Sedric Team
Communications
![Featured image for 'CFPB Reg F: The 2026 Operator's Guide' — Sedric branded [sedric-rebrand-v2]](https://cdn.prod.website-files.com/69a7e1717e5289161221dbf3/6a15f184b9e16b2074c63303_6a15f180de817f5765d9678b_featured-rebrand-cfpb-reg-f-2026-operators-guide.png)
CFPB Regulation F is the Consumer Financial Protection Bureau's implementing regulation for the Fair Debt Collection Practices Act, in force since November 30, 2021. Where the FDCPA sets the statutory floor, Reg F sets the operational ceiling — prescribing the specific format of the validation notice, the precise 7-in-7 call-frequency limit, the rules on emails and texts, and the recordkeeping requirements that govern third-party debt collection in the United States. This guide is the practitioner's operator manual for Reg F in 2026.
For thirty-plus years, FDCPA compliance was a debate about statutory interpretation. Courts split, agencies guided, and operators built compliance programs around their best understanding of "reasonable" practice. Reg F collapsed that ambiguity. The Bureau wrote down the rules — call frequency, notice format, channel restrictions — in operationally testable form. CFPB exam teams now have a checklist; consumer plaintiffs' attorneys have a testable framework; collection operators have clear standards.
The Bureau's 2024-2025 supervisory cadence has heavily emphasised Reg F compliance, with particular focus on three areas: validation notice adequacy, call-frequency-rule observance, and electronic-communication consent management.
Reg F covers third-party debt collectors as defined by the FDCPA — agencies, debt buyers, and attorneys collecting consumer debt on behalf of another. First-party creditors collecting their own debt are not directly covered, though many adhere to Reg F standards through CFPB UDAAP supervision and operational consistency.

Reg F sits at 12 CFR Part 1006. Its operational core is in five subparts:

The validation notice is the centre of Reg F. § 1006.34 specifies what must appear, in what order, and within what timeline:
The Bureau's most common Reg F enforcement finding is validation-notice defects — missing fields, incorrect formatting, late delivery, or itemisation errors. Software that auto-generates and tracks the notice is the standard operational response.
§ 1006.14(b) caps debt-collection calls at:
The rule is per-debt, not per-consumer. A consumer with multiple debts in collection can receive multiple call streams simultaneously, each subject to its own 7-in-7 window. Compliance requires per-debt call tracking at the dialler / CRM layer, not just per-consumer.
§ 1006.6 permits email and text only under specific conditions:
Failure-to-honour-opt-out is one of the fastest-growing consumer-complaint categories at the CFPB Consumer Complaint Database.
§ 1006.2(j) defines a "limited-content message" — a voicemail that the Bureau treats as not constituting a communication for FDCPA-third-party-disclosure purposes, provided specific content rules are met:
The format is rigid; including any debt-related content (account number, amount, creditor name) makes the message a regular communication and defeats the safe harbour.
§ 1006.100 requires retention of evidence of compliance, including:
Sedric encodes the Reg F rulebook as a structured library — every rule provision mapped to a testable condition. The platform monitors 100% of calls, messages, and digital interactions in real time, flagging Reg F violations against the specific section. The agent-assist surface prompts the mini-Miranda, the validation-notice cue, and the call-frequency caution in real time, so violations are prevented rather than just detected.
Reg F is the CFPB's implementing regulation for the FDCPA. The FDCPA is the statute; Reg F operationalises it. Modern compliance requires both.
Not directly — Reg F applies to third-party debt collectors. First-party creditors face parallel CFPB UDAAP and state UDAP obligations, and many adopt Reg F standards voluntarily.
Validation-notice defects. Missing fields, late delivery, incorrect itemisation, and absent dispute-prompt language are the most cited findings.
The cap is per-debt, not per-consumer. A consumer with multiple debts in collection can receive multiple call streams, each subject to its own limit. Per-debt tracking is the operational requirement.
3 years from the last collection activity, under § 1006.100. Many firms retain longer to align with state UDAP retention or class-action discovery windows.
Reg F made third-party debt collection in the United States rule-mapped and testable. The firms that handle it well operate to the regulation prescriptively — validation notice auto-generated and timestamped, call frequency enforced at the dialler, communications-media consent tracked end-to-end, and 100% call monitoring producing the audit trail the CFPB expects to find on first request.
Sedric is the AI compliance platform for regulated marketing and communications. Every flag is mapped to the specific rulebook provision, every override is logged with reasoning, and the audit trail is the format regulators expect on first request. Book a 30-minute demo and we will walk through your specific compliance footprint.
Convert your static procedures into active AI controllers that protect your brand 24/7.
.avif)
You’ll be able to see a full demo of marketing and communications compliance with your brand.