On April 5, 2021, New Mexico Governor Michelle Lujan Grisham signed the Patients Debt Collection Practices Act (Act) into law. The Act lays out several new requirements for healthcare providers, debt buyers, and collection agencies that collect medical debt. The full text of the Act, which goes into effect July 1, 2021, can be found here.

New collections requirements

Among other requirements, the Act requires healthcare facilities to offer certain services to patients regarding insurance verification and provide options and assistance if the patient is uninsured. In addition to other data points, Healthcare facilities will be required to include information about these services in billing statements sent to patients and must provide billing statements to debt collectors and debt buyers before the debt collector or debt buyer can communicate with a patient or otherwise take any collection action. “Collection action” includes selling a medical debt, as well as filing a lawsuit, lien, or garnishment to collect a medical debt. 

Further, the Act requires debt buyers and debt collectors to apply payments on the date they were received or the next business day (if received after business hours) and send a receipt to the person who made the payment.  Medical debt collectors are prohibited under the Act from entering into agreements with patients which have the practical effect of patients waiving their rights to resolve a dispute.

Finally, the Act prohibits health care facilities and other medical creditors from pursuing collection action on indigent patients (defined as those making less than 200% above the poverty limit). 

insideARM Perspective

Entities collecting medical debt should continue to watch for similar laws as healthcare collections seem to be a hot topic for state legislatures right now.  Healthcare facilities’ ability to comply with these requirements will directly impact debt buyers and debt collectors’ capacity to pursue medical debt in New Mexico.  Any stakeholders with New Mexico medical accounts receivable should be sure to read the Act in its entirety with legal counsel in order to begin discussing the new requirements internally and with clients.  

CHESAPEAKE, Va. — Spring Oaks Capital, LLC has hired Kevin Phelan as Chief Financial Officer for the various legal entities that make up the Spring Oaks Capital group. Kevin will be based in Charlotte, North Carolina and report directly to President & CEO Tim Stapleford.

Kevin joins Spring Oaks with broad experience in investment banking and capital markets, most recently serving in a senior investment banking position at Chartwell Financial Advisory, a leading provider of investment banking services and financial advisory solutions to the middle market. In his role at Chartwell, Kevin maintained responsibility for key capital markets and mergers & acquisitions mandates.

At Spring Oaks Capital, the CFO role goes well beyond traditional corporate finance functions. In addition to leading all finance and accounting operations, Kevin’s deep knowledge of capital markets, Fintech, and the consumer finance industry will allow him to contribute to driving strategic growth across the enterprise.

Kevin stated, “During my tenure in investment banking, I had the opportunity to work closely with talented executive teams and entrepreneurs across a wide range of industries. For the past year, I have worked diligently with the team at Spring Oaks in executing a transformational strategic capital investment, as well as the establishment of a $150 million credit facility with Ares. My experience with the team gives me confidence in the Company’s ability to establish itself as a leader in the burgeoning financial technology sector, and I am excited to be part of the journey.”

Spring Oaks Capital’s Executive Chairman, Marcelo Aita, added, “I’ve worked with Kevin for a number of years. Together we have raised more than $300 million of capital in this sector. I already know, first-hand, that he is an incredible addition to our team. We are fortunate to attract individuals like Kevin who can contribute from day one and have unlimited potential ahead.  Kevin’s deep financial expertise and industry-specific knowledge makes him one of the most valuable assets in our growing arsenal of talent.”   [article_ad]

Kevin is one of three key executives to join the Spring Oaks Capital team this month. Keith Walch was recently announced as Chief Acquisitions Officer and the company will be announcing its new Chief Technology Officer in the coming days, who is joining from a senior technology position at one of the world’s largest banks. These key positions are part of a strategic growth plan that was put in motion and backed by a significant equity investment in the company last year. The company continues to make numerous investments, including both direct spot purchases and forward flow portfolio acquisitions from leading lenders.

About Spring Oaks Capital, LLC

Spring Oaks Capital is a national financial technology company, focused on the acquisition of credit portfolios. The Company subscribes to an employee and consumer-centric operating philosophy that creates high-value jobs, a significant performance lift, and the highest standards of compliance. Spring Oaks’ business strategy is rooted in innovative data-driven technology to maximize collection results and a contact platform that offers multi-channel options to meet each consumer’s communication preference. Spring Oaks has the management vision and experience to nurture a culture and DNA that is unique in the space. To learn more about Spring Oaks, please visit www.springoakscapital.com.

