 (TCPA), the TRACED Act is essentially a codified directive to the Federal Communications Commission (FCC) to enact rulemaking on a number of issues relating to robocalls. This was a very formal way for Congress to push the sticky business of reforming the TCPA to the chief regulator of the communications industry, the FCC.
 
For all practical purposes, the TRACED Act is a win for both consumers and the telecommunications industry. But it represents a devastating loss for third-party debt collectors.
 
 

ARM Industry Concerns Left Unaddressed

Since 2005, the accounts receivable management (ARM) industry has fervently lobbied Representatives and Senators on both sides of the aisle for amendments to the TCPA. During this time, the industry also advocated before the FCC for modifications to the agency’s 2003 TCPA regulations.
 
The ARM industry’s proposed changes sought clarification of the following issues: 
 
  • Consent requirements to use an auto dialer, prerecorded message, or artificial voice when contacting a consumer using their cellular number;
  • Revocation of consent requirements to use an auto dialer, prerecorded message, or artificial voice when contacting a consumer using their cellular number;
  • The definition of an automatic telephone dialing system (ATDS) and its alter ego, a manual contact system; and
  • Transferability of consent when a carrier reassigns a mobile number from one person to another. 
 
Unfortunately, not one of the amendments offered by the ARM industry was included in last year’s landmark legislation.
 
Notwithstanding this defeat, third-party debt collectors as well as organizations or businesses that call consumers need to understand the TRACED Act and how it may impact them. This is not because their calls should be placed in the same category as robocalls launched by bad actors, but because in its zeal to stomp out robocalls from the bad actors, Congress included legitimate calls in its regulatory web.
 
 

Summary of the TRACED Act’s Key Provisions

As outlined by Contact Center Compliance DNC.com, the main provisions of the TRACED Act are as follows:
 
  • Stopping Robocalls — The TRACED Act directs the FCC to take final action on its June 2019 Declaratory Ruling on Advanced Methods to Target and Eliminate Unlawful Robocalls.
  • SHAKEN/STIR — Service providers are required to implement SHAKEN/STIR, or Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR). These are authentication protocols for digitally validating a phone call as it passes through the complex web of telecom networks, allowing phone providers to verify that the call is actually coming from the party that appears to be placing the call.
  • Monetary Penalties — The FCC is authorized to assess penalties of up to $10,000 per call for violation with intent.
  • Statute of Limitations — The statute of limitations for a general violation is one year, while the statute of limitations for violation with intent is four years.
  • Protections from Spoofed Calls — The TRACED Act instructs the FCC to enact a rulemaking to “help protect a subscriber from receiving unwanted calls or text messages from a caller using an unauthenticated number.”
  • Report on Reassigned Number Database — Within a year of the date of enactment, the FCC must give a report to Congress on its progress in implementing its proposed official database of reassigned phone numbers.
  • Protection from One-Ring Scams — The FCC is required to “initiate a proceeding to protect called parties from one-ring scams.”
 
Each of these provisions requires careful analysis. The SHAKEN/STIR requirements alone present challenging call authentication protocols that will be fleshed out by the FCC over the next months and years and enacted in the form of new rules.
 
It would behoove members of the ARM industry to study any proposed rules published by the FCC and to file comments. For in the end, any violation of the TRACED Act could trigger a penalty as high as $10,000 per violation. Whether SHAKEN or STIRred, that’s one costly martini.
 
 

5 Things You Must Do to Mitigate Your Risks

We at Ontario Systems have closely monitored the robocall movement for several years. We’ve participated in work groups on behalf of various industries, advocated before the FCC, and monitored the TRACED Act legislation as it moved through both chambers of Congress. We’ve also conferred with our clients about their concerns with the TRACED Act.
 
Based on what we know, here’s what we recommend. If you communicate with consumers—whether you’re a third-party debt collector, credit issuer, healthcare provider, or Federal, State, or local government—you should seek the advice of independent legal counsel to determine exactly how the TRACED Act may impact your communications with consumers.
 
You should also consider the following next steps and ongoing practices: 
 
  1. Enhance consent and revocation of consent documentation per consumer and per number.
  2. Establish a process to pull reports on caller ID display on all outbound calls.
  3. Ensure outbound calls are made using numbers associated with the proper company.
  4. Monitor and analyze fraud and scam scores assigned by carriers to your outbound calls.
  5. Ensure all outbound calls comply with state, Federal, and client call restrictions.
 
For additional information about the TRACED Act and other contact/compliance management issues, visit Ontariosystems.com or reach out to me at Rozanne.andersen@ontariosystems.com.
 
 
 
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2020 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Ready to Text in 2020?

Text messaging for collections is complicated. It’s also mission critical. Our brief ARM industry texting guide, newly updated for 2020, has the insights and advice you need to get your digital communications program up and running.

 

Don’t get left behind. Download your copy today!

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

ARM Insights for 2020: Top 5 New Year’s Resolutions for Greater Collections Success

ARM Insights for 2020: Top 5 New Year’s Resolutions for Greater Collections Success

At the close of each year, I’m routinely asked to share new year’s predictions for the accounts receivable management (ARM) industry. Several publication editors have already asked me for my thoughts on what lies ahead in 2020.
 
This year, however, I’m steering clear of the predictions game.
 
With a Presidential election in sight, more than an average amount of chaos in Washington, and a stock market that seems impervious to political winds, I’m inclined to reflect upon what we do know rather than try to predict the unknowable.
 
One thing we know for sure: 2019 was a landmark year for the ARM industry.
 
  • The Consumer Financial Protection Bureau (CFPB) finally published its long-awaited proposed new rules for debt collection.
  • With California as a cornerstone, privacy legislation swept the country.
  • Robo call practices were attacked with lightning speed by both houses of Congress (TRACED Act).
  • The credit and collection industry finally embraced digital communication technologies.
 
Big changes are underway, and the ARM industry is growing more complex by the day. Yet despite increasing regulatory limits and uncertainty, ARM decision makers have unprecedented opportunities to operate and compete more effectively.
 
The extent of your gains in 2020 and beyond will be determined by how well your business balances compliance, customer service, and operational efficiency. As you reflect on past wins and losses, consider these 2020 resolutions as the means to a more successful year.
 
 

Resolution #1: Read These Three Publications (and the Fourth if You Credit Report)

I highly recommend you set aside time to read these publications. They won’t change your life, but they may change how you approach your business.
 
  • The State of Third-Party Collections 2019: Challenges, Trends and Innovations (TransUnion) – This TransUnion Report (Copyright 2019, Transunion LLC) is the best in its class, and something that’s all too rare: an accurate, well-designed study about the third-party collections industry. Topics include relevant industry trends, collection operations and related outcomes, tools and technology, and consumer communications.  >>> Download the State of Collections 2019

 

  • CFPB Supervisory Highlights, Issue No. 18 (Winter 2019) and Supervisory Highlights, Issue No. 19 (Summer 2019) – In these reports, the CFPB shares its findings in the areas of UDAAPs, debt collection, credit reporting, and other markets subject to its supervision completed between December 2018 and March 2019 (Winter 2019) and between June 2018 and November 19 (Summer 2019). Understanding how the credit and collection industry’s chief regulator is interpreting and enforcing the law and directing remediations is a great way for you to learn what to stop doing and what you should start doing to improve your operations.  >>> Download Winter 2019 Supervisory Highlights   >>> Download Summer 2019 Supervisory Highlights

 

  • CFPB Supervisory Highlights, Consumer Reporting Special Edition (Aug 2, 2019) – Topics include the Fair Credit Reporting Act, supervision, credit reports and scores, identity theft and fraud, debt collection, banking, and financial service providers. In this special edition of CFPB Highlights, the CFPB focuses on the numerous root issues plaguing consumers and data furnishers alike.  >>> Download Supervisory Highlights Consumer Reporting Special Edition
 

Resolution #2: Reduce Your Head Count

According to the Transunion Report, the number of people employed by firms in the third-party collections industry is steadily declining. In 2007, these firms employed over 141,000 people; by 2016, that number had dropped to around 120,000.
 
