Back to Blog
By Anil Konur
June 25, 2026

Your AI Is Calling Consumers About Debts They Already Paid. The Fix Is Not a Better Model.

ACA International documented AI voice agents contacting consumers about already-resolved debts - not because the AI was wrong, but because the data it was running on wasn't synced. Colorado's revised AI law gives agencies until January 1, 2027 to build the governance layer. The window is open now.

ACA International published a compliance advisory in June 2026 responding to a pattern that had started appearing in media coverage: collections agencies deploying generative AI voice and text agents for consumer outreach - and those agents contacting consumers about debts that had already been paid or disputed.

The cause was not a model failure. The AI was doing exactly what it was told. What it was told was wrong.

When AI platforms pull account data from client systems without real-time synchronization, they execute outreach based on whatever state that data was in when it was last synced. A payment posted this morning does not reach an AI that was loaded yesterday. The result is a consumer who just paid their bill receiving a demand call - and because the AI is conversational and persistent in ways that a voicemail is not, the complaint rate climbs.

ACA's framing: this is a compliance management failure, not a reason to abandon automation.

The Konur Consulting take: The agencies generating AI compliance complaints did not fail at AI selection. They failed at AI operationalization. And Colorado's revised AI law just put a January 1, 2027 deadline on building the governance layer that prevents these failures from becoming regulatory violations.

What ACA actually said

ACA's analysis identified the failure mode precisely: AI platforms executing consumer outreach on data that is not synchronized to the agency's actual account state. The fix is not a better AI. The fix is a tighter integration between the AI platform and the client system of record - with real-time or near-real-time sync, not batch updates - plus human-in-the-loop checkpoints before the AI makes contact on flagged accounts.

ACA also pointed to Colorado's revised AI law (SB 26-189, signed May 14, 2026) as the leading state-level signal that the regulatory environment around automated consumer interactions is tightening - regardless of whether any specific agency has generated complaints.

What Colorado's revised AI law actually requires

Colorado SB 26-189 - signed by Governor Polis on May 14, 2026 and effective January 1, 2027 - repealed and replaced the 2024 Colorado AI Act. It shifted from a broad duty-of-care framework to a specific disclosure-based regime for "automated decision-making technology" (ADMT) used in "consequential decisions."

For debt collection agencies using AI in consumer outreach, scoring, or settlement decisioning, the key obligations under SB 26-189 are:

  • Consumer notice - deployers must give consumers clear, conspicuous notice before or at the time an ADMT is used in a consequential decision affecting them
  • Post-adverse-outcome disclosure - if a consumer experiences an adverse outcome from an AI-influenced decision, they have a right to an explanation and access to the personal data used
  • Meaningful human review - consumers may request human reconsideration of adverse AI-influenced decisions, to the extent commercially reasonable
  • AG enforcement - violations are deceptive trade practices under Colorado law, with a 60-day cure window before enforcement; no private right of action

The law's definition of "consequential decisions" covers financial services, housing, and employment. An AI that decides which accounts to contact, in what sequence, at what intensity, or with what settlement offer is participating in a consequential financial services decision under SB 26-189's framework.

The cure window exists - but only if the agency has a compliance program capable of discovering the violation within 60 days. Agencies without documented AI governance processes will not know they have violated the law until the enforcement action arrives.

The operationalization gap

93% of collections agencies are now using or evaluating AI, according to ACA's 2026 benchmarking data. The compliance gap is not in the 7% that haven't touched it. It is in the agencies that deployed AI at the outreach layer, measured the lift in contact rates, and stopped.

Deploying AI without the compliance infrastructure is the gap. Specifically:

  • Data sync discipline - the AI platform must operate on account data that reflects payments, disputes, and status changes in near-real-time. Batch sync is not adequate for consumer-facing outreach.
  • Human-in-the-loop checkpoints - accounts flagged as disputed, recently paid, or in a sensitivity category require human review before AI contact. This is not a suggestion; it is what separates compliant deployment from the pattern ACA documented.
  • Audit-ready documentation - every AI-initiated consumer interaction should be logged with the account state that triggered it, the data that was used, and the result. Colorado's 60-day cure window is only useful if the agency can reconstruct what happened.
  • Consumer-notice workflows - SB 26-189 requires disclosure at or before the point of AI interaction in a consequential decision. Agencies need a disclosure process built into the outreach flow, not bolted on after the fact.

