FDCPA and RESPA Compliance: A Note Investor's Operational Guide
FDCPA and RESPA compliance for note investors — QWR response rules, cease and desist handling, and building federal compliance into your SOPs.

Why Do the FDCPA and RESPA Matter to Note Investors?
When you buy a non-performing loan on the secondary market, you step into a federally regulated role. Two statutes define most of your compliance obligations: the Fair Debt Collection Practices Act (FDCPA) and the Real Estate Settlement Procedures Act (RESPA). These are not abstract regulatory frameworks. They dictate what you must say, when you must say it, how you must respond to borrower inquiries, and what happens when you get it wrong.
Most note investors understand the basics -- include the Mini Miranda, use a licensed servicer, do not harass the borrower. But the FDCPA and RESPA go far beyond those fundamentals. They impose specific response timelines, documentation requirements, and procedural obligations that apply every time a borrower sends you a letter, disputes a balance, or tells you to stop calling. Missing a deadline by a single day creates the same liability as never responding at all.
This article covers the operational requirements that most note investors either do not know about or handle incorrectly -- and how to build compliance into your standard operating procedures so that violations become structurally impossible.
How Does the FDCPA Apply to Note Buyers?
The FDCPA governs the conduct of "debt collectors," which the statute defines as any person who regularly collects debts owed to another or who acquired a debt in default for the purpose of collection. When you purchase a non-performing loan, you fit squarely within this definition. The debt was in default when you bought it, and your collections activity -- whether through a servicer or directly -- constitutes debt collection under federal law.
There is a common misconception that the FDCPA only applies to third-party collection agencies. It does not. The statute was amended and interpreted by courts to cover anyone who acquires defaulted consumer debt, including note investors who purchase whole loans. If you bought the note in default, you are a debt collector for FDCPA purposes, regardless of whether you intend to work out the loan cooperatively.
The Initial Communication Requirements
The first time you or your servicer communicates with the borrower about the debt, the FDCPA requires specific disclosures. Within five days of that initial communication, the borrower must receive a written notice containing:
- The amount of the debt as of the date of the notice
- The name of the creditor to whom the debt is owed
- A statement that the debt will be assumed valid unless the borrower disputes it within 30 days
- A statement that if the borrower disputes the debt in writing within 30 days, the debt collector will obtain and mail verification of the debt
- A statement that the debt collector will provide the name and address of the original creditor, if different from the current creditor, upon written request within 30 days
These five elements are known as the validation notice or Section 1692g notice. They are separate from the Mini Miranda disclosure (covered in detail in our Mini Miranda post). The Mini Miranda goes on every communication. The validation notice is required in connection with the initial communication. Both are mandatory, and both must be present.
What Happens When the Borrower Disputes the Debt?
If the borrower sends a written dispute within the 30-day validation period, the FDCPA requires you to cease all collection activity until you provide verification of the debt. This is not optional. Collection activity includes sending statements, making collection calls, reporting to credit bureaus, and initiating or continuing legal proceedings.
Verification means providing documentation sufficient to confirm the debt is valid and that the borrower owes it. Courts have interpreted this to require, at minimum, a copy of the original promissory note or account documentation showing the debt's origin, the amount claimed, and the chain of ownership establishing your right to collect.
The practical implication: if a borrower disputes the debt in writing during the validation period and you or your servicer continue sending collection letters or reporting to credit bureaus before providing verification, you have violated the FDCPA. Statutory damages of up to $1,000 per action in individual cases, plus actual damages, plus attorney's fees. In class actions, damages can reach $500,000 or 1% of the debt collector's net worth.
What Is a Qualified Written Request and Why Does It Matter?
A qualified written request (QWR) is RESPA's mechanism for borrowers to demand information about their loan. Under 12 U.S.C. Section 2605(e), a borrower can send a written request to the servicer seeking information about the servicing of the loan, including payment history, escrow accounting, fee breakdowns, and ownership information.
A QWR does not need to use any magic words. It does not need to cite the statute. It does not even need to be labeled as a QWR. If a borrower sends a written communication that includes their name, account-identifying information, and a statement of reasons why they believe the account is in error or a request for specific information, it qualifies as a QWR. This means that a handwritten letter from a borrower saying "I don't think my balance is right, please explain the charges" is a QWR that triggers full RESPA response obligations.
The Response Timeline
RESPA imposes a two-part response timeline for QWRs:
| Deadline | Requirement |
|---|---|
| 5 business days | Send a written acknowledgment that the QWR has been received |
| 30 business days | Provide a substantive written response that either corrects the account, explains why the account is accurate, or provides the requested information |
The 30-business-day response window can be extended by an additional 15 business days if the servicer notifies the borrower of the extension and explains the reason. But the initial 5-business-day acknowledgment cannot be extended. Miss it, and you have a RESPA violation.
What Must the Substantive Response Include?