While this contraction is partly the result of mergers, acquisitions, and firms exiting the market, it’s primarily driven by increasing adoption of automation and other efficiencies within existing firms. Inbound and outbound communication strategies, coupled with the use of self-service options for consumers, are already helping ARM businesses streamline operations, transition to a 24/7 service model, and increase profitability per full time equivalent.
 
The role of automation, and the extent of its use, will only grow in 2020. Firms that aren’t running lean risk getting left behind. This is one resolution you can’t afford to let slide.
 
 

Resolution #3: Move Up the Food Chain, and Walk Away from Out-of-Statute Debt

If you’re not collecting pre-charge-off debt, you’re behind the industry curve. More than two out of five collectors (42%) report that their company collects on pre-charged-off debt, and that number will likely continue to rise. Not only will this service increase the stickiness between your creditor clients and your firm, but if done properly, it will also allow you to sidestep the requirements of the Fair Debt Collection Practices Act.
 
if you’re collecting out of-statute debt, you’re playing with fire. It’s time to walk away for good. The CFPB plans to issue new rules for the collection of out-of-statute debt sometime in Q1 of 2020, and litigation over the verbiage required in collection notices as a condition of collecting out-of-statute debt remains strong.
 
 

Resolution #4: Watch the Expense Column, and Invest in Your Future

Sometimes, watching your expenses does not mean spending less. Rather, for third-party debt collectors, watching expenses means making sure you are spending money today on line items that prepare you for tomorrow.
 
If you Google the phrase “consumer delinquency rates,” you will see that consumer delinquency rates have remained at or slightly above pre-2008 Great Recession rates. Yet consumer debt is growing to worrisome levels. If history is any indicator, the credit bubble will burst yet again. You’ll want to be prepared.
 
“Ben Mohr, senior research analyst of fixed income at investment consultant Marquette Associates, calculated that total U.S. consumer debt hit $14 trillion in the first quarter of 2019, surpassing the roughly $13 trillion of leverage accumulated in credit cards, auto loans and mortgages and other debt back in 2008, when those souring loans and securities pegged to them helped to send global markets into a tailspin.” – Mark DeCambre, MarketWatch
 
There’s a clear message here for third-party debt collectors: prepare for a pending boon in the collection industry market, and start building the technology and compliance infrastructure needed to handle the increase in assignments.
 
The Transunion report reveals the following breakdown in tools and technology agencies are investing in today:
 
  • Manual skip tracing (80%)
  • Collection management software (77%)
  • Online payment portal (72%)
  • Toll-free number (63%)
  • Call recording (63%)
  • Letter vendor (57%)
  • Batch skip tracing (52%)
  • Consumer data (45%)
  • Compliance software (35%)
  • Predictive dialer (31%)
  • Interactive voice response (IVR) (21%)
  • Speech analytics (17%)
  • Other (7%)

 

ARM, collections, collection agencies

 

 
 

Resolution #5: Accept, Understand, and Embrace Real Time Payments (RTPs)

Waiting for an electronic funds transfer to clear or an ACH batch to upload and process overnight is, plainly and simply, old school. Fortunately, these scenarios may soon be relegated to the past.
 
For a number of years now, I’ve had the privilege of sharing breaking compliance stories within the collection industry. Today, I’m happy to be the first to announce this breaking story: the Federal Reserve and the National Automated Clearing House Association are well on their way to rolling out Real Time Payments (RTPs) in the U.S.
 
Real-time payment systems offer an instant, 24/7, interbank electronic funds transfer service that can be initiated through a variety of channels: smart phones, tablets, digital wallets, and the web.
 
Here’s how RTPs work. A low-value real-time payment request is initiated, enabling an interbank account-to-account payment fund transfer and secure transaction posting with immediate notification features. Posting funds are made immediately available—and by immediate, I mean within 30 minutes.
 
The introduction of RTPs in U.S. credit and collection markets will be a game changer. Make sure you’re prepared by learning all you can now and making the switch when the time comes.
 
 

Make 2020 a Year of Ambitious Goals and Even Greater Results

Exciting times lie ahead for the ARM industry. Even with rampant litigation raging through the consumer attorney bar, opportunities for thoughtful, resilient, nimble players (first- and third-party collection agencies, debt purchasers, and collection firms) abound.
 
At the heart of every success story in this industry is an eye toward a more efficient, profitable future and recognition of what it takes to get there: a dynamic technology infrastructure built on top of a robust compliance management system. With these strengths, you can operate efficiently, serve customers well, minimize daily compliance concerns, and become indispensable to your clients.
 
We’ve developed a roadmap of sorts to help ARM decision makers eliminate barriers to business success and accelerate their revenue and market gains. Read The ARM Ecosystem: Advancing Beyond Integration,” our free eBook, and you’ll learn how simple the process can be.
 
 
 
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2020 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Are You Ready to Text?

Take charge of compliance and start texting with confidence. This free eBook explains how.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

A 5-Step Dive into HIPAA Compliance for Email and Text

A 5-Step Dive into HIPAA Compliance for Email and Text

 
Last week, I wrote about email and text guidelines the American Medical Association (AMA) set forth to help healthcare providers ensure their electronic communications comply with the Health Insurance Portability and Accountability Act (HIPAA). Thanks to this roadmap, and current available technologies, providers and their business associates have what they need to email and text patients legally and responsibly when Protected Health Information (PHI) is at stake.
 
Today, I’m going to discuss HIPAA compliance more in depth—specifically, as defined and determined by the HIPAA Privacy Rule, the HIPAA Security Rule, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Each of these contributes to the pool of regulatory requirements controlling the exchange of PHI via electronic communications.
 
Understanding how these regulations (collectively referred to herein as “HIPAA requirements”) impact text and email communications is your first step toward launching a HIPAA-compliant text and email communication program.
 
 

First Things First: A Brief HIPAA Breakdown

Before we launch into our five-step dive, here’s a quick primer on how HIPAA requirements have evolved and expanded since 2000.
 
HHS Privacy Rule
Health and Human Services (HHS) published a final Privacy Rule in December 2000, which was later modified in August 2002. This rule set national standards for the protection of individually identifiable PHI by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct standard healthcare transactions electronically. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
 
HHS Security Rule
HHS published a final Security Rule in February 2003. This rule sets national standards for protecting the confidentiality, integrity, and availability of electronic PHI. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).
 
HHS Enforcement Rule
The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.
 
HHS Breach Notification Rule
Under certain circumstances, the Health and Human Services (HHS) Breach Notification Rule requires covered entities and business associates to report all PHI breaches to HHS and the impacted individuals. HHS enacted a final Omnibus rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for PHI established under HIPAA, thus finalizing the Breach Notification Rule.
 
Are you ready to text? Do you fully understand the requirements and risks? Don’t miss my recent webinar, “HIPAA’s Take on Email and Text: What You Need to Know to Comply and Serve Patients Well.” You can access the free recording here.
 
 

Now, Let’s Dive Into the HIPAA Requirements

These are five of the most important aspects of HIPAA as it pertains to email and text. If you’re considering using electronic communications to engage patients for any reason, these bottom-line takeaways should be top of mind.
 
Step #1: Relationships Matter
The HIPAA requirements for text and email communications differ depending on the relationship between the texting or emailing parties.
 
While all electronic communications sent from a covered entity or business associate to a patient must be secure, communications from the patient to the covered entity or business associate need not be secure. This is because the HIPAA requirements do not require covered entities and business associates to be legally responsible for the encryption of PHI sent by the patient to the covered entity or business associate.
 
Nevertheless, the covered entity or business associate still bears some responsibility regarding email and text communications received from a patient (see Step #2).
 
Step #2: Consumer Warnings Matter
As I mentioned in my previous blog post, providers and business associates who offer patients an opportunity to communicate electronically using a text or email service must warn consumers about the insecurity of the communication platform.
 
