Archives for January 2021

As anticipated, the Consumer Financial Protection Bureau’s (CFPB) now Former Director Kathy Kraninger submitted her resignation letter to President Biden per his request that she step down. Kraninger posted the letter — dated January 20 and effective immediately — on her Twitter account. Kraninger expresses what she’s said in many Congressional hearings throughout her tenure regarding the directorship of the Bureau, and is supported by the U.S. Supreme Court’s decision in Seila— that the President should have the ability to choose who leads agencies in their administration.

[article_ad]

In the letter, Kraninger discusses the initiatives that the CFPB undertook under her leadership. These initiatives include consumer education, regulations for clear rules of the road for financial institutions (including Regulation F, the debt collection rule), and the Bureau’s oversight and enforcement work. 

With Kraninger’s resignation, the way is now paved for President Biden’s pick — Rohit Chopra — to undergo the appointment process and take the helm of the Bureau. With a Democrat majority in Congress, Chopra will likely have little trouble getting confirmed for the role. Chopra’s official comments and statements from his time at the Federal Trade Commission provide some insight into his views of the debt collection industry and market.

insideARM Perspective

With a shift in leadership at the Bureau, there will likely be many changes in the next several weeks and months. The Bureau will likely be shifting back to a Cordray-esque approach. Stay tuned as we follow the changes here at iA.

On Tuesday, 19 January 2021, Massachusetts’ Division of Banks hosted a webinar titled “Debt Collection Practices: Perspectives and Highlights from the Massachusetts Division of Banks and Useful Resources.” (You can watch the full presentation here.) 

The webinar reviewed the Division of Bank’s regulatory oversight of debt collectors, highlighting the Division’s approach to consumer finance examinations as well as reviewing past and current examination trends. Massachusetts DOB also discussed the ongoing nationwide collaborations involving multi-state examination efforts and consumer outreach campaigns, such as the recent “Operation Corrupt” Campaign.

This was a pretty comprehensive agenda, especially for only an hour, and not everything on the agenda was addressed. But here are the highlights:

• During the continuing pandemic, Mass. DOB’s examinations of debt collectors has had a strong focus on the quality and frequency of calls made.
• The DOB is also focused on ensuring proper payment flow: that is, that payments from consumers are correct, that they aren’t being assessed unnecessary (and illegal) fees, and that agency payment accounts are used appropriately.
• In collaboration with other states’ regulators, the DOB is rolling out a new State Examination System in order to better coordinate efforts across states and with the Federal Government.
• Mass. DOB — and other states — are also starting to show an increased interest in data security measures companies have in place.
• As has been the practice generally, the DOB will focus most of its investigative time on agencies with high volumes; they see these companies as posing the greatest potential threat to consumers.
• Companies that are working payday loan accounts in Massachusetts were reminded that payday loans are complicated. Most payday loans in Massachusetts are not legal loans, which means a collection agency would have no right to collect on those debts. The relationship between payday loan client and collection agency is one that will need continual review to make sure agencies are not collecting on illegally granted payday loans.

One final note: Massachusetts has yet to fully compare their state laws with the incoming Regulation F. There may be changes, or realignments, to some of Massachusetts’ rules for debt collectors after a complete review and comparison.

On Jan. 11 Washington State Sen. Reuven Carlyle introduced SB 5062, the Washington Privacy Act (WPA). Its predecessors, SB 6281 and SB 5376, failed to pass in 2020 and 2019, respectively.  A public hearing was held before the Environment, Energy & Technology Committee on Jan. 14, and the bill is scheduled for a committee executive session on Jan. 21.  Sen. Carlyle thoughtfully released a draft of the legislation in September 2020.

The legislation contains many requirements found in the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), but also focuses on the roles and responsibilities of “controllers” and “processors” like the EU’s General Data Protection Regulation (GDPR).  It addresses both data privacy and data security concerns as well as contact tracing.

Thresholds

The legislation “applies to legal entities that conduct business in Washington or produce products or services that are targeted to residents of Washington, and that satisfy one or more of the following thresholds:

• During a calendar year, controls or processes personal data of 100,000 consumers or more; or
• Derives over 25 percent of gross revenue from the sale of personal data and processes or controls personal data of 25,000 consumers or more.”

