Two recent Consumer Financial Protection Bureau (CFPB or Bureau) enforcement actions – CFPB v. Freedom Stores, Inc., and In re DriveTime – suggest that the CFPB is turning its attention to original lender or "first-party" collection practices to collect debt, including those used by retail merchants and other lenders. Although first-party collections are largely exempt from the Fair Debt Collections Practices Act (FDCPA), the CFPB challenged the allegedly unlawful practices in the two actions using its general unfair, deceptive, and abusive practices (UDAAP) authority under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). We highlight below how the CFPB applied this authority to lenders, and address how these two actions may signal the CFPB's intentions with respect to first-party collections in its pending debt collection rulemaking.

Freedom Stores and DriveTime – CFPB Spotlight on First-Party Collections

In Freedom Stores, the CFPB and the attorneys general of North Carolina and Virginia challenged the collection practices of a Virginia-based retailer that operates near military bases nationwide. The company provided credit to consumers who purchased goods, and then subsequently transferred the credit contracts to an affiliated company for servicing and collecting (when delinquent). According to the CFPB, Freedom Stores and its affiliated companies violated the Consumer Financial Protection Act (CFPA) (part of Dodd-Frank), the Electronic Fund Transfer Act, the Truth in Lending Act, and state laws by using illegal tactics to collect debts, including filing illegal lawsuits in distant forums, debiting consumers' accounts without authorization, and contacting service members' commanding officers. The consent order settling the complaint requires Freedom Stores to provide partial refunds to affected consumers (in total, over $2.5 million); update information previously reported to credit reporting agencies; and implement compliance policies and procedures.

Similarly, in DriveTime, the CFPB brought an administrative action against a "buy-here, pay-here" dealer, e.g., a dealer that both sells cars and originates loans for such sales. According to the CFPB, the company engaged in the following unlawful collection practices:

  • Placing harassing calls to borrowers at work or to borrowers' references;
  • Making excessive, repeated calls to wrong numbers;
  • Providing inaccurate repossession information to credit reporting agencies;
  • Failing to properly handle credit information furnishing disputes; and
  • Failing to implement reasonable procedures to ensure the accuracy of consumers' credit information.

To settle the matter, DriveTime agreed to pay an $8 million civil money penalty, end its unfair collection tactics, fix its credit reporting practices, and arrange for harmed consumers to obtain free credit reports.

Does Enforcement Show the Path for Regulation?

While the CFPB's enforcement branch has been busy targeting first-party collection practices, the rulemaking division has been considering regulations that would potentially cover first-party collections. In November 2013, the CFPB issued an announced notice of proposed rulemaking (ANPRM) that requested comment on all manner of debt collection practices. Although the proposed rule acknowledged that "first-party collections are largely exempt from the FDCPA," the CFPB also cautioned that first-party collections are "a significant concern in their own right," and that the CFPB was therefore seeking comment on whether to extend any of the proposed rules to cover creditors.

The enforcement actions in Freedom Stores and DriveTime suggest that the CFPB may address the collection practices of first-party creditors in its pending rulemaking. These rules could potentially cover initial collection communications; telephone calls; requirements related to the substantiation of debts; litigation requirements; and prohibitions on abusive and harassing collection practices. Any attempt by the CFPB to impose debt collection requirements on lenders, however, will likely provoke a strong response from the banking and credit industries. In response to the ANPRM, for example, several trade associations submitted comments arguing against the expansion of FDCPA-like restrictions and requirements to first-party collectors.

Compliance Tips in an Uncertain Regulatory Environment

Regardless of where the CFPB ends up in its debt collection rulemaking, the enforcement actions in Freedom Stores and DriveTime demonstrate the need for first-party creditors to confirm appropriate collection policies and procedures. To help with this process, first-party creditors should start by reviewing the guidance that the CFPB has issued on debt collection, including a number of compliance bulletins, quarterly supervisory highlights, and the CFPB's examination manual (which provides a good overview of applicable law and areas of potential concern).

Next, according to the CFPB's examination manual, all supervised entities must develop and maintain a compliance management system (CMS) that is integrated into the entity's framework for product design, delivery, and administration. Starting from the top, the CFPB expects a company's board and management to exercise oversight over the company's operations and to ensure that sufficient financial and staff resources are allocated to compliance efforts. Board members, management, and staff should receive appropriate training on a regular basis, covering compliance with federal financial and consumer protection laws. In addition, the company should implement a process for regular internal and external compliance audits to review operations for compliance with applicable legal requirements.

To be effective, a CMS should address how a lender monitors for, and responds to, consumer complaints and inquiries. The CFPB has stated that consumer complaint information should be organized, retained, and used as part of a company's operations. Further, a creditor should investigate consumer complaints related to its lending and collection practices and take prompt corrective action to address such complaints or any other indications of systemic weaknesses that pose a risk to consumers.

Finally, the CFPB has emphasized that regulated entities should monitor their business relationships with service providers to ensure compliance with federal financial and consumer protection laws. Any first-party creditor that works with third-party collectors should conduct appropriate due diligence on their business partners and monitor them for compliance with applicable consumer protection laws and regulations.

The CFPB has covered a lot of ground in its first few years of operation, tackling issues related to credit card marketing practices, student lending, mortgages, and payday lending, among many other issues. The Freedom Stores and DriveTime actions, and even the CFPB's recent complaint against a large mobile carrier involving billing practices (cramming), suggest that the Bureau is focused on original lender collection and billing practices. These enforcement actions provide a blueprint for the Bureau's intentions in future rulemakings, including the pending rulemaking for debt collection. To prepare for these developments, any merchant or lender that provides credit to consumers should review its policies and procedures for compliance with applicable consumer financial laws and areas of potential unfair, deceptive, or abusive acts and practices.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.