NEWARK, Del. — SIMM Associates, Inc. (“SIMM”), a full-service ARM/BPO Customer Care call center that provides third party collections, first-party (pre-default) collections, probate collection solutions and customer engagement BPO is proud to announce that it has successfully completed renewal for SSAE18(SOC1) Type II, PCI-DSS Level 1, and ISO 27002/HIPPA certifications. This year SOC2 Type I was completed for the first time. The certifications of validation were issued by an independent Third-Party Assessor certified by the PCI Security Standards Council who is also an accredited Information Security Professional company.

“Successful completion of these infosec evaluations is a testament to the commitment SIMM has to our customers and their consumers whom we interact with on a daily basis,” said Jeffrey Simendinger, Chief Operating Officer and Co-Founder of SIMM. “Our commitment to ensuring the safety and security of the data we receive is of the utmost importance. These in-depth and independent audits ensure that our security protocols meet or exceed each of the individual audit’s stringent requirements. “

“I’m extremely proud of SIMM in completing these data security certifications once again” explained Director of Information Technology Don Newcomb. “Earning these designations continues to validate all of our hard work to create systems and processes designed to protect client and consumer information” he continued.

About SIMM Associates, Inc.

SIMM is a full-service nationally licensed ARM and BPO company providing collection solutions and customer engagement to the student lending, consumer lending, credit/retail card, healthcare, auto finance, credit union and debt buying industries. SIMM also provides best-in-class deceased care solutions that encompass decedent verification, estate location scrub, proprietary Probate Tracker ^SM claim filing process and an empathetic survivor recovery solution all performed with brand sensitivity and regulatory compliance in mind. SIMM has passed the US Department of Education’s stringent requirements and currently is a subcontractor for the existing Private Collection Agency contract. Its headquarters is located in Delaware in a 32,000 sq. ft. state of the art call center. SIMM holds the following certifications: SSAE18(SOC1) Type II, SOC2 Type I, PCI-DSS Level 1 and ISO 27002/HIPPA. SIMM services customers throughout the United States including Puerto Rico. For more information please contact Jeffrey Simendinger COO, jeffs@simmassociates.com (302)283-2802.

While the effective date is currently uncertain (see CFPB Proposes to Delay Effective Date of Reg F for 60 Days), many agencies are still in the position of ensuring that the technology they’re using also offers them access to many of the safe harbors provided. 

In a recent survey of technology and the collections industry, Telrock, partnering with insideARM, wanted to see what risks and vulnerabilities agencies were facing. Two things became clear: 

1) Nearly half of those surveyed were working on systems that were 10 years or older.

2) And almost all agencies (91%) planned to rely heavily on technology vendors to help with the technology requirements now necessary via Regulation F.

While some of those systems that are 10+ years old have been maintained with updates and patches, many are finding themselves in vulnerable positions. And nine months does not leave most collection operations with much time for set-up, testing, and refining by the November deadline. Collections operations could be scrambling to get the needed system capabilities in place in time and may miss the deadline. 

So the heavy reliance on technology partners makes a lot of sense, and suggests the need for strong and vital collaborations between agencies and tech vendors to make sense of Reg F and its implementation. [article_ad]

If you find yourself in the position of wrangling a system over a decade old, it’s vital that you start conversations with your technology vendors. Are you running on the latest version offered? And does the latest version fulfill the new requirements Reg F is introducing?

For more insights into the industry’s use of technology, download Telrock’s free whitepaper, System Capabilities & the New CFPB Rules.

On April 7, 2021, the CFPB issued a Notice of Proposed Rule Making (NPRM) wherein it proposed delaying the effective date of the Debt Collection Rules (Regulation F) for 60 days. Reg F is scheduled to go into effect on November 30, 2021, and the proposed delay would push the effective date back to January 29, 2022.

According to the CFPB, extending the effective date would allow stakeholders affected by the pandemic additional time to review and implement the rules.  In the NPRM, the CFPB has asked stakeholders to comment on the following topics:

• Should the Bureau extend the effective date of the Final Rule?
• Is 60 days an appropriate length of time for such an extension?
• Should safe harbors go into effect on November 30, 2021, even if Reg F does not otherwise take effect on that date?
• Will there be any costs or other impacts caused by delay?
• Is there an impact on small entities?

Stakeholders must submit comments to the CFPB 30 days from the date the NPRM is published in the Federal Register. The full NPRM, including instructions for submitting comments, can be found here.  

insideARM Perspective

It is important for accounts receivable entities to note that this is only a proposal to extend the effective date of Reg F; nothing has actually been decided yet.  Unless and until the CFPB actually delays the effective date, stakeholders should continue with their current plans to implement the requirements of Reg F by November 30, 2021.

