Managing third-party vendor communications after Regulation F is now even more complicated. Simply providing consumer emails to your agencies can trigger mulitple compliance issues. Read on to find out about scrubbing for employer-provided emails, opt-outs, Reg F timing, and what you need to know to manage consumer emails and third-party communications safely.
Most creditors obtain consumers’ email addresses when originating a loan or line of credit and, of course, agencies typically want those consumer email addresses from creditors. It makes sense that creditors would pass the email data to their agency partners when accounts are placed.
But wait! It’s not that simple.
When creditors pass along email data, they actually have a tough decision to make: follow the procedure outlined in Regulation F for providing email addresses to agency partners, or simply rely on their agency partners willingness and ability to implement processes that comply with section 6(d)(4)(i) of Regulation F?
Relying on processes that comply with section 6(d)(4)(i) means hoping the consumer will actively provide consent to use their email address to collect their debt, leaving the use of email as a strategy in the hands of the consumer.
If the creditor intends to send consumer email addresses to their agency partners, they must provide a very specific notice to consumers prior to passing that information to the debt collector, advising the consumer that their account is being sent to a debt collector, and that the debt collector may use the email address for collection purposes, among other things. (Read more about the notice here).
So, what are the three biggest challenges facing creditors who want to follow the requirements?
1. Are you scrubbing for employer-provided email addresses?
Creditors must ensure that the email address is available for use by the general public. In other words, the email address cannot be one that was provided to the consumer by their employer. So, if you intend to email out the notice to consumers, your process needs to include a scrub to identify possible employer-provided email addresses. If you don’t have a solution in place today, it’s time to start looking for one.
2. Opt-out timing may be more complicated than you think
Creditors are faced with another decision concerning consumer opt-outs. Should the opt out be communicated to the creditor, or to the debt collector to whom the debt has been transferred? Regulation F requires that the notice instruct the consumer to respond to the debt collector or to the creditor but not to both.
The timing here is complicated, since the notice must provide a date by which the consumer’s opt-out must be received, which must be at least 35 days after the date the notice is sent.
If the creditor instructs the consumer to opt out via the debt collector, feasibly the debt collector must have already received the account from the creditor to which to apply the opt out. If the creditor prefers to receive the opt-out, the creditor must have an effective system in place to handle opt outs with their agency partners.
3. How the Reg F effective date applies
For accounts placed with agency partners prior to the effective date of Reg F (11/30/2021), the same considerations and questions remain.
If creditors elect to send the opt out notice, then they could be faced with the decision as to whether to instruct their agency partners to suspend email communication until the notice is sent, and the opt out period has expired. This could be particularly challenging for agencies that are heavily or entirely focused on a digital strategy for consumer outreach.
Colene McNinch is a Partner and the Chief Compliance Officer at M&G Solutions. M&G Solutions is a member of the iA Institute’s Innovation Council. The Innovation Council is a membership group for organizations that understand their future depends on thinking differently and being at the forefront of communications, analytics, payments, and compliance technology. Together, we envision the future and then map how to get there.