UDAAP and Collections Call Monitoring for Credit Unions

UDAAP & Collections Call Monitoring for Credit Unions — Dodd-Frank 1031/1036, CFPB Bulletin 2013-07, 12 CFR 1006 (Reg F)
Share article on
Linkedin logoX logo

Quick answer: Yes. Even when a credit union collects its own loans and is not technically an FDCPA "debt collector," its collection conduct is still subject to the UDAAP prohibition under Dodd-Frank. The CFPB has said that conduct which would violate the FDCPA can also be an unfair, deceptive, or abusive act or practice, so collections call monitoring is how a credit union proves its calls stay on the right side of the rules.

Do credit unions have to follow debt-collection rules on their own collections calls?

The prohibition on unfair, deceptive, or abusive acts or practices applies to credit unions collecting their own debts. What changes below certain thresholds is who examines you, not whether the rule applies.

The legal basis is Dodd-Frank sections 1031 and 1036 (12 U.S.C. 5531 and 5536), which prohibit unfair, deceptive, or abusive acts or practices in connection with a consumer financial product or service. The "unfair" and "deceptive" standards trace back to Section 5 of the FTC Act (15 U.S.C. 45); Dodd-Frank added the "abusive" standard. The CFPB has published examination procedures for UDAAPs that spell out how examiners apply these standards.

What do "unfair," "deceptive," and "abusive" mean for a collections call?

Each term has its own test, and a single call can trip more than one. Agents do not need to intend harm for a practice to qualify.

  • Unfair (12 U.S.C. 5531(c)): an act that causes or is likely to cause substantial injury that consumers cannot reasonably avoid and that is not outweighed by benefits to consumers or competition.
  • Abusive (12 U.S.C. 5531(d)): an act that materially interferes with a consumer's ability to understand a term or condition, or takes unreasonable advantage of a consumer's lack of understanding, inability to protect their interests, or reasonable reliance on the institution.
  • Deceptive (CFPB standard): a representation, omission, or practice that misleads or is likely to mislead a reasonable consumer on a point that is material to a decision.

Does the FDCPA apply to a credit union collecting its own loans?

Usually not directly. The FDCPA (15 U.S.C. 1692) primarily governs third-party debt collectors and generally excludes creditors collecting their own debts, and Regulation F (12 CFR part 1006) implements the FDCPA and binds "FDCPA debt collectors."

Here is the point that trips up a lot of first-party shops. A credit union collecting its own member loans is typically a first-party creditor and usually not an FDCPA "debt collector." But CFPB Bulletin 2013-07 states that UDAAP applies to the collection of consumer debts by creditors collecting their own debts, and that conduct which would violate the FDCPA can also be a UDAAP even where the FDCPA does not technically apply. In practice, that makes the Reg F conduct rules a sensible benchmark for what to keep off your calls.

Who examines your collections calls, the CFPB or NCUA?

It depends on asset size. The CFPB supervises credit unions with more than $10 billion in assets; the NCUA or the state regulator supervises those at or below $10 billion.

The threshold decides the examiner, not the standard. The UDAAP prohibition applies at every size. The NCUA and CFPB have signed a memorandum of understanding to coordinate supervision, so a smaller credit union should not assume UDAAP conduct expectations are lighter.

What should you monitor on collections calls, and which rule does it map to?

What to monitor on credit union collections calls mapped to Regulation F and UDAAP

Use the Reg F conduct rules as your monitoring benchmark, then treat any violation as a potential UDAAP for a first-party creditor. The table below maps common call behaviors to the rule.

What to monitor on the callRule / benchmark
Repeated calls placed to annoy or harass; watch the call-frequency limitsReg F 12 CFR 1006.14 (harassment/abuse)
Threats, obscene or profane language, or failure to meaningfully disclose the caller's identityReg F 12 CFR 1006.14
Ignoring a member's request to stop calling on a particular mediumReg F 12 CFR 1006.14
False statements about the amount, character, or legal status of the debtReg F 12 CFR 1006.18 (false/misleading)
Falsely implying attorney or government affiliationReg F 12 CFR 1006.18
Threats of action that cannot legally be taken or is not intended (repossession, legal action, wage garnishment)Reg F 12 CFR 1006.18
Missing "attempt to collect a debt" disclosureReg F 12 CFR 1006.18
Collecting amounts not authorized by the contract or by lawReg F 12 CFR 1006.22 (unfair/unconscionable)
Disclosing the debt to third parties, or exposing it on postcards, envelopes, or public social mediaReg F 12 CFR 1006.22
Any of the above, viewed as substantial injury, misleading a reasonable member, or taking advantage of a memberUDAAP, 12 U.S.C. 5531 / CFPB Bulletin 2013-07

On call frequency, Reg F sets a presumption of compliance for an FDCPA debt collector who places no more than 7 calls within 7 consecutive days about a particular debt, and who does not call within 7 days after a phone conversation about that debt. First-party creditors are not bound by that presumption, but it is a useful reference point when you set your own dialing rules and monitor for patterns that could look like harassment.

What does enforcement look like when calls go wrong?

There was no verified CFPB collection-call UDAAP case against a credit union to cite here, so treat these as illustrations of the stakes from consumer and auto lenders, not as credit-union precedent.

In October 2015, the CFPB acted against Security National Automotive Acceptance Company (SNAAC) for illegal collection tactics, including exaggerated consequences and false threats. The order required about $2.28 million in consumer redress plus a $1 million civil penalty, and the company was later fined $1.25 million for violating the consent order. In a separate matter, Westlake Services and its subsidiary Wilshire Consumer Credit were ordered to provide $44.1 million in consumer relief plus a $4.25 million civil penalty for deceptive collection calls that used false pretenses and phony caller ID and illegally disclosed debts.

Debt collection remains one of the most-complained-about financial products, as the CFPB's FDCPA annual report and Supervisory Highlights show. That volume is part of why examiners look closely at call conduct.

Where does Sedric fit in call monitoring?

Manual sampling catches a small slice of calls, and it usually catches problems after the fact. Sedric reviews 100% of collections and servicing calls and chats in near real time, flags prohibited language and missing disclosures against the applicable rules, and logs every flag so you have an exam-ready record. That turns the table above into a running control rather than a quarterly spot check.

Frequently asked questions

If we never call ourselves a "debt collector," are we off the hook for FDCPA-style conduct?

No. You may be outside the FDCPA's definition as a first-party creditor, but UDAAP still applies. CFPB Bulletin 2013-07 makes clear that FDCPA-type conduct can be a UDAAP even when the FDCPA does not technically reach you.

Does the 7-in-7 call-frequency rule apply to our own collections calls?

The Reg F presumption is written for FDCPA debt collectors, so it does not bind a first-party creditor. It is still a reasonable benchmark to monitor against, because repeated calls placed to harass can support a UDAAP finding.

We are under $10 billion in assets. Does UDAAP still apply?

Yes. Asset size determines whether the CFPB or the NCUA (or your state regulator) examines you, not whether UDAAP applies. The prohibition applies at every size.

Is monitoring a sample of calls enough for an exam?

Sampling has long been common, but it leaves most calls unreviewed. Reviewing all calls and keeping a logged record of each flag gives you stronger evidence that your controls work when an examiner asks.

For the broader program, see our pillar on credit union marketing and communications compliance, and related guides on NCUA advertising rules and Truth in Savings advertising.

Sources

Run compliance on autopilot

Convert your static procedures into active AI controllers that protect your brand 24/7.