Agency Compliance “Update 2015” Presented by Matthew Clark, Esq., Legal and Compliance Director

Table of Contents Creditors, Collection Agencies, Debt Buyers CFPB Compliance Management System Areas of Risk TCPA - cell phone calling violations FCRA – inaccurate credit bureau reporting violations FDCPA – 3rd party disclosure and other violations Bankruptcy Stay Violations Identity Theft Adding Unauthorized Collection Fees New Technology: email, texting, social media Compliance Summary

Creditors, Collection Agencies and Debt Buyers Regulated By Many Agencies Industry Specific Public Utility Commission – PUC U.S. Department of Education, Higher Education Opportunity Act Health Insurance Portability and Accountability Act - HIPAA State Fair Unfair Trade Practice Laws State Debt Collection Laws Local Attorneys Federal Federal Trade Commission - FTC Fair Credit Reporting Act - FCRA Fair Debt Collection Practices Act - FDCPA Consumer Financial Protection Bureau – CFPB*

New Sheriff in Town A Force to Be Reckoned With! CFPB AT&T Mobility to pay $45 million to settle violation of the Telephone Consumer Protection Act (TCPA). TeleCheck to Pay $3.5 Million for Fair Credit Reporting Act Violations World's Largest Debt Collection Operation Settles FTC Charges, Will Pay $3.2 Million Penalty CFPB Orders Chase and JPMorgan Chase to Pay $309 Million Refund CFPB Orders American Express to Pay $85 Million Refund to Consumers Harmed CFPB Fines Sprint $105 Million Capital One to pay $210 million in fines for misleading consumers

Consumer Financial Protection Bureau (CFPB) Created in response to the financial meltdown of 2008 Prevent future financial crises Created a new federal agency - CFPB Tasked with monitoring and responding to consumer complaints Has enforcement authority over creditors, debt collectors and rule-making authority under the FDCPA Office of Enforcement to provide periodic bulletins re: policies and priorities

Consumer Financial Protection Bureau (CFPB) CFPB expectations for compliance: Top down compliance – a meaningful commitment from top level executives Clear policy statements regarding consumer compliance Governed by agency-wide standards, policies and procedures Compliance oversight should be independent from business line; have sufficient resources and clear authority to identify and resolve compliance issues.

CFPB Compliance Management System Board of Directors oversight – one consistent voice from the top Ensuring compliance with consumer financial laws and regulations and addressing and prevent associated risks of harm to consumers Sets policies, procedures, and standards to prevent violations and to detect and prevent associated risks of harm to consumers Ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes Reviews processes for the identification of new regulatory requirements, changes in requirements, and planning for implementation Communicate compliance responsibilities to all employees Formal complaint process to assist consumers; provide timely and appropriate response to consumer complaints Take corrective action; update tools, systems, and materials as necessary

CFPB Compliance Management System Create a Culture of Compliance On Going Compliance initiative One consistent message from the top Promote a culture of compliance within the organization Clear policy statements regarding consumer compliance Governed by agency-wide standards, policies and procedures

CFPB Compliance Management System Create Four Interdependent Control Components: BOD/Management Oversight Compliance Program Policies and Procedures Training Monitoring Timely and appropriate corrective action Response to consumer complaints Compliance Audit – Independent from Operations

CFPB Compliance Initiative A Culture of Compliance Role of ALL employees: Act in compliance with all applicable laws and regulations Follow all policies and procedures Focus on excellent customer service Generate fewer complaints and lawsuits Generate a more positive image for other employees Generate a more positive image for all clients 10

TCPA (Telephone Consumer Protection Act) TCPA prohibits using autodialer or prerecorded message to call a consumer‘s wireless phone without obtaining the prior express consent of consumer. Okay to use autodialer if given prior consent of the cell phone subscriber to call the number (express consent) Okay to use autodialer if the consumer knowingly released the number to the client and the client provided that number to agency (FCC/ implied consent) Okay to manually dial cell phone number (collector can get express consent at inception of call) Manual calls made without the use of an autodialer will not violate the TCPA. 11

TCPA Policies & Procedures Policies and Procedures should be in place to comply with the TCPA Phone numbers provided by client upon placement are acknowledged in an identified field (implied express consent) Phone numbers located through skip-tracing efforts are placed in a separate field (no prior express consent) Utilize available technology (cell phone scrub) for unidentified skip-traced phone numbers Manually dial cell numbers and request express permission at beginning of call

FCRA (Fair Credit Reporting Act) Any business entity reporting consumer information to a credit reporting agency (CRA) is a data furnisher for purposes of FCRA. A data furnisher must report accurate information and has a duty to update or correct information previously reported. Data furnishers must establish and implement reasonable written policies and procedures regarding the accuracy and integrity of consumer information provided to a CRA. Consumers have a right to directly dispute inaccurate information in their consumer report with the furnisher of information. 13

FCRA Written Polices & Procedures Agency is data furnisher under FCRA Agency makes a good faith effort to determine the accuracy of all account information reported to the credit bureaus Agency policy-do not report if an account does not have a social security # in order to ensure proper reporting Agency policy-do not report skip traced data to the credit bureaus – this eliminates errors Contacts the original creditor or other reliable source to verify accuracy and integrity of disputed information Agency should have reasonable written policies and procedure to prevent such errors