From 2020, this increases the number of entities that would be subject to the act by decreasing the gross revenue threshold from 50 percent to 25 percent.

[article_ad]

Exemptions

For the most part, the WPA generally excludes from its provisions the same information and entities as the CCPA, including “[p]ersonal data collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley act. . .”

Consumer Rights

The legislation gives consumers certain rights regarding the processing of their personal data, defined as “any information that is linked or reasonably linkable to an identified or identifiable natural person,” and “does not include deidentified data or publicly available information.”

Specifically, consumers are granted the right to access, correct, delete and receive their personal data as well as to opt-out of its processing for certain purposes, such as for targeted advertising, sale or profiling.  A “sale” is “the exchange of personal data for monetary or other valuable consideration by the controller to a third party,” subject to a number of exclusions.

A consumer has the right to appeal any decision made by a controller with respect to a request, instructions for which must be “conspicuously available,” and the controller must also “provide the consumer with an email address or other online mechanism” for submitting the appeal, and any response, to the attorney general.  Additionally, when informing a consumer of the results of the appeal, a consumer must be informed how to file a complaint with the Attorney General’s Consumer Protection Division.

Privacy Notice

A controller’s privacy notice must include:

1. The categories of personal data processed;
2. The purposes for which the categories of personal data are processed;
3. How and where consumers may exercise the rights;
4. The categories of personal data that the controller shares with third parties; and
5. The categories of third parties with whom personal data is shared.

Sensitive Data

The legislation places restrictions on the processing of “Sensitive Data,” which is:

1. Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sexual orientation, or citizenship or immigration status;
2. Genetic or biometric data for the purpose of uniquely identifying a natural person;
3. Personal data from a child; or
4. Specific geolocation data.

Sensitive data cannot be processed without first obtaining consent from the consumer or, when applicable, a child’s parent or guardian.

Controllers & Processors

A processor must follow the instructions of the controller, which must be dictated by a contract that “sets out the processing instructions to which the processor is bound, including the nature and purpose of the processing, the type of personal data subject to the processing, the duration of the processing, and the obligations and rights of both parties.”  This requirement also applies to the relationship between processors and their subcontractors.

Data Minimization

Without consumer consent, controllers “may not process covered data for purposes that are not reasonably necessary to, or compatible with, the covered purposes for which the personal data is processed.”

Data Security

Controllers are required to “establish, implement, and maintain reasonable administrative, technical, and physical data security practices” that are “appropriate to the volume and nature of the personal data at issue.”  Additionally, they must conduct data protection assessments that must be provided to the Attorney General if requested in relation to an investigation.  The assessments would not be available to the public.

Enforcement

The legislation does not create a private right of action, except as described below with respect to contact tracing. 

Enforcement is vested with the Attorney General, but there is a 30-day cure provision.  An uncured violation is considered “an unfair or deceptive act in trade or commerce, and an unfair method of competition for the purpose of applying the consumer protection act,” and may result in an injunction or a civil penalty up to $7,500 per violation.

Contact Tracing

The legislation also addresses contact tracing, or “covered purpose,” defined as “processing of covered data concerning a consumer for the purposes of detecting symptoms of an infectious disease, enabling the tracking of a consumer’s contacts with other consumers, or with specific locations to identify in an automated fashion whom consumers have come into contact with, or digitally notifying, in an automated manner, a consumer who may have become exposed to an infectious disease, or other similar purposes directly related to a state of emergency declared by the governor . . .”

Generally, contact tracing information cannot be processed unless an individual is provided with a privacy notice and gives consent, and controllers and processors have responsibilities similar to those with respect to personal data. 

Unlike the enforcement provisions appliable to personal data, a violation of the contact tracing provisions allows for a private right of action.

Effective Dates

The sections relating to the processing of personal data would take effect July 31, 2022. The sections pertaining to contact tracing would take effect immediately upon enactment.