According to the AMA’s guidelines related to HIPAA requirements for communications between provider/business associate and patient, when communicating with patients electronically, the provider/business associate must also inform patients of:
 
  • The inherent limitations of electronic communication, including possible breach of privacy or confidentiality issues; and
  • The difficulty in verifying the identity of the parties when texting or emailing and the potential impact of delayed responses.
 
The provider/business associate should also provide patients with an opportunity to accept or decline electronic communication before privileged information is transmitted, and they should document the patient’s decision to accept or decline the opportunity.
 
Lastly, the provider/business associate should take steps to help the patient understand that any texts or emails he or she might send the provider/business associate are not secure and may be subject to intrusion, hacking, and identity theft.
 
 
Step #3: Patient Expectations Matter
The HIPAA requirements are not prescriptive with regard to text and email communications. Rather, they expect covered entities and business associates to meet the expectations within reason.
 
For example, if a patient demands the medical collection agency email a copy of his or her statement to a Gmail address and the collection agency has absolutely no process in place to email patients, HIPAA would not require the medical collection agency to accommodate the patient by implementing an email communication system.
 
On the other hand, if a patient indicates he or she does not want the medical collection agency to leave voicemail messages on his or her cell phone and to send texts instead (assuming the agency has a text message program in place), HIPAA would require the medical collection agency to cease leaving voicemail messages and restrict communications with that patient to text.
 
Step #4: Playground Rules Don’t Matter
Covered entities and their business associates often ask whether they can interpret a patient’s unsolicited email or text as consent to electronic communications.
 
The assumption behind the question is best reflected in the familiar line, “Well, they started it.” While this may work as a playground rule, it fails under the HIPAA requirements.
 
Parties who wish to communicate with patients electronically must obtain the patient’s consent to continue using the particular form of electronic communication, even when a patient initiates the text or the email.
 
Step #5: Encryption Matters
Email and text communications are inherently insecure; they’re not secured by default, and they’re easy to hack.
 
An individual’s email account can easily be accessed by a third party if a weak or easy-to-guess password is used for the email account. A provider’s email system is also vulnerable to attack if the organization does not use two-factor authentication and other simple controls such as passwords and screen time-outs.
 
Because all consumer-grade email platforms and texting programs are known to be insecure means of communication, their use for professional purposes may be considered in itself a breach of the HIPAA requirements.
 
The HIPAA Security Rule §164.312(e) requires covered entities and their business associates to consider the encryption of communications as an Addressable Implementation Specification. This is a defined term under the HIPAA Security Rule. Providers and their business associates must comply with this rule when contemplating the use of electronic communications.
 
 

HIPAA Is Complex, but Email and Text Needn’t Be

Technologies that can secure text and email communications as required by HIPAA are readily available today. In fact, providers have a range of options that are designed for this very purpose and perform their job well.
 
Once you understand what HIPAA requires and have the right tools in place, electronic communications will become less of an ongoing concern and more of an asset—a major advantage, in fact—for your operations and your business. Frankly, you’ll wonder how you ever got along without them.
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Info and Insights You Won't Want to Miss

Here on the OS Blog, we aim to give you just the right mix of high-level views, tactics, and tools you can use to optimize your collection operations and results. Subscribe today for a steady stream of practical, empowering content delivered to your inbox weekly.

Are You Ready to Text?

Take charge of compliance and start texting with confidence. This free eBook explains how.

A 5-Step Dive into HIPAA Compliance for Email and Text

A 5-Step Dive into HIPAA Compliance for Email and Text

 Last week, I wrote about email and text guidelines the American Medical Association (AMA) set forth to help healthcare providers ensure their electronic communications comply with the Health Insurance Portability and Accountability Act (HIPAA). Thanks to this...

Electronic Patient Communications in the Wake of HIPAA: The Ban Has Lifted

Electronic Patient Communications in the Wake of HIPAA: The Ban Has Lifted

Healthcare providers remain skittish when it comes to email or text communications, and their reluctance is understandable.
 
Historically, both email and text messages were considered inherently unsecure modes of communication. In addition, many healthcare providers and business associates believe the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy and Security Rule’s restrictions on the use, transfer, and storage of demographic data and Protected Health Information (PHI) make email and text messaging far too risky.
 
In response to the concerns of the healthcare community as well as the financial services industry—which has similar needs to protect the confidentiality of personally identifiable information—the cellular phone and internet industries have built safe, secure electronic communication platforms that secure information both in transit and at rest.
 
If email and text are used properly and with the controls required by the American Medical Association (AMA) to send electronic messages containing PHI, healthcare providers can now embrace these forms of patient communications.
 
 

AMA Requirements for Email and Text

As the AMA makes clear, HIPAA does not specifically prohibit sending PHI by text or email. However, it does require the electronic communication platform to include:
 
  • Safeguards to ensure the confidentiality of PHI at rest and in transit;
  • Controls for who can access PHI;
  • Permissions for what authorized personnel can do with PHI when they access it; and
  • Processes to prevent the interception of plain text messages.
 
Healthcare providers and business associates should exercise due diligence when selecting a text or email communication platform provider. At a minimum, they should require the provider to ensure its text or email platform can support the AMA’s four requirements of an electronic communication platform.
 
The AMA has further clarified its position on sending PHI by text or email in Section 2.3.1 of the AMA’s Code of Ethics. As this section makes clear, concerns remain about privacy and confidentiality when communicating and transmitting PHI electronically. Physicians must uphold the same ethical standards when communicating with patients electronically as they do during other clinical encounters. They must also ensure the method of communication—whether virtual, telephonic, or in person—is appropriate to the patient’s clinical need and to the information being conveyed.
 
While HHS and the Center for Medicare and Medicaid Services (CMS) do not prohibit healthcare providers and practitioners from communicating with their patients by text messages or email, healthcare providers and practitioners cannot disavow their responsibilities under the law, HIPAA, the HIPAA Privacy and Security Rule, or the AMA Code of Ethics by hiring a business associate to manage their electronic communications. 
 
Business associate agreements must include specific provisions regarding the use of text messaging and email and delineate any privacy or security requirements of the covered entity.
 
 
Are you ready to text? Do you fully understand the requirements and risks? Don’t miss my recent webinar, “HIPAA’s Take on Email and Text: What You Need to Know to Comply and Serve Patients Well.” You can access the free recording here.
 
 

AMA Guidelines for Email and Text

Here are the AMA’s specific guidelines regarding electronic patient communications. These standard practices help to ensure day-to-day compliance and ethical, responsible patient care.
 
Physicians who choose to communicate electronically with patients should:
 
(a) Uphold professional standards of confidentiality and protection of privacy, security, and integrity of patient information.
 
(b) Notify the patient of the inherent limitations of electronic communication, including possible breach of privacy or confidentiality, difficulty in validating the identity of the parties, and possible delays in response.
 
Such disclaimers do not absolve physicians of responsibility to protect the patient’s interests. Patients should have the opportunity to accept or decline electronic communication before privileged information is transmitted. The patient’s decision to accept or decline email communication containing privileged information should be documented in the medical record.
 
(c) Advise the patient of the limitations of these channels when a patient initiates electronic communication.
 
(d) Obtain the patient’s consent to continue electronic communication when a patient initiates electronic communication.
 
(e) Present medical information in a manner that meets professional standards. Diagnostic or therapeutic services must conform to accepted clinical standards.
 
(f) Be aware of relevant laws that determine when a patient-physician relationship has been established.
 
 

For Providers and Their Patients, a Big Leap Forward

Healthcare professionals should welcome the AMA’s efforts to advance communications between patients and their providers. Text and email can be used to improve the patient experience, inform patients of their rights, remind them of important appointments, deliver treatment plans, follow up with recommendations, and even establish a lifeline between patients and physicians.
 
Today’s patients appreciate and deserve the opportunity to communicate with providers using a variety of methods. The AMA’s recognition of this fact, and the framework it has provided for healthcare-related electronic communications, is a major win for all involved.
 
 
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Info and Insights You Won't Want to Miss

Here on the OS Blog, we aim to give you just the right mix of high-level views, tactics, and tools you can use to optimize your collection operations and results. Subscribe today for a steady stream of practical, empowering content delivered to your inbox weekly.

