Reg F & CFPB Rules for AI Debt Collection Communication

Disclaimer

This article provides general information about Regulation F compliance. It is not legal advice. Consult with qualified legal counsel for compliance decisions specific to your organization.

Max Calls Per 7 Days Per Debt

Per Debt

Frequency Counted Separately

All Channels

Rules Cover Voice, Text, Email

Strict

CFPB Enforcement Posture

What Regulation F Changed

Regulation F, implemented by the CFPB in November 2021, modernized debt collection rules for the first time since the FDCPA was enacted in 1977. For AI debt collection systems, Reg F is the single most important regulatory framework because it specifically addresses communication frequency, channel usage, and technology-mediated collection activities.

Before Reg F, the FDCPA prohibited "harassment" through excessive calls but provided no specific numerical limit. Courts applied varying standards, creating legal uncertainty. Reg F resolved this by establishing a presumptive safe harbor: collectors who place no more than 7 telephone calls within 7 consecutive days per debt are presumptively not harassing consumers. Exceeding this threshold creates a presumption of harassment that the collector must rebut.

For AI systems that can place hundreds of calls simultaneously, this rule is critically important. Without Reg F limits programmed into the system, an AI could easily exceed the frequency threshold in hours rather than days. The rule is not optional - it must be built into the core call scheduling logic of any AI debt collection platform.

The 7-in-7 Call Frequency Rule

The 7-in-7 rule is both simpler and more complex than it appears on the surface. Understanding the details is essential for correct AI implementation.

Rule Element	Specification	AI Implementation Note
Maximum calls	7 telephone calls per 7 consecutive days	Counter per debt, rolling 7-day window
What counts as a call	Each call attempt, whether answered or not	Track all attempts including no-answers and voicemails
After a conversation	No calls for 7 days after speaking with consumer about the debt	Reset timer after right-party contact
Per debt tracking	Limit applies per debt, not per consumer	Separate counters for each debt owed by same consumer
Presumption type	Safe harbor - staying under is presumptively compliant	Exceeding does not automatically equal violation but shifts burden
Voicemail messages	Count as telephone calls for frequency purposes	Include voicemails in the call attempt counter

The post-conversation 7-day cooling period is particularly important for AI systems. When the AI successfully reaches the consumer and has a substantive conversation about the debt, it cannot call again about that same debt for 7 calendar days. This applies even if the consumer agreed to a follow-up call sooner - the safe harbor does not accommodate voluntary waivers by consumers.

AI can make more calls faster than any human team. That is exactly why Reg F frequency limits must be hardcoded into the scheduling engine, not left to manual oversight.

Per-Debt vs Per-Consumer Calculation

One of Reg F's most significant details for AI implementation is that the 7-in-7 rule applies per debt, not per consumer. A consumer who owes 5 separate debts could theoretically receive up to 35 calls in a 7-day period - 7 per debt. This creates both an opportunity and a risk.

From a collection efficiency perspective, per-debt counting means AI systems can contact a multi-debt consumer more frequently than the headline number suggests. From a consumer experience and risk perspective, 35 calls in a week would likely be perceived as harassment regardless of technical compliance.

Scenario	Technically Compliant?	Practically Advisable?
5 calls in 7 days, single debt	Yes - under 7 limit	Yes - well within safe harbor
7 calls in 7 days, single debt	Yes - at safe harbor limit	Caution - no room for error
14 calls in 7 days, 2 debts (7 each)	Technically yes per Reg F	Risky - consumer may perceive as harassment
35 calls in 7 days, 5 debts (7 each)	Technically yes per Reg F	Strongly inadvisable - high complaint risk
3 calls in 7 days, single debt	Yes - conservative	Recommended - buffer for system errors

Best practice for AI systems is to implement both per-debt and per-consumer limits. The per-debt limit follows Reg F. The per-consumer limit is a business decision that protects against harassment claims even when technically compliant. Many agencies set a per-consumer cap of 10-15 calls per 7 days regardless of the number of debts.

Channel-Specific Communication Rules

Reg F addresses multiple communication channels, not just telephone calls. AI systems that use multi-channel outreach - voice calls, SMS, email - need to understand how the rules apply to each channel.

