What FDCPA rules does the Collections Management compliance gate enforce?

Hard blocks: cease-and-desist (§1692c(c)), attorney representation (§1692c(a)(2)), bankruptcy automatic stay (11 USC §362), debtor marked deceased, debtor-requested do-not-call, and Do-Not-Call registry matches. Soft warnings: calls outside 8 AM–9 PM debtor local time (§1692c(a)(1)), max-calls-per-week exceeded, statute-of-limitations expired. Hard blocks refuse contact; soft warnings require agent acknowledgment before proceeding.

Is mini-Miranda disclosure enforced?

Every log-contact attempt now requires the agent to attest whether the mini-Miranda disclosure (FDCPA §1692e(11): 'This is an attempt to collect a debt...') was given. The old module hardcoded mini_miranda_given=true on every contact, which defeated the purpose. V2 makes the field a real agent-attested value and surfaces a reminder on the response if it was left unchecked.

How does the validation-notice reminder work?

FDCPA §1692g requires the collector to send a written validation notice within 5 days of initial communication. The state viewer Section 4 lists every account where first contact was more than 5 days ago and no letter of type 'validation_notice' has been sent. The log-contact modal also surfaces this reminder inline when the window has lapsed.

What happens when the compliance gate blocks a contact?

The contact is NOT logged to collections_contacts. Instead, a row is written to collections_compliance_alerts with alert_type matching the reason (cease_desist, bankruptcy, attorney_rep, do_not_call, fdcpa_violation, sol_expired), severity=critical, and status=active. The agent sees a red panel explaining the block; the supervisor sees the violation in the state viewer and can follow up.

How much does Collections Management cost?

$179.99 per month per tenant for unlimited accounts and collectors. No per-contact or per-dispute fees. The compliance audit log and DNC lookups are included.

Does the module support skip tracing or automated letters?

The schema supports both (collections_skip_traces and collections_letters tables are included). V2's focus was the compliance gate; full skip-trace and letter-generation UI are planned for V2.1. For now, tenants can insert rows directly via the admin panel.

Does the gate know the debtor's timezone?

V2 uses the server's local time for the 8 AM–9 PM §1692c(a)(1) check. V2.1 will derive timezone from the debtor's state / area code for truly debtor-local enforcement. Until then, schedule calls accordingly — the warning is a safety net, not a substitute for state-aware scheduling.

Core Operations $179.99 / mo Updated 2026-04-24 VERSION 2 · NEW

Collections Management — FDCPA & TCPA Compliance Guide

V2 moves FDCPA and TCPA compliance from aspirational schema fields to real-time server-side enforcement. Every contact attempt runs through a gate that blocks prohibited outreach automatically, logs every violation for audit, and surfaces mini-Miranda + validation-notice reminders directly in the agent workflow.

Overview

The Collections Management module ships with a 10-table FDCPA-compliant schema (debtors, accounts, contacts, payments, skip traces, letters, commissions, compliance alerts, disputes, DNC registry) and an agent-facing UI for recording contacts, logging payments, tracking aging, and ranking collectors. In V1, the compliance fields were stored but not enforced; in V2 a server-side gate checks every contact attempt before it's logged.

Paired with the module is CollectionsCompliance — a single PHP class that consolidates every regulatory rule the schema implied. The agent-facing CRM module consults this class before writing a contact row.

Why V2 has a compliance gate

FDCPA violations carry statutory damages of $1,000 per violation (15 USC §1692k(a)(2)(A)) plus actual damages and attorney's fees, with class-action exposure if the violation is systemic. TCPA DNC violations carry up to $1,500 per call. A compliance-as-afterthought design — where the agent has to remember to check a column before dialing — doesn't survive an audit.

V2's approach: treat the database's existing compliance fields (cease_and_desist, bankruptcy_filed, attorney_represented, do_not_call, DNC registry entries) as enforcement triggers, not decorative flags. When an agent clicks Log Contact, the gate runs first. If any hard block fires, the contact is refused and logged to the compliance-alert table. If soft warnings fire (outside FDCPA hours, max calls exceeded, SOL lapsed), the agent sees the warning and must explicitly acknowledge before proceeding.

Hard blocks — contact is refused

These rules are non-overridable. If any of them match, the agent sees a red "Contact BLOCKED" panel and the Log Contact button is disabled.

Cease-and-desist — FDCPA §1692c(c)

Once a debtor has requested no further communication in writing, the collector must cease all communication except to confirm termination, notify a specific remedy, or provide a statutory notice. If collections_debtors.cease_and_desist = 1, any contact attempt is blocked.

