(800) 362-0272 View Account

Compliance at Midwest Service Bureau

Zero regulatory actions in over 55 years. Compliance isn't just a requirement — it's the foundation of everything we do.

View Account

Our Commitment to Regulatory Compliance

Debt collection is one of the most heavily regulated industries in the United States, and for good reason. Consumers and businesses deserve protection from unfair, deceptive, or abusive collection practices. At Midwest Service Bureau, we don't just comply with regulations — we embrace them as the foundation of how we operate. Our compliance framework covers every federal and state law that governs debt collection activity, and our technology platform embeds compliance rules directly into the collection workflow so that violations are prevented before they can occur.

MSB has maintained a spotless regulatory record for over 55 years. Zero enforcement actions by the CFPB, FTC, or state attorneys general. Zero consent orders. Zero regulatory fines. This track record is not accidental — it is the result of a deliberate, well-funded compliance program that includes dedicated compliance staff, annual training and certification for every employee, technology-enforced communication limits, quarterly internal audits, and ongoing monitoring of regulatory changes at both the federal and state level.

When you partner with MSB, our compliance becomes your protection. Every communication we send on your behalf — every phone call, letter, email, and text message — is crafted and delivered in accordance with the most current regulatory requirements. Our compliance team works closely with our operations, technology, and legal teams to ensure that new regulations are implemented before their effective dates and that our procedures reflect the most conservative interpretation of ambiguous requirements.

Below, you'll find detailed information about the major regulatory frameworks that govern our operations and how MSB maintains compliance with each.

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for the protection of individually identifiable health information. As a business associate of healthcare providers, MSB is required to maintain comprehensive HIPAA compliance covering the Privacy Rule, Security Rule, and Breach Notification Rule.

MSB's HIPAA compliance program includes:

  • Business Associate Agreements (BAAs): We execute BAAs with every healthcare client before receiving any protected health information (PHI). These agreements define our obligations regarding PHI use, disclosure, safeguarding, and breach notification.
  • Administrative Safeguards: Designated privacy and security officers, workforce training and certification, access controls based on job function, sanction policies for violations, and regular risk assessments.
  • Physical Safeguards: Controlled facility access, workstation security policies, locked storage for physical records, device and media controls, and visitor logging.
  • Technical Safeguards: Encrypted data transmission (TLS 1.2+), encrypted data storage, unique user identification, automatic session timeouts, audit logging of all PHI access, and multi-factor authentication for system access.
  • Breach Response: Documented incident response procedures, prompt investigation of potential breaches, notification to affected individuals and clients within required timeframes, and HHS reporting for qualifying breaches.

Our HIPAA compliance program is reviewed and updated annually by our privacy officer, and all staff members receive HIPAA training during onboarding and annual refresher certification thereafter. Our collectors who work on healthcare accounts receive additional specialized training on minimum necessary PHI use and patient communication requirements.

Fair Debt Collection Practices Act (FDCPA)

The FDCPA is the foundational federal law governing third-party debt collection practices. It prohibits harassment, false or misleading representations, and unfair practices in the collection of consumer debts. The FDCPA also establishes requirements for debt validation, cease-and-desist requests, and communication practices.

MSB's FDCPA compliance covers every aspect of the statute:

  • Initial Communications: Every initial contact with a consumer includes the required mini-Miranda disclosure identifying MSB as a debt collector and stating that any information obtained will be used for debt collection purposes.
  • Validation Notices: Written validation notices are sent within five days of initial contact, containing the amount of the debt, the name of the creditor, and the consumer's rights to dispute the debt and request verification.
  • Communication Restrictions: We do not contact consumers before 8:00 AM or after 9:00 PM in their local time zone, at their workplace if we know the employer prohibits such calls, or after receiving a written cease-and-desist request.
  • Dispute Handling: When a consumer disputes a debt, all collection activity ceases until verification is obtained and provided. Our system tracks dispute deadlines automatically to ensure timely compliance.
  • Prohibited Practices: Our training, monitoring, and quality assurance programs ensure that collectors never use threats, harassment, profanity, misrepresentations about the debt amount or legal status, or any other practice prohibited by the FDCPA.