Rebekah Johnson, CEO, and Anis Jaffer, Chief Product Officer of Numeracle host a live Q&A podcast series covering all things related to call center communications, including call delivery, STIR/SHAKEN, caller ID technology, TRACED Act, brand identity, and more. In the episode below (transcript edited by insideARM; listen to the full episode here), Rebekah and Anis discuss what it takes to authenticate and achieve the elusive “green checkmark” on the end subscriber’s device.

Putting authenticate into historical context

Rebekah: I have a little confession to make: I am obsessed with words, their meanings, and the origin. So I embarked on a historical and philosophical journey leaving me speechless over where we have arrived as a society on this quest to achieve the state of authentication. I did not look at the TRACED Act or the Standards, but rather the Merriam-Webster Dictionary.

The modern definition of the word authenticate is “to improve or serve to prove to be real, true, or genuine.” 

Anis: That sounds like what we discussed in previous talks about Know Your Customer. It’s a proofing phase where a service provider determines whether it can attest what it knows to be real, true, or genuine about the enterprise that is originating the call and whether they have the authorization to use the number.

Rebekah: Right. But I had more questions about the root word to find how we move from proof to acceptance of proof. This is what led me to authentic, the adjective. I view this as the state-of-being for something that has been authenticated.

Anis: When I think of authentic, I imagine a piece of artwork that’s real and authentic. And then you could have a reprint or a copy, which is not the real version. To me, this sounds like we hope the green checkmark will emanate and the certificate itself is the proof of claim. In fact, we call this a claim in the SHAKEN Standard.

Here’s where definitions start to bring more to the meaning of the caller authentication framework. 

Rebekah: There are three definitions for this word, authentic. The first is worthy of acceptance or belief as conforming to or based on fact. The second is made or done in the same way as an original. The third is not false or imitation. 

Anis: The more we read about the definitions, the more closely aligned they are to the standard and objective of authenticating the call. Especially the last one, not false imitation, that’s the crux of the SHAKEN ecosystem. So the IRS scams or the Social Security scams are basically imitating an entity by spoofing their number, and the industry calling this the authentication framework truly captures the intent, but the process to get us to that end state of authentication is still a challenge. 

[article_ad]

Rebekah: I couldn’t agree more. I was left quite satisfied with the definitions as I reflected on the processes within STIR/SHAKEN to achieve that state of “caller authentication,” but then I found something very perplexing. I thought for sure Merriam-Webster made a mistake.

As I scrolled through the rest of the definition of “authentic,” I came across “obsolete.” There are labels given to words when they are no longer in common use. The first is “archaic.” Archaic words are those that were once widely used but are no longer part of the English language. For example, rotary phone; that’s an archaic word. In contrast, an “obsolete” word is one that is no longer used at all within the context of the word being defined. In this case, “authentic.” So a reader encounters these words when reading texts that are centuries-old. The word next to “obsolete” was “authoritative.” 

Anis: Really? Authoritative? We keep hearing about authoritative registry, authoritative database…we hear this all the time in the telecom industry. It’s a way of saying what is being attested and holds the truth, the information being authenticated. Now I’m confused about why this word is obsolete as it relates to authentic.

Rebekah: This is why I thought it was wrong. So, I started yet again with the definition and I looked at authentic and authoritative. The difference is that authoritative is arising or originating from a figure of authority, while authentic is the same origin as claimed, it is genuine.

Anis: So with that definition, it seems that if we move towards an authoritative origin for Enterprise Identity and away from the Enterprise itself, we are losing authenticity because it’s one or the other. 

One more trip back into history to find the origination of “trust” in the context of communication

Rebekah: Centuries ago someone determined a distinction between authoritative and authentic was needed. It feels like a wall was built between these two words as though people did not want to lose truth in exchange for, or because of, authority. Interestingly, the word “authentic” was introduced in the 14^th century, which is within the time that “authoritative” was made obsolete. 

My theory is that the need to distinguish the two words came from an invention by Johann Gutenberg — the printing press – allowing thoughts, ideas, poems, philosophies, beliefs, fictional stories, or plays to be mass-produced and distributed. 

So here we are with a delivery mechanism to transport words from origination to termination in the hands of the reader. We now have a gap between the authenticator of the words and the recipient. Even without knowing our history, we live in present-day challenges of what can arise out of mass accessibility to information without some authority deeming that information authentic or not. Our 14th-century friends concluded that the two words need not be synonymous, and ever since, authenticity and authority have been at odds, with some moments of collaboration.

Back to the present, and what it takes to authenticate

Anis: Let’s return to STIR/SHAKEN and talk about what it takes to authenticate. Let’s look at authenticating the originating caller and transporting this information to the destination, which is ideally the subscriber’s device with the green checkmark.