Attorney representation — FDCPA §1692c(a)(2)

If the collector knows the debtor is represented by an attorney on the matter, all communication must go through the attorney. If collections_debtors.attorney_represented = 1, direct contact is blocked. The attorney's name + phone (stored on the debtor record) surface in the block explanation.

Bankruptcy automatic stay — 11 USC §362

When a debtor files bankruptcy, an automatic stay prohibits collection activity on pre-petition debts. If collections_debtors.bankruptcy_filed = 1, contact is blocked. Chapter (7, 11, 13) is surfaced in the block message.

Do-Not-Call registry — TCPA / state DNC

The gate queries collections_dnc_registry for every phone number attached to the debtor (or the specific number the agent is about to dial) and blocks if any active, non-expired entry exists. Federal DNC, state DNC, debtor-specific no-call requests all use the same table with different source values.

Debtor do-not-call flag — internal

If collections_debtors.do_not_call = 1, no phone contact. Distinct from the registry because it covers all phone numbers without needing each one registered separately.

Deceased debtor

If collections_debtors.status = 'deceased', no contact. Route the account to the probate / estate desk.

Soft warnings — proceed with acknowledgment

These rules are overridable but require an explicit agent acknowledgment (a second checkbox). The acknowledgment is logged so supervisors can review patterns.

FDCPA hours — §1692c(a)(1)

No calls before 8 AM or after 9 PM debtor local time. V2 uses the server timezone as a proxy (V2.1 will derive from state / area code). If the current hour is outside 8–21, the warning fires.

Max calls per week

The collections_accounts.max_calls_per_week field sets a per-account cap (default 3). The gate counts successful contact-type rows (phone_outbound, phone_inbound) in the last 7 days. Exceeding the cap isn't an FDCPA violation per se, but some state laws (e.g. NY GBL §601) treat excessive calls as harassment.

Statute-of-limitations expired

If collections_accounts.statute_of_limitations_date < CURDATE(), collection is still technically allowed but the debtor can successfully assert SOL as an affirmative defense. Some jurisdictions also require specific disclosure on time-barred debt. The warning surfaces so agents know to use the appropriate script.

Mini-Miranda attestation

FDCPA §1692e(11) requires debt collectors to identify themselves as such in every initial communication and disclose that the communication is an attempt to collect a debt. The standard script:

"This is an attempt to collect a debt. Any information obtained will be used for that purpose. This communication is from a debt collector."

In V1, mini_miranda_given was hardcoded to 1 on every contact row — the field existed but wasn't informative. V2 requires the agent to affirmatively check a "Mini-Miranda disclosure given" box on the log-contact form. Unchecked contacts still log (it's not technically required on follow-ups) but the response message includes a reminder so supervisors can audit agents who consistently skip it.

Validation notice — FDCPA §1692g

Within 5 days of the initial communication, the collector must send a written notice containing the debt amount, creditor name, a statement of the debtor's right to dispute, and the verification process.

V2 surfaces this obligation in two places:

Log-contact modal: if first contact on this account was >5 days ago and no letter_type = 'validation_notice' exists in collections_letters, the compliance panel shows a reminder inline.
State viewer Section 4: a sysadmin-visible table of every account that's overdue on validation notice, sorted by days-since-first-contact descending. Supervisors can work this list proactively.

During the 30-day dispute window (after the validation notice is sent), if the debtor disputes the debt, all collection must stop until the collector provides verification. CollectionsCompliance::isInValidationWindow() returns true while this applies — agents see an additional reminder in the modal.

Quick start ≈ 15 minutes

Activate the module at RubiMine. Billing is $179.99/mo.
Sysadmin runs the migration at /admin/run-collections-v2-migration.php to verify all 10 tables are present.
Populate DNC — load federal + any state DNC registries into collections_dnc_registry. A one-time bulk insert is fine; update incrementally as debtor-requested entries come in.
Import debtors — use the Import from CRM tab in the Collections CRM module to bring customers in. V2 correctly handles broken-out address columns (address_line1, zip_code, etc.).
Flag compliance state on debtor records as it's learned — cease_and_desist, attorney_represented (+ attorney name / phone), bankruptcy_filed (+ chapter), do_not_call. The gate respects every flag in real time.
Start logging contacts. The gate runs automatically on modal open.

