FDCPA Compliance Checklist 2026

The Fair Debt Collection Practices Act (FDCPA) is the foundational federal statute governing third-party debt collection in the United States. Since 1977 it has prohibited specific abusive, deceptive, or unfair collection practices. In 2026, the FDCPA continues to drive the largest single share of consumer-protection enforcement and class-action exposure in the collections industry. This is the operator's checklist — sixteen items, mapped to the specific FDCPA section and where Reg F overlays the rule.

What the FDCPA Covers

The FDCPA applies to third-party debt collectors — agencies, debt buyers, and attorneys collecting on behalf of others — when collecting consumer debt (debt for personal, family, or household purposes). First-party creditors collecting their own debt are not directly covered by the FDCPA but face parallel obligations under state UDAP statutes and CFPB UDAAP authority.

The statute's six substantive areas:

• Communications with consumers and third parties — when, how, and with whom collectors can communicate (§§ 1692c, 1692b).
• Harassment or abuse — prohibitions on threats, profane language, repeated calls, and similar conduct (§ 1692d).
• False or misleading representations — bans on false statements about the debt, the collector, or legal action (§ 1692e).
• Unfair practices — prohibitions on collecting amounts not authorised, using post-dated checks improperly, or non-authorised fees (§ 1692f).
• Validation of debts — the consumer's right to dispute and the collector's obligation to verify (§ 1692g).
• Civil liability — actual damages plus statutory penalties to $1,000 per violation, plus attorneys' fees (§ 1692k).

The CFPB's 2021 Regulation F adds operational specificity — call frequency, communications media, validation notice format. Modern FDCPA compliance means operating to both the statute and the regulation.

Why FDCPA Compliance Matters in 2026

Three forces have raised the operational bar:

• The CFPB's supervisory cadence has accelerated. The Bureau's 2024-2025 examination programme has focused heavily on debt-collection, with particular emphasis on validation notice compliance, call-frequency rules, and credit-reporting accuracy.
• State AGs are filing significant actions. Multi-million-dollar settlements have become routine. State-level cures often impose monitoring requirements that exceed federal baseline.
• Class-action exposure compounds. A single mishandled call surfacing in discovery can ground a class action with statutory damages multiplied across the affected population.

The 16-Item FDCPA Compliance Checklist

1. Mini-Miranda disclosure. Every collection call opens with the prescribed disclosure: "This is an attempt to collect a debt and any information obtained will be used for that purpose." Reg F § 1006.18(e)(1).
2. Caller identification. The collector identifies themselves and their agency by name. § 1692d(6).
3. Time-of-day restrictions. No calls before 8 a.m. or after 9 p.m. consumer-local time, unless the consumer consents otherwise. § 1692c(a)(1).
4. 7-in-7 call frequency. Reg F caps collection calls at 7 per debt per 7 days, with a 7-day quiet period after talking with the consumer. § 1006.14(b).
5. Validation notice. Within 5 days of the initial communication, provide the Reg F-specified validation notice with itemisation, current balance, account information, and consumer-protection statements. § 1006.34.
6. Communications-media restrictions. Email and text only with consumer consent (or via the limited-content message safe harbour). § 1006.6.
7. Place-of-employment restrictions. If the consumer or employer indicates that the employer prohibits such communication, the collector must stop calling there. § 1692c(a)(3).
8. Cease-communication requests. Once a consumer requests in writing that the collector cease communication, the collector must stop except for specified safe-harbour purposes. § 1692c(c).
9. Third-party communications. Communications with anyone other than the consumer (spouse, attorney, guarantor, etc.) are restricted to specific safe-harbour scenarios. § 1692c(b).
10. Harassment and abuse prohibition. No threats, profane language, calls intended to annoy or harass, or repeated calls. § 1692d.
11. False or misleading representations. No false statements about amount owed, legal action threatened, collector's identity, or consumer-rights implications. § 1692e.
12. Unfair practices prohibition. No collection of unauthorised amounts, no post-dated checks misused, no deposit threats. § 1692f.
13. Disputed debt handling. If the consumer disputes the debt within the validation period, cease collection until the collector verifies the debt and provides verification to the consumer. § 1692g(b).
14. Credit reporting. Don't report disputed debt without noting the dispute; don't report inaccurate information. § 1692e(8); FCRA overlay.
15. Audit trail. Every call, message, validation notice, and consumer interaction logged with timestamp, agent ID, and disposition. Reg F § 1006.100 retention requirements.
16. Compliance Management System. Documented policies, training, monitoring, corrective action, and board-level oversight, aligned to CFPB CMS expectations.

Common FDCPA Violations That Trigger Enforcement

• Failure to deliver a compliant validation notice within 5 days.
• Calls exceeding the 7-in-7 frequency cap, particularly across multiple debts attributed to the same consumer.
• Texts or emails to consumers who never opted in.
• Mini-Miranda omission on subsequent calls (it's required on each collection communication, not just the first).
• Place-of-employment calls after the employer's prohibition is known.
• Third-party disclosure of debt status (most commonly to family members or co-workers in voicemail or call-back contexts).
• Threats of legal action that the collector has no intention of taking.
• Misrepresentation of the consumer's rights, particularly around credit reporting and dispute consequences.

How Sedric Helps

Sedric monitors 100% of collection calls and messaging in real time, scoring each interaction against the full FDCPA + Reg F rulebook plus the firm's policy library. The agent-assist surface whispers required disclosures (mini-Miranda, validation, time-of-day) to the agent at the right moment. Every flag is mapped to the specific FDCPA section or Reg F provision it engages, and every override is logged with reasoning — the exact audit trail a CFPB examiner expects.

FAQ

Does the FDCPA cover first-party creditors collecting their own debt?

Not directly. First-party creditors face parallel obligations under CFPB UDAAP and state UDAP statutes; many also adhere to FDCPA standards voluntarily to maintain consistency across the collection lifecycle.

What's the statutory penalty for an FDCPA violation?

Up to $1,000 per consumer in statutory damages, plus actual damages and attorneys' fees. Class actions can multiply this dramatically.

How does Reg F change FDCPA compliance?

Reg F operationalises the FDCPA — adding the 7-in-7 rule, validation notice format, communications-media rules, and recordkeeping. Modern compliance means satisfying both statute and regulation simultaneously.

Are voicemails communications under the FDCPA?

Yes. A voicemail counts as a communication. The limited-content message safe harbour in Reg F § 1006.2(j) provides specific format requirements that allow a voicemail without triggering third-party disclosure liability.

How long do I need to retain collection records?

Reg F § 1006.100 requires 3 years from the last collection activity for most records, with longer retention for certain recordings and validation notice evidence.

The Bottom Line

FDCPA compliance in 2026 is not a static checklist exercise — it's an operational discipline that must run live, across every collection conversation, every channel, every state. The firms that handle it well have real-time monitoring with rule-mapped flagging, agent-assist that prevents violations before they occur, and an audit trail that survives both regulator examination and class-action discovery.

Run a Compliance Audit on Your Last 100 Calls

If reading this checklist has surfaced gaps, Sedric's free Collection Compliance Audit will take 100 of your recent calls and score them against the full FDCPA + Reg F + state-law rulebook, with rule-mapped findings delivered within 48 hours. Run a free audit.