CFPB, FDCPA, SCRA, UDAAP, TCPA, FCRA, EFTA … the alphabet soup challenge for a compliance management system. Even if you think you have solid compliance framework in place, you can still get caught in a violation of one of these laws if you’re not careful. But it’s not just the regulators you have to be aware of, it’s also the ever present, ever persistent consumer attorneys, who are constantly finding new ways to twist your words, or bait you into a perceived violation. Even if you are on the right side of the law, defending cases is costly and could cause reputational risk.
However, one thing that can help to make complying with the regulations a little less stressful, and a little more efficient, is to automate your debt collection compliance management. In this article, we will discuss:
- What is compliance management?
- What is a compliance manager or compliance officer?
- Compliance management system components
- The importance of compliance management
- How to automate your compliance management
What is Debt Collection Compliance Management?
While compliance management is required by many companies and many different departments within those companies, we are going to specifically address compliance management for first-party and third-party debt collections here.
By definition, compliance management is “the process by which companies plan, organize, control and lead activities that ensure compliance with laws and standards” (source). As I mentioned above, there are numerous regulations that we have to look out for when engaging in collection activities, but it’s not just the regulations that are directed specifically at collections like the FDCPA, or specific regulators like the CFPB that you need to be aware of, there are credit reporting regulations, phone calling regulations, Servicemember regulations, privacy regulations, and money transfer regulations. If you communicate via Email, you can add CAN-SPAM, and potentially E-SIGN. And then there are the state and local regulations both for collections and privacy that can impact your collection activities (New York and West Virginia for example).
In addition to the actual named regulations, you must also be aware of the various guidance bulletins the CFPB issues. While many of them relate to specific regulations (FDCPA, UDAAP, etc.), some are regulation by bulletin, and you must integrate these into your compliance monitoring as well.
A compliance management system (CMS), is not only a place to keep your written documents and processes related to compliance, it can also be an integrated system that includes processes, controls, and tools that help your organization organize compliance management, comply with legal requirements and manage and track all processes that could harm consumers.
In August 2017, the CFPB released their compliance management review examination procedures. These procedures cover all entities under CFPB supervision and explains what they look for related to compliance management when they examine companies. In the release of this document, the CFPB stated: “To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle. Ultimately, compliance should be part of the day-to-day responsibilities of management and the employees of a supervised entity; issues should be self-identified, and corrective action should be initiated by the entity. Institutions are also expected to manage relationships with service providers to ensure that service providers effectively manage compliance with Federal consumer financial laws applicable to the product or service being provided.”
The FDIC also weighs in on compliance management systems. In their document created by the Division of Depositor and Consumer Protection entitled “Compliance Management Systems (CMS)”the FDIC outlines an approach similar to that of the CFPB for education, training, monitoring and remediation.
Additionally, the FDIC provides a compliance examination manual on their web site which provides an overview of compliance examinations, compliance management systems and their consumer compliance rating system.
As mentioned above, the OCC is also a consideration for banks when creating your CMS. The OCC has published a Comptroller’s Handbook entitled “Compliance Management Systems”. The booklet applies to the OCC’s supervision of national banks and federal savings associations.
What is a Collection Compliance Manager or Compliance Officer?
Compliance management should be taken very seriously by all companies. This is not a task that you should just push off on an existing employee to ‘do in their spare time’. You should have a well thought out plan for compliance management. This plan should include at minimum a compliance manager. However, since the CFPB requires top/down management with board oversight, it is suggested that you have a Compliance Officer that reports to the board, and, depending on your size, that person should have a team to manage compliance.
The duty of the compliance manager is to ensure the company is following legal requirements. They will not only manage the CMS and the staff handling the components of the CMS, but also stay up-to-date on all relevant laws and regulations surrounding collections and consumer compliance, but also be able to integrate those updates into your CMS.
The Compliance Officer will also develop your compliance policies & procedures, assess issues and potential liabilities, ensure consumer complaints are handled properly and in a timely fashion, and ensure remediation of any issues when necessary.
Collection Compliance Management System Components
What should compliance management look like in a collections environment, and what should your compliance management system include? The previously mentioned CFPB exam procedures bulletin gives us a lot of good information as far as what they will be looking for. But if you are a bank, you will also have the OCC and FDIC that may have additional requirements for your overall CMS outside of collections. If you are a credit union, you also have requirements put forth by the NCUA. Having a culture of compliance running throughout your organization is necessary to ensure everyone is aware of and adhering to your compliance rules.