Are You Ready to Text?

Take charge of compliance and start texting with confidence. This free eBook explains how.

A 5-Step Dive into HIPAA Compliance for Email and Text

A 5-Step Dive into HIPAA Compliance for Email and Text

 Last week, I wrote about email and text guidelines the American Medical Association (AMA) set forth to help healthcare providers ensure their electronic communications comply with the Health Insurance Portability and Accountability Act (HIPAA). Thanks to this...

How to Use Email and Text for Collections Without Getting Burned (Part 2)

How to Use Email and Text for Collections Without Getting Burned (Part 2)

 
If you read part 1 of this two-part blog series or listened to part 1 of our AccountsRecovery.net webinar “Email Is Hot, Texting Is Hotter: Don’t Be the First to Get Burned,” you might have found some of our comments surprising. Perhaps you left with more questions than you’d had going in. Or you wonder how in the world communicating compliantly via email and text—consistently, day in and day out—is even possible.
 
I understand completely. There’s no shortage of legal requirements and practical issues to wade through, and there’s a lot riding on your communication practices.
 
That’s why I’m here today with part 2. It’s based on my continuing discussion with David Kaminski, chair of the Consumer Financial Services Law Practice at Carlson & Messer LLP in Los Angeles. (Part 2 of the AccountsRecovery.net webinar is available here.)
 
Let’s dive straight into some of the webinar highlights.
 
 

Work Email Addresses and Mobile Numbers: Are They Safe to Use?

If a consumer provides you with a work email address or mobile number, you should tread carefully. These channels may not be fully under the consumer’s control. If the consumer ends his or her employment, he or she could miss important communications. If a current or previous employer monitors or accesses email or text messages, you run the risk of third-party disclosure.
 
Here’s what David and I recommend:
 
  • Always ask consumers for personal contact information. Your best bet, legally speaking, is to minimize the number of work accounts your organization uses for collection-related communications.
  • Get consumers to agree to notify you if their employment status changes. If your terms and conditions are detailed enough, and the consumer assumes responsibility for keeping you informed, you’ll have done your part to ensure the integrity of the collections process. This will afford a good measure of protection in the event of a legal claim.
 
“So if that consumer had given you consent . . . but now you’ve added in the additional wrinkle of the fact that the person has left the office. She’s no longer there, but they’re monitoring her email. They open the email, and therefore the company gets the . . . analytic results saying, ‘I sent my 1692g notice.’ [ . . . ] Did she receive the notice, or did she not?” – David Kaminski
 
 

Text Messages: Navigating Carrier Demands, Consumer Expectations, and the Law

The Cellular Telephone and Internet Association (CTIA) is a self-regulatory body that represents mobile service providers and other industry organizations. The CTIA has its own messaging principles and best practices, but they’re not legally binding. You can’t be sued for violating them.
 
Still, it’s important to comply with CTIA guidelines so you know your texting practices align with carrier and consumer expectations.
 
  • Use simple, straightforward language. Consumers must fully understand anything they’re signing up to receive. Opt-in mechanisms must be clear, and when consumers unsubscribe, they must receive an acknowledgement of the action.
  • Be careful with abbreviations. Acronyms can’t spell out inflammatory words (I’d call this one a no-brainer).
  • Terms and conditions are essential. By getting a consumer to agree to terms and conditions upfront, you can effectively nullify gaps and inconsistencies between CTIA and Fair Debt Collection Practices Act (FDCPA) requirements.
 

E-Sign: How It Applies, and How to Comply

A consumer’s E-Sign consent gives debt collectors permission to substitute electronic delivery for snail mail delivery of legally required written documents. You don’t need E-Sign consent to email or text a consumer everyday collection-related communications such as paid-in-full statements, responses to balance inquiries, payment receipts, etc.
 
However, you DO need to obtain a consumer’s E-Sign consent before you may deliver legally required written documents and disclosures to the consumer electronically. Examples of legally required written documents and disclosures include post-dated payment reminders, validation notices not provided in initial consumer communications, and copies of Reg E recurring electronic funds transfer authorizations.
 
FACT: Obtaining E-Sign consent is a two-step process.
First, you must inform the consumer of his or her rights. There are several ways to inform consumers of their E-Sign rights:
 
  • During a recorded conversation with the consumer;
  • In an email;
  • In a text message;
  • In a writing;
  • On a website. 
 
Second, you must ask the consumer to demonstrate his or her ability to access the email address or use the mobile number he or she provided you for E-Sign purposes to receive legally required notices and disclosures.
 
The consumer can demonstrate his or her ability by: 1) sending you a text message or keyword using the mobile number they provided you for E-Sign; or 2) replying to an email or text message you sent to the email address or mobile number they provided you in connection with their E-Sign consent.
 
E-Sign consent takes effect only after the consumer has consented to using a particular channel (email or text) AND has demonstrated he or she can use that particular email address or mobile number.
 
FACT: An initial communication that includes the 1692g validation notice DOES NOT trigger the E-Sign requirement.
This is because there is no writing requirement in play for the initial communication. Section 1692g of the Fair Debt Collection Practices Act (FDCPA) makes clear you only need to “send” the consumer the validation notice [in writing] if you DID NOT provide it in the first communication (e.g., in the body of an email or verbally in a phone call) or if the consumer has already paid the debt.
 
Since E-Sign consent is required only for notices and disclosures that must be provided to the consumer in writing as a matter of law, it does not apply to the validation notice provided in the first communication.
 
FACT: A communication subsequent to the initial communication with the consumer DOES trigger the E-Sign requirement.
This is because the FDCPA imposes a writing requirement on a validation notice if it’s provided in a communication subsequent to the initial communication.
 
For example, if your first communication with the consumer was a text or phone call and you did not include the 1692g validation notice in that communication, you must send the consumer the validation notice within five days of that communication. In this context, the word “send” means by first class or certified mail with return receipt requested.
 
If you would prefer to email or text the written validation notice to the consumer, you may substitute the U.S. Postal Service mail delivery method with a digital delivery method if you first obtain the consumer’s E-Sign consent to do so.
 
Just remember: if you have an initial communication with the consumer that did not include the validation notice, you would be legally required to obtain E-Sign consent within the five-day window and electronically deliver the validation notice or link to the validation notice within the same five-day window.
 
If you fail to obtain the E-Sign consent, the validation notice is not opened, or the link to the validation notice in the email is not clicked within the five days of that initial communication, you must send the validation notice to the consumer using first class U.S Postal Service mail delivery.
 
TIP: To obtain proper E-Sign consent, provide detailed information and terms and ask for a response.
To obtain E-Sign consent properly, you’ll need to specify, among other things, the scope of consent (e.g., all active accounts now and in the future), the option to withdraw at any time, hardware and software requirements, whether any fees apply, instructions for obtaining paper disclosures, how to update contact information, and how to reach an agent.
 
When you send disclosures and terms, request a response (for example, “text YES”) so you can confirm the validity of the email address or mobile number and lock down the consumer’s formal consent.
 
TIP: Always confirm receipt of legally required documents.
There is no mailbox rule for electronic communications. Once you hit “send,” be sure to verify receipt via analytics. You can ask consumers to verify receipt themselves, but having indisputable proof on your end is essential legal protection for your business. Remember to verify open rates of emails as well as any links you use to provide information to the consumer.
 
“Revocation is that word that I think is so important in this whole context . . . . Anytime someone withdraws consent, whether you believe they did that in the proper manner . . . once that’s communicated, the best and safest course to minimize your risk is to honor that and comply with it.” – David Kaminski
 

Recommended Reading From Our Resource Library

Email and text may seem daunting, but you can implement an omnichannel communications strategy with confidence. It’s easier than you think, especially with compliance-minded tech that streamlines collection operations while safeguarding your business by helping prevent noncompliant communications.
 
