Free registration is required to access these resources. Login or Register.

Premium compliance products are also available in the insideARM Store

Teresa Dodson

It’s difficult to avoid the media attention given to the importance of data security and the protection of consumer information. And given the damage that can occur (see, for instance, this story on the Global Payments Breach of over 10 million credit and debit card account numbers), and the potential financial losses incurred by all parties, maybe that’s a good thing.

The ARM industry has long been aware of the requirements placed on it by regulators to safeguard consumer data, and over the years the industry has taken great strides to improve its practices to safeguard consumer information. Many firms have now made significant investments in security and compliance, and more and more firms are adding compliance officers to their teams to ensure they stay current with the myriad changing regulations at the federal and state levels (see the story on “Compliance Officers: Necessary or a Luxury?”).

One of the strongest drivers of these comprehensive data security practices were the card issuers who were placing accounts with collection agencies and sharing NPPI data with debt buyers during the course of the negotiation of a sale. ARM industry participants who have recently endured the onboarding process and subsequent security audit from a card issuer understand how serious these organizations view data security in this environment of increased regulatory scrutiny.

ARM companies today must operate under a number of different compliance certifications such as PCI- DSS 2.0, SSAE 16 SOC 1 and SOC2 (the new SAS 70) and/or ISO 17799. While the cost and implementation of these policies and standards requires a significant investment by companies, the risk of a data breach or regulatory action against a company would be far more costly and the reputational damage can be long lasting and severely impact the ongoing operations of a company caught on the wrong side of an enforcement action.

In a recent survey published by (“Debt Settlement Survey: How Creditors and Collectors Utilize the Debt Settlement Industry to Increase Collections”) inside found that roughly 50% of respondents stated that they now work with debt settlement companies as a way to increase their collections. When asked the reasons why firms chose not to work with debt settlement companies, over 29% reported security, compliance, and legal concerns as chief reasons for not working with the industry. It’s not surprising that a high percentage of respondents shared this concern at a time when agencies and buyers are operating under a heightened state of scrutiny in these areas. More interesting was the fact that over half of those who indicated they don’t work with debt settlement companies today, said they would change their minds and employ debt settlement as a strategy if provided a secure, PCI-complaint, aggregated platform through which they could settle accounts with debt settlement companies.

Reasons Provided for not Working with Debt Settlement Companies



Settlement Percentages too low


Legal concerns about dealing with third parties


Security/Compliance Concerns


Industry Perceived as not reputable


Prohibited by agency agreement with creditor


Limited resources to dedicate to this channel


Break rates too high


Too hard to locate and manage multiple debt settlement providers


Not enough knowledge of the industry to make this channel effective




This underscores the perception by the ARM industry that debt settlement companies need to do more to change the way creditors and collectors perceive this industry and they way its managing sensitive consumer data. The Debt Settlement Industry associations should take the lead in this area, much like the ACA International and DBA International have done in the ARM industry, in providing operational guidelines, resources for education and training and adopting “Best Practices” of operations as it relates to compliance and security. Doing so could lead to a greater adoption of the debt settlement industry by collectors and creditors resulting in more recoveries for creditors, agencies and buyers, more revenue via settlements for debt settlement companies and greater relief for the consumer as a result of resolving their outstanding accounts.

Related Products

To the Point Technology Thumbnail

To the Point: Technology

This Operation Guide distills the information presented in our insideOperations webinar. It comes complete with a link to the full video recording of the webinar -- great for use for all-staff trainings and quarterly in-services -- as well as a Certificate of Completion and the full transcript of the webinar. This is a great resource for tracking training, allowing regulators and clients to see your agency's commitment to continuing compliance and education! (This product is approved for DBA International Certification Credit.)

To the Point: Telephony and Voicemail Messages (Updated for 2014)

To the Point: Telephony and Voicemail Messages (Updated for 2014)

From the popular Ask the Attorney webinar series produced by us here at, we've culled the pressing questions and the expert answers into mini-briefs, perfect for when you only need the latest legal thinking on a specific topic. We'll get you up to speed on the following: What is the impact of the recent Meyer v. PRA appeal as it relates to manual dialing of cell numbers? Should first-party collections' departments also have measurements for abandoned call rates? Are there any new changes for auto dialers and cell phones? Can a message for a consumer be left with a live third party? When should the mini-Miranda be used? Should it be used on a dialer call? And if it’s used on the dialer call, how is that not third-party disclosure? Can you leave a message on an attorney’s voicemail?

Thumbnail - To the Point: Voicemails and Foti

To the Point: Voicemails and Foti

Looking to get in and out quickly on Voicemails and Foti compliance? You can read all about our attorneys’ answers to the industry’s most pressing compliance questions in To the Point – Voicemails and Foti. We’ve condensed the questions asked at our August Ask the Attorney Webinar into a user-friendly, five-part guide covering: Foti and Zortman voicemails; the latest news in robo-dialing; and much more! We’ve also included two appendixes with the full text of key court cases and regulations cited by our attorneys during the webinar. Hot topics in consideration from this webinar included: voicemail confusion for debt collectors (Which is safer, Foti or Zortman?), state specifics for collection (Why is it so tough to leave a voicemail in New York City?) and more.

Thumbnail - Operations Guide: Call Recording

Operations Guide: Call Recording

Our Operations Guide: Call Recording presents the case -- and best practices -- around both recording all calls with consumers, and, in some cases, not recording your calls with consumers. Our experts -- Paul Maggioli of Castel; and Anita Tolani of Weinberg, Jacobs & Tolani, LLP -- help make sense of the conflicting and opaque regulations affecting the debt industry. This Operations Guide comes complete with a link to the full video recording of the webinar -- great for use for all-staff trainings and quarterly in-services -- as well as a Certificate of Completion. This is a great resource for tracking training, allowing regulators and clients to see your agency's commitment to continuing compliance and education!