Every service provider that originates a call implements what is called a local policy to determine how they’re going to authenticate and attest the call. This does not mean the caller ID itself is authenticated but if the service provider knows who the call originator is and if they have a direct relationship, they can attest the call with the flag “A”. 

If they do not have a direct relationship, it could be because there is a third-party call center involved or the enterprise brought the numbers from a different service provider using another originating service provider to originate the call. In this case, they may not be able to attest with the flag A, but instead B or C. That’s what is called an Attestation Gap. 

Rebekah: What are some of the solutions that have been proposed to address this gap so a call can be fully authenticated?

Anis: Multiple models have been presented in the Standards Group. One is called Delegated Certs, which is also sometimes referred to as Identity Certs or Enterprise Certs. The second is a Centralized Registry or Centralized Database model. The third is a Distributed Ledger model. In addition, there are some implementations that are outside of the Standards Group at this point. Let’s walk through each of those, starting with the delegated certificates.

There are multiple flavors but they all leverage certificates similar to web certificates that we are so accustomed to when browsing. In the most widely discussed delegated cert model, the originating service provider receives a delegated cert from the call originator and that is used to authenticate the validity of the call. 

The cert itself has details such as the name of the enterprise, the numbers that have been associated with a certificate, and a certificate authority, who has been authorized by the STIR/SHAKEN Governance Authority. It’s basically an entity cert or a delegated cert that has been given by a service provider to an enterprise. When the call is originated, that certificate is passed to the originating service provider. Then the originating service provider can use that cert to flag that call with an Attestation A. 

The model also allows you to add rich call data (RCD), which could be a logo or a call reason, for instance. That could be used as part of the authentication framework and if the RCD data is not stripped, it can be transported all the way to termination. The terminating service provider can then choose to display that information on the device.  

The challenges associated with the different authentication models

Anis: Some of the challenges of the delegated cert model have to do with the renewal of the certificate. It must be renewed periodically. There is currently a proposal for a 24-hour renewal, as well as one for a long-time certificate. The reason the interval has to be short is so that certificates don’t get spoofed. So that’s a challenge: how do you make sure you have the most updated certificate? 

The other piece is the revocation list. What happens if a certificate is actually revoked or has been compromised, and because of that, that certificate has been revoked either by the Enterprise itself or the issuing certificate provider? How do we keep that revocation list in sync? The list could be quite big, and because calls are being made in real-time and you need to have the latency to make sure that you don’t have a delay in answering or making a call, processing revocation lists in real-time is a challenge.

A centralized database is similar to a traditional CNAM database in that you have a repository or a database where all the information related to numbers is stored. An Enterprise that owns the number, or that has access to the number and is making calls on behalf of somebody has to store the information in a single database. The idea is to have a single authoritative database that anybody can dip in and retrieve that information. 

Again, the challenge would be: how do you keep the data in sync? How do you make sure that the latest data is updated? Who gets access to it and who controls access to it? What happens if the database gets compromised?

Rebekah: You mentioned right at the end when you were describing some of the models, that there are implementations outside the Standards Group. What does that mean?

It gets even more complicated, with additional proposed models

Anis: All of these different models are being proposed within the SHAKEN Standards, but there are also other solutions called out-of-band solutions. These solutions essentially pass the data from the Enterprise origination side to the terminating side over the data network instead of using the communication, or PSTN, network which is used for making the call. 

For example, Google has what is called the Google Verified Caller Solution. Here the entity or the Enterprise and its numbers are verified beforehand. That information is stored with a Google call server, then, before an Enterprise actually makes a call, they have to place a request to register the call with Google identifying who they are calling and which number they are calling from. Since the entity has been pre-registered with Google, Google now knows that a verified identity is making a call to a destination device and if that destination device is a Google Verified phone, then the data can be sent to that device.

This data is short-lived so you don’t have any issues of compromise. However, this is dependent on the Google ecosystem. Similar models have been proposed by Twilio, who has some kind of solution (I don’t know if it’s live), and WhatsApp and Apple are looking at something similar. I would assume they have something similar on the text side and SMS, as well as messaging in the case of WhatsApp, and iMessage in the case of Apple.

Rebekah: I’m just so conditioned in the telecom space to depend on standards for uniformity, inter-operability, consistency… does this pose a challenge to the Enterprise to operate in this ecosystem?

Anis: Yes, they have to figure out who they are calling and what they are using and which ecosystem they are in. We can’t have all that data with the Enterprise. It’s going to be quite difficult to map every single one of their customers or in some cases prospects, and which ecosystem they are in. Then you have the challenge of making sure the RCD information itself is verified and validated. How do we do that?

Rebekah: RCD stands for Rich Call Data and there is a standard around defining and delivering this information through STIR/SHAKEN. The purpose is to deliver information to the called party that will inform them of who is calling and why. As you can imagine, you know we find ourselves back at the need for authenticating this information so that it can be trusted when presented. 