FDCPA (Fair Debt Collections Practices Act) Purpose: to eliminate abusive debt collection practices Governs all communications regarding collection of consumer debt Communications: the conveying of information regarding a debt directly or indirectly to any person through any medium Broad definition is intended to encompass every possible means of communication regarding a debt Conflicting Provisions of FDCPA Voicemails are first step in a process designed to communicate with debtor about a debt. Applies to information conveyed directly or indirectly. A voice message is a communication under the FDCPA Agency must provide meaningful disclosure (identify agency and provide mini-Miranda Agency must not disclose information regarding a debt to third parties (third party disclosure) Leaving meaningful disclosure may cause a third party disclosure violation if someone other than consumer listens to the message. 15

FDCPA Vendors must provide meaningful disclosure (identify agency and provide mini-Miranda) Vendors must not disclose information regarding a debt to third parties (third party disclosure) Vendors must remove phone number from system once consumer notifies we have reached the wrong party (wrong number contacts) Falsely representing the character, amount or legal status of a debt (collecting debt included in automatic BK stay or discharged by an order of the BK court) 16

ACA International Recommends Foti Compliant Message “This message is for [debtor name]. If we have reached the wrong number for this person, please call us at [phone #1] to remove your phone number. If you are not [debtor name], please hang up. If you are [debtor name], please continue to listen to this message. (pause for 3 seconds) “[Debtor name], you should not listen to this message so that other people can hear it as it contains personal and private information. (Pause) This is [collector name] from [ABC]Collection Agency. This is an attempt to collect a debt by a debt collector. Any information obtained will be used for that purpose. Please contact me about an important business matter at [phone #2]”.

Bankruptcy Stay Violation Automatic stay prohibits almost all collection activity, including legal action, garnishment, and contact by phone or mail in an attempt to collect a debt. Automatic stay is very broad and applies to nearly every attempt to collect on a pre-bankruptcy debt, there are a few exceptions where the automatic stay does not apply: some child support actions, some state and federal tax debts, debts incurred after the bankruptcy case was filed. It is important to know whether the automatic stay applies to the collection action. If a collections attempts continue to collect violates the automatic stay, it may also violate other state or federal laws including: State unfair trade practice laws Federal Fair Debt Collection Practices Act  State fair debt collection practices laws, or Fair Credit Reporting Act.

FDCPA Agency Compliance Caveat: No fail safe course of action Establish a bona fide error defense Violation must not be intentional Maintain procedures reasonably adapted to avoid such errors Use ACA International’s recommended Foti-compliant message Agency should have written policies and procedures prohibiting collectors from disclosing debts to third parties

Identity Theft Industry leaders believe that the overall most important issue to be dealt with is privacy and security of data. Identity theft means fraud committed or attempted using the personally identifiable information of another person without authority. Consumer‘s Identifiable Information: First, middle, or last name Date of Birth Address Telephone or wireless number Social Security Number Government issued identification number Maiden name Account number 20

Identity Theft Written Policies & Procedures Agency should have reasonable written policies and procedures in place to detect, prevent and mitigate the risk of identity theft Agency may adopted the ACA International Model Identity Theft Prevention Program Training and employee awareness decrease internally caused breaches.

FDCPA Adding Unauthorized Collection Costs The question: Can collection costs legally be added to a debt? FDCPA, Section 808(1) forbids “the collection of any amount (including any interest, fee, charge or expense incidental to the principal obligation) unless such amount is expressly authorized by the agreement creating the debt or permitted by law.” This includes collection costs. The answer: It is forbidden under FDCPA regulations unless….. Such amount is expressly authorized by the agreement creating the debt or, It is permitted by law Laws evolve as court rulings, regulations and opinions are decided

Can collection costs legally be added? The Federal Trade Commission (FTC) Official Staff Commentary says, “A debt collector may attempt to collect a fee or charge in addition to the debt if either (a) the charge is expressly provided for in the contract creating the debt and the charge is not prohibited by state law, or (b) the contract is silent but the charge is otherwise expressly permitted by state law.” “Conversely, a debt collector may not collect an additional amount if either (a) state law expressly prohibits collection of the amount or (b) the contract does not provide for collection of the amount and state law is silent.”

New Technology email, text, social media Benefits Money saved on letter printing costs & postage Speed of electronic communication Trend toward primary source of communication Risks No current law on point Not secure Consent issues Disclosure requirements Risk of 3rd party disclosure Compliance Communication – FDCPA applies Can’t misrepresent or communicate in a false or deceptive way Must obtain prior express consent Must provide required disclosures 24

New Technology Agency Compliance Agency should have policies and procedures in place to address new technology and comply with current law Trains and monitors collections staff for compliance Keeps abreast of trends and latest developments in the law

Steps to Ensure Compliance Compliance Initiative/Customer Service Focus On Going Nation-wide call recording and speech analytics National standardized training and auditing Policies and Procedures implemented to prevent and/or mitigate risk Bankruptcy (automated/manual) Credit bureaus reporting (automated/manual) Cell phone calling (automated/manual) Adding authorized fees and costs (automated/client contract) 3rd party disclosure (automated/manual) Wrong party contacts (automated/manual) Client contracts – risk reduction plan

Thank You! Matthew Clark, Esq., Legal and Compliance Director EOS 781-753-4414 Matthew.Clark@EOS-CCA.com