Channel	Reg F Treatment	Key Requirements
Telephone calls	7-in-7 frequency limit applies	Includes all attempts - answered, unanswered, voicemail
SMS / Text messages	Not counted in 7-in-7 telephone limit	Must include opt-out mechanism, cannot be sent to email
Email	Not counted in 7-in-7 telephone limit	Must include opt-out mechanism and identify as debt collector
Voicemail (left)	Counts as telephone call	Limited content safe harbor (Reg F Section 1006.6)
Social media DMs	Permitted with restrictions	Must be private, must include opt-out, must identify as collector
Physical mail	Traditional rules apply	Not affected by Reg F frequency limits

The distinction between telephone calls and other channels is important for AI strategy. Since SMS and email do not count toward the 7-in-7 telephone limit, AI systems can supplement phone outreach with text and email without consuming call attempts. This multi-channel approach often improves contact rates while staying well within phone frequency limits.

However, channel switching does not mean unlimited contact. While Reg F does not impose specific frequency limits on text and email, the general FDCPA prohibition on harassment still applies. A consumer receiving 50 texts per day from a collector has a strong harassment claim even though no specific text frequency rule was violated.

Consumer Opt-Out and Consent Requirements

Reg F strengthened consumer control over how and when collectors can communicate with them. AI systems must respect these preferences immediately and consistently.

Electronic communication opt-out

Every email and text message must include a clear, easy-to-use opt-out mechanism. When a consumer opts out, the AI system must stop using that channel within a reasonable period. Reg F does not define "reasonable" precisely, but same-day cessation is the safest approach.

Time and place restrictions

If a consumer communicates that a particular time or place is inconvenient for calls, the AI must honor that restriction. This requires the system to store and check consumer communication preferences before each contact attempt.

Cease communication requests

Under FDCPA Section 805(c), a consumer can request that a collector stop all communication. The AI must flag the account immediately and stop all outreach. The only permitted communications after a cease request are specific exceptions (acknowledging the request, notifying of specific actions like lawsuit filing).

Consent for electronic communications

For some electronic communication types, prior consent from the consumer is required. AI systems should track consent status per channel per consumer and only use channels where consent has been obtained or is not required.

AI systems have an advantage in opt-out compliance because they can implement instant, system-wide channel restrictions. When a consumer opts out of text messages, that preference can be applied across every campaign and workflow within seconds. Human-managed processes may have delays in updating preferences across all communication channels.

Building AI Compliance Architecture for Reg F

Implementing Reg F compliance in an AI debt collection system requires architectural decisions, not just configuration settings.

Centralized call attempt counter

Build a per-debt, per-consumer rolling 7-day counter that tracks every call attempt in real time. This counter must be consulted before every outbound call and updated after every attempt, regardless of outcome. Use atomic database operations to prevent race conditions when multiple AI agents might call the same consumer simultaneously.

Post-conversation lockout timer

When the AI has a substantive conversation with a consumer about a specific debt, implement a 7-day lockout for that debt. The lockout must be immediate and apply across all AI agents and channels that might attempt phone contact. Store the exact timestamp of the conversation for audit purposes.

Multi-channel coordination

While SMS and email do not count toward the 7-in-7 phone limit, all channels should be coordinated to prevent a perception of harassment. Build a multi-channel frequency manager that applies reasonable limits across all channels and ensures consistent consumer experience.

Consumer preference engine

Maintain a real-time database of consumer communication preferences: opted-out channels, inconvenient times, cease-communication status, language preferences, and any other restriction. Query this database before every communication attempt on any channel.

Compliance audit logging

Log every communication attempt with timestamp, channel, debt reference, consumer ID, outcome, and compliance check results. This audit trail is essential for responding to regulatory inquiries and consumer complaints. Logs should be immutable and retained according to your retention policy.

Monitoring and Enforcement Landscape

The CFPB has signaled through public statements and enforcement actions that it takes Reg F compliance seriously and is specifically monitoring AI-powered collection activities.

CFPB examination focus: During examinations, the CFPB has specifically asked about AI and automated calling systems, including how frequency limits are implemented, how consent is managed, and how the systems prevent harassment. Be prepared with documentation of your compliance architecture.
State AG coordination: State attorneys general coordinate with the CFPB on debt collection enforcement. A violation pattern in one state can trigger multi-state investigations. AI systems operating nationally have a larger regulatory surface area.
Consumer complaint patterns: The CFPB monitors complaint patterns through its complaint portal. A spike in complaints about excessive calls from your organization will trigger examination. AI frequency compliance should be monitored internally before the CFPB notices externally.
Technology-specific guidance: The CFPB has published guidance specifically addressing technology in debt collection, including AI. This guidance does not have the force of regulation but indicates the Bureau's enforcement priorities and interpretation of existing rules.