If you’re eager to distinguish your service and strengthen your market position via consumer-friendly electronic communications, here are a few resources we recommend for further reading:
 
 
 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Info and Insights You Won't Want to Miss

Here on the OS Blog, we aim to give you just the right mix of high-level views, tactics, and tools you can use to optimize your collection operations and results. Subscribe today for a steady stream of practical, empowering content delivered to your inbox weekly.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

How to Use Email and Text for Collections Without Getting Burned (Part 1)

How to Use Email and Text for Collections Without Getting Burned (Part 1)

Is communicating via email and text still a pipe dream for your collection operations? If so, you might want to settle in and keep reading. It really isn’t as scary as you might expect.
 
Despite the high costs and marginal returns of relying on phone calls and printed letters, many ARM agencies and healthcare providers have yet to embrace email and text. Widespread confusion and uncertainty about various state and federal requirements (including the proposed CFPB rules and E-Sign) can make digital communication an intolerable compliance risk.
 
I recently had the pleasure of discussing email and text compliance standards as well as their practical implications for businesses with David Kaminski, chair of the Consumer Financial Services Law Practice at Carlson & Messer LLP in Los Angeles. Although we weren’t in a position to offer legal advice, our goal was to help listeners better understand the laws governing electronic channels so they can move forward with greater confidence.
 
Here are a few of the topics David and I covered in detail during part 1 of our two-part AccountsRecovery.net webinar, Email Is Hot, Texting Is Hotter: Don’t Be the First to Get Burned.”
 
 

Legally Speaking, Emails are Considered Writings

Emails are writings. If sent to a consumer by a third-party debt collector, emails must comply with the  Fair Debt Collection Practices Act (or FDCPA). If the email communication pertains to healthcare debt, the Health Insurance Portability and Accountability Act (HIPAA) applies.
 
Emails trigger compliance with the CAN SPAM Act as well, meaning they must (among the law’s other requirements) include an opt out or unsubscribe provision. Emails must also include any state-required disclosures and special verbiage requirements.
 
There is no legal requirement per se to obtain the consumer’s consent to email. This means third-party collection agencies may rely on client-provided email addresses. Just remember to include the required opt out/unsubscribe language in the body of every consumer-facing email and, as a routine practice, ask consumers to confirm their consent for you to email the particular address.
 
Whether you’re sending legally required documents via email or text, you’ll need E-Sign consent (more on that below).
 
 

Legally Speaking, Text Messages are Considered Calls

Text messages are calls. As such, texts must comply with the requirements of the Telephone Consumer Protection Act (TCPA). The TCPA requires the “calling” party to obtain the express prior consent of the consumer associated with the mobile phone number.
 
The TCPA is not limited to debt collection calls. In fact, it applies to any person placing a call or text to a consumer using the consumer’s mobile number. As is the case with emails, text messages sent to a consumer by a third-party debt collector must comply with the FDCPA.
 
Text messages initiated by a third-party debt collection agency are subject to call restrictions and auto dialer rules, and frequency of delivery can run afoul of state harassment laws and FDCPA laws. If you don’t have TCPA-mandated consent, you may be subject to legal action. Even prior verbal consent is fine, as long as you record it for legal purposes.
 
Mobile numbers are often reassigned, so consider the source of the number you’re using and the currency of the information to gauge the risk of third-party disclosure. Certain technologies can determine whether a mobile number has been deactivated or ported and, if so, block any further text communications.
 
As a practical matter, both emails and text messages may contain links to secure URLs and must encrypt data at rest and in transit.
 
 
“People think, ‘If I’m sending an email, I’m not really bothering anybody, they can get an email anytime. Although Federal and state call time restrictions do not apply to emails, excessive emailing could be viewed as harassment and cause the agency to be blacklisted.” – David Kaminski
 

When and How Does E-Sign Apply?

Informal consent and formal consent (E-Sign) come into play at different times, depending on the nature of the communication. Informal consent relates to getting the consumer’s permission to use email or text to relay basic information—payment receipts, account balance, verifying a payment plan, etc. Formal consent, or E-Sign, is needed for all legally required notices.
 
For an initial communication—which you would use to introduce your organization and purpose, confirm you’re dealing with the correct person, and secure permission to use that channel—E-Sign is not needed. You’re free to send your 1692G notice in that first communication. But for validation notices and other legally required documents not included in the initial communication (a post-dated payment notice, for example), E-Sign is a must.
 
“E-Sign has been an enigma for so many of you. Everyone has come up to me and said, ‘What is this E-Sign? I don’t really understand it. People throw it around like a frisbee.’ Rozanne and I are going to really lay out what it is, what it means, what you need to be concerned about, and how to launch your program.” – David Kaminski
 
 

What Should Collectors Consider When Crafting Emails and Texts?

You’ll need to think carefully about how emails and texts are worded and what they will include. Even the most (seemingly) minor details can mean the difference between a positive, productive interaction and a costly legal challenge.
 
For emails, you’ll want to include your true name in the “From” field (an attorney might advise you to use a DBA), keep subject lines simple and professional (e.g., “Your [Creditor Name] Account,” “Your Payment Date”), and avoid any verbiage that might trigger a spam filter.
 
Text messages must include certain disclosures as required by the Cellular Telephone and Internet Association (CTIA). Short codes can be used in text messages to allow consumers self-service options such as accessing account information, making payments, and communicating with you. Avoid using words that could be confusing, misleading, or inflammatory. If you don’t have prior written consent, including any type of marketing or solicitation in a text message can land you in hot water.
 
“Just be careful when you’re rolling out the language that you’re going to be using in your text messages to consumers. Make sure you’re not using something that will mislead, misrepresent, or potentially even harass the consumer, especially when you’re looking at federal and state laws.” – David Kaminski
 
 

Coming Up: Creating the Right Setup for Compliant Emails and Texts

In the second half of this blog series, I’ll recap the rest of my discussion with David about emails and texts—particularly when it comes to technology and what you’ll need to launch a program you can trust. Stay tuned for more actionable insights from our two-part webinar, Email Is Hot, Texting Is Hotter: Don’t Be the First to Get Burned.”
 

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Info and Insights You Won't Want to Miss

Here on the OS Blog, we aim to give you just the right mix of high-level views, tactics, and tools you can use to optimize your collection operations and results. Subscribe today for a steady stream of practical, empowering content delivered to your inbox weekly.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

Data Privacy and Security: What’s Next for Debt Collectors?

Data Privacy and Security: What’s Next for Debt Collectors?

Data privacy and data security are two very hot topics in the ARM industry today. The California Consumer Privacy Act (CCPA) is set to take effect in January 2020, with additional privacy bills now pending in at least 25 states. Meanwhile, cyber crimes involving consumers’ personal data are growing in number, size, and sophistication.

While ARM business leaders are rightly focused on these issues, many are uncertain about the true nature and extent of their compliance and security risks. They’re also not sure how to manage these risks effectively.
 
Recently, I had the privilege of joining two distinguished industry colleagues for a panel discussion about data privacy and security: Odia Kagan, partner and chair of the GDPR Compliance and International Privacy division at Fox Rothschild LLP; and Ben Johnson, director of risk management for Cornerstone Support.
 
Here are some, but not all, of the major issues and topics we addressed (you can access the full webinar here).
 
 

Data privacy: Understanding and Preparing for the CCPA

The CCPA applies to any business or service provider that collects personal data, determines the purpose and means of data use, or controls or is controlled by such a company.
 
Starting January 1, 2020, the CCPA will grant California residents certain rights pertaining to personal data collected since January 2019 (a 12-month look-back window). Residents will be able to file claims for data access or deletion or for an opt out. Companies subject to the CCPA will have 45 days to respond.
 
Types and uses of data covered under the law run the gamut. Personal data can include everything from Social Security numbers and birth dates to lead generation activity, online browsing history, and interactions with mobile apps.
 
 
“Information like name, email address, collections history, purchase history, payment history, and determinations that you make off this (this person is likely to pay on time, they’re not likely to pay on time)—all of those things were not considered personal information in the traditional sense under U.S. law. That all has changed.” – Odia Kagan
 
Your business may be in scope if you do business in California and meet the minimum business thresholds listed below.
 