The response to a QWR must do one of three things:
- Correct the account and provide a written notification of the correction, including the effective date and the corrected information
- Explain why the account is believed to be correct, with documentation supporting the servicer's position, including contact information for the borrower to escalate the dispute
- Provide the requested information, if the QWR was an information request rather than an error assertion
A response that simply restates the balance without addressing the borrower's specific concern does not satisfy RESPA. The response must be substantive and responsive to the specific issue raised.
The Penalties for Non-Compliance
RESPA violations carry their own penalty structure, separate from the FDCPA:
| Violation Type | Penalty |
|---|---|
| Individual action | Actual damages plus up to $2,000 in statutory damages per violation |
| Pattern or practice | Actual damages plus up to $1,000,000 in class actions or 1% of the servicer's net worth |
| Attorney's fees | Recoverable in all successful RESPA actions |
The "pattern or practice" threshold is where RESPA becomes existential for note investors managing portfolios. If you have 50 loans and your servicer mishandles QWRs on 10 of them in a similar way, a plaintiff's attorney can argue a pattern exists. The damages multiply quickly.
How Do You Handle a Cease and Desist?
Under 15 U.S.C. Section 1692c(c) of the FDCPA, a borrower can send a written notice directing you to stop all communication. Once you receive a cease and desist letter, the FDCPA permits only three further communications:
- A notice that collection efforts are being terminated
- A notice that specific remedies may be invoked (such as foreclosure)
- A notice that a specific remedy is being invoked
That is it. No more collection letters. No more phone calls from your servicer. No more "checking in" emails. Any communication outside those three categories after receiving a cease and desist is an FDCPA violation.
What a Cease and Desist Does Not Do
A cease and desist does not eliminate the debt. It does not prevent foreclosure. It does not stop you from enforcing the lien. It restricts communication, not enforcement. You can still proceed with legal remedies -- you just cannot contact the borrower about the debt outside the three permitted categories.
This distinction matters because many note investors panic when they receive a cease and desist, assuming it shuts down all resolution options. It does not. Your servicer can still process payments if the borrower voluntarily makes them. Your attorney can still file foreclosure. You can still pursue a deed in lieu or short sale if the borrower initiates the conversation. The cease and desist restricts your outbound communication -- it does not create a legal shield around the borrower's obligation.
The Operational Response
When your servicer receives a cease and desist letter on one of your loans, the following should happen immediately:
- Flag the account in the servicing system as cease-and-desist active
- Halt all outbound communications -- letters, calls, emails, texts
- Send the required acknowledgment -- a single letter confirming that collection communications will cease, while reserving the right to invoke specific remedies
- Notify you (the investor) so you can adjust your resolution strategy
If your loan servicing company does not have a documented process for handling cease and desist letters, that is a compliance gap you need to close before your next borrower communication goes out.
What Are the Most Common Compliance Mistakes?
After working with hundreds of loans across multiple servicers, the same compliance failures appear repeatedly. Each one is preventable.
Ignoring or Mishandling QWRs
The most frequent RESPA violation in the note investing space is the non-response to a QWR. It usually happens because the servicer does not recognize an informal borrower letter as a QWR, or because the letter gets filed as general correspondence instead of being routed to the compliance team. The borrower writes, nobody responds within five business days, and the clock violation is established before anyone realizes a QWR was received.
Continuing Collection Activity During the Validation Period
When a borrower disputes the debt within the 30-day validation window, all collection activity must stop until verification is provided. The most common mistake is that the servicer's automated systems continue sending monthly statements or payment reminders during this period. Those automated communications are collection activity under the FDCPA, and they do not pause themselves because a borrower sent a dispute letter.
Communicating After a Cease and Desist
The third most common violation occurs when a servicer's automated letter system sends a communication after a cease and desist has been received. The cease and desist flag was either never entered into the system, or the system did not suppress the next scheduled communication. Either way, the letter goes out, the borrower or their attorney documents it, and the FDCPA claim writes itself.
Failing to Provide Transfer Notices
Under both RESPA and the FDCPA, borrowers must be notified when servicing or ownership of their loan transfers. RESPA requires the transferor servicer to send notice at least 15 days before the effective date of transfer, and the transferee servicer to send notice no later than 15 days after the transfer. When note investors acquire loans and board them to a new servicer, both notices must go out. Skipping the transfer notice -- or sending it late -- is both a RESPA violation and a missed opportunity to establish a productive relationship with the borrower.
How Do You Build Compliance Into Your SOPs?
Compliance failures in note investing almost never stem from bad intent. They stem from bad systems. The investor did not set up processes that make violations structurally impossible. Here is how to fix that.
Servicer Compliance Audit
Before you board a single loan with a servicer, you need to verify that their systems and processes handle every obligation discussed in this article. Request written documentation of their procedures for:
- QWR identification and response -- How do they distinguish a QWR from general correspondence? What is their escalation path? What are their internal deadlines (which should be shorter than the statutory deadlines to build in a buffer)?