In a press release announcing his picks for several key posts in his administration, President-elect Biden selected Rohit Chopra to replace Kathleen Kraninger as the next Director of the Consumer Financial Protection Bureau (CFPB). Chopra, who currently serves as a Commissioner on the Federal Trade Commission (FTC), is no stranger to the CFPB. Prior to his time at the FTC, Chopra served as the CFPB’s Assistant Director.

During his prior tenure at the CFPB, Chopra focused on the Bureau’s student loan efforts, serving as the Student Loan Ombudsman. 

Chopra’s Positions on Debt Collection Issues

In November 2020, Chopraissued a statement regarding the FTC’s enforcement action against a debt collector, Midwest Recovery Systems. The summary points from the statement include:

• The FTC’s go-it-alone debt collection enforcement strategy frequently leads to outcomes where victims receive only a miniscule percentage of their losses – or even nothing at all. 
• To best serve the public and stop debt collection abuses, the FTC should work in concert with the Consumer Financial Protection Bureau. Joint actions will help make victims whole through access to the CFPB’s Civil Penalty Fund and reduce duplicative efforts. 
• As Commissioners, we must stop ignoring Congress and must recalibrate agency priorities and strategies in the financial services arena. 

Chopra also stated:

When debt collectors engage in illegal conduct, this harms families and their honest competitors. Decades ago, Congress recognized that our laws needed to do more to redress injuries, noting that collection abuses contribute to “personal bankruptcies, to marital instability, to the loss of jobs, and to invasions of individual privacy.”In addition, cracking down on abuses would ensure that “those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged.” 

Prior to this, Chopra issued a comment in September 2019 outlining his concerns with the CFPB’s then-proposed debt collection rule (now finalized as Regulation F). His primary concerns — other than the fact that student loan borrowers have little to no market power — were with:

• The impact that private collection agencies (PCAs) have on consumers;
• That delinquency might not be the appropriate trigger for consumer protection for student loan borrowers considering the FSA’s collection ecosystem; and
• Call volumes.

[article_ad]

insideARM Perspective

The CFPB is still a young agency — tomorrow, it enters only its third presidential administration since its inception. It’s an interesting contrast in how the directorship baton is passed compared to the first transition when President Trump took office. 

At the beginning of Trump’s administration, then-Director Richard Cordray’s 5-year term had not yet ended so there was an overlap. Then, when Cordray announced his resignation in November 2016, a battle ensued between Trump’s pick for interim director (Mick Mulvaney) and Cordray’s pick (Leandra English). Mulvaney won.

What followed was a court battle in Seila v. CFPB, where the company challenged a Bureau CID by arguing that the CFPB’s unconstitutional structure — where the director may only be removed by the President for cause — tainted the Bureau’s actions. The directorship of the Bureau was specifically designed to hold a 5-year tenure to prevent it from being a politicized position depending on who sat in the Oval Office. Of interest, the Bureau and its structure were created while Biden served as Vice President.  The U.S. Supreme Court found that this structure violated the separation of powers and struck the “for cause” clause.

The Seila decision essentially mandated that the President can remove the Director of the CFPB at will, and it looks like Biden plans to do just that.

For privacy-minded folks whose new year’s resolutions include a wellness commitment, read the fine print before donning a wearable or downloading an app to help you track health or wellness issues. Last week in its second information privacy and data security enforcement action of 2021, the Federal Trade Commission (FTC) announced its settlement with a popular women’s health tracking app developer who misled the public about disclosures it was making of its users’ health data. As it has in the past the FTC arrived at its resolution of this case by studying the privacy promises the app developer had made to users in comparison to how it actually conducted its business. The FTC found that the app developer Flo Health, Inc. (“FHI”) promised to keep its users’ data private but instead even after receiving adverse media coverage for disclosing sensitive health data stayed on a perilous course of oversharing. The FTC’s first 2021 information privacy and data security enforcement action, noted below, was against Everalbum, Inc. d/b/a “Ever” and “Paravision” for intentionally making unauthorized and unconsented uses and disclosures of consumers’ biometric information captured through a mobile app. 