Audit log

Every blocked contact attempt is written to collections_compliance_alerts with:

alert_type — the reason (cease_desist, bankruptcy, attorney_rep, do_not_call, fdcpa_violation, sol_expired)
severity — critical for hard blocks, warning for soft-warn acknowledgments
status — active on write; supervisors can acknowledge or resolve
alert_message — human-readable explanation from the compliance gate
account_id and the debtor linkage via FK

The state viewer at /admin/view-collections-state.php surfaces the last 25 violations in Section 3, plus accounts overdue for validation notice in Section 4, and the last 15 contacts (with mini-Miranda status) in Section 5.

Known limitations (V2)

Timezone resolution: FDCPA hours check uses server timezone as a proxy. V2.1 will derive debtor local time from state + area code.
Skip-trace UI: schema supports it (collections_skip_traces), but no UI yet. Inserts must go through a direct query or a future UI release.
Letter generation: collections_letters rows need to be created manually for validation notices. A batch letter-generation tool is on the roadmap.
Dispute workflow: collections_disputes table exists, no UI. Supervisor tracks in an external workflow.
State-specific variations: the gate enforces FDCPA baselines. States with stricter rules (e.g. NY Regulation of Debt Collectors, California Rosenthal Act) need custom-rule extensions in a future release.

Frequently asked questions

Can the gate be bypassed by a supervisor?

Hard blocks cannot be bypassed through the UI — the server rejects the log-contact POST before writing anything. Soft warnings can be acknowledged and proceeded through by any agent; the acknowledgment itself is logged. If a supervisor needs to forcibly document a hard-blocked contact for legal reasons (e.g. the debtor called in and explicitly waived), that's a direct-SQL operation and should be documented in an out-of-band audit trail.

What if the DNC registry grows to millions of rows?

The lookup query uses a phone-normalized IN() list against the indexed collections_dnc_registry.phone_number column and scopes by tenant_id. Each call checks ≤ 3 phones per debtor. At 10M rows across all tenants, tenant-scoped lookups stay under 5ms with a compound index on (tenant_id, phone_number).

Does the module integrate with the Customer Payments module?

Record-payment in Collections writes to collections_payments, separate from the generic payment_attempts table used by the Customer Payments module. If your tenant processes collection payments through Stripe, you'll currently have records in both tables. V2.1 will add an optional bridge.

Is the compliance gate logged to the general audit_log or just collections_compliance_alerts?

Blocked attempts write to collections_compliance_alerts. Successful contacts write to collections_contacts. The general audit_log table isn't touched by this module — it's reserved for tenant-admin configuration events. If you need a unified audit feed, join these tables in your BI tool.

What about the TCPA's consent-for-autodialer rules?

V2 doesn't automate consent capture for autodialed calls. If your workflow uses a predictive dialer, consent collection + tracking needs to happen at the dialer layer. The module stores preferred_contact_method on debtor records which can be used as a soft signal.

Does the gate work for international debtors?

FDCPA is US federal law, so the gate's statutory rules (cease-and-desist §1692c, attorney rep §1692c(a)(2), mini-Miranda §1692e, validation notice §1692g) apply to US debtors. For international collection, the gate still blocks cease-and-desist, bankruptcy, attorney representation, and do-not-call flags on the debtor record — those are contract-law-level protections, not FDCPA-specific. The FDCPA-hours check (8 AM–9 PM) still runs but uses server time; tenants handling non-US debtors should set their server timezone appropriately or disable that soft warning in a future V2.1 config option.

What happens if one debtor has multiple accounts?

Debtor-level compliance flags (cease_and_desist, attorney_represented, bankruptcy_filed, do_not_call, status=deceased) are stored on collections_debtors and apply across every account that debtor owns. If a debtor files bankruptcy covering Account A, the gate also blocks contact about Account B with the same debtor. Account-level fields (max_calls_per_week, statute_of_limitations_date) are per-account. The max-calls soft warning counts contacts across all accounts for that debtor in the last 7 days — so a collector can't trivially bypass the cap by switching accounts mid-week.

Can I customize hard-block vs soft-warn per tenant?

Not in V2. The hard/soft classification is a regulatory judgment — cease-and-desist, attorney rep, bankruptcy, and DNC registry matches are FDCPA/TCPA violations with statutory damages, so they're hard-blocked universally. FDCPA hours and max-calls are soft because they're overridable in narrow circumstances (debtor initiated the call, debtor gave explicit permission to call at non-standard hours). V2.1 will expose per-tenant config for max_calls_per_week defaults and the SOL-expired severity level; the core FDCPA hard blocks will stay non-negotiable.

Ready to enforce compliance?

Activate from RubiMine. The gate runs from your first logged contact.

Open RubiMine