The Sarbanes-Oxley Act introduced accounting provisions, standards and practices in an effort to minimize fraud and misbehavior by public companies. Frequently, collection agency audits performed by creditors and account owners only focus on the agency’s financial statement and accounting efficiency. The foundation of the financial audit is usually to ensure that all money collected by the agency is remitted. This single focus approach does not take into consideration other areas of the collection agency business that may cost you money.
Work effort completed (or not completed) by a collection agency and mishandling of customer’s information may be as derogatory to your recovery rate as sloppy bookkeeping. The fundamental collection agency audit should include a review of financial practices, work effort completed and security of customer’s information.
The financial review should include a thorough investigation of the payment processing function including:
- Mail: Does a separation of duty exist so that the same person does not retrieve the mail and post payments?
- Security: Is the payment processing function completed in a secured room with limited access?
- Cash Handling: Does the agency maintain a receipt book? Does more than one person accept and verify the cash payment?
- Phone Payments: Who accepts the account information? How is the data stored and secured? How is the information deleted from the system?
- Credit Card Payments: Are they processed/authorized in a secured area with limited access? How is the information stored? How is the information deleted?
- Non-Sufficient Funds: Does the agency charge a fee? If so, how is the fee collected (from first money collected)? Is there a delay before posting the non-sufficient fund payment (to allow the debtor to reissue a payment)?
- Credit Balance: Does the agency refund the credit balance? Does the agency notify the creditor or account holder if there is a credit balance?
- Closed Accounts: Are payments accepted on closed accounts?
- Unable to Locate: Are payments deposited to a general trust account if an account cannot be located?
- Post-Dated Checks: How are they identified? How are they processed? Is a letter sent to the debtor with the intent to deposit?
- Deposit: Who prepares the deposit? Is it the same person that posts the payments?
- Trust Account: Who reconciles the trust account? Is it the same person that posts payments or prepares deposits?
Work Effort Review
Before you begin to interpret the work effort completed, you need to understand how the agency utilizes technology. Some of the system related information that you should understand includes:
- Can notes be deleted from the system? Most systems have the capability of deleting notes. You need to understand who has authorization and how the deleted information is tracked.
- Is all work effort noted on the system? Does the agency note every attempt, including every dialer attempt?
- Does the date and time of an action/result appear on the account record? If so, what time zone is used (usually the time zone of the host system or server)? If the information is not visible on the account, is the information available on a different account level?
- Do all users have unique codes?
The Fair Debt Collection Practices Act requires an agency to send a validation notice within “five days after the initial communication with a consumer in connection with the collection of any debt.” Some of the areas that you need to review for the letter process follow:
- Ensure that the validation letter has the appropriate verbiage and font size. It is recommended that you have your corporate attorney review all letters utilized by all of your collection agencies.
- Perform an on-site review of the letter production process, even if a third-party vendor completes the letter production. You need to ensure that your customer’s data is safe and secure.
- Make certain a procedure is in place, preferably systemic, to produce and send the validation notice upon placement of the account.
It is not only important to ensure compliance of the Fair Debt Collection Practices Act, but also the many state and local laws that apply to telephone collection attempts. Some states that have restrictive calling laws include:
- Arizona: Reasonable attempts must be made to the residence before an attempt is made at the place of employment.
- Arkansas: Reasonable attempts must be made to the residence, including calls not answered before attempts to the place of employment.
- Massachusetts: Collection agency may not call the debtor more than twice in each seven-day period to the residence and may call only twice in a 30-day period to the place of employment.
- New Hampshire: Collection agency may attempt to contact the debtor at the place of employment if no contact has been established at the residence.
- Oregon: Collection agency may attempt to contact the debtor at the place of employment if attempt to contact at residence has been unsuccessful during the day or evening (6 p.m. – 9 p.m.).
- Pennsylvania: Collection agency may not call the debtor if a contact was established in the last seven days. The collection agency may not attempt to contact the debtor at the place of employment unless they have not been able to contact the debtor at home within the last 30 days.
- Washington: May not contact the debtor at the place of employment more than one time per week.
Security of Customer’s Data
The Gramm-Leach-Bliley Act mandates that companies protect their customer’s private information. You are responsible for your customer’s data, even when it is placed with a third-party. Some of the areas that are most vulnerable are:
- Letter production: Because of the equipment required to produce the letters, the area typically gets warm. This leads to doors being propped open and the ability for unauthorized access to the area (and your customer’s data).
- Third-party vendor: Some collection agencies utilize a third-party vendor to print letters and perform skip-tracing functions. This is an opportunity for your customer’s data to be compromised if the appropriate security measures are not in place.
- Building access: The collection agency must provide a secured-access building that limits access to authorized individuals.
Creditors and account owners may be responsible for the collection agency’s actions. There have been some cases were the creditor was responsible and liable for damages because the creditor “should have known” what collection efforts and practices were used by the collection agency. The audit is one way of reviewing the work effort completed and identifying potential gaps.
Bev Evancic has almost 20 years experience in collection and recovery. She has managed all phases of collection and recovery operations, including automated dialer units, bankruptcy and legal units, skip tracing units, internal collections, outside collection agency networks, and Consumer Credit Counseling.
As a Consultant for Resource Management Services, Inc., Bev has spearheaded collection and recovery best practices reviews for many top credit grantors. Her articles on dialer operations, agency management and bankruptcy best practices have been widely publicized. Prior to joining Resource Management Services, Inc. in 1995, Bev managed the Recovery Department for AT&T Universal Card Services where she reengineered the bankruptcy, probate, internal and litigation processes.