In its Consent Order, FHI has agreed to instruct any third parties to whom it improperly shared users’ data to delete and destroy any such information. In addition, it must take steps to inform all members of its workforce, its advisors and its vendors to, among other things, take steps to assure none misrepresent in “any manner, expressly or by implication” the ways in which users may control FHI’s use and disclosure of their own information, including deletion of that information.” Interestingly this Consent Order (and the Everalbum consent order) emphasizes two important fair information privacy principles as follows: first, exactly what a “clear and conspicuous” disclosure is to consumers regarding a company’s privacy policies; and, second, the importance of obtaining consumers’ “affirmative express consent.” As we experience an Administration change, it will be interesting to see if the features of these early 2021 information privacy and security enforcement actions are signaling a direction the FTC plans to take this year in pursuit of its commitment to assure that businesses using apps, websites, and other technology resources to interact with the public are keeping the privacy promises they make and are not misusing the “tsunami” of consumers’ information they collect from unsuspecting app users.  

In last week’s press release, the FTC’s Director of its Bureau of Consumer Protection, Andrew Smith, explained that “apps that collect, use, and share sensitive health information can provide valuable services, but consumers need to be able to trust these apps.” Director Smith promised that the FTC is looking closely “at whether developers of health apps are keeping their promises and handling sensitive health information responsibly.” The FTC has been very effective flexing its enforcement powers for nearly two decades to challenge the privacy promises businesses make but fail to keep to the public. Since its original 2002 privacy and data security enforcement action brought against Eli Lilly & Co under the leadership of then Director J. Howard Beales, III, the FTC’s commitment to be a watchdog on privacy and data security issues from the public has remained unwavering. In that case, the FTC challenged Eli Lilly when it was responsible for the unauthorized disclosure of consumers’ sensitive information collected through its Prozac.com website, despite its public promises to consumers that it had implemented a host of measures to protect the confidentiality of the information “guests” shared with Eli Lilly via the website. 

The FHI consent order requires FHI and Everalbum to obtain an independent third party consultant review of its privacy practices against the EU-U.S. Privacy Shield Framework Principles and defeats any basis FHI may have for withholding documentation on “the basis of a claim of confidentiality, proprietary or trade secrets, work product protection, attorney-client privilege, statutory exemption, or any similar claim.” FHI must also cooperate with the privacy consultant’s findings, must designate one or more persons to certify their compliance with the Consent Order, must submit any “covered incident” reports within thirty (30) days of discovering same that are the same or similar to the complaints that led to this enforcement action, and is subject to supervision and governance for five years from the date of the Consent Order.  

The FHI case is not the FTC’s first privacy enforcement action of the year. A few days earlier the FTC announced it had reached a settlement with Everalbum, Inc. for failing to obtain consumers’ express consent before using facial recognition technology on the photos and videos consumers were uploading to an “Ever” app. Among the features of the FTC’s settlement is also a mandate that Everalbum delete all algorithms and models it developed through the use of unsuspecting users’ photos and videos. Unlike the FHI Consent Order’s five year reach, the Everalbum Consent Order appears to include compliance monitoring over a ten-year span but the Order itself will not terminate for twenty (20) years from the date it is issued. 

Although the FTC voted unanimously to support the resolution of the Everalbum enforcement action, Commissioner Rohit Chopra — who is now President-elect Biden’s pick for the post of Director at the Consumer Financial Protection Bureau — filed a compelling additional statement. Commissioner Chopra notes the importance of the FTC’s order that Everalbum delete its algorithms and models – which he characterizes as the “fruits of its deception.”  He signals this as “an important course correction.” While he is disappointed that the FTC did not fine Everalbum for its deception he explains that “with the tsunami of data being collected on individuals, we need all hands on deck to keep these companies in check. … while special interest are actively lobbying for federal legislation to delete state data protection laws, it will be important for Congress to resist these efforts.  Broad federal preemption would severely undercut this multi-front approach and leave more consumers less protected.”  

ST. PAUL, Minn. — IC System, one of the largest collection agencies in the United States, is pleased to announce Bart Shea as Vice President of Business Development. Bart will expand IC System’s nationwide presence in the healthcare industry, specifically in the Western region. 

Bart comes to the role with over 23 years of experience in healthcare receivables management. Bart started his healthcare career in 1997 with a medical receivable management company in Scottsdale, Arizona, as a front-line healthcare recovery specialist.  

