The 11th Circuit’s far-reaching decision in Hunstein v. Preferred Collection and Management Services, Inc. has created panic for those companies that fall within the FDCPA’s definition of “debt collector” and for the creditors that use them. Most back office teams are scrambling to operationalize worst case scenarios with passionate pleas to secure funding, hire-up and triage.
I recently participated in a panel at the 2021 AFSA Independents Conference about the operational impacts of Hunstein. While the hypothetical (yet very real) impacts of the 11th Circuit case continue to dominate the headlines, there’s plenty of work to do now to address the potential fallout of this case and the 200+ copycat cases flooding the court systems nationwide.
Here’s what we know:
The interpretation Hunstein assigns to FDCPA requirements of §1692c (b) that a debt collector’s communication of a consumer’s personal information to a third-party print vendor is a violation, with the print vendor failing to meet any of the exemptions under the current regulation.
If upheld, a third-party collection agency cannot send personal information about a debt, for the purposes of collecting a debt, to a third-party vendor that is not authorized for such communication and disclosure. The options are to hire an approved letter vendor that meets the regulatory exceptions or in-source the work.
In its decision, the Eleventh Circuit acknowledged that it “runs the risk of upsetting the status quo in the debt-collection industry.
“We presume that, in the ordinary course of business, debt collectors share information about consumers not only with dunning vendors like Compumail, but also with other third-party entities. Our reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost.
What if Hunstein is reversed?
What’s equally distressing is what will happen if Hunstein is reversed. Covered parties will still have to comply with separate standards pertaining to the proposed debt collection rule, existing FDCPA regulations, threatened litigation and any new onslaught of complaints and violations of unauthorized sharing of PII and other privacy laws. In other words, the audits are forthcoming, and you’ll need to have your answers prepared.
Here’s what you can do now to prepare for either outcome:
1. Explore alternatives to spinning the dialer and sending collection letters which are no longer optimal methods of collecting. While sending certain disclosures to the debtor is necessary by certain regulations, there are more personalized ways to engage borrowers and encourage payment behavior. Go beyond collections campaigns and expand self-service features to increase engagement at the earliest opportunity to help prevent default.
2. Evaluate the soundness of a decentralized collections strategy. Ask the tough questions and assess your risk. How many people in your organization are engaged in collections? Especially for decentralized collections, does everyone involved understand the regulations and have functional knowledge on how to apply policies and procedures to their jobs and tasks. Are they properly trained on applicable regulations and monitored for compliance to identify errors and course correct any potential harm?
3. Look at what you are sharing for PII with a focus on what fields are necessary for the outsourced process. Personal information like payment, balance and borrower information are necessary for the collection of a debt. Some processes like bankruptcy scrubs should not require the same level of detail. Are you oversharing information that a third party should not require to complete its outsourced process? Are they sharing your information with other third parties? If so, your vendors should have the same understanding and interpretation of regulatory standards pertaining to data access and sharing of information. Confirm down the chain that all parties understand the regulations, restricted behavior and the risk that non-compliance carries for all.
4. Define your governance and control framework – and implement it. Refresh the due diligence requirements and shared expectations of your vendors. How often do you review their actual calls and operations for compliance with stated procedures, policies, expectations and SLAs?
5. Dust off UDAAP and train your people – all of them. Talk about the view of a “least sophisticated debtor.” If your people cannot define UDAAP, they certainly won’t be able to spot it when it’s happening. Challenge your vendors to show evidence of the same.
These are rough waters. Taking these steps can make a difference for audit and exam preparation – and mitigating consumer disruptions in a highly regulated market. Ask for help from industry experts that have fared prior storms with intense regulation and oversight requirements.
Hunstein is the most recent disruption to operational norms, but it certainly won’t be the last. Solid governance and control frameworks support strong cultures of compliance. This is one area where preparation can be the difference.