What Is the FDCPA?
The Fair Debt Collection Practices Act (FDCPA), enacted in 1977 and enforced by the Consumer Financial Protection Bureau (CFPB), is the federal law that governs how third-party debt collectors may communicate with consumers. For insurance carriers and the agencies they work with, the FDCPA sets hard limits on outreach timing, communication channels, required disclosures, and prohibited conduct.
Violations carry statutory damages up to $1,000 per consumer per lawsuit, class-action exposure up to $500,000, actual damages, and attorney's fees — making non-compliance a significant financial risk, not just a regulatory one.
Who Must Comply?
The FDCPA covers "debt collectors" — generally defined as any person or business that regularly collects debts owed to another party. If your insurance company uses an in-house collection team for debts acquired from a third party, or if you contract with an outside collection agency, the FDCPA applies. First-party collections (your company collecting its own origination debt) fall outside the FDCPA but remain subject to state UDAP laws and CFPB supervision for larger market participants.
10 Rules Every Insurance Debt Collector Must Know
1. Validation Notice Within Five Days
Within five days of the first communication with a consumer, collectors must send a written notice stating the amount of the debt, the name of the creditor, and the consumer's right to dispute the debt within 30 days (§809(a)). Failing to send this notice — or sending one with errors in the stated balance — is one of the most frequently litigated FDCPA violations.
2. Cease-and-Desist Must Be Honored Immediately
If a consumer requests in writing that a collector cease communication, all contact must stop immediately — except to inform the consumer that collection activity is ending or that a specific legal remedy will be pursued (§805(c)). A cease-and-desist honored one week late creates the same liability as one ignored entirely.
3. 8 AM to 9 PM Local Time
Phone calls may only be placed between 8:00 AM and 9:00 PM in the consumer's local time zone (§805(a)(1)). Many compliance violations arise from auto-dialers that don't account for time-zone differences, particularly when calling consumers in Hawaii or Alaska from East Coast operations.
4. The Mini-Miranda Disclosure
Every communication must include a disclosure that the contact is from a debt collector attempting to collect a debt (§807(11)). For written communications, this notice must appear in the body of the letter. For calls, it must be stated during the call — not just in pre-recorded hold messages.
5. No Harassment or Abuse
Repeated calls intended to annoy, obscene language, threats of violence, and public publication of consumer debt information are all prohibited (§806). Collectors who call a consumer 15 times in a single day risk both FDCPA claims and CFPB examination findings.
6. No False or Misleading Representations
Collectors cannot misrepresent the amount owed, the legal status of the debt, or the consequences of non-payment. This includes claiming a lawsuit will be filed when none is actually planned, or threatening credit reporting action that the collector does not have authority to take (§807).
7. Honor the 30-Day Dispute Window
Consumers have 30 days from receipt of the validation notice to dispute a debt in writing. During the verification period, collection activity must be paused until the collector obtains verification and mails it to the consumer (§809(b)). Active collection on a disputed account — even a phone call asking for payment — is a textbook violation.
8. No Contact at Work If Prohibited
If a collector knows the consumer's employer prohibits personal calls at work, workplace contact must stop (§805(a)(3)). This prohibition extends to email sent to a corporate email address if the employer has made its policy known.
9. Third-Party Disclosure Restrictions
When contacting third parties to locate a debtor, collectors must not reveal that the call is about a debt (§804). Even saying "I'm calling from ABC Collections" to a family member or neighbor discloses the existence of a debt and can constitute a violation.
10. Record-Keeping Is Your Defense
The FDCPA doesn't specify a retention period, but maintaining detailed records of all communications — timestamps, channel, content, and consumer responses — is essential for defending against claims. The CFPB can examine records going back two years, and class-action plaintiffs often go further.
Regulation F: The 2021 Modernization
CFPB Regulation F (effective November 30, 2021) updated FDCPA rules for modern communication channels and added three significant new requirements:
- 7-in-7 rule: A collector may not call a consumer more than seven times within any seven-day period about a specific debt, and must wait seven days after a completed call before calling again about that same debt.
- Electronic communications authorized: Email and text are now explicitly permitted for debt collection, but require opt-out mechanisms and cannot be sent at inconvenient times (before 8 AM or after 9 PM local time).
- Model validation notice: The CFPB released a safe-harbor form that, if used correctly, provides significant protection against §809 claims. Using the model notice is the lowest-risk approach for any carrier without extensive FDCPA template experience.
Building a Compliance Program
A robust FDCPA compliance program for insurance debt collection requires: written policies and procedures updated for Regulation F; regular training for all staff who touch consumer communications; a system for tracking dispute status in real time; automated suppression for consumers who have filed cease-and-desist requests or entered bankruptcy; and quarterly audits of call recordings and letter templates.
The hardest part of FDCPA compliance is consistency at scale. A team managing 50 accounts can check time zones, track call counts, and monitor dispute windows manually. A system handling 50,000 accounts cannot. Compliance rules must be enforced at the infrastructure level — not delegated to individual judgment calls.
How Automation Eliminates Compliance Risk
Collection House enforces FDCPA and Regulation F rules on every outreach attempt: time-zone gating prevents out-of-hours contact, 7-in-7 tracking is maintained per account per week, opt-outs propagate immediately across all channels, and disputed accounts are automatically suppressed from the outreach queue. Carriers don't need to build these controls themselves — they're enforced by the platform.
Learn more on our Platform page or request a 30-minute demo to see compliance enforcement in action.
See Collection House in action
Bring a sample batch of receivables and we'll show you the recovery lift in a 30-minute walkthrough.