The CFPB announced that it has entered into a consent order with Security Group Inc. and its subsidiaries (Security Group) to settle an administrative enforcement action that charged the companies with having engaged in unlawful debt collection and credit reporting practices. The consent order requires Security Group to pay a civil money penalty of $5 million.
The consent order states that Security Group owned and operated approximately 900 locations in 20 states. According to the consent order, certain Security Group entities were primarily in the business of making consumer loans and other entities were primarily in the business of purchasing retail installment contracts from auto dealers. The consent order concludes that Security Group engaged in debt collection practices that constituted unfair acts and practices in violation of the Consumer Financial Protection Act and credit reporting practices that violated the Fair Credit Reporting Act and Regulation V.
The consent order finds that:
- The unlawful debt collection practices in which Security Group engaged included the following:
- Visiting consumers’ homes and places of employment, as well as the homes of their neighbors, and visiting consumers in other public places, thereby disclosing or risking disclosure of consumers’ delinquencies to third parties, disrupting consumers’ workplaces and jeopardizing their employment, and humiliating and harassing consumers
- Routinely calling consumers at work, sometimes calling consumers on shared phone lines and in the process speaking with co-workers or employers and thereby disclosing or risking disclosure of consumers’ delinquencies to third parties, and also calling after being told that consumers were not allowed to receive calls at work and that future calls could endanger their employment
- Failing to heed and properly record consumers’ and third parties’ requests to cease contact or to give personnel access to cease-contact requests logged by employees in other stores, thereby resulting in repeated unlawful calls to consumers and third parties
- The unlawful credit reporting practices in which Security Group engaged included the following:
- Failing to establish and implement any reasonable policies and procedures regarding the accuracy and integrity of information furnished to consumer reporting agencies (CRAs)
- Failing to address in policies and procedures how to properly code customer account information or responses to consumer disputes using the Metro 2 Guide and not ensuring that its monthly furnishing system was coordinated with its consumer dispute furnishing practices
- Regularly furnishing information to CRAs that it had determined was inaccurate based on information maintained in its data base or other information, such as information provided by consumers as part of a credit reporting dispute or information provided to CRAs
The consent order appears to indicate that first-party collectors that engage in conduct that the FDCPA would prohibit as unfair conduct by third-party collectors continue to be at risk for violating the CFPA’s UDAAP prohibition. It also appears to indicate that the CFPB continues to disfavor in-person debt collection activities and that companies that do so remain in great peril. In December 2015, the CFPB issued a bulletin to provide guidance to creditors, debt buyers and third-party debt collectors about compliance with the CFPA UDAAP prohibition and the FDCPA when conducting in-person debt collection visits, such as visits to a consumer’s workplace or home.
In addition to imposing the $5 million civil money penalty, the consent order prohibits Security Group from engaging in the debt collection practices found to be unlawful, and requires it to:
- implement and maintain reasonable written policies and procedures regarding the accuracy and integrity of the information furnished to CRAs
- correct or update any inaccurate or incomplete information furnished to CRAs
- provide a prescribed notice to customers affected by inaccurate information furnished to CRAs
- update its policies and procedures to include a specific process for identifying when information furnished to CRAs is inaccurate or requires updating (which must include at a minimum the monthly examination of sample accounts and monitoring and evaluation of disputes received from CRAs and customers)
- submit a compliance plan to the CFPB to ensure that Security Group’s credit reporting and collections comply with applicable federal consumer financial laws and the terms of the consent order (which includes a list of items that, at a minimum, must be part of the compliance plan
It is noteworthy that while the consent order imposes a $5 million civil penalty on Security Group, unlike a 2015 CFPB consent order that required the respondents to refund amounts collected through in-person visits found to be unlawful, the consent order does not require Security Group to make refunds to consumers.
In its Spring 2018 rulemaking agenda, the CFPB stated that it “is preparing a proposed rule focused on FDCPA collectors that may address such issues as communication practices and consumer disclosures.” It estimated the issuance of a NPRM in March 2019.