For purposes of CCPA compliance, doing business in California means:
 
  • Your headquarters are in California;
  • Your employees are in California;
  • Your company is incorporated in California;
  • Your company satisfies the definition of a California foreign entity; or
  • You conduct out-of-state sales or transactions into California.

 

Minimum business thresholds are defined as:

 

  • You conduct business activities in California and your annual revenues exceed $25 million;
  • You’re involved with personal data of more than 50,000 consumers, households, or devices (this could even include unique blog visitors); or
  • Sales of personal information—including value acquired from its use (via data analytics, for example)—accounts for at least 50% of your annual revenues.
 
To better understand how CCPA might affect your business and to prepare for its impact, you’ll want to take the six important steps Odia outlined in detail:
 
  • Map your data flows and processes
  • Determine your role under the law (independent business, service provider, or vendor)
  • Look carefully at legal purpose as well as GLBA and FCRA exemptions and whether they apply
  • Determine how you’ll comply with consumer requests within the required 45-day window
  • Reevaluate your internal processes
  • Plan for CCPA disclosure
 
 
“So it’s basically looking at processes, looking at the information, seeing how [you] get to it, how [you] can produce it. Then the other question is, ‘Once I know how to collect all of this information, how do I provide the disclosure that CCPA requires me to provide along with all the information I am giving?’” – Odia Kagan
 
 

Data security: Reducing the Risk and Impact of Cyber Crime

As Ben reminded us, cyber crime has been called “the greatest transfer of wealth in history.” The exchange of consumer data via ID theft, phishing, hacking, etc. has been compared with the global drug trade and is estimated to be worth as much as a trillion dollars per year.
 
Guarding against breaches and developing a breach response plan are essential for managing risk and minimizing disruption, financial losses, and potential harm to client relationships.
 
 
Have a specific plan in place
In a security breach “fire drill,” you should know whom to call and what steps to take. Ben recommends, among other things, a cyber liability insurance policy (with full limit breach notification response), an established reporting process, and discussions with a claim adjuster and legal counsel. A breach response should also include forensic analysis to assess the source and extent of the damage.
 
 
“Some of you saw there was a high-profile breach in the collection space earlier this year. One of the things that came out . . . was that maybe they took a little bit longer to get a plan in place and respond. And so at times, that can make the cost even greater or the damage even greater.” – Ben Johnson
 
 
Monitor operations in real time
Many companies enlist a dedicated third-party provider to monitor operations and flag any security weaknesses and unusual activity. Identifying problems early on will allow you to limit or compartmentalize the damage.
 
 
Change the way you store old data
Many high-profile breaches have involved personal information that dates back 10 or more years. Storing too many old records is a serious potential liability. By encrypting older files and offloading them to an external (ideally cloud-based) server, you can effectively make the data worthless to hackers and avoid triggering notification responses.
 
 
“[Data] almost was seen as a . . . valuable asset—to have all this data, all of this knowledge, all of this experience. And secondly, data storage is relatively cheap. So another year goes by, another million records go on the server. [ . . . ] I think as an industry, collectively, we’ve really got to start sharing best practices, talking about what we’re doing to get old files offloaded.” – Ben Johnson
 
 

For More Answers and Advice, Catch the Complete Webinar

During our panel discussion, Odia and Ben covered a lot of territory. They offered detailed insights on the above topics and raised a number of other issues ARM business owners need to consider. “Straight Talk About Privacy, Security, and Cyber Liability for Debt Collectors” is one webinar you won’t want to miss. Download and view it today.
 

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

CFPB Proposed Rules: 6 Debt Collection Practices Consumers Hope to Prevent

CFPB Proposed Rules: 6 Debt Collection Practices Consumers Hope to Prevent

The ARM industry and consumers see the CFPB’s proposed rules through very different lenses. Collection agencies are trying to get ahead of what may be the final rules so they’re ready to comply, while consumers are demanding clear, unequivocal protection from potential harassment and abuse.
 
Despite the CFPB’s best intentions and the commendable work it has done, its interpretation of the Fair Debt Collection Practices Act (FDCPA) isn’t exactly as either group had hoped.
 
For agencies, there are still open questions about how and when they can communicate with consumers across multiple channels without triggering complaints and legal action. For consumer advocates, the rules provide little reassurance and, if anything, give them new reasons to worry.
 
 
Consumer expectations alone do not create new legal requirements under the law, but creditors expect the agencies they enlist to treat consumers fairly.
 
For ARM businesses looking to become customer service and industry leaders, understanding how consumers view the proposed CFPB rules and why should be of utmost importance.
 
 
I recently sat down with my longtime friend Margot Saunders, senior counsel for the National Consumer Law Center and a former managing attorney for the NCLC office in Washington, D.C. We shared our perspectives on the CFPB’s proposed rules, and Margot raised a number of issues she believes the rules fail to address or, in some cases, create on their own.
 
 
 

1.  Confusion Over the Need for E-Sign Consent for All “Required Disclosures”

Consumers do not oppose the use of electronic delivery of written communications per se, but they do expect E-Sign to be followed, particularly when it comes to the electronic delivery of required disclosures.
 
This is a big point of contention for consumer advocates, who argue that sending writings to an email address previously used without having to verify consent or receipt of the message is wildly unfair. They hope the CFPB addresses the apparent E-Sign loophole that allows collectors to choose whether to comply, even when emailing validation notices.
 
 
“The new rules should not deviate from the statutory requirements of E-Sign. Regardless of what the statute says, you always must make sure that validation notice is sent either in paper form by snail mail or by email after receiving some kind of E-Sign consent from the consumer.” – Margot Saunders
 
 

2.  Excessive Calling, Unlimited Texting

The proposed rules allow for a high number of calls, as call caps are per debt (not per consumer), and there is no limit to the number of texts an agency can send. The rules appear to grant ARM businesses safe harbor from legal claims as long as they don’t exceed call caps—even if they place dozens of calls per week to a single consumer. To Margot and others, the CFPB has failed consumers in this regard.
 
 
“The rule does permit consumers to say, ‘Stop calling or stop texting or stop communicating with me via any particular medium,’ and we think that’s good. We’re a little disappointed there’s not some requirement to tell consumers they have that right.” – Margot Saunders
 
 

3.  Sending Emails and Hyperlinks Without Taking Internet Access Into Account

Millions of families access the internet only through their smartphones and have limited Wi-Fi access. For consumer advocates, this raises concerns about whether emails are received, hyperlinks are accessible, and information can be read on a small screen.
 
Consumer advocates believe the proposed rules effectively treat a lack of response to an email as consent, which Margot calls “an absurd proposal,” since emails are presumed received when they may not be.
 
 
“Tricking the consumer into paying something or having to respond to a garnishment notice because they missed all the prior notices isn’t good policy.” – Margot Saunders
 
 

4.  Texting for Non-Writing Communications

Consumer advocates fear collectors will send texts, and communicate back and forth, without knowing whether they’re engaging the right consumer. If the wrong consumer responds with a request to verify the debt, collectors may reveal personal or account-related information and violate consumers’ privacy.
 
 
“We’re proposing in our comments that for the original communication . . . texts comply with the reassigned number database to ensure they are actually dealing with [the right consumer].” – Margot Saunders
 
 

5.  Sending Limited Content Messages

The concept of a limited content message—a voicemail message, for example, or even a message left with a live person—is, to Margot and others, “nonsense.” Not only do consumer groups believe these messages go far outside of legal bounds, but they wonder why voicemails are even necessary in an age of smart phones and electronic communications.
 
 
“In my opinion, and the opinion of my colleagues and a lot of other people, there is no statutory authority for the Bureau to authorize communication that is not covered under the rules for all communications.” – Margot Saunders
 
 

6.  Threatening to Sue to Recover Out-of-Statute Debts

There is a possibility under the proposed rules that consumers could be persuaded to revive an old debt and then be threatened with a lawsuit (despite existing laws against such behavior), as the proposed CFPB rules don’t require agencies to notify consumers of their rights/risks related to out-of-statute debt. In addition, consumers would have a hard time proving that a years-old debt had, in fact, been paid off.
 