In his previous role, Bart, a true leader, quickly advanced to the Director of Collections. He oversaw day-to-day operations and found creative ways to leverage his team, workflow redesign, and technology to bring a healthier level of recovery to the company’s clients. Knowing Bart as a natural people person, the owner of that company asked if he would head their sales division, where he brought value to clients over the next 15 years.   

Along with his operational experience and a rich history of sales in the Western territory of the United States, Bart has also been very involved in the New Mexico and Arizona chapters of Healthcare Financial Management Association (HFMA). An HFMA Certified Revenue Cycle Representative, Bart currently serves as the Arizona HFMA’s Programs Co-Chair and is slated to be the incoming President next chapter year.       

In his role with IC System, Bart will bring his unique perspective and expertise to healthcare organizations looking to increase their account recoveries, decrease patient complaints, and focus on making collections better.  

Karen Jonas, IC System’s Senior Vice President Business Development, had this to say: “I couldn’t be more excited to add Bart to our talented Sales team. Bart’s knowledge and experience will be invaluable as we continue to grow our Healthcare division in the West.”  

[article_ad]

About IC System

IC System is one of the largest receivables management companies in the United States. Founded in 1938, IC System is a privately held accounts receivable management firm in its third generation of family ownership. IC System provides customized, tailor-made debt recovery solutions for healthcare, dental, small business, government, utilities, and telecommunications industries nationwide. Follow IC System on Twitter at @icsystem or on Linkedin.

Yesterday, the Consumer Financial Protection Bureau (CFPB) issued a statement that provides financial services institutions with guidance on how to better serve consumers that have limited English proficiency (LEP). If this feels like déjà vu, it’s likely because it sounds very similar to the LEP rule for debt collectors promulgated by New York City’s regulator last year in the midst of the COVID-19 pandemic. While the policy behind each — the CFPB’s statement and the NYC LEP rule — are similar, there are some differences, the biggest of which is that the CFPB statement contains guidelines, not rules. Read on to learn more.

The CFPB’s statement discusses how LEP consumers are at risk of receiving different treatment than their English-speaking counterparts:

Currently, many LEP consumers are not fully integrated into the financial marketplace despite being a significant portion of the U.S. population (approximately 25.5 million individuals). Due to language access issues, LEP consumers face unique challenges in learning about and accessing financial products, services, and education tools; understanding and completing key financial documents; managing bank accounts; and resolving issues with financial products and institutions. For example, financial disclosures and written documents are generally not available in non-English languages.

The statement suggests that financial institutions take steps to fill the gap. If such steps are taken, however, institutions need to ensure that there are compliance management measures in place to prevent UDAAP violations.

The statement recognizes that institutions will need to make certain decisions on where to provide translation services, as translating into every possible language is not feasible. Among other steps, the Bureau suggests evaluating whether the communications provide essential information to the consumer, referencing debt collection:

To determine whether a verbal or written communication is one that significantly impacts consumers, financial institutions may consider whether the communication conveys essential information about credit terms and conditions (e.g., loan pricing), or about borrower obligations and rights, including those related to delinquency and default servicing, loss mitigation, and debt collection.

[article_ad]

The statement, which is a quick 23-page read, can be found here.

After the U.S. Supreme Court decided Spokeo in 2016, there was an unfulfilled moment of hope. Defendants in Fair Debt Collection Practices Act (FDCPA) cases would file motions to dismiss based on lack of standing only for the courts to repeatedly deny those motions. Spokeo required that plaintiffs prove their injury is concrete and particularized, but courts followed a pattern of finding that statutory damages — such as the ones permitted through the FDCPA — were concrete enough. It took a few years, but the winds are now blowing in the other direction and a new trend is emerging: a no harm, no foul approach to FDCPA standing.

This new trend began in the 11th Circuit with the Trichell case and it’s not barreling down at full speed in several other circuit courts of appeal. The 11th Circuit’s “no harm, no foul” approach to standing has now seen its partners in the Seventh Circuit, which issued an avalanche of decisions in December finding that the respective FDCPA plaintiffs had no standing to bring their claim, as well as the Ninth Circuit. 

