Preparing your Collection Agency for the CFPB Examination

By: Neil Gonsalves, Director at A-LIGN


On October 24, 2012 the Consumer Financial Protection Bureau (CFPB) published a rule that would allow the CFPB to federally supervise the larger consumer debt collectors/collection agencies. One of the main objectives of the CFPB Examination is to ultimately help ensure that consumers that are affected by the debt collection process are treated fairly. The CFPB’s supervision authority over these debt collectors/collection agencies took effect on January 2, 2013. Under the rule, any firm that has more than $10 million in annual receipts from consumer debt collection activities are subject to the CFPB’s supervisory authority. The CFPB may adopt a risk based approach focusing on debt collectors/collection agencies that pose a heightened risk to consumers based on information available from regulators, complaints, litigation, and media among other sources.


The focus of the CFPB examinations will be to assess the potential risks to consumers and whether debt collectors/collection agencies are complying with requirements of federal consumer financial law. They will do so by evaluating the debt collectors/collection agencies Compliance Risk Management System to help adhere to applicable federal consumer financial laws such as the FDCPA, FCRA, and UDAAP. CFPB Examiners will want to see a robust Compliance Risk Management System with adequate Board and Executive Management involvement and oversight; a compliance framework and program in place backed by policies and procedures, training, communication within the organization and with consumers; a good mechanism in place to capture and respond to consumer complaints; and lastly demonstration of audits of compliance either in-house or through a third-party independent auditor. Additionally, the examiners will evaluate whether debt collectors/collection agencies provide required disclosures, provide accurate information, have a consumer complaint and dispute resolution process, and communicate civilly and honestly with consumers. Each examination will cover one or more of the following modules:

  1. Entity Business Model
  2. Communications in Connection with Debt Collection
  3. Information Sharing, Privacy, and Interactions with Consumer Reporting Agencies
  4. Consumer Complaints, Dispute Resolution, and Debt Validation
  5. Payment Processing and Account Maintenance
  6. Equal Credit Opportunity Act
  7. Litigation Practices, Repossession, and Time-Barred Debt


The CFPB will send a letter (60-day letter) to the debt collector/collection agency selected for the examination approximately 60 days before the scheduled on-site date as a notification. The letter will be accompanied by a request for information and related documents that may include but not be limited to:

  1. Organizational charts and process flowcharts;
  2. Board minutes, annual reports, or the equivalent to the extent available;
  3. Relevant management reporting;
  4. Policies and procedures;
  5. Notes and disclosures;
  6. Telephone recordings;
  7. Operating checklists, worksheets, and review documents;
  8. Monitoring procedures;
  9. Compensation policies;
  10. Relevant computer program and system details;
  11. Consumer files, including original loan documents, and payment records systems;
  12. Historical examination information;
  13. Audit and compliance reports, and management responses to findings;
  14. Training programs and materials;
  15. Scripts for employee use;
  16. Third-party contracts and oversight materials, including monitoring reports and findings;
  17. Written correspondence with consumers;
  18. Court documents; and
  19. Consumer complaints and disputes, including those submitted to CFPB Consumer Response Center, Consumer Sentinel, the Better Business Bureau, or other sources as appropriate.


Debt collectors/collection agencies in their efforts to comply with the applicable laws and regulations as well as in preparing for the CFPB examinations should start off by performing an assessment of their current business processes and underlying information technology general controls in the light of the CFPB examination focus areas. This will help the debt collectors/collection agencies make a determination whether the services they provide on behalf of their customers and controls implemented are well documented to help comply with the applicable laws and regulations and in turn with the focus areas of the CFPB examination. It will also help to identify gaps (lack of documentation and/or controls implemented) that would need to be addressed/remediated within a defined timeframe. Based on the outcome of the gap analysis, debt collectors/collection agencies can formulate actionable plans with clear steps to remediate the gaps identified. Remediation efforts may include but not be limited to areas such as designing and placing in operation relevant controls and/or policies and procedures to support the remediation of the gaps identified, structuring the Compliance Risk Management System, and building a training plan. Lastly, the debt collectors/collection agencies should perform a self-assessment of the controls in accordance with the ‘CFPB Examination Procedures’ (Mock CFPB Examination) either in-house or using an independent third-party auditor to make a determination whether the controls have been implemented and to help assess its readiness to be subject to the actual CFPB Examination.