The Fair Debt Collection Practices Act (FDCPA) was enacted in 1977. In the decades since, it has generated over 10,000 federal lawsuits per year — and that number has been increasing every year since 2015. The Consumer Financial Protection Bureau (CFPB) received over 85,000 debt collection complaints in 2024 alone.
For collections agencies, compliance is not a nicety. It is the cost of being in business.
The good news: virtually every FDCPA violation that generates a lawsuit can be prevented by software. The bad news: most collections agencies are either using generic call center software that lacks compliance features, or they are using compliance tools that do not integrate with their dialer and CRM — which means the compliance rules exist on paper but are not actually enforced on the phone.
This guide explains what the FDCPA requires, what technology needs to enforce it, and what a complete collections compliance stack looks like in 2026.
What the FDCPA Actually Requires
The FDCPA governs how third-party debt collectors interact with consumers. Here are the provisions that software can and should enforce:
1. Calling Hours Restrictions (Section 805)
Collectors may not contact consumers before 8am or after 9pm in the consumer's local time zone. Not your time zone. Their time zone.
This seems simple but creates real complexity. If you are calling from Texas and the debtor lives in California, you must use Pacific Time for calling hours. If you do not know the debtor's time zone with certainty, you must default to the most restrictive interpretation.
What software must do: Automatically determine the debtor's time zone from their address and enforce calling-hour restrictions on every dial attempt. No override capability for agents.
2. Cease Communication Requests (Section 805(c))
When a consumer requests in writing that the collector stop communicating with them, all communication must stop immediately (except for specific notices of intended action).
What software must do: Flag and log cease communication requests. Suppress the record from all future dial queues and sequences automatically. Alert supervisors to the request.
3. Harassment and Abuse Prohibition (Section 806)
Collectors are prohibited from:
- Using or threatening violence
- Using obscene language
- Publishing the consumer's name as a refusal-to-pay
- Repeatedly calling with intent to annoy or harass
- Making the phone ring or engaging a consumer in telephone conversation repeatedly or continuously with intent to annoy
The "repeatedly calling" provision is particularly relevant to dialer operations. Courts have found that calling 7+ times in a single day constitutes harassment.
What software must do: Track call attempt frequency per consumer per day and per week. Enforce configurable call attempt limits. Flag unusual call patterns for supervisor review.
4. False or Misleading Representations (Section 807)
Collectors cannot misrepresent:
- The character, amount, or legal status of a debt
- That they are an attorney (unless they are)
- That non-payment will result in arrest or imprisonment
- The identity of the collector
What software must do: Mandate approved script adherence for opening disclosures. AI QA scoring should flag any statements that constitute misrepresentation. Call recordings serve as evidence.
5. Mini-Miranda Disclosure (Section 807(11))
On every initial communication with a consumer, the collector must disclose:
- This is an attempt to collect a debt
- Any information obtained will be used for that purpose
On subsequent calls, a shorter version is required.
What software must do: Display the required disclosure script on the agent's screen. AI QA verify that the disclosure was given. Flag calls where the disclosure was skipped.
6. Validation Notice (Section 809)
Within 5 days of initial contact, collectors must send a written notice with:
- The amount of the debt
- The name of the creditor
- A statement that the consumer has 30 days to dispute the debt
- A statement that if disputed, the collector will verify the debt
What software must do: Trigger automatic validation notice letters or emails on initial contact. Track the 5-day deadline and alert if the notice has not been sent.
7. Debt Validation During Dispute Period
If a consumer disputes the debt in writing within 30 days, collection activity must cease until the debt is verified.
What software must do: Track dispute filings by date. Automatically suppress contact attempts on disputed accounts. Log all dispute-period activity for audit purposes.
TCPA Requirements for Cell Phone Calling
The Telephone Consumer Protection Act (TCPA) adds additional requirements specifically for automated calling to cell phones.
The core requirement: Using an automatic telephone dialing system (ATDS) or prerecorded voice to call a cell phone requires prior express consent from the consumer.
In the collections context, this typically means:
- You need written consent from the original creditor's credit application that explicitly covers debt collection calls
- If the number has been reassigned to a different person since the debt was incurred, consent is void
- If the consumer revokes consent verbally or in writing, you must stop auto-dialing their cell
What software must do:
- Identify numbers as cell phones vs landlines (carrier lookup APIs)
- Track TCPA consent status per number
- Route cell phone numbers without confirmed consent to manual dial queues
- Detect and log verbal consent revocations
- Flag reassigned numbers using carrier reassignment databases
The penalties for TCPA violations are $500–$1,500 per call. Class action TCPA lawsuits against collections agencies have resulted in settlements in the tens of millions of dollars.
State-Level Requirements
Beyond FDCPA and TCPA, many states have enacted stricter debt collection laws:
California (Rosenthal Act and California Consumer Privacy Act): Stricter harassment provisions, additional disclosure requirements, and CCPA data rights for consumers.
New York: The Debt Collection Improvement Act of 2021 added significant restrictions including limiting call frequency to 3 times per week per debt, requiring written notice before any communication attempts.
Texas: State licensing requirements for collection agencies.
Florida, Illinois, Massachusetts, Washington: Each has unique state-level provisions that exceed FDCPA minimums.
What software must do: Apply state-specific rules based on the debtor's state of residence, not just federal FDCPA minimum standards.
What a Complete Collections Compliance Stack Needs
Based on the regulatory requirements above, here is the technology checklist for a compliant collections operation:
Core Requirements
1. Time zone enforcement: Automatic calling-hour restriction by debtor address. No agent override. Applied at the dialer level, not just as a guideline.