What to do Monday

  • Audit your AI data sync cadence. How frequently does your AI platform refresh account data from the system of record? If the answer is daily or less frequent, you have a data lag problem. Map every payment and dispute type to confirm it reaches the AI before the next outreach cycle.
  • Document your human-in-the-loop checkpoints. Which account states require human review before AI contact? Who reviews them? Where is that decision documented? If the answers are informal, formalize them before January 1.
  • Map your AI tools against SB 26-189's ADMT definition. Any AI tool that "makes, guides, or assists" a consequential financial services decision for a Colorado consumer is a covered ADMT. Identify the tools, document their intended uses, and build the notice and disclosure workflows.
  • Build the audit log before you need it. If a Colorado consumer files a complaint in Q1 2027, your 60-day cure window starts when you receive notice. If you can reconstruct what your AI did and why within 48 hours, you can cure. If you can't, you can't.
  • Apply this framework beyond Colorado. Colorado is the first state with comprehensive AI consumer protection requirements effective in 2027. It will not be the last. The agencies building compliant AI governance now will not have to rebuild it for each state that follows.

FAQ

Is Colorado the only state with AI rules that affect collections agencies?

Colorado is the most comprehensive as of January 2027, but the pattern is broader. State attorneys general across more than a dozen states have increased consumer protection enforcement as CFPB activity has declined. Several states are actively developing AI-specific requirements. Agencies that treat Colorado as an isolated compliance exercise will be repeating this work for each state that follows - agencies that treat it as an operating model design problem will have a transferable governance framework.

Our AI vendor handles the compliance. Does this still apply to us?

Under SB 26-189, the deployer - the agency using the AI tool - carries the compliance obligation for consumer interactions, not the vendor that built the platform. The vendor must provide the deployer with information needed to comply, but the notice, disclosure, and human-review obligations sit with the deployer. "Our vendor handles it" is not a defense in an AG enforcement action.

What counts as an "adverse outcome" triggering the human-review right?

SB 26-189 does not define the term exhaustively, but a consumer who receives an AI-initiated contact about a debt they dispute or have paid, and experiences a negative financial or credit consequence as a result, is a reasonable candidate. The safer approach is to design human-review availability into any AI-influenced decision that could negatively affect a consumer's financial position - which in collections is essentially every automated contact.

How does this relate to the broader AI adoption picture in collections?

ACA's data shows AI adoption in collections nearly doubled in two years - 49% in 2023 to 93% in 2025. The agencies that moved fastest to deploy are often the ones with the thinnest governance layer underneath the deployment. Colorado's law does not penalize AI adoption; it penalizes AI deployment without the compliance infrastructure. The agencies that have both are in the strongest position.

Compliance reacts to the violation. Operationalization prevents it. The agencies building the governance layer now are not slower - they are ahead.

Konur Consulting helps collections agencies build the AI governance infrastructure that keeps automated outreach audit-ready as state laws tighten - data sync architecture, human-in-the-loop policy design, ADMT documentation, and the compliance management framework that makes a 60-day cure window actually usable. Reach out at info@konurconsulting.com before January 1, 2027 becomes a deadline instead of a runway.

Source - ACA International: Jen Hedke, "AI Debt Collection Rollouts Yield Compliance Lessons for ARM Industry," ACA International, June 17, 2026. acainternational.org

Source - Colorado SB 26-189: Norton Rose Fulbright, "Colorado Enacts Revised AI Law," May 2026. nortonrosefulbright.com

Source - Colorado AI law analysis: Morrison Foerster, "Colorado Hits Reset on AI Regulation with a New AI Act," May 15, 2026. mofo.com