In March of 2015, the CFPB filed a civil action against a host of defendants. Caught up in this legal net were several alleged debt collection agencies, a host of payment processors, and a technology vendor.
The CFPB alleges that “debt collectors” engaged in schemes to defraud consumers by collecting from them debts
that, for the most part, didn’t exist at all. These companies, according to the CFPB, were aided and abetted by their
payment processors and the technology vendor, and that their success in defrauding consumers was heavily accessorized by these additional defendants.
The very, very slim good news: as of now, this is just a filed civil action. Nothing, yet, has come of this; the CFPB hasn’t made any express rules.
But even though nothing has come of this, that doesn’t mean we shouldn’t pay attention to the direction the CFPB is directing its efforts.
Specifically, this latest civil action highlights the CFPB’s thinking about vicarious liability. That shouldn’t be a new term to anyone in the debt industry; it’s often used to suggest that collection agencies need to make sure that their vendors are as compliant as they are. What’s new, and what makes this latest action from the CFPB so important, is the suggestion that it’s actually a full circle: collection agencies are responsible for their vendors, and vendors are responsible for their collection agency clients.
This is made most explicit with regards to the payment processors mentioned in the suit. Again and again, the CFPB 
points out that these payment processors had policies and procedures in place that explicitly forbade them from working with collection agencies — which is tough to defend when you’re a payment processor with that policy doing business with debt collectors.
Additionally, the CFPB held the technology vendor — in this case, a telephone services provider — liable for not stopping a collection agency from broadcasting a non-compliant message.
Again, it’s too early to know exactly what the ramifications of all of this will be. However, what we can say is this: compliance departments in particular need to be working on plans not only for auditing their third-party vendors; they need to have a plan in place for being audited by vendors in return. The CFPB literally sees the industry as a cohesive whole, and not discrete players. We’re all in this together — sometimes, uncomfortably so.
Mike Bevel is Director of Education for the Compliance Professionals Forum, a membership organization that
seeks to provide guidance, support, and best practices to those tasked with compliance functions in their organization. Visit www.compliancePF.com for more information.
