The Consumer Financial Protection Bureau (CFPB) emphasizes the importance of institutions managing relationships with service providers to ensure compliance with Federal consumer laws. Verification of an established Compliance Management System (CMS) is crucial, as it serves as the framework for compliance oversight at the service provider. A robust CMS relies on effective policy and procedure management to guide all employees on adhering to the service provider’s processes. Let us look at why reviewing your service providers policy and procedures is important.
The Importance of Policy and Procedures
Policy and procedures are integral components of a compliance program, which also encompasses employee training and monitoring with corrective actions. When all aspects of the compliance program function effectively, the likelihood of a service provider delivering a compliant product is significantly increased.
A robust compliance program can be likened to a well-oiled machine: policies set the rules, procedures outline the necessary steps for adherence, training educates employees on proper execution, and monitoring with corrective action ensures organizational compliance. Keep in mind some organizations may have both procedures and a more defined document with step-by-step instructions (work instructions).
When engaging a service provider, specific expectations should be outlined:
- Consistent delivery of a predictable product.
- Meeting production and quality standards.
- Adherence to Federal and State regulations.
- Ensuring continuity of expected results during leadership and agent turnover.
The most reliable method to ascertain a service provider’s ability to meet expectations is through thorough review and verification of their policies and procedures.
Reviewing Policy and Procedures for Service Providers
When engaging a service provider for your organization, it is essential to establish clear expectations and ensure they align with your business needs. Here is a guide on how to review policy and procedures effectively:
Identify Your Requirements:
- Utilize your contract to determine the expected requirements. For instance, if background checks for employees are necessary, verify if the service provider has a corresponding policy.
- Define the processes you expect the service provider to deliver. For example, for a third-party collection agency, key areas for policy and procedures could include (non-inclusive list) Compliance Management System, Security, Performance Management, Collection Strategy, Mail, and payment Handling, etc.
- Define critical components for each required policy and procedure. For instance, if the service provider handles mail and payments, expect detailed steps (non-inclusive list) such as mail delivery and processing, payment handling procedures, correspondence handling, etc.
- Create a checklist or spreadsheet outlining each expected policy and procedure along with its critical components, facilitating a comprehensive review process.
Read Your Service Provider’s Policy and Procedures:
- Thoroughly read/review each policy and procedure document to ensure alignment with your expectations.
- Although time-consuming, this step is crucial to ensure proper oversight. It is advisable for the reviewer to have a strong understanding of Federal and State regulations. Legal counsel or compliance auditors can assist in identifying any regulatory violations.
- Remember that most policies and procedures are developed by the service provider. Providing feedback can help them improve, benefiting both parties in the long run.
- One critical area that must be reviewed is the review date or version control for each policy and procedure. The CMS should detail when policy and procedures are reviewed for changes and accuracy. I expect a review at least annually for all policy and procedures.
- Make sure that all policy and procedures are available for use by employees.
Verify the Policy and Procedures
Ensuring that your service provider adheres to their policy and procedures can be a challenge. In our Auditing Training Classes, we like to teach options and best practices with role plays on how to proceed. Here are some tips on how you can effectively verify your collection service providers’ compliance:
- Conduct side-by-side comparisons with agents to confirm their access to policy and procedures. Lack of access suggests non-compliance. Ensure that employees are utilizing only current and approved documents.
- Observe agents as they work on various tasks such as processing mail or handling payments. Verify that they follow the defined processes outlined in the procedures. Have the policy or procedure document readily available for reference.
- Engage agents and managers in discussions regarding their actions during the review. If an agent did not have their procedure open, ask them to review it afterward to see if all steps were followed. Often, agents may complete additional steps after referring to the procedure. Encourage active participation from agents in answering questions.
- Listen to call recordings to confirm adherence to scripts and call requirements.
- Perform account reviews for critical processes identified for review. Ensure that all steps are completed as outlined. For instance, when processing a cease calling request, documentation, updating a cease calling hold, marking phone numbers as do not call, and possibly changing the account status should all be executed and documented.
- Review internal monitoring results to identify areas of concern identified by the service provider. A robust Compliance Management System (CMS) necessitates thorough internal testing and corrective actions. If your service provider lacks internal testing and monitoring, it should raise significant concerns. In such cases, you may need to verify that they are executing all processes correctly independently.
Summary
In auditing service providers, a critical focus lies on policies and procedures. These documents serve as the backbone of compliance efforts, guiding employees on proper processes and ensuring adherence to regulations. Thoroughly reviewing and verifying these policies and procedures is essential to confirm alignment with organizational expectations and regulatory requirements. By highlighting the significance of policy and procedure management, businesses can establish a solid foundation for compliance oversight and mitigate risks effectively.
Author: Ken Evancic
Ken.Evancic@ResourceManagement.com
As a consultant for Resource Management Services, Ken provides consulting, training and mentoring in all phases of collection and recovery, in addition to auditing third party vendors.
Ken Evancic is a Vice President at Resource Management Services, Inc. Ken Evancic is a collections veteran with over 25 years experience. He has managed all phases of collection, including all levels of delinquency, automated dialer units, early out agency management, recovery, and skip tracing. In addition to collections operations management, he has lead initiatives in the areas of performance management, collections strategy development, collector and manager training, collector desktop design, collections reporting systems, and risk and compliance.
As a consultant for Resource Management Services, Inc., Ken has specialized in developing and completing third party compliance and performance audits for collections agencies and collection attorney firms for many top credit grantors and debt buyers. He has leveraged his 25 years of experience to develop multiple collector and collection management training classes designed to maximize collector performance. In addition to collection training, Ken helped develop and facilitates the RMS Third Party Vendor Auditing training.
Sign Up for the Twice Monthly Newsletter
Just enter your email address at the top orange bar at:
Collection Compliance Experts – “The Power of Expertise: Oversight Perfected”
It’s that easy! Twice a month – we provide blog updates and Resources for the Collection and Industry Professional.
Your email is just for this newsletter. We never sell your information. No fee. Opt-out at any time.
