regulaztion z guide

Regulation F and How it Impacts Payment Processing Email Communication

As part of a debt collector’s general oversight responsibilities, they must evaluate all their vendors’ ability to perform services in compliance with applicable law. This oversight obligation includes emails sent on a debt collector’s behalf as part of payment processing services. Debt Collectors should ensure that the debtor has consented to the email, secondly, that emails sent to the debtors include the proper opt-out language, and lastly, that the emails are sent in accordance with the Regulation’s guidelines and debtor’s preferred communication.

Regulation F and Consent

With respect to emails, Regulation F provides three “safe harbor” procedures[1] under which a debt collector may send an email to a consumer[2]. For communication used as part of the payment process where debtors receive emails, the first safe harbor will apply for any emails sent by PaymentVision after the debtor provides their email address online. Under this provision, the official commentary states that if a debtor offers their email address to the debt collector through an online portal, the debt collector may treat this as consent to use the email address for communications, but only if “the debt collector discloses clearly and conspicuously that the debt collector may use the email address to communicate with the consumer about the debt.”[3] PaymentVision sends payment receipts, and payment reminders after emails are provided through the payweb portal, including a provision with terms that meet this requirement.

For emails requested by the Debt Collector that are not consented to by the debtor through PaymentVision’s online portal, consent must be secured under one of the other last two “safe harbors.” The first requires that the creditor sends out an opt-out notice informing the debtor that it will be transferred to a debt collector with access to its email on file[4]. The opt-out provision should provide the debtor no less than 35 days to opt-out and should be sent to the email where consent is sought. If a debtor does not opt-out, the debt collector can assume consent.
However, this consent is limited to those email addresses that are “for use by the general public.[5]” Emails should not be sent to email addresses known to work email addresses [6] (absent prior consent or receipt by the debt collector of an email sent from the debtor’s work email account[7]).

The last option for consent, the third “safe harbor,” provides that consent can be assumed when a prior debtor collector obtained the consent one of the previous two ways when the previous debt collector used the email, and the debtor did not opt-out[8].

Regulation F and Opt-out Provisions

Following confirmation of consent, the Debt Collector must ensure that emails sent under such consent include an opt-out notice for future emails[9]. Opt-out notices should be reasonable and simple[10]. While the Regulation does not define a reasonable and simple notice, an example in the Official commentary was provided. An email opt-out notice that requires a debtor to reply stop would be reasonable; however, it would not be considered reasonable to require the debtor to mail, call or visit an alternative site to submit an email opt-out notice[11]. The opt-out notice must be processed timely. While the Regulation does not define timely, the CFPB commentary states that it considered a range of 24 hours to 10 days as reasonable [12]. Unfortunately, if someone opt-outs and the system is not updated before a new communication, a debt collector could find itself in a court defending its process.

It is crucial to ensure all opt-outs are processed as timely as possible. There is always a risk that parties will use the lack of specific guidance as a means to bring a case[13].

If an email is sent as a payment receipt and the email consent will not be used for any purpose in the future, an opt-out notice will not be required.

Preferred Method of Communication

Regulation F does not explicitly require companies to use the consumer’s preferred method of contact, nor does it require you to determine the debtor’s preference before sending a communication. However, it clarifies that if a consumer notifies a debt collector that a particular type of communication (e.g., email, phone, text) or time or place is inconvenient, a debt collector cannot contact the debtor in such a way[14]. So, in other words, the Regulation does not impose legal ramifications for ignoring communication channel preference unless the consumer has specifically told you that any type of communication is inconvenient. For example, if a client has not specified that email is a preferred method, but you have obtained consent per the requirements above, you can email the client as they did not say it was inconvenient.

Like the opt-out provisions discussed above, there is no specific timeframe for which a debt collector must update the system with such request; it should be updated as timely as possible to avoid the risk of litigation. In addition, Regulation F does not provide a requirement that a debtor collector should request a debtor’s preferred method of communication more than once. Some suggest, however, that it is good practice to allow debtors to update this information ongoing. An example would be to notify all those debtors can submit a preference at any time through a debtor’s agent. This notification could be published on the webpage or outgoing communications from time to time. This method would allow a central database for all requests to be processed as timely as possible. The need to update the system timely is vital to avoid contacting a debtor at an inconvenient time after the debtor submits the information.

[1] Safe Harbor protection 12 CFR § 1006.22(e)(4)(g), a safe harbor only as to claims that a debt collector violated § 1006.22 by revealing in the email or text message the debt collector’s name or other information indicating that the communication relates to the collection of a debt. Official Staff Commentary
[2]12 CFR § 1006.6(d)(4)(i)-(iii).
[3] 12 CFR § 1006.6(d)(4)(i).
[4] 12 CFR § 1006.6(d)(4)(ii).
[5] 12 CFR § 1006.6(d)(4)(ii).
[6]12 CFR § 1006.6(d)(4)(ii)(e)
[7]12 CFR § 1006.6(d)(4)(i) or (ii). A debt collector knows that an email address is provided by the consumer’s employer if any person has informed the debt collector that the address is employer provided. It does not require a debt collector to conduct a manual review of consumer accounts to determine whether an email address might be employer provided. Official Staff Commentary § 6(d)(4)(ii)(E).
[8] 12 CFR § 1006.6(d)(4)(iii).
[9] 12 CFR § 1006.6(d)(4)(ii)(C)(4)
[10]12 CFR § 1006.6(d)(4)(ii)(C)(4),
[11] “Reasonable and simple” methods for opting out do not include a requirement that a consumer who receives the opt out notice electronically exercise their opt out right by postal mail, telephone, or visiting a website without providing a link. Official Staff Commentary 12 CFR §1006.6(d)(4)(ii)(C)(4).
[12] Supplement I to Part 1006—Official Interpretations —§ 1006
[13] Deloitte. Legal, Legal Risk Management , A heightened focus for the General Counsel,
[14] 12 CFR § 1006.6(b)