UDAAP Shark in the Water!!
We’ve all seen Jaws and other shark movies. A group of swimmers are enjoying a day at the beach, swimming in the ocean, blissfully unaware of the danger lurking below. The trailers for these movies usually feature an ominous voice saying something to the effect of: “just when they thought it was safe to go in the water…”
There’s a shark that credit unions should watch out for too – no, I’m not talking about a great white or a hammerhead, but rather Unfair, Deceptive, and Abusive Acts and Practices, or UDAAP. Even when it seems that a consumer finance law might not apply to a credit union, UDAAP could be lurking nearby ready to sink its teeth into a credit union that gets too close. Last month, UDAAP emerged from the depths to enforce debt collection practices standards where it had previously seemed safe to tread – i.e., where the FDCPA did not directly apply.
CFPB v. Cash Store
Last month the CFPB announced a consent order with Cottonwood Financial, Ltd., which was doing business as Cash Store – a non-depository lender of title loans, payday loans, and high-interest small dollar loans. The consent order alleged the following debt collection practices: calling some borrowers 15 times or more in one day; calling the borrowers’ friends, family members, and employers; disclosing the existence of the debt to third parties; and calling a borrower’s employer even after being told that continued calls could jeopardize the borrower’s employment.
I can hear you saying to yourself: “Why should credit unions care about this non-depository payday lender? They violated the Fair Debt Collection Practices Act (FDCPA), right?” Interestingly, the CFPB did not alleged that the behavior described above were violations of the FDCPA – instead, the bureau asserted that Cash Store’s debt collection practices amounted to “unfair acts or practices” under the CFPB’s UDAAP powers. To understand why, and what it means for credit unions, we need to do a quick review of the scope of the FDCPA.
No FDCPA, No Problem?
The FDCPA applies to debt collectors, a term that is defined as “any person who… collects or attempts to collect, directly or indirectly, debts owed or due…another” (emphasis added). This describes what most people would think of as a traditional collection agency – a company that attempts to collect a debt on behalf of someone else, or a third-party debt collector. Generally speaking, persons or entities that attempt to collect debts on their own behalf will not be considered “debt collectors” – and therefore will not be subject to the requirements of the FDCPA – unless they collect the debt under a different name.
Most credit unions do not collect debts on behalf of another person or entity – and are therefore rarely subject to the FDCPA’s restrictions. So, does that mean they can do whatever they please when collecting on delinquent loans? As the Cash Store action shows, the answer appears to be no.
Cash Store was collecting debts on its own behalf, which likely excludes it from the definition of “debt collector,” and which provides a possible explanation for why the CFPB did not alleged FDCPA violations. All of the violations alleged regarding Cash Store’s debt collection practices likely would have been violations of the FDCPA, had Cash Store been subject to it.
What does it all mean?
In addition to the debt collection UDAAP allegations, the Cash Store consent order also alleged violations of TILA for deceptive marketing tactics, and violations of FCRA’s Reg V for failing to have policies and procedures for furnishing information to credit reporting agencies. Cash Store agreed to pay a civil money penalty of $1.1 million, plus over $280,000 in consumer redress.
This action illustrates that even when the FDCPA might not be applicable, debt collection conduct – especially conduct that could be viewed as harassing or annoying consumers – could potentially rise to the level of a UDAAP. Credit unions will want to review their own policies, procedures, and practices around debt collection to ensure that their conduct does not create UDAAP compliance risk. Some credit unions currently choose to abide by the restrictions of the FDCPA voluntarily or in accordance with state laws, which could help minimize such risks.
Even if you are not directly subject to the FDCPA, that does not mean you’re safe from regulatory scrutiny. Just when you think it’s safe to go into the debt collection waters, UDAAP could be lurking nearby…
About the Author
Nick St. John, was named Director of Regulatory Compliance in August 2022. In this role, Nick helps credit unions with a variety of compliance issues.