Demystifying Consent: How to Compliantly Send Digital Debt Collection Communications to Consumers


Learn more at GetRetain.com

By Kelly Knepper-Stephens,* Chief Legal Officer, TrueML Technologies

It is not easy to send emails or text messages at scale to consumers in debt. There are multiple factors working against companies attempting to do so; everything from throttling issues, deliverability issues, special carrier rules, managing opt-outs, and, of course, making sure that the content meets the federal and state compliance requirements. The latter we addressed in the first installment of our series: the Mailbox Rule Applies to Emails. This installment focuses on when consent is required and when it is not. The next installment, coming soon, will focus on opt-outs when they are required and when they are not. 

In this article, the term consent means the legal obligation to obtain a consumer’s agreement before a debt collector sends communications via a particular channel. There is no federal requirement to obtain a consumer’s consent to receive debt collection emails. Regulation F, the Consumer Financial Protection Bureau’s (CFPB) regulation to the Fair Debt Collection Practices Act (FDCPA), made this clear. Yet, a top question that continues to be asked on any digital debt collection webinar involves consent capture prior to email. Maybe the confusion arises because the applicability of the handful of federal and state laws that compete in the consent capture space depends both on the facts of the situation as well as the channel of communication (email or text). 

These statutes include the Electronic Signatures in Global Commerce Act (E-Sign), the Electronic Funds Transfer Act (EFTA), the Fair Debt Collection Practices Act (FDCPA), and the Telephone Consumer Protection Act (TCPA). The CAN-Spam Act is not included in this list because it applies to commercial messages—not debt collection messages. There are also a handful of states, particularly New York and Washington, DC, that have requirements that differ for consent and preference capture. With all these statutes and interpreting regulations in mind, there are three general principles: 

  1. Generally speaking, consent is not required to send debt collection emails
  2. Consent is not required to send text messages, if the system used is not an automated telephone dialing system (ATDS)
  3. Regardless of the laws, carriers and email service providers care about consumer preference 

1. Generally speaking, consent is not required for debt collection emails (but read this for the exceptions, like disputes, payment reminders, and special state laws like New York and DC).

There is no federal law that requires a consumer’s consent to receive debt collection emails. And, as already mentioned above, CAN-Spam does not apply to debt collection—it applies to commercial messages. 

There are three instances under the federal laws where specific fact patterns do require a consumer’s consent to send a particular kind of debt collection message. First, if the initial communication does not contain the validation notice then a debt collector must obtain consent (or confirm the creditor obtained E-Sign consent that extends to its debt collector) to send the validation notice digitally. If the consumer did not consent, then the debt collector must send the validation notice by physical mail within 5 days of the initial communication. This is due to the operation of E-Sign and the FDCPA requirement that if not provided in the initial communication, the validation notice must be provided in writing (by mail) within 5 days of that initial communication. To be clear, a debt collector can send the validation notice as the initial communication digitally, and without E-Sign consent, as long as it meets all the requirements for sending the required validation notice electronically (explained in our initial blog of this series). Section 1006.42(b) of Regulation F confirmed this as well. Also, see Greene v. TrueAccord where the Court explained E-Sign does not apply to the initial communication delivered by email.

Second, any time a consumer disputes or requests the name and address of the original creditor, a debt collector must obtain consent (or confirm the creditor obtained E-Sign consent that extends to its debt collector) to send the validation documents electronically. If the consumer did not consent, then the debt collector must send the validation documents (including the name and address of the original creditor if requested) by mail prior to resuming collection activities. 

Third, both the EFTA and the FDCPA have requirements to send written payment reminder communications. A debt collector must obtain a consumer’s consent (or confirm the creditor obtained E-Sign consent) to send these written payment reminder communications digitally.

As of today, there are two state laws that require consent for digital debt collection communications: New York and Washington DC. Both are very different but have one thing in common: a requirement to physically mail the validation notice. 

New York also requires a debt collector to capture a consumer’s consent prior to sending debt collection emails. The law allows for emails to be used to capture the consent required to send debt collection emails, but does not permit email about the account until the debt collector obtains a consumer’s consent. 
Washington DC additionally requires a consumer’s consent to send more than one digital communication per week. A debt collector can communicate by one email, text, or private message on social media per week without consent. If a debt collector captures consent to communicate digitally, DC law restricts the frequency to no more than 5 digital communications per week after obtaining a consumer’s consent.

