CFPB Reg F: The 2026 Operator's Guide

CFPB Regulation F is the Consumer Financial Protection Bureau's implementing regulation for the Fair Debt Collection Practices Act, in force since November 30, 2021. Where the FDCPA sets the statutory floor, Reg F sets the operational ceiling — prescribing the specific format of the validation notice, the precise 7-in-7 call-frequency limit, the rules on emails and texts, and the recordkeeping requirements that govern third-party debt collection in the United States. This guide is the practitioner's operator manual for Reg F in 2026.

Why Reg F Matters

For thirty-plus years, FDCPA compliance was a debate about statutory interpretation. Courts split, agencies guided, and operators built compliance programs around their best understanding of "reasonable" practice. Reg F collapsed that ambiguity. The Bureau wrote down the rules — call frequency, notice format, channel restrictions — in operationally testable form. CFPB exam teams now have a checklist; consumer plaintiffs' attorneys have a testable framework; collection operators have clear standards.

The Bureau's 2024-2025 supervisory cadence has heavily emphasised Reg F compliance, with particular focus on three areas: validation notice adequacy, call-frequency-rule observance, and electronic-communication consent management.

Who Is Covered

Reg F covers third-party debt collectors as defined by the FDCPA — agencies, debt buyers, and attorneys collecting consumer debt on behalf of another. First-party creditors collecting their own debt are not directly covered, though many adhere to Reg F standards through CFPB UDAAP supervision and operational consistency.

The Reg F Architecture

Reg F sits at 12 CFR Part 1006. Its operational core is in five subparts:

• Subpart B — Communications. Restrictions on with whom, when, and how a collector communicates.
• Subpart C — Prohibitions. Codifications of harassment, false-representation, and unfair-practice bans.
• Subpart D — Required disclosures. Validation notice contents and delivery requirements.
• Subpart E — Recordkeeping. Documentation and retention requirements.
• Subpart F — Limited-content messages. The safe-harbour voicemail format.

The Validation Notice

The validation notice is the centre of Reg F. § 1006.34 specifies what must appear, in what order, and within what timeline:

• Delivery within 5 days of the initial communication (with limited exceptions).
• Itemisation of the debt from a specified itemisation date.
• Current balance.
• Account information including creditor name and account number.
• Information about the consumer's right to dispute.
• Specific dispute-prompt language.
• A "Notice of Important Information" form (Form B-1, B-2, or B-3, depending on context).

The Bureau's most common Reg F enforcement finding is validation-notice defects — missing fields, incorrect formatting, late delivery, or itemisation errors. Software that auto-generates and tracks the notice is the standard operational response.

The 7-in-7 Call Frequency Rule

§ 1006.14(b) caps debt-collection calls at:

• Seven calls per debt per consecutive seven-day period.
• A seven-day quiet period after a consumer call is answered.

The rule is per-debt, not per-consumer. A consumer with multiple debts in collection can receive multiple call streams simultaneously, each subject to its own 7-in-7 window. Compliance requires per-debt call tracking at the dialler / CRM layer, not just per-consumer.

Email and Text Restrictions

§ 1006.6 permits email and text only under specific conditions:

• The consumer has consented (typically opt-in at the creditor or servicer level, transferring to the collector).
• OR the safe-harbour conditions for limited-content messages are met.
• Each electronic communication includes a reasonable and simple way to opt out.
• The collector has a process to track and honour opt-outs.

Failure-to-honour-opt-out is one of the fastest-growing consumer-complaint categories at the CFPB Consumer Complaint Database.

Limited-Content Messages

§ 1006.2(j) defines a "limited-content message" — a voicemail that the Bureau treats as not constituting a communication for FDCPA-third-party-disclosure purposes, provided specific content rules are met:

• Business name (without indicating the collector is in debt collection).
• A statement that the message is for the consumer.
• Request that the consumer reply by telephone or electronic media.
• Telephone number(s) and (optionally) date / time of expected availability.
• No additional content beyond these elements.

The format is rigid; including any debt-related content (account number, amount, creditor name) makes the message a regular communication and defeats the safe harbour.

Recordkeeping

§ 1006.100 requires retention of evidence of compliance, including:

• 3 years from the last collection activity for most records.
• Phone-call recordings (where the collector records calls) retained for the longer of 3 years from creation or 3 years from last collection.
• Documentation of consumer consents to email / text communications.
• Documentation of consumer cease-communication requests and opt-outs.

How Sedric Helps

Sedric encodes the Reg F rulebook as a structured library — every rule provision mapped to a testable condition. The platform monitors 100% of calls, messages, and digital interactions in real time, flagging Reg F violations against the specific section. The agent-assist surface prompts the mini-Miranda, the validation-notice cue, and the call-frequency caution in real time, so violations are prevented rather than just detected.

FAQ

Is Reg F different from the FDCPA?

Reg F is the CFPB's implementing regulation for the FDCPA. The FDCPA is the statute; Reg F operationalises it. Modern compliance requires both.

Does Reg F apply to first-party creditors?

Not directly — Reg F applies to third-party debt collectors. First-party creditors face parallel CFPB UDAAP and state UDAP obligations, and many adopt Reg F standards voluntarily.

What's the most common Reg F examination finding?

Validation-notice defects. Missing fields, late delivery, incorrect itemisation, and absent dispute-prompt language are the most cited findings.

How does the 7-in-7 rule interact with multiple debts?

The cap is per-debt, not per-consumer. A consumer with multiple debts in collection can receive multiple call streams, each subject to its own limit. Per-debt tracking is the operational requirement.

How long do I retain the validation notice?

3 years from the last collection activity, under § 1006.100. Many firms retain longer to align with state UDAP retention or class-action discovery windows.

The Bottom Line

Reg F made third-party debt collection in the United States rule-mapped and testable. The firms that handle it well operate to the regulation prescriptively — validation notice auto-generated and timestamped, call frequency enforced at the dialler, communications-media consent tracked end-to-end, and 100% call monitoring producing the audit trail the CFPB expects to find on first request.

Test Your Reg F Readiness

Sedric's free Reg F Readiness Assessment runs your call sample against the full § 1006 ruleset in 48 hours and returns a rule-mapped findings report. Take the assessment.