AI debt recovery prioritization: rules, fairness, defensible design

The model scores each delinquent account on multiple dimensions: probability of payment within a window, optimal channel (call, SMS, email, letter, none), best time of day, recommended message tone and predicted vulnerability indicators. The output is a ranked work queue and a per-account action recommendation. Collection agents and outbound systems consume the queue.

The AI does not, in compliant deployments, take adverse action against the customer autonomously. Adverse-action decisions (charging additional fees, escalating to legal, refusing to engage) remain human-reviewed. The boundary matters under both consumer-protection law and GDPR Article 22.

The AI Act has two relevant provisions. Article 5 prohibits exploitation of vulnerabilities of specific groups due to age, disability or socio-economic situation that materially distorts behaviour and is likely to cause significant harm. AI prioritization that explicitly targets vulnerability indicators to extract payments from financially distressed customers is a candidate for the prohibition [2].

Annex III 5(b) on creditworthiness applies if the prioritization output also feeds future credit decisions. Pure recovery prioritization on existing debt sits outside high-risk classification, but the Article 5 prohibition is binding regardless.

The FCA Consumer Credit sourcebook (CONC) sets standards for collection conduct: forbearance for customers in financial difficulty (CONC 7.3), proportionate communication, and prohibition of unfair pressure. The 2023 Consumer Duty (PRIN 2A) raises the bar: firms must act to deliver good outcomes for retail customers, including in collections [3].

For AI, the implication is that prioritization cannot optimise narrowly for collection efficiency at the expense of customer outcomes. Vulnerability identification must trigger forbearance protocols, not pressure tactics. The FCA's 2023 Dear CEO letters to consumer-credit firms flagged AI use in collections as a supervisory focus.

Regulation F (12 CFR Part 1006) implements the Fair Debt Collection Practices Act with specific rules on contact frequency, time-of-day and means of communication. The CFPB UDAP authority extends to deceptive or abusive AI-driven outreach. The CFPB's 2023 advisory opinion on AI chatbots in financial services warned against deceptive practices and against systems that fail to recognise consumer disputes [4].

State attorneys general (notably New York and California) have separate enforcement powers. State Attorney General Letitia James reached settlements with debt collectors in 2023-24 specifically targeting AI-driven contact patterns that breached Regulation F frequency limits.

Pure prioritization (queue ranking, channel selection) is unlikely to meet the Article 22 "solely automated" and "legal or similarly significant effects" tests. Automated escalation to legal action or fee imposition does. The 2024 EDPB guidelines flag that AI-driven actions in financial-difficulty contexts may meet the "similarly significant effects" test even when they do not produce direct legal effects.

The defensible pattern: keep automated outreach inside a documented policy band (channel, frequency, message tone) and route adverse-action decisions to human review with documented authority and competence to override.

Six elements. Article 5 vulnerability check: explicit policy that vulnerability indicators trigger forbearance, not pressure. Frequency and channel guards aligned with Regulation F and CONC. Documented thresholds for human review of any adverse action. Fairness testing across protected classes. Audit log capturing input data, score, action taken, override events and any vulnerability flags. Continuous monitoring of complaint rates, dispute resolution time and forbearance offer rates segmented by AI-driven and non-AI-driven cohorts.