Collections Compliance Center

Services
Appointment Setting
Customer Service
Debt Collection
Email Services
Lead Generation
Live Chat
Tech Support
Transfer Services
Collections Compliance Center
One of the most persistent misconceptions in collections management is that outsourcing creates a clean legal firewall. The assumption is straightforward: a third-party collector violates the law, the collector bears the liability, and the hiring business walks away unaffected. Courts and regulators have been steadily dismantling this assumption. An evolving body of case law, supported by CFPB enforcement actions, has established that businesses can be held co-liable — sometimes even vicariously liable — for the FDCPA and CFPA violations committed by collection agencies they hire.[27][28]
Understanding where this liability originates, when it attaches, and how to structure BPO relationships to minimize it is not just a legal exercise — it is a core business risk management decision. This page explains the legal landscape in plain terms and provides a practical framework for protecting your business through contract structure, oversight practices, and partner selection.
The FDCPA applies directly to “debt collectors” — entities whose principal purpose is debt collection or who regularly collect debts owed to others. Original creditors are generally excluded from direct FDCPA liability. However, courts have recognized that vicarious liability can still attach to creditors under certain conditions.[29][4]
The key legal theory: if a creditor exercises sufficient control over a third-party debt collector’s operations, a court may find that an “agency relationship” exists — and under agency law, the principal (the creditor) can be held responsible for the agent’s (the collector’s) conduct.[30]
In practice, the control threshold has been applied broadly. In McAdory v. M.N.S. & Associates, the Ninth Circuit held that a debt buyer that purchased consumer debt and outsourced collection to a separate agency could be held liable under the FDCPA as a “debt collector” — even though the debt buyer had no direct communication with the consumer whatsoever. The court reasoned that the company’s principal purpose was debt collection, regardless of whether it made any calls itself.[31][32]
The CFPB has pursued a parallel and potentially broader liability theory under the Consumer Financial Protection Act (CFPA). In a 2023 enforcement action, a New York federal court declined to dismiss a CFPB lawsuit against debt buyer defendants based on vicarious liability for violations committed by their third-party collection vendors. The court held that:[28]
This enforcement posture signals that the CFPB views the company that benefits from a collections program as responsible for ensuring that program is conducted lawfully — regardless of who makes the calls.
Co-liability risk is highest when one or more of the following conditions are present:
| Condition | Risk Level | Why |
|---|---|---|
| Creditor provides detailed scripts or call guides that the collector must follow verbatim | High | Implies direct control over collector conduct |
| Creditor has real-time access to collector call logs and can direct remediation | High | Suggests principal-agent relationship |
| Creditor agreement requires collector to act exclusively on creditor’s behalf | Medium-High | Exclusivity can imply control |
| Collector uses creditor’s brand name or presents itself as creditor on calls | High | Consumer may not know a third party is involved |
| Creditor knew of prior violations and continued the relationship | Critical | Knowledge of unlawful conduct is a core CFPB liability theory[28] |
| No written compliance requirements or audit rights in the BPO contract | High | Absence of oversight can constitute negligent entrustment |
While co-liability risk cannot be eliminated entirely, it can be significantly reduced through three mechanisms:
The BPO agreement should include:
The challenge in preventing co-liability is balancing oversight with legal independence. Exercising too much control over how a collector makes calls can inadvertently establish an agency relationship. The right approach is to monitor outcomes and compliance metrics rather than dictating operational procedures:
Before placement, conduct structured due diligence:
How to evaluate a BPO partner → Use the full 20-point BPO evaluation checklist to structure your vendor due diligence
The CFPB’s supervisory priorities have included third-party service provider oversight as a focus area. Supervisory Highlights publications have flagged inadequate compliance management systems and insufficient oversight of collection vendors as recurring examination findings. Even in a period of CFPB institutional transition — the bureau withdrew 67 guidance documents in 2025 as part of a shift toward regulatory restraint — the core FDCPA and CFPA statutory enforcement authority remains intact and active.[33][34]
For businesses, this means that even if the CFPB’s enforcement posture fluctuates, the underlying legal risk of third-party co-liability is rooted in statutory and case law that is unaffected by agency rulemaking changes.
Redial’s client agreements are designed with the co-liability framework in mind:
“The right BPO contract doesn’t just define what they do — it defines what happens when something goes wrong. Redial’s agreements are built to protect clients at every level of the liability chain.”
Talk to a Redial collections compliance specialist for a structured review of your operations.