2. DNC scrubbing: Federal DNC registry, state DNC registries (13 states have them), and your internal do-not-contact list all scrubbed before each dial attempt. Updated at least monthly, ideally in real time.
3. TCPA cell phone detection and consent tracking: Every number classified as cell or landline. Consent status tracked per number. Manual dial routing for non-consented cells.
4. Call attempt frequency controls: Maximum attempts per consumer per day (recommend 3) and per week (recommend 7). Auto-suppression of accounts exceeding limits.
5. Cease communication logging and enforcement: Immediate suppression on request. Immutable audit log.
6. Script enforcement and mini-Miranda tracking: Required disclosures on agent screen. AI QA verification that disclosures were given. Alert on missed disclosures.
7. Call recording and storage: 100% call recording with minimum 2-year retention (7 years recommended). Searchable by account, agent, date, and disposition.
8. Dispute tracking: Date-stamped dispute logs. Automatic contact suppression during dispute period. Debt validation workflow.
9. Validation notice automation: Auto-trigger for 5-day validation notice. Delivery confirmation. Deadline tracking.
10. State-specific rule engine: Apply state-level restrictions based on debtor state, not just federal minimums.
How OPSYNC Handles Collections Compliance
OPSYNC was designed from the ground up for regulated outbound operations. The compliance engine is not an add-on — it is built into the core platform.
Calling hours: Every dial attempt checks the debtor's address-derived time zone against federal and state calling-hour restrictions. The dialer will not make a call outside permitted hours. Supervisors cannot override this.
DNC scrubbing: Federal DNC, state DNC lists, and your internal suppression list are all checked in real time against every number before it enters the dial queue.
TCPA compliance: Phone numbers are classified via carrier lookup. Cell phones without confirmed TCPA consent are automatically routed to manual dial queues. Verbal consent revocations captured in call transcripts are flagged by the AI QA system.
Call attempt limits: Configurable per campaign. Default limits aligned with regulatory guidance. Automatic suppression when limits are reached.
Mini-Miranda AI monitoring: Every call transcript is analyzed for required disclosure language. Calls where the disclosure was missed generate an automatic violation alert and require supervisor review.
Cease communication: One-click logging in the record. Immediate and permanent suppression from all queues and sequences. Immutable log entry.
Call recording: 100% of calls recorded, stored in encrypted cloud storage, searchable and retrievable within seconds. Default retention period: 7 years.
Dispute logging: Dispute received → timestamp → automatic suppression → debt validation workflow trigger → 30-day tracking clock.
AI QA compliance scoring: Every call scored on compliance checklist items automatically. Violations surfaced within 90 seconds of call end. Daily compliance violation reports for supervisors.
Compliance Software Options Compared
| Tool | Calling Hours | DNC Scrubbing | TCPA Tools | AI QA | Collections CRM | Starting Cost | |---|---|---|---|---|---|---| | OPSYNC | Auto-enforced | Built-in | Built-in | Built-in | Built-in | $197/mo | | Convoso | Configurable | Add-on | Available | No | No | ~$150/agent | | Five9 | Configurable | Add-on | Available | Add-on | No | $229/agent | | TCPA Guard / DNC.com | Compliance only | Yes | Yes | No | No | $250+/mo | | Generic VoIP + Manual | None | Manual | None | None | None | Variable |
The Cost of Non-Compliance
Let's be direct about what FDCPA violations actually cost.
Per-violation statutory damages: $1,000 per consumer per lawsuit, plus actual damages and attorney fees. Individual cases regularly result in $3,000–$7,000 judgments including fees.
Class action exposure: If an FDCPA violation affects multiple consumers (as dialer-related violations typically do — if your dialer called 500 people after 9pm, that is 500 violations), class action lawsuits are common. Settlements routinely reach $500,000 to $5,000,000.
CFPB enforcement actions: The CFPB has fined collections agencies $1 million to $100 million+ for systematic violations.
State AG actions: New York, California, and other states have brought enforcement actions resulting in fines and operational restrictions.
License revocation: Collections agencies operate on state licenses. Repeated violations can result in license suspension.
The average FDCPA lawsuit costs $15,000–$50,000 to defend (even if you win) plus potential judgment. One lawsuit pays for several years of OPSYNC.
Getting Compliant: A 30-Day Roadmap
Week 1: Audit your current operations
- How many calls per day are you making outside permitted hours? (Run a report against your CDR with time zone data)
- When did you last scrub your lists against federal DNC?
- Do you have cell phone consent documentation for your auto-dial campaigns?
- What percentage of your calls are being QA reviewed?
Week 2: Address immediate high-risk areas
- Stop all calling without time zone enforcement
- Scrub all active lists against federal DNC immediately
- Pause auto-dialing to any numbers without confirmed TCPA consent
Week 3: Implement software controls
- Deploy a compliant dialer with built-in calling-hour enforcement
- Set up DNC scrubbing automation
- Configure call attempt frequency limits
- Enable 100% call recording
Week 4: Train and monitor
- Train agents on compliance requirements
- Start AI QA or increase manual QA coverage
- Review first batch of compliance violation reports
- Address any gaps found
The collections industry has been facing increasing regulatory scrutiny every year. The agencies that will survive this environment are the ones that treat compliance as a core operational capability — not a checkbox.
The good news is that the technology to achieve near-total compliance automation now exists, is affordable, and is available to agencies of any size.
OPSYNC's compliance engine handles FDCPA, TCPA, and DNC requirements automatically. Get started on the Free plan and run your first fully compliant dial session today.