 
“We think it’s very hard to imagine why the new rules do not contemplate a disclosure that appropriately apprises the least sophisticated consumer of the risks of paying an out-of-statute debt. This proposed rule goes backwards in allowing threats of litigation or actual litigation.” – Margot Saunders
 
 

Tune in to Hear Both Perspectives

During my conversation with Margot, I shared my own legal and practical interpretations. At times, we engaged in a healthy debate. But Margot and I were in complete agreement that agencies must protect consumers from unfair practices. Where clear boundaries and directives are lacking, we’re both actively advocating for change.
 
If you want to better understand what consumers expect, and reevaluate your communications strategy in that light, I encourage you to take a listen to this informative discussion. You can download the free webinar here.
 

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

An All-In-One Solution

What does it take to communicate with consumers on their terms, comply with changing rules, and keep operating costs low? Cloud-based contact management, fully integrated and automated, holds the key. Learn more about the all-in-one platform that can transform daily operations, customer service, and collection results.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

What the CFPB Rules Mean to You: An Expert Panel Weighs In – Part 2

What the CFPB Rules Mean to You: An Expert Panel Weighs In – Part 2

If you missed Part 1 of “What the CFPB Rules Mean to You,” and you’re concerned about how the proposed rules might affect your operations, I recommend giving it a read. Based on a panel discussion I recently participated in (you can access the webinar here), Part 1 offers a detailed summary of the CFPB’s proposals as well as areas of concern related to call caps, electronic communications, and limited content messages.

This post covers the remainder of our discussion. Following a brief summary of validation notices/required disclosures, I’ll explain the changes and strategies you should consider pursuing long term and what you should be focused on right now.

 

Validation Notices/Required Disclosures

The CFPB’s proposed rules for validation notices and disclosures put some new twists on a number of well-established ARM industry standard operating procedures—and in some cases, with big implications for collection agencies and consumers.

 

Proposed Requirements

For validation notices, collectors will be required to specify the date the debt collector will consider the end date of the validation period. The proposed rule makes clear the validation period begins on the date the debt collector provides the validation information and ends 30 days after the consumer receives, or is assumed to receive, the validation information.

For purposes of determining the end of the validation period, the debt collector may assume that a consumer receives the validation information on any date that is at least five days (excluding legal public holidays, Saturdays, and Sundays) after the debt collector provides it.

Debt itemization must include the Itemization Date. The Itemization Date may be one of four dates for which a debt collector can ascertain the amount of the debt: the last statement date, the charge off date, the last payment date, or the transaction date.

The debt itemization must also include specific information amount the debt including but not limited to the collector’s name and mailing address; the consumer’s name and mailing address; the merchant brand, if the debt is a credit card debt; or if it is a consumer financial product or service debt, the name of the creditor to whom the debt was owed on the itemization date; the account number; name of the current creditor; and an itemization of the current amount of the debt in a tabular format reflecting interest, fees, payments, and credits.

Tear-offs at the bottom of validation notices should allow consumers to respond in a variety of ways such as disputing account ownership, requesting validation of the debt or the name of the original creditor, and submitting payments.

 

Lingering Concerns

With some validation notices sent electronically and others mailed to locations with less frequent mail delivery, counting 35 days past the date that notices are sent could lead agencies to inadvertently reach out to consumers before the validation period has ended and deny them a full 30 days to respond.

Debt itemization, particularly the inclusion of exact dates, could pose problems for medical debt collectors due to the insurance payer billing process that precedes provider collections. Inclusion of interests, fees, and costs creates additional difficulties for collectors as well; they would prefer not to mention these additional charges if they don’t apply—or, in a disclaimer, explicitly state that they don’t apply—and be granted safe harbor from frivolous lawsuits.

The CFPB’s proposed tear-off has both consumer groups and collection agencies particularly concerned.

  • Both camps agree that checking a box at the bottom of the form is inadequate, and consumer groups fear tear-offs could confuse consumers who might misunderstand their rights or the time they have to dispute a debt (or worse, get reported to a credit reporting agency before they even realize a debt is in arrears).
  • Designing a compliant tear-off form could be a struggle. With all the consumer response options the CFPB proposes including, there’s little room on the page for required state law disclosures. In some states, agencies are prohibited from placing these disclosures on the reverse side of the form.
  • Most agencies fear their document readers will miss statements handwritten by the consumer and potentially miss important instructions provided by the consumer.

 

“One thing I find interesting about [the CFPB’s] request for validation is they’ve tried to take some liberties with rewriting the validation notice and the mini-Miranda and as I read the FDCPA, there is no required language or specific words that must be used; rather, they are concepts which must be conveyed. [ . . . ] 

I think there are different ways of expressing the same thought that don’t sound like you’re being handcuffed and thrown into a squad car and brought down to the station.”

Michael Kraft, General Counsel, CCS Companies

 

 

Agency Imperatives That Could Complicate Operations

The proposed CFPB rules could have a tremendous impact on ARM businesses, regardless of how they communicate with consumers. Fundamental change may be needed, at least in some respects, to manage compliance day to day.

 

Record retention in the digital era

Under the CFPB’s proposed rules, ARM agencies will need to retain evidence of compliance with the new rules starting on the date the collector begins collection activity on a debt until: 1) three years after the date of the collector’s last communication or attempted communication; or 2) three years after the date the debt is settled, discharged or transferred to the debt owner or to another debt collector.

Retaining three years’ worth of call recordings, letters, text messages, chats, and social media communications—often stored by date and time—could impose a significant burden.

 

Creditor/agency data sharing

Data standards are going to become increasingly important going forward. To be able to effectively manage communication preferences and consents, validation requirements, and consumer and account data, agencies will need to align more closely with creditors than they have in the past. 

 

 

Big Takeaway for ARM Agencies: For Now, ‘Consent Is King’

The CFPB has attempted to interpret compliance with the FDCPA in ways that protect the most vulnerable consumers without unduly burdening or impeding collection agencies. While there are opportunities for greater clarity and refinement within the proposed rules, the experts on the panel are generally pleased with the CFPB’s efforts to balance stakeholder concerns.

The CFPB is also open to safe harbors in certain areas to protect agencies from consumers’ unfair legal claims. The CFPB has reinstated commission letters, for example, thus giving collection agencies the ability to seek the CFPB’s interpretation of FDCPA regulations (which has the force and effect of law unless a court overturns it).

With this new roadmap from the CFPB, agencies may be more open to communicating in ways they’ve avoided in the past. And that’s a good thing for both businesses and consumers.

As we await (and help shape) the final CFPB rules, agencies must look to the letter of the FDCPA, E-Sign, and TCPA. They must prioritize consent and revocation management above all, and make their voices heard before the CFPB and Congress. No need to wait for final rules before adopting electronic communications; with the right systems and tools in place, you can boldly take your business in new directions.

 

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

An All-In-One Solution

What does it take to communicate with consumers on their terms, comply with changing rules, and keep operating costs low? Cloud-based contact management, fully integrated and automated, holds the key. Learn more about the all-in-one platform that can transform daily operations, customer service, and collection results.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....

What the CFPB Rules Mean to You: An Expert Panel Weighs In – Part 1

What the CFPB Rules Mean to You: An Expert Panel Weighs In – Part 1

The recently proposed CFPB rules for debt collection have left many in the ARM market scrambling, or at least feeling anxious and uncertain about the future. But take heart: the CFPB recognizes your challenges and concerns. Overall, they’ve done a commendable job outlining limits and safeguards agencies must adopt to comply with the Fair Debt Collection Practices Act (FDCPA) in the digital era.

Even so, those 538 pages raise a fair number of questions. Many ARM leaders, legal experts, industry organizations, and business owners continue to weigh in on collection agencies’ behalf as we near the close of the comment period (September 18, 2019) for the Notice of Proposed Rulemaking (NPRM).