I have absolutely no doubt we’ll find ourselves in another space of standards or best practices like we’ve seen with vetting the entity identity. Anytime we introduce new data to be delivered via the voice channel, or any channel, we’re going to need a way to authenticate, and then hopefully we have a trusted process to be able to present the information so the end subscriber can actually trust the data. 

What’s next?

Rebekah: It’s no surprise that we’re going to have to break this topic of what it takes to authenticate into two parts. Today we covered the originating side of the story and the different models and methods to authenticate information. The next part will cover the terminating side or delivery of the authenticated information. We’ll address the question: How do we get to a place where subscribers can trust the data that we deliver to them?

CHICAGO, Ill. — Commercial Collection Agencies of America is proud to announce the appointment of Mr. Kurt Albright to the Independent Standards Board effective immediately.

Albright was recently approved by his Standards Board peers. “We are grateful that Kurt has joined the Board, as he brings a depth of knowledge and expertise that can only enhance the organization” commented Manny Newburger, Barron & Newburger PC and Chair of the Independent Standards Board.

Albright, Senior Advisor of Credit & Collections at Uline, Inc. leads the Credit, Collection and Credit Application teams, consisting of 120 employees. His teams are responsible for Order to Cash and manage an accounts receivable portfolio of approximately $500MM for the privately held B2B distributor in Pleasant Prairie, Wisconsin.

Prior to joining Uline, Albright held credit positions of increasing responsibility at RR Donnelley over an eighteen-year period. He is currently a member of the Board of Directors at the Credit Research Foundation and has been on the Board of Directors of NACM Connect and is an active member of the ACE Group.

The Independent Standards Board is charged with the creation, review, and amendment of certification requirements which are met by each member agency to earn and maintain Commercial Collection Agencies of America’s Certificate of Accreditation and Compliance. The rigor of the requirements set by the Board makes the certification unparalleled and regarded as the platinum standard by credit grantors worldwide. [article_ad]

When asked about serving on the Board, Albright stated that he is looking forward to participating in and contributing to the group. He joins fellow credit practitioners, as well as the other board members, who represent all facets of the accounts receivable management arena: collection agency executives, creditors’ rights attorneys, business consultants, controllers, certified public accountants, industry trade group officers and chief financial officers.

Bill Balduino, President of the Credit Research Foundation and Vice-Chair of the Independent Standards Board noted, “Kurt’s incredible background, knowledge, and experiences across the discipline will simply add to the incredibly talented group that already comprises the Standards Board.” 

The Independent Standards Board of Commercial Collection Agencies of America meets periodically throughout the year and will have its next meeting this autumn in Delray Beach, Florida.

A list of certified agencies and affiliate members can be found at: www.commercialcollectionagenciesofamerica.com

To contact Commercial Collection Agencies of America, email Executive Director, Annette M. Waggoner at awaggoner@commercialcollectionagenciesofamerica.com

ALEXANDRIA, Va. — Accounts receivable firm, Nationwide Credit Corporation (NCC), makes a difference in its community through service towards charitable organizations and continued engagement in local initiatives and legislation impacting our industry. NCC is currently sponsoring New Hope Housing’s Celebrity Bingo Night which will be hosted by television and fashion celebrity, Monte Durham, on Thursday, April 22, 2021. This event will help provide shelter and support to homeless families in Fairfax County, the City of Alexandria, Arlington County, and City of Falls Church communities.

NCC has a long-standing relationship with New Hope Housing and their mission to eliminate homelessness through efforts funded by their events and programs, like Celebrity Bingo Night.  NCC’s alignment withNew Hope Housing will help improve the quality of life for the homeless in the area and bring economic empowerment and change to the communities where we live and work.

The NCC team encourages participation in New Hope Housing’s Celebrity Bingo on Zoom with its wonderfully witty host, Monte Durham. Tickets are still available for this fun event. Individual tickets are $25 to play all 5 games plus a bonus round or you can select a $35 ticket option to play 2 boards at once for each game. In honor of Earth Day and keeping paper to a minimum, unique game boards will be emailed as pdfs to play on-screen or print out.

NCC believes that giving back to its community is its corporate social responsibility and aligns with associations and organizations that keep it connected to its community and to each other. In addition to New Hope Housing, NCC is proud to be an official corporate sponsor of FireFighters and Friends to the Rescue, Food for Others, Elizabeth Dole Foundation, VA hospital Foundation Galen Society, Bethany House, Second Story, Save The Children, and Pentagon Federal Credit Union Foundation.

