Collecting on accounts receivable can bring in sizable amounts of revenue to clients, but third-party debt collection agencies should maintain a compliance management system (CMS) to provide legal compliance and other benefits.
First, a CMS enables agencies to remain compliant with federal, state and local laws that protect consumer interests. The approach ensures that every client is protected from the risk of government reprisal, bad publicity, or other negative legal consequences such as lawsuits.
A CMS also enhances the accountability and transparency that agencies offer to clients, enabling them to garner peace of mind and trust.
Finally, a CMS creates consumer benefits including data security policies that protect their identities as well as friendly consumer relations that encourage brand loyalty.
Which Laws Are Relevant to a Compliance Management System?
There are many overlapping federal laws that collection agencies need to follow. Some of the top federal compliance laws are:
- GLBA (The Gramm-Leach-Bliley Act) – Requires financial institutions to explain their information sharing practices to their customers and to safeguard their data.
- HIPAA (Health Insurance Portability and Accountability Act) — Ensures the data privacy and security of medical information.
- FDCPA (Fair Debt Collection Practices Act) — Limits the behaviors and actions of debt collection agencies.
- FCRA (Fair Credit Reporting Act) — Enforces the accuracy, fairness, and privacy of information giving to consumer reporting agencies.
- TCPA (Telephone Consumer Protection Act) — Regulates telephone solicitations and the use of automated telephone, fax, and SMS equipment.
- SCRA (Servicemembers Civil Relief Act) — Protects those in the military, coast guard, or commissioned officers from being sued while in active service and up to a year after active duty.
- Red Flags Rule — Requires that each financial institution has systems in place to detect, prevent, and mitigate identity theft.
Additionally, several states have compliance laws that augment the federal laws. For example, New York City has regulations stipulating that collectors must leave a call-back number with the debt collection agency’s name, creditor’s name, collector’s name, and the current amount of debt in all voicemails.
What is a Compliance Management System?
A compliance management system is a combination of policies, procedures, and technologies that ensure compliance with the above laws. Regulators like the Consumer Financial Protection Bureau (CFPB) expect collection agencies to have an effective compliance management system integrated into their business strategy and operations.
An agency’s compliance management system should include internal management audits, vendor management policies, data security policies, payment processing procedures, complaint and dispute resolution policies, record retention guidelines and more.
Leadership and Management
Compliance is often maintained and led by a director or manager of corporate compliance at third party agencies. These leaders often carry certifications such as the Credit and Collections Compliance Officer (CCCO) from ACA International. CCCO training covers federal compliance, advanced compliance assessment and control, policy writing and procedures, data security and privacy, and ethical collections. Agencies that have designated CCCOs provide an in-depth range of knowledge on compliance strategy in the debt collection industry. CCCO designations require an annual renewal to keep them up to date on current compliance laws.
Additionally, a standalone quality assurance (QA) department monitors phone calls and other activities on a daily basis to make sure collectors are compliant with laws. The QA team is led by the manager of corporate compliance who regularly works with attorneys, QA supervisors and QA representatives.
Compliance training is conducted under the guidance of the agency compliance manager to teach and test every debt collector in all aspects of credit and collections compliance.
New hires undergo an extensive training process. They are expected to achieve an understanding of federal and state laws over the course of several weeks before they are permitted to engage consumers over the phone.
Best-in-class agencies also conduct mandatory monthly training sessions for all collectors and managers. The meetings cover compliance laws as well as reviews of recent performances and audits.
Collectors that fail to meet client or company expectations receive a training ticket from quality assurance for the violation. Collectors then receive feedback and/or one-on-one training from management or the company’s designated trainer.
Collection agencies cannot legally collect on consumers who have filed litigation related to the FDCPA, or who are under protections by the SCRA. In order to remain compliant, operations directors oversee daily scrubs in these areas to assess and verify the status of each consumer. Directors will immediately cancel any accounts that resemble the circumstances mentioned above.
Top agencies need attestation for payment card information security, controls that affect client financial statements, and non-financial reporting controls.
PCI DSS 3.2 certification establishes technical and operational requirements for merchants and service providers using, storing, or transmitting payment card data.
SOC 1 Type II reports are compliant with Statements on Standards for Attestation Engagement (SSAE 18) and assess the controls at service organizations relevant to user entities’ internal control over financial reporting for a specific period.
SOC 2 Type II reports focus on the effectiveness of a service organization’s non-financial reporting controls relating to security, availability, processing integrity, confidentiality, and privacy of a system.
Technologies used by an agency are a crucial tool in a compliance management system as they add an additional layer of protection. Agencies rely on state-of-the-art software to conduct everyday business. For example, collections software is used to optimize the collections process by managing how and when collectors can make contact with consumers per client request and specifications as well as maintaining compliance with state and federal laws. There is even programming in place to prevent human errors that may occur when scheduling phone calls to ensure collections calls are being made at appropriate times that follow compliance.
A CMS is a cornerstone of best-in-class agencies like Optio Solutions in conjunction with industry experience, collections technology, certification, and solutions for data security. These attributes help create brand protection, ROI and customer retention for agency clients.
Best-in-class debt collections require industry expertise and knowledge. With certified Credit and Collection Compliance Officers overseeing a solid compliance management system, Optio can assure clients that their collections will be handled effectively while remaining compliant with federal and state laws.
Optio also maintains Professional Practice Management System (PPMS) certification from ACA International. Among its many layers of practice management, a PPMS enables agencies to conform with all federal and state laws because it addresses and helps organize several components of compliance management systems.
Industry professionals seeking to hire a debt collection agency should contact Optio Solutions today to learn more about an individualized collection strategies for their organization.