Here’s a sampling of the Seventh Circuit cases:

• Nettles: Complaint alleged defendant sent a letter that overstated the balance by $100. Seventh Circuit said the only injury claimed is the receipt of a non-compliant letter, which is not actual harm since the consumer admitted on appeal that the letter didn’t affect them at all.

• Bazile: Complaint alleged the typical interest disclosure claim. The district court initially found that plaintiff had standing, but Seventh Circuit remanded with instruction to conduct an evidentiary hearing on the issue.

• Burnett: Complaint alleged the typical 1099C allegations. The District Court granted the defendant’s motion for summary judgment on the case, but the 7th Circuit vacated the order and remanded the case to be dismissed because the consumer did not have standing. The consumer admitted in deposition that the letter merely confused them but was not tied to an injury, and confusing alone doesn’t suffice. 

The others are Gunn, Spuhler, Larkin.

Similarly, the Ninth Circuit found in Adams that a consumer lacked standing because they did not claim anything more than a procedural harm from a letter that allegedly failed to clearly identify the current creditor.

[article_ad]

insideARM Perspective

We’re keeping an eye on how things continue to progress. This seems to be an issue ripe for a circuit split considering all of the post-Spokeo/pre-Trichell court decisions we have from a few years ago. This means that we might see it at the steps of the U.S. Supreme Court sometime in the next year or two depending on how things shake out.

When the COVID-19 pandemic started, many regulators — both state and federal — enacted measures to help consumers who were impacted by the sudden shift in their financial outlook. Massachusetts’ Attorney General Maura Healey took what many consider an overzealous approach by prohibiting outbound collection calls during the pendency of the pandemic. In response, ACA International filed a lawsuit and sought an injunction against this order. Early on in the case, the judge granted ACA’s request for a preliminary injunction to bar the AG’s office from enforcing the emergency order while the full case on the merits is heard. The court based its decision on the grounds that the emergency order violates the First Amendment. The case that started with a bang has now gone quietly into the night, as a very brief court filing from today indicates that the parties have settled and the case is now dismissed. 

[article_ad]

During what was an extraordinary and difficult year, there was an abundance of activity at the state and federal levels and a good deal of it was driven by the present COVID-19 pandemic. Here is my take on some of the most significant regulatory activities from the past year in consumer debt collection that will continue to impact both consumers and creditors in the years to come.

Federal Activity

Regulation F of the Fair Debt Collection Practices Act

The Consumer Financial Protection Bureau released its proposed rule for the Fair Debt Collection Practices Act. The rule is scheduled to take effect Nov. 30, 2021. Missing from the final rule were several innovative procedures the Bureau had proposed to modernize the four-decade-old FDCPA. The final rule does provide some much-needed guidance on communicating with consumers electronically. Just last week the Bureau added new rules covering validation notices, credit reporting, and the treatment of consumer debt subject to an expired statute of limitations.

The final rule also includes presumptions related to the frequency of telephone calls placed by debt collectors to consumers. A presumption of a violation would apply to debt collectors that place more than seven telephone calls in seven consecutive days or within seven days after engaging in a telephone conversation. And these limits are imposed with respect to each debt (except in the case of student loans).

The “validation notice” received the anticipated model form but the Bureau dropped its proposal to allow debt collectors to deliver validation notices through an innovative electronic method and stuck with existing federal law.

And, when it comes to the collection of debt subject to an expired limitations period (“time-barred” debt), the final rule will continue with the strict liability approach. It dropped a proposal that would find a violation for initiating or threatening to initiate a lawsuit only when the debt collector “knows or should know” the limitations period pertaining to a debt has run. At the same time the Bureau jettisoned its planned model disclosures for written communications when collecting time-barred debt.

The Madden Fix

The Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) both issued final rules to “fix” the uncertainty created by the Second Circuit Court of Appeals’ 2015 decision in Madden v. Midland.