- Cease and desist processing -- How is the flag entered? What systems does it suppress? How quickly is the investor notified?
- Validation notice delivery -- Is the Section 1692g notice included in the initial borrower communication package? Is it sent within five days of first contact?
- Transfer notice procedures -- Do they send the RESPA-required servicer transfer notice within the statutory window? Do they coordinate with the outgoing servicer to ensure the borrower receives both the goodbye and hello letters?
- Dispute handling -- When a borrower disputes the debt during the validation period, does the system automatically suspend collection activity? Or does it require a manual override?
If your servicer cannot answer these questions with specific, documented procedures, you do not have a compliance-ready servicer. As we discussed in Don't Sleep on Loan Servicers, your servicer's failures are your liability. The borrower's lawsuit names you, not just the servicer.
Internal Compliance Calendar
Create a compliance calendar that tracks every deadline triggered by borrower communications. When a borrower sends any written communication, the following timelines activate:
| Event | Deadline | Action Required |
|---|---|---|
| QWR received | Day 0 + 5 business days | Written acknowledgment sent |
| QWR received | Day 0 + 30 business days | Substantive response sent (extendable by 15 days with notice) |
| Debt dispute received (validation period) | Immediately | All collection activity ceases until verification provided |
| Cease and desist received | Immediately | All non-permitted communications cease |
| Loan transfer effective | 15 days before (outgoing) / 15 days after (incoming) | Borrower transfer notices sent |
These deadlines should live in your servicing system or project management tool -- not in your head and not in an email thread. If you manage more than a handful of loans, manual tracking will eventually fail.
Template Library
Every outgoing borrower communication should be generated from a pre-approved template that has been reviewed by counsel. Your template library should include:
- Hello letter (initial communication after acquisition) -- includes validation notice, Mini Miranda, and bankruptcy safe harbor
- QWR acknowledgment letter -- confirms receipt, states the response timeline, provides contact information
- QWR substantive response letter -- addresses the specific issue raised, includes supporting documentation
- Cease and desist acknowledgment -- confirms communications will cease, reserves the right to invoke remedies
- Servicing transfer notice -- satisfies RESPA's transfer disclosure requirements
- Demand letter -- includes all required disclosures and is state-compliant
No communication should go out to a borrower unless it was generated from an approved template or reviewed by counsel before sending. Ad hoc emails and informal letters are where compliance violations are born.
Document Everything
Every borrower communication -- inbound and outbound -- must be documented with a timestamp. This includes:
- The date the borrower's letter was received (not the date it was opened or the date someone got around to reading it)
- The date the acknowledgment was sent
- The date the substantive response was sent
- The content of every outgoing communication
- The name of the person who handled the communication
If a borrower or plaintiff attorney alleges a RESPA or FDCPA violation, your defense is your documentation. Without it, the borrower's version of events stands unchallenged.
What About State Laws and Federal Enforcement?
The FDCPA establishes a federal floor -- the minimum standard that applies in all 50 states. Many states impose additional requirements that exceed that baseline, including licensing mandates (like California's Debt Collection Licensing Act), additional disclosures beyond the Mini Miranda, shorter response timelines, and restrictions on communication methods. Your compliance program must satisfy both the federal requirements and the state-specific requirements for every state in which you hold loans. Your servicer should be licensed and compliant in every state where they service your loans, and you should verify this annually.
On the enforcement side, the CFPB historically served as the primary federal agency for both the FDCPA and RESPA. As we covered in The Dissolution of the CFPB: What It Means for Note Investors, the federal enforcement landscape has shifted -- but the underlying statutes remain fully in effect. The FTC, state attorneys general, and private plaintiff attorneys continue to enforce these laws aggressively. Do not assume that reduced federal enforcement means reduced risk. Private lawsuits under the FDCPA and RESPA are brought by borrower attorneys, not government regulators. Your compliance program protects you against all enforcement channels -- federal, state, and private.
The Bottom Line
The FDCPA and RESPA are not background regulations that your servicer handles while you focus on deal flow. They are the operational framework that governs every interaction between you and every borrower in your portfolio. The obligations are specific: five-day acknowledgment windows, 30-day response deadlines, mandatory disclosures, cease and desist protocols, and transfer notice requirements. The penalties are equally specific: statutory damages, actual damages, attorney's fees, and class action exposure.
The investors who avoid compliance problems are not the ones who memorized the statutes. They are the ones who built systems that make violations impossible. Pre-approved templates. Automated deadline tracking. Servicer compliance audits. Documented procedures for every borrower communication scenario.
Compliance is not a cost center. It is the infrastructure that keeps your note investing business operating without interruption from lawsuits, regulatory actions, or the reputational damage that follows both. Build it once, maintain it consistently, and it becomes invisible -- which is exactly how compliance should feel when it is working correctly.
Take the free Note Investor Workshop — analyze a real deal and submit a practice offer on a live asset. No credit card.