January 18, 2018 | InsideARM

The Keys to Managing Regulatory Change

6 min

As the adage goes, the only thing that is constant is change—just ask an attorney or compliance professional servicing the accounts receivables industry. The last decade has ushered in profound changes on the technological, economic, and regulatory/legal fronts, leaving in their wake a reshaped landscape, with only those companies that are able to absorb and adapt to change still standing. This article takes a look at regulatory change management, what it is, and why it is so important for companies engaged in debt collection.

What Is Regulatory Change Management?

Regulatory change management is the process of preparing and adapting to changes in regulatory and other legal requirements. Said differently, regulatory change management is compliance management. Complying with the law requires, naturally, knowing what the law is; but this is easier said than done. Debt collection, and related activities like credit reporting, are highly regulated by multiple, overlapping statutes, rules, court decisions, and government authorities.

Changes to laws and regulations come in many flavors. Legislatures pass amendments or new laws. Executive agencies issue new rules or revise existing ones and issue guidance in various formats that broadcast their expectations, but which also may be binding. Enforcement agencies, such as the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and state attorney general offices, bring enforcement actions that signal their understanding of what the law requires. Finally, courts frequently weigh in and resolve disputes, making and changing the law.

What Are the Core Elements of a Regulatory Change Management System?

Effectively implementing changes to business processes in order to comply with changes in the law or to incorporate best practices can be challenging, depending on the size and complexity of the change and how many (and which) of the company’s systems, teams, and processes are impacted.

Take the example of out-of-statute debt disclosures. By 2012, the FTC, followed by the CFPB, signaled through enforcement actions that the failure to affirmatively disclose to consumers that any debt being collected that was past the applicable statute of limitations likely would be considered a prima facie case of threatening to sue on out-of-statute debt, in violation of the FDCPA. Meanwhile, several states passed laws or regulations to require such a disclosure. Debt collection companies had to decide whether to proactively implement such a disclosure across the board, even in states where it is not legally required, and further had to decide (1) which letters should include the disclosure, (2) whether to make verbal disclosures, (3) what language to use, and (4) how quickly to roll out, given other legal and business priorities.

Technical implementation of such a new disclosure also involves a series of decisions, such as: (1) What IT systems need to be programmed to properly trigger the inclusion of the disclosure? (2) What vendors need to be involved in updating the letter templates and coding? (3) Who is responsible for drafting and approving the language? (4) Who is responsible for testing that the disclosures are being included in the correct letters? (5) Where should the disclosure be placed, and how does it impact other mandatory disclosures? (6) What policies, procedures, training materials, and quality control processes need to be updated?

As this example illuminates, a robust system must be able to:

  1. Identify developments in law that potentially impact the company's compliance profile;
  2. Analyze these developments to determine applicability and, if applicable, scope of impact;
  3. Implement business process changes to conform to the new or changed requirement/prohibition; and
  4. Document the changes by updating and drafting written policies and procedures to reflect such changes.

Identification: There is no one-size-fits-all approach for tracking potentially applicable developments. Depending on your compliance and risk profile and budget, there are a variety of resources you can subscribe to, join, or purchase, including:

  • Membership in one or more trade associations that monitor regulatory changes in the industry.
  • Purchase of a subscription service / database.
  • Free alerts from regulatory agencies, law firms, and consulting firms that publish relevant content.
  • Retaining one or more law firms or consulting firms with subject-matter expertise.

The key is ensuring there are no material gaps in coverage.

Analysis: The devil is always in the details; once a regulatory development is identified, it must be analyzed carefully against the company's operations to assess whether and how it applies. The nature and scope of the change largely will dictate the resources that will be needed. For example, a change in how often a consumer can be contacted will require considerably different resources than a requirement regarding the type of documentation needed to bring a collections lawsuit. That said, a "first cut" analysis often can be made by compliance or legal counsel.

Ultimately, you need a final, sound determination of whether the regulatory development applies and, where it does, a list of all business processes, departments, systems, and policies and procedures that are impacted and how.

Implementation: After determining application and scope, an implementation plan should be prepared that identifies relevant action items, assigns ownership of each action item, and sets deadlines. In addition, consider whether the change necessitates any type of employee-, consumer-, or client-facing communication or training.

Documentation: The final step is documenting the change(s) by updating written policies, procedures, training materials, etc. to reflect the change(s). In some cases, new documents will need to be prepared. Finally, consider whether any compliance testing or quality controls need to be created or updated to ensure what was changed is working as expected.

Why Is Regulatory Change Management Important?

In an industry where regulatory developments occur weekly, if not daily, the inability to smoothly and effectively manage change could, at a minimum, significantly disrupt day-to-day operations and business performance. At maximum, failure to comply with regulatory requirements or expectations could result in a regulatory investigation, a poor supervisory examination, or a private lawsuit. These events are costly and distracting, regardless of the ultimate outcome.

You may be thinking, "But what about the bona fide error defense available under the FDCPA?" As the Supreme Court found in Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich LPA, 130 S.Ct. 1605 (2010), the bona fide error defense does not apply to mistakes of law, only mistakes of fact.

Prompt identification and implementation of legal and regulatory developments, even before they become officially "binding," are more critical than ever following Oliva v. Blatt, Hasanmiller, Leibsker & Moore LLC, 825 F. 3d 788 (7th Cir. 2016). Some background is in order. The FDCPA requires collection lawsuits to be brought in the "judicial district or similar legal entity" where the debtor lives or where the contract sued upon was signed. In a 1996 case, Newsom v. Friedman, the 7th Circuit held that Illinois' Circuit Courts constituted "judicial districts," and that the intra-Circuit municipal districts were not separate "judicial districts" for purposes of venue selection under the FDCPA. Eight years later, in Suesz v. Med-1 Solutions, LLC (2014), the 7th Circuit overturned Newsom, holding that "the correct interpretation . . . is the smallest geographic area that is relevant for determining venue in the court system in which the case is filed."

The firm filed a lawsuit against Oliva in a municipal district, which was permissible under Newsom, but not under Suesz, which was decided while the action against Oliva was pending. The firm voluntarily dismissed the action after Suesz, and Oliva subsequently sued the firm. On appeal, the 7th Circuit held that the "new rule" instituted by Suesz applied retroactively and that reliance on Newsom was a mistake of law that foreclosed the bona fide error defense. Understandably, this case has set off alarm bells in the industry, but it also reinforces the need for debt collection companies to establish strong regulatory change management programs to promptly identify and adapt to change.


This article was also published in InsideARM on December 20, 2017.