NCC President Phil Rosenthal stated, “I am proud of the client relationships that we have developed through our devotion to delivering services and results that are second to none. We want to offer this same solutions-based assistance to those most in need in our communities. Partnering with great organizations, like New Hope Housing, to help solve the needs of our local areas is an essential part of what drives our culture here at NCC.” 

NCC President, Phil Rosenthal, Engages With Local Community

Mr. Rosenthal is committed to contributing to his community in meaningful ways. His leadership has a positive impact on the NCC staff, his environment, and his community. He was reappointed this year as the Springfield District Representative to the A. Heath Onthank Award Selection Committee to help in granting recognition for the accomplishment of outstanding worth in advancing and improving public service in the county by merit system employees.

He was recently reappointed to Fairfax County Community Action Advisory Board. The Community Action Advisory Board (CAAB) advises the Fairfax County Board of Supervisors on the needs, concerns, and aspirations of limited-income persons and recommends policies that promote meaningful change. Mr. Rosenthal is also actively involved with the National Federation of Independent Business (NFIB) in working on a number of successful measures for small businesses. Serving on the Leadership Council for NFIB, he has been instrumental in working with the Virginia State Legislature on issues such as taxes on PPP loan forgiveness laws.

His involvement and contributions keep NCC at the forefront of the industry and his leadership promotes the NCC team’s engagement in its local and digital community of clients, industry partners, employees, and consumers. NCC is proud of the work Mr. Rosenthal and its team do to bolster the collections community and move the industry forward.

NCC’s service and contribution create goodwill in its neighborhoods and a positive environment both at work and at home for the NCC team. Learn more about Nationwide Credit Corporation and the charitable organizations it supports by visiting the NCC website or following NCC on LinkedIn, Facebook, or the NCC blog.

About New Hope Housing

Founded in 1977, New Hope Housing is an innovative, award-winning non-profit agency in Northern Virginia committed to finding creative and lasting solutions to end the cycle of homelessness by offering homeless men, women, and children the services they need to change their lives and succeed. And each of those success stories adds to a stronger, healthier community for all.

About Nationwide Credit Corporation

Nationwide Credit Corporation (NCC) is an accounts receivable firm founded in 1967.  We maintain the highest standards of quality to provide trusted and proven collection services throughout the government, utility, health care, and credit union sectors. Today, we are proud of the relationships that we have developed through our devotion to delivering services and results that are second to none. Our company is headquartered in Alexandria, VA.

Well folks, it never fails. I try to sneak out on a vacation and a major TCPA ruling comes down. It happened with ACA Int’l. It happened with the Ominibus. And it happened with Facebook. 

Maybe I should stop taking so many vacations? My inbox–which was already full from being out for 3 days–is absolutely overflowing with requests for my thoughts. So here they are–the top 6 things you need to know RIGHT NOW.

1. Facebook is a Huge Win For Callers and a Complete Vindication of Everything TCPA Defense Lawyers Have been Saying For Years

The Supreme Court decided 9-0–9-0—that the TCPA means what it says.

Only devices that have the capacity to store or dial actually using a random or sequential number generator are covered by the statute. Period.

Now that should hardly be a surprising result since that is precisely what the statute says. Nonetheless–as the history books now read–the FCC vastly expanded the reach of the TCPA in 2003 and again in 2012 and 2015 by creatively interpreting the statute’s narrow language.

This opened the door to similar creative interpretations being adopted by some courts and ultimately by three Circuit Courts of Appeals.

This expansion has been much ballyhooed by TCPA defense lawyers and commenters– mostly me–as entirely divorced from the reality of the statute language and Congressional intent in drafting the statute.

Well today the Supreme Court of the United State issued its verdict and resoundingly agreed. Only devices that can store or dial numbers using a random or sequential number generator qualify as an ATDS.:

“In sum, Congress’ definition of an autodialer requires that in all cases, whether storing or producing numbers to be called, the equipment in question must use a random or sequential number generator. This definition excludes equipment like Facebook’s login notification system, which does not use such technology.”

And that’s great news.

But read on, because this may not be as clear cut as it seems.

2. Yes, This Means You Can (Probably) Now Use Automated Technology to Call Cell Phones Without Consent– But Here’s Why You Shouldn’t Go Bonkers

Here’s the punchline you were all waiting for.

Yes, Facebook means that you can probably use most predictive dialers to call cell phones without consent. Yes, even for marketing purposes. Yes, even cold call solicitations to numbers that are not on the DNC list. Yes, this changes everything.

But just slow down.

