CFPB Sues Debt Collectors: Are You Making the Same Compliance Mistakes?
Last week was a big one for the CFPB and its oversight of debt collection practices. The bureau sued Encore Capital Group, the largest debt collector and debt buyer in the U.S., for allegedly violating the Consumer Financial Protection Act (CFPA) and the Fair Debt Collection Practices Act (FDCPA). It also partnered with the New York Attorney General to sue a network of five different debt collectors outside Buffalo, NY, for using illegal methods to collect debts.
Here’s a breakdown of what went wrong so you can avoid making the same mistakes:
Company #1: The Alleged Repeat Offender
The CFPB stated that Encore, which has annual revenues over $1 billion and net income of over $75 million, has been:
- Suing consumers without providing the required documentation.
- Using law firms and an internal legal department to engage in collection efforts without, providing required disclosures.
- Failing to provide consumers with required loan documentation after consumers requested it.
This was originally identified by the CFPB in 2015, when the CFPB brought the first enforcement action against Encore for these same issues. In 2015, the CFPB agreed to resolve the EA through a consent order instead of litigation. It resulted in Encore paying $34 million in restitution and a $10 million civil money penalty.
Now the CFPB says Encore not only violated the terms of the 2015 consent order, but also the CFPA, including deceptive acts and practices, and the FDCA for false and misleading practices.
The CFPB says Encore left out disclosures in at least 750,000 instances, collecting over $300 million in debts in the process.
Alleged violations include:
- Suing consumers to collect debts even though the statutes of limitations had run on those debts (more than 100 lawsuits).
- Attempting to collect on debts for which the statutes of limitations had run without providing required disclosures (more than 425,000 collection letters).
The company also allegedly violated the CFPA by failing to disclose possible international-transaction fees to consumers over a six-month period, which limited consumer ability to make informed decisions about payment methods. Thousands of customers paid tens of thousands of dollars in these fees.
Takeaway: Follow the terms of a consent order—or face bigger problems down the road. You would think that paying $44 million in penalties and restitution would have been strong motivation to ensure compliance with laws governing debt collection. However, the CFPB alleges that the company continued with business as usual.
Ignoring findings is bad. Ignoring a consent order is even worse. If the company had to pay $44 million the first time around, I can only imagine what the cost might be if they lose the lawsuit.
If I had to guess, this was more than a failure to track findings. It sounds as if the company has a weak culture of compliance—one where the board and management do not set a tone from the top.
Take a moment to reflect on your FI’s culture of compliance. Is it where it needs to be, or does it need enhancements to function properly?
Company #2: A Network of Alleged Garden Variety Debt Collection Violators
In New York State, the CFPB and NYAG are working together to sue a network of five companies all under common control, an arrangement that helped make it look like the debt was repeatedly sold to other collectors. Additionally, the lawsuit includes two company owners and two managers.
The complaint alleges that from at least 2015 through the present, the defendants used deceptive, harassing, and improper methods to induce consumers to make debt payments. These methods put them in violation of the Fair Debt Collection Practices Act (FDCPA) and the Consumer Financial Protection Act (CFPA).
Among the alleged offenses are the following:
- Threatening consumers with arrest or legal action that the firms had no intention of taking or could not legally take.
- Threatening to contact consumers’ employers to disclose the debt.
- Claiming consumers owed more debt than they did in order to convince them to pay the amount they owed.
- Contacting consumers’ friends, family, and workplace to disclose the existence of a consumer’s debt or to shame or humiliate them.
- Harassing consumers by using intimidating, belittling, or using menacing language.
- Repeatedly and excessively phoning consumers.
- Failing to provide legally required notices informing consumers of their right to know how much they owed and their ability to dispute the amount or existence of the purported debt.
- Engaged in deceptive acts or practices in violation of the CFPA by misrepresenting that they would have the consumer arrested.
- Threatening lawsuits they did not intend to file.
- Threatening to garnish the wages of the consumer.
The company owners and managers named in the lawsuit are alleged to have “substantially assisted the firms in their deceptive conduct.”
"This lawsuit should send a clear message to debt collectors who violate the law that we will take action to stop such practices and protect consumers," said CFPB Director Kathleen L. Kraninger. "The Bureau is committed to holding these companies and individuals accountable for threatening, harassing, and deceiving consumers.”
The suit seeks consumer redress, disgorgement of ill-gotten gains, civil money penalties, and appropriate injunctive relief against the defendants.
Takeaway: If you scorn consumer laws regulating debt collection, the CFPB is going to take an interest—and it may bring state attorney generals along as reinforcement.
We've known for years that the CFPB is focused on debt collection and debt-related services, and that Fair Lending and UDAAP compliance are really hot areas of potential risk.
Lawsuits alleging violations of consumer law, including debt collection practices, presents both business risks and reputation risks.
If you're a financial institution or services provider who is involved in debt collection or settlement-related activities, make sure that you understand your risk and are managing it seriously.
In particular, make sure that you're evaluating your policies and procedures with UDAAP risk in mind.
Finally, note that the regulators will evaluate your third-party vendors' risks as your own. Make sure that you have a good sense of their risks, too.