Practical Compliance Strategies

Beyond meeting the technical requirements of Reg F, these strategies help ensure ongoing compliance and reduce regulatory risk.

Strategy	Implementation	Benefit
Conservative frequency limits	Set internal limit at 4-5 calls per 7 days instead of 7	Buffer against counting errors and edge cases
Real-time compliance dashboards	Monitor frequency utilization across portfolio	Catch approaching limits before violations
Automated escalation alerts	Alert compliance team when accounts approach limits	Human review before risky situations
Regular compliance audits	Monthly review of call frequency data	Identify systemic issues before regulators do
Channel optimization	Use SMS/email for early touches, reserve calls	Maximize contact attempts within phone limits
Consumer preference logging	Record all preference changes with timestamps	Defensible audit trail for opt-out compliance

The channel optimization strategy deserves emphasis. Since SMS and email do not count toward the 7-in-7 phone limit, a smart AI system sends an initial text or email before using phone attempts. If the consumer responds to a text, the phone call becomes a warm follow-up rather than a cold attempt. This approach often improves contact rates while using fewer phone attempts - a win for both compliance and collection effectiveness.

Frequently Asked Questions

No. Regulation F implements the FDCPA, which applies to third-party debt collectors. Original creditors collecting their own debts are generally not subject to Reg F frequency limits. However, some states have their own frequency rules that may apply to original creditors. Check state-specific regulations if you are collecting first-party debt.

Yes. Every telephone call attempt counts, regardless of whether the consumer answers, the call goes to voicemail, or it rings without answer. The limit is based on call attempts, not successful connections. This is why AI systems must track all attempts, not just completed calls.

Exceeding the limit creates a rebuttable presumption that the calls were harassing. This shifts the burden to the collector to prove the calls were not intended to harass, abuse, or oppress. While not an automatic violation, it creates significant legal risk and is difficult to defend. The safe harbor only protects collectors who stay within the limits.

The 7-in-7 limit applies per debt. A consumer with 3 debts could receive up to 21 calls in 7 days (7 per debt). However, practically, calling a consumer this frequently risks harassment claims under the general FDCPA prohibition even if technically within Reg F per-debt limits. Implement per-consumer caps in addition to per-debt tracking.

Reg F does not provide for consumer waiver of the frequency safe harbor. Even if a consumer says "call me anytime," exceeding the 7-in-7 limit loses the safe harbor protection. The practical approach is to stay within limits regardless of consumer statements.

No. The 7-in-7 limit specifically applies to telephone calls. Text messages and emails have separate requirements (including opt-out mechanisms and proper identification) but do not count toward the telephone frequency limit. However, the general prohibition on harassment applies across all channels.

After a substantive conversation about a specific debt (not just reaching the consumer but actually discussing the debt), the AI must not call about that debt for 7 consecutive days. Implement this as an automatic lockout that starts immediately when the conversation ends. The lockout should be per-debt, so conversations about Debt A do not prevent calls about Debt B.

A conversation where the debt is actually discussed - balance mentioned, payment discussed, dispute raised. Calling and simply confirming identity before the consumer hangs up may not constitute a substantive conversation that triggers the 7-day cooling period. However, the conservative and safer approach is to apply the cooling period after any right-party contact where identity is confirmed.

State laws that impose stricter frequency limits than Reg F take precedence. If a state limits calls to 3 per 7 days, that limit applies even though Reg F allows 7. Your AI system needs to check both federal and state limits and apply the more restrictive standard. The state-by-state guide covers specific variations.

Maintain records of every call attempt with timestamp, consumer ID, debt reference, outcome, and the running frequency count at the time of the attempt. Also document your compliance architecture, frequency limit configurations, and any consumer preference changes. Retain these records for at least 3 years as required by Reg F, though longer retention is advisable given the statute of limitations for FDCPA claims.

Justas Butkus

Founder & CEO, AInora

Building AI digital administrators that replace front-desk overhead for service businesses across Europe. Previously built voice AI systems for dental clinics, hotels, and restaurants.

View all articles

Ready to try AI for your business?

Hear how AInora sounds handling a real business call. Try the live voice demo or book a consultation.

Try Voice Demo Book Consultation