2. Generally speaking, consent is not required to send a text message if the system used is not an ATDS as defined by the TCPA.

The TCPA requires a company to obtain a consumer’s consent before sending a text message using an ATDS. In other words, it is a violation of the TCPA to send a text message using an ATDS without first capturing a consumer’s consent to do so. If the system used to send text messages is not an ATDS, then a consumer’s consent is not required to send text messages. 

The case law interpreting the TCPA makes clear that debt collectors can rely on the consent to send text messages using an ATDS that is often captured by the creditor during origination or initial processing.  

The Supreme Court of the United States unanimously ruled in April 2021 that Facebook did not violate the TCPA when it sent unsolicited text messages to people without their consent(see the Facebook v. Deguid Opinion). In the April 2021 decision, the SCOTUS made clear the definition of ATDS: “we hold that a necessary feature of an autodialer under [the TCPA] is the capacity to use a random or sequential number generator to either store or produce phone numbers to be called” or texted.

Under the other federal laws at issue (FDCPA, E-Sign and EFTA), there are three instances where a debt collector would additionally need to obtain a consumer’s consent (or confirm the creditor obtained E-Sign consent that extends to its debt collector) to send a particular communication by text.  These are the same three situations explained in section 1 above. Therefore, a debt collector should obtain a consumer’s consent (or confirm the creditor obtained E-Sign consent that extends to its debt collector) prior to sending the following three items by text message: (1) texting the validation notice when it is not provided in the initial communication; (2) texting validation documentation in response to a dispute or request for the name and address of the original creditor; and (3) texting payment reminder notices pursuant to either the FDCPA or EFTA.

In addition to the federal requirements, companies should also always review state and local laws and regulations to determine if there are stricter rules around consent to communicate using a particular channel.  For example, Washington DC law described above also applies to text messages and requires a consumer’s consent to send more than one digital communication per week. Under the law, a debt collector can communicate by one email, text, or private message on social media per week without consent. If a debt collector captures consent to communicate digitally, DC law restricts the frequency to no more than 5 digital communications per week after obtaining a consumer’s consent.

3. Regardless of the laws, carriers and email service providers care about consumer preference.

Unfortunately, understanding the general principles are not enough for successful digital compliance and delivery programs. Some carriers set up operating rules that require senders (particularly debt collectors) to demonstrate that the consumer did provide consent before sending text messages. For example, to obtain a short code, a debt collector needs to demonstrate that it obtains express consent from consumers before it sends a text message. This is a requirement of the short code guidelines maintained by the CTIA Wireless Industry Association that maintains the short code program. Additionally, each carrier can make additional decisions related to short codes such as T-Mobile’s ban on debt collection messages found in its Code of Conduct

Showing you have a consumer’s consent can be satisfied by the original loan agreement, or showing the terms and conditions agreed to by the consumer that included the consumer’s consent to receive text messages, or showing that the consumer opted in to receive text messages directly with the debt collector through its website or on a recorded line.  Additionally, after receiving a short code or even when using 10-DLC numbers, if consumers report that they did not consent a debt collector may find all traffic blocked, unless the debt collector can again prove that the specific consumer in fact did authorize text messages.  These carrier requirements are not law, but are required, regardless of the system used to deliver the message, if you want to successfully send text messages. 

Email service providers do not have any requirements related to consent capture, however; they do have additional requirements related to opt-outs that debt collectors must follow in order to successfully deliver emails—this will be covered in our next series installment.

So, a debt collector that follows these three principles when sending digital communication, through documented policies and procedures is implementing best practices in line with the law. When consent is required, there are specific steps to take and artifacts to preserve when capturing E-Sign consent that you should talk over with your counsel and compliance professionals. Using digital communication, though complicated, is a cost effective manner for debt collectors to engage consumers that consumers often prefer. 

TrueML Products’ Retain solution is specifically designed so clients can meet all requirements necessary to deliver communications electronically. 

If you have questions about our product Retain, please feel free to fill out a consultation form here»»

*This blog is not legal advice. Legal advice must be tailored to the particular facts and circumstances of each unique matter.