In a recent blog post, Conerstone Support uses the metaphor of a stream to explain how risk works within the debt industry. "At the top of the stream is the credit grantor, the entity that originally extended credit to the consumer," and when it comes time to collect, the credit grantor may go "downstream" to "continue collection efforts."
The creditor, then, is reponsible for the stream from the moment it leaves their organization until the debt is collected, or until someone else takes full responsibility from the creditor.
In a sense, though, every stopping point along this metaphorical stream is the top of the stream -- by which I mean: each stop along the way -- creditor, debt buyer, collection agency, collection attorney -- is responsible, in a compliance sense, for what happens next.
This is all under the umbrella of "vicarious liability," which just means you don't get to wash your hands of responsibility just because you think you're done.
Cornerstone asks the question, "How do I [that is, you, dear reader] understand the licensing and registration requirements of everyone downstream and develop a process to make sure that they remain compliant?" They're asking the question in the context of credit grantors and debt buyers, but it's a sound framework for everyone working in this particular ecosystem.
- Identify all downstream service providers. Credit grantors and debt buyers need to know who is handling collection accounts downstream, what type of agency they are (collection agency, collection law firm), what services they are providing (sending letters, making calls, suing, etc.), and a list of locations from which they will be communicating with debtors.
- Develop a standard licensing matrix. Once you understand who your service providers are you can begin the task of identifying what licenses and registrations they are required to maintain to service your accounts. Developing a licensing matrix that becomes the standard by which to measure statutory compliance is critical to managing a review process designed to mitigate exposure.
- Perform an initial licensing audit. Using the standard licensing matrix as a baseline, now you can identify where a service provider is licensed and, conversely, any gaps that may exist. All licensing information is public and can be obtained directly from the states. In our experience, it is not advisable to rely on copies of licenses or other data provided by your downstream service providers.
- Remedy any gaps identified. Once you have performed the initial assessment and identified gaps it is important that you not let your downstream service providers continue to work accounts in the jurisdictions where they are not appropriately licensed. Make sure that the license is obtained and you have verified its existence before sending accounts back. It should be noted that the general condition of an organization's licensing tends to reflect their overall entity compliance and can often be used as a proxy to measure risk associated with that particular organization.
- Conduct ongoing licensing audits. Independently audit the licensing and registration of all downstream providers on a regular basis. Most license and registrations expire on a regular basis. It is generally sufficient to make sure that a downstream service provider renews each license on a timely basis and only do another full audit in the event something is uncovered during your ongoing reviews that make it prudent to do so.
- Monitor legislative changes and regulatory opinions. Remember that it is very important that you monitor legislative changes and regulatory opinions that may affect your standard licensing matrix.
Members of insideARM's Compliance Professionals Forum have access to an online State Law Grid, updated in real-time as information becomes available. Non-members can purchase downloaded copies of the grid that capture information just for that moment.
Additionally, insideARM hosts an interactive state licensing map, powered by our friends at Cornerstone Support.