Section 1033 Rulemaking

The Consumer Financial Protection Bureau released its Advance Notice of Proposed Rulemaking (ANPR) on Oct. 22, seeking comment on 46 questions in nine categories surrounding consumer access to financial information under section 1033 of the 2010 Dodd-Frank Act (12 U.S.C. § 5533). Aside from defining the nature and scope of consumer data, how that data is aggregated, disseminated, and protected are all matters that can be addressed by the rulemaking.

It may be years before rules are released, if at all. But the impact of any rules would be significant. While the subject matter appears to be concerned with developing technologies and services (like FinTech and RegTech), any rule would also impact how consumer data is collected and used by the mature consumer financial services industry.

CFPB Policy Statement on Abusive Practices

On Jan. 24, the Consumer Financial Protection Bureau announced the long-awaited policy statement regarding the framework that it will use in enforcement activities related to the catch-all category of “abusiveness.”

CFPB Policy Statement for Credit Furnishing under CARES Act

On April 1, the CFPB issued a policy statement addressing the responsibility of furnishers under the CARES Act and describing the flexible approach the Bureau intends to take with respect to supervision and enforcement of the Fair Credit Reporting Act (FCRA) and Regulation V during the COVID-19 pandemic.

State Activity

The year began with several significant bills impacting the credit and collections industry, but the pandemic eventually shifted state-level attention away from any significant legislation with a few exceptions.

California Licensing

On Sept. 25, California Gov. Gavin Newsom signed into law the “Debt Collection Licensing Act.” The licensing provisions become operative Jan. 1, 2022, with the licenses to be issued by the Commissioner of Business Oversight.  Washington State also enacted legislation targeting “legal actions” by debt purchasers.

COVID-19 Measures

Most state activity involved emergency measures designed to restrict debt collection activities during the pandemic. Massachusetts Attorney General Maura Healey saw her emergency regulations struck down by a federal court. Nevada went as far as prohibiting debt collection communications and did not lift the restriction until June. Others have placed restrictions on wage, property and bank account garnishments, foreclosures and residential evictions.

Judgments and Small Claims Courts

Maine, a perennial topic in my year-end reviews, adopted legislation reducing the effective time period for judgments. I expect you will see similar legislation introduced in other states. Maine lawmakers also proposed, but did not enact, legislation restricting access to small claims courts for both creditors and debt purchasers.

Vermont has proposed to likewise amend its court rules to prohibit debt purchasers from filing lawsuits in its small claims courts. And in Nevada, the text of a bill has been prefiled that would limit any person from filing more than 15 cases a year in its small claims courts.

A Flurry of Activity in the Empire State

Numerous bills were introduced in New York proposing legislation governing credit reporting, licensing of debt collectors, and automated telephone calls. There was even a bill to allow the state to acquire consumer debt using its eminent domain powers for the purpose of canceling it. None of the bills passed.

However, I still expect to see significant activity in New York in 2021. It will likely pass legislation to reduce its statute of limitations for consumer debt to three years, with few exceptions. This would be significant since most consumer debts are tied to New York’s six-year limitations period for contracts. The legislation would not alter the four-year limitations period for debts arising under UCC Article 2 sales. I would not be surprised to see a licensing bill from either the governor or legislature.

Predictions

More than 300,000 Americans and over 1.7 million people worldwide have lost their lives to COVID-19 in 2020.  There is hope that new vaccines will bring an end to this pandemic, but the impacts it has caused are likely to be felt for some time. There remains significant pressure to restrain debt collection at the state and local level. It will likely take the form of increased exemptions afforded to judgment debtors and temporary suspensions of executions, garnishments, evictions and foreclosures. Similar pressure exists at the federal level, especially in the context of student loan debt and credit reporting.

There will be efforts to roll back the new FDCPA rules. And, because the FDCPA gives way to more restrictive state regulation, you should see several states introduce legislation designed to limit electronic communications and the frequency of telephone communications.

And of course, there is privacy legislation, decisional law, bankruptcy reform and state attorney general initiatives in the mix. My colleagues, Alan Hochheiser, Jessica Lesser, Eric Rosenkoetter and Tom Dominczyk (on the Second and Third Circuits), have covered each of these areas in more detail in articles published in The Consumer Financial Services Blog this week.

Wishing you all a Happy and Healthy 2021.