For collections, the list below of CMS components covers requirements from the CFPB, OCC and FDIC:
- A tracking mechanism to ensure you are adhering to the local, state and governmental rules and regulations. This starts with knowing which regulations cover the collection activities your staff will be performing.
- If you are an agency, debt buyer or law firm, this also includes licensing requirements for each state.
- If you are a creditor who utilizes agencies, this includes knowing what licenses your agencies are required to have, and ensuring they are up-to-date.
- Policies and procedures for all collection activities, consumer interaction, and relating to each of the rules and regulations. A full discussion on policies and procedures would cover one or more blog posts, but for now, just know that you need policies & procedures in place for all activities relating to collection and contact with consumers.
- Implementing thorough training for all employees and contractors who will be communicating with consumers.
- Ongoing monitoring and auditing of compliance adherence by internal staff, and by third-party collection agencies if you use them.
- Remediation, and tracking of the remediation for any violations of your compliance rules.
- Have a vendor management process in place to ensure compliance by any vendors who may be handling your consumer information or contacting consumers on your behalf. As well as vendors who may have access to consumer PII.
- Have complaint, dispute and fraud processes and tracking in place with policies and procedures. This includes processes to ensure you are properly capturing, addressing and responding to complaints, disputes and fraud claims in compliance with all consumer laws.
- While not a requirement, I suggest pro-actively scrubbing your accounts for bankruptcy, deceased and SCRA prior to any collection activities, and monitoring all active collection accounts for new notifications relating to these three datasets. Most collection software systems have the ability to automatically status accounts when a notification comes in so you can cease or alter activity on these accounts.
- Regarding content, your system should not only have a place to store the media related to compliance, but also a way to securely pass content back and forth between you and your internal team or external vendors.
Your Board of Directors must have oversight to all the above. It is important that the board understands what is going on with your CMS, who is the point person for it, and what the components are.
The Importance of a Debt Collection Compliance Management System
The most important reason for having a compliance management system is consumer protection. While compliance with the law and reputational risk are also very important, your number one focus should always be protecting consumers.
By ensuring you have a robust compliance management program in place, it will help to not only protect consumers but also minimize legal and reputational risk.
Having a formal compliance management system in place will also help when audit time comes around. If everything is in one place, easily accessible, without having to dig through folders and spreadsheets, audits will go much smoother. Additionally, if your compliance management system includes reports, action items, remediation steps, vendor information, documentation and policies & procedures, you will have a one-stop place to find everything needed for your auditor.
How Do I Automate a Collection Compliance Management System?
There are many ways to automate compliance management. While many companies are still using the dated process of spreadsheets and a share point drive, the more savvy companies are either creating a compliance management system of their own, or purchasing/partnering with a compliance management software company for an automated solution.
The decision on whether to buy, build or partner requires a team decision on your part. You must take into consideration many things; IT resources, experience/expertise of your staff, costs and urgency of implementation. There are several out of box software systems available. But a word of caution, make sure they have all the requirements the CFPB, OCC, FDIC, etc. require. Many claim they have a full system, but they fall short. Due your due diligence before putting a system in place.
If you plan to build it yourself. Take the time to map out everything the regulators are expecting, and ensure you have knowledgeable staff in place to direct the creation of your system. A system of spreadsheets and a share point drive just isn’t going to work for the long-term. You need a fully automated system that monitors and flags compliance issues.
Whichever way you decide to go, once your system is in place, make sure to use it. I know this sounds simplistic, but merely having a system and not fully utilizing it is as bad as not having one at all. It will take time to get your information uploaded into your system. Dedicate a person to be the point person or project manager for your system to ensure you have forward progress.
Lastly, make sure your system is flexible, and can grow and change with you. There’s nothing worse than spending time, money and effort implementing a new system, only to have it go out of date within a year after you’ve started using it.
Compliance for the Future
Compliance requirements are not going away. They are with us to stay. If the past 10 years have taught us anything, it is that change is the only constant when it comes to compliance in collections. New laws, regulations and requirements will continue to come at us with blinding speed. But having a solid, automated compliance management system in place now, will set you up for success going forward.