CFPB Regulation F

The Consumer Financial Protection Bureau's Regulation F (effective November 30, 2021) modernized the FDCPA's implementing regulations for the first time in decades. Regulation F clarified rules around communication frequency, electronic communications, time-barred debt, and validation notice content. MSB was fully compliant with Regulation F from its effective date.

Key Regulation F provisions and how MSB complies:

  • Communication Frequency Limits: Regulation F establishes a presumption of compliance for telephone calls limited to 7 attempts per debt per 7-day period, with no calls within 7 days after a telephone conversation. MSB's dialer system enforces these limits automatically — collectors cannot override the frequency caps under any circumstances.
  • Electronic Communications: Regulation F permits debt collectors to communicate with consumers via email and text message, subject to opt-out requirements and specific content rules. MSB's electronic communication templates comply with all Regulation F requirements, including the mandatory opt-out mechanism in every message.
  • Time-Barred Debt: When collecting on debts past the applicable statute of limitations, MSB provides required disclosures informing consumers that the debt is too old to sue on and that making a payment could restart the limitations period in some states.
  • Enhanced Validation Notices: Our validation notices include all content required by Regulation F, presented in the model format endorsed by the CFPB, including an itemization of the debt, the consumer's rights and response options, and clear identification of the creditor.

State Licensing & Bonding

In addition to federal regulations, debt collection is regulated at the state level by a patchwork of licensing requirements, consumer protection statutes, and industry-specific rules. MSB maintains active collection agency licenses in every state that requires them, and our compliance team monitors regulatory changes across all 50 states to ensure we remain current with licensing renewals, bond requirements, and new regulatory obligations.

Many states have enacted consumer protection laws that go beyond the federal FDCPA, imposing additional restrictions on collection communications, requiring specific disclosures, limiting fee structures, or providing enhanced remedies for consumers. MSB's compliance program accounts for these state-specific requirements and ensures that our collection practices in each state meet the most stringent applicable standard.

The state licensing landscape is complex and constantly evolving. As of 2026, over 35 states require debt collection agencies to obtain a specific license or registration before conducting collection activity within their borders. Requirements vary significantly: some states require only a simple registration filing, while others mandate surety bonds ranging from $5,000 to $100,000, background checks on all officers and directors, annual financial audits, and ongoing reporting of complaint volumes and collection activity data. MSB's compliance team maintains a comprehensive licensing calendar that tracks renewal dates, filing deadlines, and regulatory changes across every jurisdiction where we operate.

Our state compliance infrastructure also addresses the growing trend of state-level mini-FDCPA statutes that provide consumers with additional protections beyond the federal baseline. For example, New York's debt collection regulations require specific disclosures about consumer rights and impose restrictions on how interest and fees may be communicated. California's Rosenthal Fair Debt Collection Practices Act extends FDCPA-like protections to original creditor communications, not just third-party collectors. Massachusetts prohibits certain types of communications to consumers' employers. MSB's system maintains a state-specific ruleset for each jurisdiction, ensuring that every communication — whether a phone call, letter, email, or text message — complies with the most restrictive applicable standard for that consumer's location.

We maintain detailed state compliance guides for our team and our clients. Select a state below to learn about the specific debt collection regulations that apply in that jurisdiction:

Arizona California Florida Illinois Kansas Missouri Nevada New Jersey New York Texas HIPAA & FDCPA Overview

No Surprises Act Compliance

The No Surprises Act (effective January 1, 2022) protects patients from unexpected medical bills for emergency services, air ambulance services from out-of-network providers, and non-emergency services from out-of-network providers at in-network facilities. The Act also requires providers to give uninsured or self-pay patients good faith estimates of expected charges before scheduled services.

MSB has integrated No Surprises Act requirements into our healthcare collection workflow:

  • Account Screening: Before pursuing collection on any healthcare balance, our system screens the account against No Surprises Act criteria. Accounts that may involve emergency out-of-network care, surprise billing scenarios, or good faith estimate requirements are flagged for compliance review before any collection activity begins.
  • Balance Verification: We verify with our healthcare clients that patient balances reflect proper application of No Surprises Act protections — including independent dispute resolution (IDR) determinations and appropriate cost-sharing calculations — before initiating collection.
  • Good Faith Estimate Disputes: When patients dispute bills that exceed a good faith estimate by more than $400, we understand the patient-provider dispute resolution process and suspend collection activity while disputes are resolved through the established channels.
  • Ongoing Monitoring: Our compliance team monitors CMS and HHS rulemaking related to the No Surprises Act to ensure our procedures reflect the latest guidance and enforcement priorities.