Remember:

1. Providing a positive consumer experience and honoring consumer contact preferences is good for business and your reputation;
2. If industry goes nuts Congress–and worse yet–the states, will write new laws to address industry practices and it will get really bad from a regulatory standpoint;
3. There are still critical call limits in place in certain contexts (such as debt collection);
4. There are other laws besides the TCPA that are currently on the books that might apply to you;
5. There is still some risk that the TCPA’s ATDS definition will be broadly interpreted by some courts (see “capacity” section below);
6. The carriers are empowered to block calls that they believe their network users won’t want. If you crank up your dialer you may end up having your calls blocked–even those that were consented; and
7. As noted here, the Plaintiff’s bar has not given up on ATDS cases just yet. So hold on to your hats.

3. Human Intervention is Out as a Test of ATDS Usage

As I have written time and again the “human intervention” test is simply too vague to be of much use to callers. (I often characterize it as existing “solely in the eye of the beholder.” )

The Supreme Court agrees and EXPRESSLY refused to adopt any “human intervention” test when assessing the TCPA’s ATDS definition.

As the Supreme Court puts it in fn 6: “[A]ll devices require some human intervention, whether it takes the form of programming a cell phone to respond automatically to texts received while in “do not dis- turb” mode or commanding a computer program to produce and dial phone numbers at random. We decline to interpret the TCPA as requiring such a difficult line-drawing exercise around how much automation is too much.”

Boom. The entire “human intervention” framework is out the window.

Notably the phrase “human intervention” does not appear in the TCPA and only became part of the TCPA lexicon following the FCC’s massive expansion of the ATDS definition in its 2015 Ominibus ruling. In that ruling the Commission interpreted the phrase “capacity” in the TCPA to include future state functionalities of a system in assessing whether it meets the TCPA’s ATDS definition in the present.

In response to the FCC’s time travelling ATDS approach, courts pushed back and fabricated a rule that “human intervention” in the present could thwart ATDS functionalities in the future, which never made much sense. But.. TCPAWorld.

In any event, Facebook appears to put the “human intervention” piece to bed entirely. Now the only question is whether a system has the “capacity” to perform the statutory function.

4. How Appellate Courts Address “Capacity” in the Wake of Facebook Will Be Critical 

Yes, Facebook is a fantastic ruling and a great win for TCPA defendants and callers.

But is is not quite perfect.

A perfect ruling would have been one in which the court also clarified that the system must actually make USE of the random or sequential number generator functionality in making challenged calls to trigger the TCPA.

The Supreme Court didn’t quite go there. Instead it got a little sloppy with its language, unfortunately. Specifically, although the Opinion tees up the issue looking at “capacity” it switches in framing its holding to focusing on “usage.”

Again, take a look a page 7, for instance: “In sum, Congress’ definition of an autodialer requires that in all cases, whether storing or producing numbers to be called, the equipment in question must use a random or sequential number generator. This definition excludes equipment like Facebook’s login notification system, which does not use such technology.”(Italics added)

Read in one way this is FANTASTIC because the Supreme Court is holding that an ATDS must make actual present use of a R&S generator to trigger the TCPA.

But there is no analysis in the opinion as to what the word “capacity” means and how it fits in with the functionalities it identifies. And that could be a serious problem.

As far back as 2009, for instance, the Ninth Circuit Court of Appeals has held that it is the capacity of the system to perform the statutory functionalities–and not the usage of those functionalities–that triggers the TCPA. See Satterfield v. Simon & Schuster, Inc., 569 F. 3d 946 (9th Cir. 2009). This decision has been followed repeatedly by district courts across the country. (It was this dangling thread that the FCC tugged at to unravel TCPA defense back in 2015 to begin with.)

By failing to squarely address “capacity” the Supreme Court leaves that same thread a’dangling. And while it is almost unthinkable that TCPA ATDS jurisprudence would have advanced this far only to slip back into the morass of district courts assessing what the “capacity” of a system is, that outcome appears to be on the table.

It will be critical, therefore, for courts to read Facebook as requiring the actual use of R&S technology. The language is there–even if the analysis isn’t.

5. The TCPA is Still Dangerous– Restrictions on Pre-Recorded Calls and DNC Claims Are Still There

It is important for readers not to get too carried away by the good news today.

As noted, there is still a dangling thread here to be cautious of. And it is the fate of all knitting to meet its demise by imprecision.

But more broadly the TCPA covers more than just ATDS calls. Please please please do NOT MAKE THE MISTAKE of thinking the TCPA is dead.

While many will read Facebook as the “death” of the TCPA or TCPA litigation this is more of a shift than an end. The Supreme Court was very very crystal clear that the TCPA’s provisions covering pre-recorded and artificial voice calls live on. The TCPA’s limitations on calls to numbers on the national DNC registry also live on.

Do NOT let anyone tell you that TCPA compliance no longer matters.