Recently, I sat down with two ARM industry leaders to discuss the NPRM for the CFPB’s proposed rules.

Joining me for the webinar were:

 

Moderating the panel was Mike Bevel, Director of Education for the Compliance Professionals Forum and an editor at insideARM.

Our discussion centered on four major areas addressed by the proposed CFPB rules: call caps, electronic communications, limited content messages, and validation notices/required disclosures. Here’s a brief recap of our discussion (you can access the free webinar recording here).

 

Call Caps

The prospect of call caps, as addressed in the CFPB’s proposed rules, is worrisome for many consumer advocates and ARM agencies. Both camps have expressed confusion and unease about how limits will be defined and applied going forward.

 

Proposed Requirements

Agencies can make up to seven calls per debt before reaching a consumer, including leaving voicemail messages. Once contact is made, only one call can be made per week (with some exceptions, including a consumer’s callback request or a consumer initiating a call). This rule would not supersede state law rules.

While attempting to connect with a consumer using any of the phone numbers on file, the debt collector may take advantage of the seven calls per week restriction on a per-debt basis only if the collector can prove the attempted contact was with respect to a particular debt rather than all the active accounts in its inventory.

 

Lingering Concerns

Agencies with more than one phone number for a consumer might struggle to reach him/her in a timely manner, fearing that dialing within the limits but on multiple accounts could still constitute harassment. In addition, the proposed rules don’t define a “connected call,” leaving debt collectors with more uncertainty.   

Consumers are concerned about the per-debt standard (versus per consumer); an individual with multiple accounts could receive dozens of calls per week. Even so, it’s reasonable to assume agencies would take more care in trying to reach these consumers, and consumers could simply reach out to agencies to put a stop to excessive calls.

Many agencies keep an individual consumer’s accounts completely separate from each other, as required by clients in the financial and healthcare arenas (e.g., credit card accounts, ambulance bill/hospital bill/medical specialist bill). When no one has an overall view of a consumer’s account statuses, building internal controls to ensure compliance and achieve the ideal call frequency could be a Herculean task.

 

Electronic Communications

Since the FDCPA was signed into law in 1977, new communication technologies have introduced new complications for third-party agencies looking to move beyond phone calls and printed letters. For the most part, the proposed CFPB rules regarding email and text messaging offer clear directives regarding consumer consent and consumer privacy.

 

Proposed Requirements

Many agencies shy from email and texting due in part to the risk of unintentionally disclosing consumer debts to third parties. This is a major concern for consumers as well. The CFPB addresses various scenarios related to selecting an email address or mobile number to use for consumer communications.

The proposed rules will provide debt collectors with protection from the unauthorized disclosure of a debt to a third party when engaging in email or text communications so long as specific procedures are maintained regarding the selection and use of a mobile number or email address. The protections afforded debt collectors when communicating with consumers using mobile numbers and email addresses vary depending upon whether the collector uses a number or address the consumer used to initiate communication with the collector; provides the consumer with 30 days’ notice of its intent to use a particular non-work mobile number or non-work email address to communicate with the consumer; or uses a non-work mobile number or non-work email address the consumer recently used to communicate with the creditor or a prior debt collector about the particular debt.

 

Lingering Concerns

When agencies use electronic communications, their responsibility doesn’t end when they hit “send.” They will need to monitor delivery of email and text messages carefully by way of notifications from communication providers. If emails bounce or links aren’t opened, legally required disclosures must be resent through a different channel.

The proposed CFPB rules would allow debt collectors to use digital delivery options for required notices such as the validation notice, verification information, or the name of the original creditor. Specifically, the required disclosures may be included in the body of an email or accessed via e a hyperlink that directs consumers to a secure website. Recognizing the risks associated with hyperlink usage and the reluctance on the part of consumers to click on hyperlinks, the proposed rules include conditions that must be met before using a hyperlink to provide a required disclosure.

Consumers fear the prospect of being flooded with emails and texts. They also fear that collection agencies will make it difficult for them to opt out. But these fears may be overblown. Aside from existing laws against harassment and abuse (and the fact that electronic communications are not cost free), agencies will be inclined to limit email use to avoid being shut down by their ISPs due to spam behavior.

 

“We take the position with most things that are consumer oriented, especially when it comes to electronic and alternative communication, that they have expressed a preference at some point that they be communicated with through some means, and to ignore the fact that they have . . . does a disservice to that consumer.”

Michael Kraft, General Counsel, CCS Companies

 

Limited Content Messages

For many years, collectors have been skittish about leaving messages for consumers who can’t be immediately reached. The CFPB has addressed this issue specifically, first by defining limited content messages as attempts to communicate for purposes of the frequency of calls requirements, while at the same time declaring a limited content message to not be a communication in connection with the collection of a debt as that term is defined in the FDCPA.

 

Proposed Requirements

Limited content messages can be relayed via voicemail, text, or live communication with a third party as long as the message contains the following:

  • The consumer’s name;
  • A request that the consumer respond to the message;
  • The name or names of one or more natural persons the consumer can contact;
  • A callback number; and
  • If the message is delivered electronically, a disclosure explaining how the consumer can stop receiving messages through that medium.

 

Limited content messages may not be delivered via email, as an email address would reveal the sender—thus rendering the email an actual communication per the FDCPA.

For prerecorded voicemail messages, agencies should review TCPA regulations and verify appropriate consent (as would be required for auto dialing cell phones).

 

Lingering Concerns

While collection agencies are bound to protect consumer privacy (and consumer groups see limited content messages as obvious debt collection attempts), consumers are increasingly demanding transparency from businesses upfront. They want to know who’s trying to reach them and why. These two imperatives are somewhat in conflict, and the CFPB has yet to find a way to ease the tension.

The CFPB’s proposed natural person requirement might pose problems for larger agencies whose call centers lack the ability to transfer calls to specific agents. One simple fix, if the CFPB sees fit to institute it, would be to require agencies to request that consumers call a particular department and speak to any available agent.

 

“Personally, I don’t find the message as proposed to be super useful to the consumer. I think it sounds shady. I’m not sure who would respond to it—just saying ‘Please call me; this is about an account.’ I think if collectors would simply say, ‘This is about a [specific company] account, at least the consumer . . . could make a more educated decision about whether or how to respond.”

Stephanie Eidelman, CEO, insideARM/iA Institute

 

Don’t Miss Part 2 of the Panel Discussion

In my follow-up post, I’ll cover the most important aspects of the CFPB’s proposed rules regarding validation notices/required disclosures. I’ll also share new business imperatives that could require fundamental change, along with the most important takeaway for ARM agencies.

Here on the OS blog, our goal is to provide important, timely insights and actionable tips you can use to minimize risk and improve business outcomes. If you haven’t already, be sure to register for the blog to receive valuable new content right in your inbox. As always, we’ll do our best to keep you informed and up to date.

 

 

Disclaimer: Ontario Systems is a technology company and provides this blog article solely for general informational and marketing purposes. You should not rely on the content of this material for any other purpose or as specific guidance for your company. Ontario Systems’ advice, services, tools and products described herein do not guarantee compliance with any law or industry standard. You are ultimately responsible for your own company’s actions and compliance efforts. Because everyone’s situation is different, you must consult your own attorneys, accountants, and/or other advisors to obtain specific advice on your company’s compliance, legal, tax, regulatory and/or other business needs. Despite Ontario Systems’ efforts to provide current and up-to-date information, you need to recognize that the information contained herein may become outdated quickly and may contain errors and/or other inaccuracies.

© 2019 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.

Ready to Text?

For a comprehensive guide to text messaging, check out our “Ready to Text?” eBook. In it, you’ll learn all the nuances, pitfalls, and timely developments you need to understand so you can connect with consumers on their terms. Download your free copy today.

ARM Industry Leaders, Why Aren’t You Texting?

ARM Industry Leaders, Why Aren’t You Texting?

This is the first post in a new blog series highlighting the importance of text messaging for debt collections and what ARM businesses need to stay compliant.   Text messaging for debt collections might seem like a bridge too far. But it’s entirely within reach today....