AI debt collection calls: staying compliant with FDCPA and Reg F

Outbound collections is one of the most regulated phone calls a company can make in the United States. A single call placed at the wrong hour, to the wrong person, or one too many times can turn a routine reminder into a Fair Debt Collection Practices Act claim. So the appeal of an AI voice agent that can make thousands of those calls is obvious, and the risk is just as obvious.

The good news is that the rules are specific. FDCPA, the CFPB's Regulation F, and the FCC's 2024 ruling on AI voices all draw clear lines, and clear lines are something software can actually be built to respect. The trick with AI debt collection calls is to treat compliance as the design spec rather than a disclaimer bolted on at the end.

The three rulebooks an AI collections call has to satisfy

Before a single automated call goes out, three frameworks apply at once.

The FDCPA governs how third-party collectors talk to consumers: when they can call, who they can talk to, and what counts as harassment. It has been the floor since 1977.

Regulation F, the CFPB's modernization of the FDCPA, took effect on November 30, 2021 and added hard numbers, most notably on call frequency.

The TCPA, enforced by the FCC, governs the technology of the call itself. In February 2024 the FCC ruled that AI-generated voices count as an "artificial or prerecorded voice," which changes what consent an AI call needs before it dials.

An AI agent that satisfies two of these and ignores the third is still non-compliant. They stack.

Call timing and frequency: the numbers Reg F made concrete

Reg F is where AI has the clearest advantage, because the rules are numeric and a machine never forgets them.

Calls are restricted to the consumer's local 8am to 9pm window. The CFPB states collectors are generally prohibited from contacting a consumer before 8 a.m. or after 9 p.m. in the consumer's time zone. A human dialer in one time zone calling a consumer in another gets this wrong constantly. An AI agent that knows the consumer's local time does not.

Then there is the call-frequency rule. Under Reg F, a collector is presumed to violate the law if it calls a consumer about a particular debt more than seven times in a seven-day period, or within seven days after a telephone conversation about that debt. The CFPB is explicit that this is a rebuttable presumption tied to each specific debt, and that it applies to telephone calls specifically, with texts and emails covered by other protections. The practical upshot for an AI deployment: the agent has to track attempts per debt per consumer across the whole seven-day window and stop on its own, including counting any call that followed a live conversation.

This is exactly the kind of bookkeeping that trips up human-staffed call centers and that software handles natively. The frequency cap stops being a training problem and becomes a configuration the agent cannot exceed.

Who the AI is allowed to talk to

The FDCPA sharply limits third-party disclosure. A collector generally cannot reveal the existence of a debt to anyone other than the consumer, their spouse, their attorney, or a credit reporting agency. That means the AI cannot leave a detailed voicemail that a roommate might hear, cannot confirm a debt to whoever picks up, and cannot discuss the account until it has the right person on the line.

For an AI voice agent, this becomes an identity-verification gate before any account detail is spoken. The agent confirms it is speaking with the consumer to the standard the collector already uses for human agents, and says nothing substantive until it does. If a wrong party answers, the agent should leave only a limited-content message and never explain why it is calling. This is the same conservative-by-default posture that keeps a support AI from guessing: when the agent is not certain it has the right person, it discloses nothing and routes or retries.

The TCPA twist: an AI voice needs consent before it dials

The 2024 FCC ruling is the part teams miss. On February 8, 2024 the FCC issued a Declaratory Ruling confirming that AI-generated voices are treated as "artificial or prerecorded voice" under the TCPA. The legal status of the voice depends on how it is produced. How human it sounds is irrelevant.

That has a concrete consequence. An AI voice agent calling a consumer's cell phone needs prior express consent before it dials, the same consent an old-school prerecorded robocall would need, plus identification of who is responsible for the call and a working opt-out. A live human agent dialing manually sits in a different consent bucket. So swapping a human dialer for an AI voice is not a neutral substitution. It can change the consent you are required to have on file.

The compliant pattern is to confirm consent status per contact before the AI places the call, suppress numbers without the right consent, and route those to a channel or a human path that the consumer has agreed to. Build the consent check into the dialing logic and the FCC rule stops being a landmine.

What AI should do on a collections call, and what it should not

Inside those guardrails, there is real, useful work for an AI agent.

It can place compliant reminder and outreach calls within the timing and frequency limits, verify identity, take a payment intent and hand off to a secure payment flow, answer routine account questions, and capture a promise to pay. It can do this across thousands of accounts without drifting past the call cap or the calling window. The routine account questions here are the same low-judgment work that makes automating tier-1 banking support safe.

What it should not do is negotiate hardship, agree to a settlement, make threats of any kind, or improvise around a dispute. The moment a consumer disputes the debt, asks the collector to stop contacting them, or signals distress, the FDCPA's harassment and validation provisions are in play and a human should take it. A model that tries to talk a distressed consumer out of a dispute is the fastest route to a complaint. Open.cx, for one, is built to hand a conversation to a person the instant confidence drops rather than push for a resolution it should not be making, which in collections is the line between a reminder and a violation.

A rollout that keeps your compliance team calm

Sequence it the way you would any regulated automation.

1. Start with inbound and consented outbound. Begin where consent is unambiguous and the call is low-risk: consumers who have explicitly agreed to AI contact, or inbound calls the consumer placed.
2. Encode the hard rules first. Calling window by local time, the seven-in-seven frequency cap per debt, identity gate before disclosure, consent check before dialing. These are not training goals. They are constraints the agent cannot break.
3. Run in assist or monitored mode. Have humans review transcripts and outcomes before the agent runs unsupervised, and keep a complete audit log of every call: what was said, when, to whom, and on what consent basis.
4. Escalate disputes, cease requests, and distress automatically. The agent's job on those is to recognize them and hand off with full context. Resolving them stays with a person.

Measure the handoff rate alongside the contact rate. A healthy collections deployment escalates disputes and sensitive calls on purpose. A handoff rate that drops while complaints climb means the agent is handling calls it should be routing to a person.

Collections is a place where the conservative version of AI is the only version worth running. The upside of an automated call is volume and consistency. The downside of a single wrong call is a statutory claim. Design for the downside, and the volume takes care of itself. Collections is one slice of the larger opportunity in conversational AI in banking, where the same conservative posture governs the whole queue.