TCPA Compliance

The Telephone Consumer Protection Act (TCPA) regulates the use of automatic telephone dialing systems (ATDS), prerecorded or artificial voice messages, and text messages for debt collection and other commercial purposes. TCPA violations can result in statutory damages of $500-$1,500 per violation, making compliance essential.

MSB's TCPA compliance program includes:

  • Consent Management: Our system tracks consumer consent for calls and text messages at the account level, recording the type of consent obtained (express, express written), the source and date of consent, and any revocations.
  • Do Not Call Compliance: We maintain an internal do-not-call list and scrub against the National Do Not Call Registry. When a consumer requests that we stop calling, the request is processed immediately and applied across all accounts for that consumer.
  • Dialer Compliance: Our telephone systems comply with TCPA requirements for abandoned call rates, ringtime, and caller ID display. We maintain dialer logs and recordings for compliance auditing purposes.
  • Cell Phone Protections: We apply appropriate consent requirements when contacting consumers on cell phones, consistent with the most current FCC interpretations and court rulings regarding ATDS definitions and consent standards.
  • Text Message Compliance: All SMS and text message communications include required opt-out instructions, identify MSB as the sender, and comply with wireless carrier messaging guidelines. We honor opt-out requests immediately and maintain records of consumer preferences across all communication channels.
  • Reassigned Number Database: MSB checks the FCC's Reassigned Numbers Database before calling cell phone numbers to avoid contacting consumers who have not consented to calls. This proactive step significantly reduces the risk of TCPA violations resulting from calls to numbers that have been reassigned to new owners since the original consent was obtained.

TCPA litigation represents one of the most significant legal risks facing the debt collection industry, with plaintiffs' attorneys actively seeking violations that can result in class-action damages. MSB's investment in TCPA compliance technology, including automated consent tracking, call frequency monitoring, and real-time do-not-call list enforcement, provides our clients with a robust shield against TCPA-related liability. Our zero-litigation track record on TCPA claims reflects the effectiveness of these preventive measures.

Building a Culture of Compliance

At MSB, compliance is not a department — it is a core organizational value that permeates every aspect of our operations. From the CEO to the newest collector, every team member understands that regulatory compliance is non-negotiable and that cutting corners on compliance is never acceptable, regardless of the financial stakes on any particular account.

Our compliance culture is reinforced through several key practices:

  • Hiring Standards: We screen all candidates for integrity and judgment during the hiring process, and we require compliance-focused references from previous employers in the collection industry.
  • Training Program: Every new hire completes a comprehensive compliance training program before they ever contact a consumer. This training covers FDCPA, Regulation F, HIPAA, TCPA, state-specific regulations, and MSB's internal policies. Annual refresher training and certification is required for all staff.
  • Quality Monitoring: Our quality assurance team monitors live and recorded calls, reviews written communications, and evaluates collector performance against compliance standards. Collectors receive regular feedback and coaching based on QA evaluations.
  • Internal Audits: Our compliance team conducts quarterly internal audits of collection practices, documentation, and system controls. Audit findings are reported to senior management and tracked to resolution.
  • Incident Response: We maintain documented procedures for investigating and responding to potential compliance incidents, including consumer complaints, regulatory inquiries, and internal reports of possible violations.

Our commitment to compliance is not just about avoiding penalties — it's about doing business the right way. Clients who partner with MSB can be confident that their accounts are being handled with the highest standards of regulatory compliance, ethical practice, and professional conduct. Our 55+ year track record with zero regulatory actions is the proof.

Partner with a Compliance-First Collection Agency

Contact MSB today to learn how our compliance framework protects your organization and ensures ethical debt recovery.

Schedule a Consultation Call (800) 362-0272