Revenue Cycle Experts

Pay Your Bill Client Log In

Are your Collection Vendors Taking Compliance Seriously?

April 18, 2017

Today’s world in first- and third-party debt collections are under an incredible amount of scrutiny. The FCC, FTC, CFPB, 50 Attorneys General, 50 state regulatory bodies, hundreds of consumer attorneys across the U.S. along with mostly unfriendly local, state, and federal courts all have an impact for those in the collection space. Not to mention the BBB® along with Google® and lots of other complaint-based websites where debtor/patients/taxpayers can go to post complaints, valid or not. Add in the indifference or pure disdain from state and federal legislators, and that doesn’t bode well for the collection industry.  

Checking Compliance

So how do those in the collection industry put themselves in the best position to not only survive but thrive in this environment? How do Creditors such as Hospitals, Banks, Utility Companies, Schools and Universities and even state and local governments that rely on collection agencies know that their partners have taken the appropriate compliance measures to protect themselves and their Clients?

For instance, what about a Healthcare provider who has spent millions upon millions of dollars to comply with HIPAA and data security, only to have it all go to waste because they worked with a collection partner that didn’t take it as seriously?

Compliance Management System
The first indication of agency compliance is a robust compliance management system. There are several options out there that could include an internally developed system. However, the best compliance management system for the collection industry is a PPMS (Professional Practices Management System) certification offered by ACA International, our trade organization. It is robust because it is specific to the collection industry, has systems in place to track Client Issues, Non-conformities, cause analysis, continuous improvements and it continuously monitors these areas. The ACA certification covers 18 different areas of the company, not just one area, such as financial controls. PPMS certification also has to be audited at a minimum once every two years by an outside CPA audit firm. The CFPB has made it clear that a compliance management system is a MUST.

Data Security
The next indication of agency compliance is related to data security. Our agency processes millions of accounts per year. That is a lot of data, including names, addresses, phone numbers, social security numbers, and credit card information. The best indication that an agency takes data security seriously is if they use a third-party auditor to attest to data security best practices and standards. SOC 1 (financial processes), SOC 2 (data security processes), SSAE 16, ISO 27002, IRS 1075 (for federal tax data), HIPAA HITECH and Red Flags, GLBA and most importantly PCI compliance (Payment Card Industry) are the most common audits you will see.

A PCI, Level 1 Service Provider, which we have obtained, is the most strenuous audit. Other PCI levels are self-audits, which may be fine for your requirements, but can also be filled with errors. No third-party attested audits are filled with inaccuracies. Creditors need to know what is important to require of their agency and what isn’t. Some agencies, like ours, have become TECHLOCK® certified, which encompasses multiple audits in one certification (PCI being the most important). Regardless of the audits that are performed and by whom, Creditors should make sure that the agency they choose has Cyber Liability insurance because Errors & Omissions and General Liability policies do not cover Cyber-attacks.  

Speech Analytics
The next indication of compliance is related to
speech analytics. Speech analytics allows an agency to take all their calls, in real time or with recordings, and analyze them for compliance.  Collection agencies that don’t use speech analytics can only audit and review a tiny percentage of contacts with debtors. Effective speech analytics will allow for 100% of all calls being audited. Here are the items that speech analytics can help determine:

  • Are their collectors complying with the FDCPA? Are they stating the required mini Miranda? Are they using a talk off that overshadows the debtor’s right for debt verification?
  • Are they validating the debtor’s current demographic information?
  • Are they asking for cell phone consent?
  • Are they using derogatory terms?
  • Are they using polite, professional language?
  • Are they listening to the debtor?
  • Are they talking over the debtor?
  • Do they have sympathy /empathy?
  • Is the collector threatening legal or other prohibited action?

These are just a few of the items that agencies that use speech analytics can check.  Effective collectors perform with high scores when analyzed with speech analytics. The CFPB has made it clear that they will want collector compensation tied to compliance. Without having an effective speech analytics software, this will be impossible to do.

In summary, while recovery rates and service abilities are still necessary, nothing is becoming more important than having a partner that is compliant with all areas of operation. From having a system in place to data security to interacting with your customers, everything counts! While it may cost you more in the short term to deal with agencies that spend more money and time in these areas, it will save you money and headache in the long run not having to deal with lawsuits, data breaches, and patient complaints. Do the right thing for your business and take the time to analyze how your business partners handle these areas.

Compliance Checklist

  1. Compliance Management System? PPMS? Other?
  2. Speech Analytics software?  How are collectors graded and compensated?
  3. Data security: know what is important to you and why. What third-party audits are done?
    • SOC 1, type I or type II or SSAE 16?
    • Audited financial statements?
    • SOC 2, type I or type II?
    • PCI- what level, self-assessment or 3rd party?
    • ISO 27002?
    • HIPAA audits?
    • IRS 1075?
    • TechLock certification or comparable?
    • Cyber Liability Insurance?

Affiliations Audits & Achievements

  • HFMA: Healthcare, financial, management, association
  • AAHAM: American Association of Healthcare Administrative Management
  • ACA International

Revco Solutions Locations

Durham, NC (Corporate Headquarters)

2700 Meridian Parkway
Suite 200
Durham, NC 27713

Oradell, NJ

800 Kinderkamack Rd
Suite 206 North
Oradell, NJ 07649

Jacksonville, FL

7016 AC Skinner Parkway
Suite 160
Jacksonville, FL 32256

Dewitt, MI

1161 E Clark Road
Suite 240
Dewitt, MI 48820

Dayton, OH

6450 Poe Ave
Suite 301
Dayton, OH 45414

Columbus, OH

250 E Broad Street
4th Floor
Columbus, OH 43215

Omaha, NE

5807 N 102nd St
Omaha, NE, 68134

Indianapolis, IN

9339 Priority Way West
Suite 120
Indianapolis, IN 46240

Austin, TX

Financial Corporation of America (FCOA)
A Revco Management Company
12515 Research Blvd., Suite 200
Austin, TX  78759