6. Text Messages Are Still Calls Under the TCPA–For Now

Many of us were hoping that the Supreme Court might undo the strange reality that text messages are somehow “calls” under the TCPA despite the fact that: i) text messages are information services and not telecommunications under FCC rulings; and ii) text message technology didn’t even exist back in 1991.

While Justice Thomas poked and prodded a bit on this issue at oral argument it turned out to be a misdirect.  At Fn 2, the decision provides that as “[n]either party disputes that the TCPA’s prohibition also extends to sending unsolicited text messages….We therefore assume that it does without considering or resolving that issue.”

So the Supreme Court refuses to address the issue, which means it might still be up for grabs in some jurisdictions.

AND NOW THE CRITICAL QUESTION– Does your system have the capacity to store or produce numbers using a random or sequential number generator? The answer to that single question may determine whether you need consent to contact cell phones under the TCPA, or not. If you don’t know the answer to this question then you should act as if Facebook was never determined until you GET the answer. Do not guess at this one. Do the analysis and do it right.

I know everyone out there wants more information. No worries. I just agreed to do a huge webinar breaking this thing down for everyone.

Accounts receivable entities which are inundated by seemingly auto-generated dispute letters have been paying close attention to the case filed by CBE Group, Inc. (CBE) and RGS Financial, Inc. (RGS) against Lexington Law (Lexington) and Progrexion, Inc. What at first seemed like a significant win for entities being flooded with these letters has seemingly ended with the opposite result.

Here’s a recap of the saga: in 2017, after years of receiving massive amounts of letters with consumer signatures that appeared to be auto-generated and not sent from the actual consumers themselves, CBE and RGS filed a lawsuit against Lexington and Progrexion. The suit alleged Lexington and Progrexion (as Lexington’s agent) committed fraud by making the letters appear to be from consumers when the letters were actually sent by Lexington on templates created by Progrexion. In July 2019, a jury returned a verdict awarding a total of 2.5 million dollars in actual and punitive damages to CBE and RGS, finding that the practice amounted to fraud, including by failing to disclose material facts.

What happened after the verdict?

After the jury came back with its award, Lexington and Progrexion filed post-judgment motions asking the District Court to set aside the jury’s verdict. In February 2020, the District Court granted the motions and overturned the jury verdict primarily on the basis that Lexington’s engagement agreement with its clients (1) allowed Lexington to send letters on its client’s behalf in their names, and (2) advised each client that the letters “will not be identified as being sent by Lexington.”  The District Court reasoned that since Lexington had the legal right to sign its client’s names, it did not make any false representations, material or otherwise when it sent the letters (a false representation is a requirement for a fraud claim).  

CBE and RGS appealed, and on April 1, 2021, the Fifth Circuit Court of Appeals affirmed the District Court’s ruling, confirming that as a matter of law, Lexington’s conduct did not amount to fraud. The Fifth Circuit also focused on the language of Lexington’s engagement agreements and rejected CBE and RGS’s contention that there was no true attorney-client relationship between Lexington and its clients. Instead, the Court noted that the engagement agreements had not been shown to be invalid, and even if Lexington’s clients misunderstood the terms of the engagement agreement, they were still bound by it. Like the District Court, the Fifth Circuit concluded that since Lexington was operating with its clients’ consent, it did not make any false representations when it sent the letters, nor did Lexington create any false impressions requiring disclosure.

Further, the court held that the fraud claims must fail because CBE and RGS did not “justifiably rely” on the alleged misrepresentations since their internal policies and procedures require them to investigate and respond to dispute letters sent by consumers third parties alike. Regarding Progrexion, the Court held “there is no evidence that Progrexion sent dispute letters; rather the evidence is that Progrexion provided template letters to Lexington [] for its use, hence Progrexion cannot be liable for fraud since it like Lexington law did not make any material misrepresentations.”

insideARM Perspective

As we stated when the District Court vacated the judgment in 2020, this is an unfortunate ruling in the fight against a practice that ultimately harms consumers. Legitimate debt collectors understand the importance of accurately reporting account information to the credit bureaus, and they build robust compliance processes and procedures to ensure they are reporting correctly and are able to investigate quickly—and, if necessary, correct—disputed information. It is believed that many credit report disputes, such as the ones from credit repair organizations, are not legitimate; instead, they are an attempt to remove correct, but unwanted, derogatory items from credit reports. If debt collectors are flooded with these illegitimate disputes, it makes it more difficult to separate the wheat from the chaff and help consumers who have legitimate disputes.  Maybe there is a different legal theory to pursue in this battle, but the Fifth Circuit has made clear that if the credit repair organization is acting in accordance with its engagement agreement, a fraud suit may not be successful.