In 2013, DBA International released the first version of the certification program to create best practices for the receivables industry. Through ongoing review of the standards by DBA members and feedback from regulators and consumer advocacy groups, the certification program has gained acceptance and grown into a recognized certification. Though initially created for debt buying companies, the program has since expanded to allow collection law firms and third party collection agencies to become certified. Several originators have formally recognized the program by incorporating the certification into their due diligence procedures—making it a requirement for potential buyers. The certification has also been recognized by federal, state, and local authorities.
While acceptance and recognition of the program has progressed significantly since inception, there is much left to be accomplished. Involvement in the DBA and adoption of the certification by all DBA members is necessary to move forward as an industry. Rightfully, member companies want to know what benefits the certification can provide. In this article, I will share some of the ways the DBA certification can add value to your company.
It’s important to start with the baseline expectations your company should follow. Depending on the structure of your company, numerous federal, state, and municipal laws may apply; which of course are open to interpretation in many cases. On top of these requirements are the various guidelines and bulletins pushed out by regulatory bodies. Are you confident that your company is aware of all applicable requirements and has implemented adequate procedures to comply? In addition, do you understand the requirements and guidelines of your business partners and vendors?
It’s difficult enough to stay abreast with requirements that your company must follow. Due to third party risk management guidance and data security protocols that require financial institutions to oversee companies with access to their data, debt buyers and downstream vendors must also understand and comply with many of the banking requirements. Debt buyers should also know the compliance obligations of their vendors. How does your company manage the various regulatory requirements?
Unfortunately, there is no easy answer to these questions. There are many facets to a compliance management system and putting the pieces together can be a daunting task. The first question you may ask is – where do I start? The first step in answering this question is gaining an understanding of your current compliance structure. You accomplish this by performing a “gap analysis”, which identifies gaps between requirements and your company’s actual procedures. The DBA certification standards are a great tool for taking the first step and conducting a comprehensive gap analysis of your compliance program. The certification program provides a roadmap for understanding applicable regulatory requirements and industry best practices that need to be implemented within your company. In addition, the DBA certification is the only industry program that includes a comprehensive set of compliance standards for debt buyers, collection law firms, and third party collection agencies. Given the vast amount of requirements, having one set of comprehensive standards makes the process of implementing and maintaining a compliance management system much more feasible.
An Industry of Audits
There’s are an abundance of oversight in the debt collection industry that comes in the form of audits, reviews, and questionnaires from regulators, banks, debt buyers, and other parties that have an interest in or contractual relationship with your company. If your company accesses confidential, non-public information (e.g. consumer data), you are likely subject to audits and responsible for oversight of your vendors and other parties that may access your data. Most companies essentially never get a break from audit responsibilities and must dedicate significant resources to the function. The process can be overwhelming to say the least.
As someone who manages the audits of our company and our vendors, I’m familiar with the commitment necessary for the audit process. I also understand the risks associated with vendor relationships and steps for appropriately managing those risks. In short, the level of risk associated with a vendor or business relationship should define the frequency and extent of procedures you conduct on that party. If you can confirm that a business partner or vendor has adequate controls in place to protect your information, you may be able to qualify that relationship as lower risk and subject to less oversight procedures.
One way of making this determination is by first gaining an understanding of the certifications or external attestations your vendors or business partners maintain. For example, PCI DSS certification addresses protection of cardholder data; audited financials and SSAE 16 compliance address financial stability and adequacy of internal controls; and the DBA certification? The DBA certification addresses regulatory compliance and industry best practices, but also addresses components of the aforementioned attestations as it relates to data security and financial controls.
Depending on the scope of a client or vendor audit, reliance can be put on the DBA certification to qualify you as a lower risk entity, which can equate to less frequent and less extensive audits. The result will help you save on the costs and time associated with the audit function.
Creating a Degree of Separation
There are few things that can create a clear dividing line between reputable businesses and rouge operators. A lapse or oversight in necessary controls can put you at risk and be costly to your company’s reputation. How does your company verify that all compliance obligations are addressed and current?
Once you have implemented a holistic compliance program, the next challenge is keeping it updated. While technology and business practices changes rapidly, many federal and state laws haven’t seen revisions in decades, resulting in laws being open to interpretation and exposure to your company.
Client audits of your company assist with keeping your compliance program current, but these audits may be limited in scope and overlook critical components of your operations.
DBA International works diligently to ensure that the standards reflect the most current requirements and best practices in the industry. Through ongoing reviews of the certification standards by DBA committees, regulators, and consumer advocacy groups, the certification is now on its 5th version in 3 years. Obtaining the DBA certification represents a commitment to education, best practices and compliance with state and federal requirements. Providing your company with an additional layer of assurance can make your procedures more efficient, generate business, and give you peace of mind.
Assurance often means going the extra mile. So does turning a risk into a reward.
About the Author
Brett Soldevila serves as the Chief Compliance Officer for Security Credit Services, LLC, a debt buyer and servicer for consumer and commercial defaulted receivables. His responsibilities include ensuring the Company complies with regulatory requirements and internal policy; and oversees all audit and investor related functions. Prior to joining Security Credit Services, Mr. Soldevila served in the internal audit department of a global consumer and commercial services company, and in the audit & enterprise risk services department of a professional services firm. Brett is a Certified Public Accountant, Certified Fraud Examiner, and Certified Receivables Compliance Professional. He currently serves as the Chair of the DBA International Certification Council and has also served as Chair for the Council’s Standards Committee.