Archives for February 2022

On February 2, 2022, the Federal Communications Commission (FCC) issued a Press Release to announce that FCC Chairwoman Rosenworcel proposed an action, that if adopted by the full commission, would require a company to obtain consent before leaving a ringless voicemail for a consumer. Under the Chairwoman’s proposal, ringless voicemails would be considered “calls” requiring prior express consent. 

The proposal is in response to a March 2017 petition filed by All About the Message, Inc. (AAM), in which AAM asked the FCC to exempt ringless voicemails from anti-robocall rules. AAM’s petition opined that delivering a voice message directly to a consumer’s voicemail box is not a “call” subject to the Telephone Consumer Protection Act’s (TCPA) general prohibition against the use of auto-dialers or pre-recorded voice messages (absent appropriate consent). The FCC sought comment in April 2017; however, AAM withdrew the petition in June 2017.

“Ringless voicemail can be
annoying, invasive, and can lead to fraud like other robocalls—so it should
face the same consumer protection rules,” said Chairwoman Rosenworcel. “No one wants to wade through voicemail spam, or miss important messages because their mailbox is full. This FCC action would continue to empower
consumers to choose which parties they give permission to contact them.” 

insideARM Perspective:

The FCC Press release does not indicate why FCC Chairwoman Rosenworcel is championing this cause nearly five years after AAM filed (and withdrew) its petition. We’ll provide updates if and when the FCC issues guidance on this issue.  

SACRAMENTO, Calif. — Members of Receivables Management Association International (RMAI) elected Officers and Directors to its Board for 2022. Of the ten-member Board, nine are continuing service from the previous year. The 2022 Officers and Directors are:

• Adam Parks, Plaza Services LLC, President
• Anne Thomas, Cavalry Portfolio Services, LLC, President Elect
• Jon Mazzoli, Resurgent Capital Services, Treasurer
• Brett Soldevila, Security Credit Services, LLC, Secretary
• James Mastriani, Velocity Portfolio Group, Past President
• Mike Colby, Second Round, LP, Director
• Laura Jensen, Absolute Resolutions, Corp./RAzOR Capital LLC, Director
• Kelly Knepper-Stephens, TrueAccord, Director representing collection agencies and law firms
• Amber Russo, Kino Financial Co., LLC, Director
• Brian Williams, Crown Asset Management, LLC, Director

Amber Russo of Kino Financial Co., LLC, is joining the RMAI Board of Directors for 2022. Amber Russo is President and co-founder of Kino Financial Co., LLC., a regional debt buyer based in Arizona. Amber has dedicated over sixteen years to the receivables management industry as an advocate for state and regional debt buyers.  Over the past few years, Amber has worked with the RMAI organization as a committee member on various committees including State Legislative and Editorial, and as an advocate for RMAI’s legislative fundraising efforts. Amber also contributes to the RMAI Diversity, Equity, and Inclusion task force and was recently appointed to the RMAI Certification Council.

In her candidate statement, Amber explained her motivation for running for election to the RMAI Board, “Throughout my career I have been blessed with great mentors, colleagues, and friends, and now I want to give back to the industry that has afforded me so many incredible opportunities…I believe my perspective as a smaller regional debt buyer can be an asset to the Association. I hope to utilize my experience and industry contacts to benefit the RMAI membership as a member of the Board of Directors and I look forward to continued participation with the RMAI organization.”

RMAI’s plans for 2022 include continuing its well-known role of being present and involved in advocating for the accounts receivables management industry and engaging members in strategic grassroots efforts.

“2022 promises to be another busy year advocating in a number of states and Washington D.C.,” said Jan Stieger, Executive Director of RMAI.  “Our members count on RMAI to represent the industry at both the state and federal levels, and to keep them informed of important regulatory and legislative activity. In addition to our advocacy work, we look forward to holding our Executive Summit in beautiful Elkhart Lake, Wisconsin, and our regional networking event in Washington D.C.”

About RMAI

Receivables Management Association International (RMAI) is a nonprofit trade association representing more than 580 companies that purchase or support the purchase of performing and nonperforming receivables on the secondary market. The RMAI Receivables Management Certification Program and Code of Ethics set the global standard within the receivables industry due to the rigorous uniform standards of best practice which focus on protecting consumers. More information about RMAI is available at www.rmaintl.org.

RMAI’s 2022 Annual Conference is the 25th anniversary of the conference and brings together stakeholders in the receivables management industry—welcoming attendees and exhibitors, presenting highly-respected educational programming, and numerous networking opportunities with key participants, including debt buying companies, collection law firms, collection agencies, brokers, vendors, major creditors, and international members.

SACRAMENTO, Calif. — The Receivables Management Association International celebrated its 25th Annual Conference in Las Vegas, February 7-10, 2022. With a strong attendance of more than 1,200 representatives from the industry, leaders from RMAI took the opportunity to honor an outstanding member and a former board president.

Bud Reitzel Award

The RMAI Board of Directors awarded the Bud Reitzel Lifetime Commitment Award, the industry’s highest recognition, to Kaye Dreifuerst, former Board President of RMAI and President of Security Credit Services.

RMAI created the Reitzel Award to recognize an individual for outstanding leadership and dedication in the receivables management industry, who has demonstrated, over many years of service, the ideals that Bud Reitzel so firmly believed in.

Kaye Dreifuerst has more than 20 years of experience in the collection and debt purchasing industry.  She is currently President and Partner at Security Credit Services based in Atlanta, where she oversees its acquisitions and the collection operation. Kaye is a Past President of RMAI and one of the association’s most respected members. As President, Kaye was always measured and thoughtful when navigating the complex issues that arose at the Association level. She has garnered tremendous respect among her peers and is a proven and effective leader in all circumstances.

Kaye was instrumental in developing, advocating, and implementing the RMAI Receivables Management Certification Program, the gold standard in the industry.  The Certification Program is arguably one of the most recognized and tangible benefits to the Association and its members overall in its 25-year history.

President’s Award

RMAI awarded the President’s Award to Stephanie Clark, CEO of VeriFacts, Inc., a long-time generous sponsor of RMAI.

In 2017, RMAI created the President’s Award to recognize an individual for outstanding contributions and service to the association and membership. The award goes to someone serving on an RMAI Committee who is selected because of their contribution to committee goals and their innovative ideas helping to further the success of RMAI.

Stephanie Clark has been involved in committee work for over five years, and on the Legislative Fundraising Committee and Affiliate Task Force for two years. She heads one of the original affiliate companies to meet with RMAI leadership in 2016 when discussing ideas to reimagine the Annual Conference; this led to the creation of the popular Suite Crawl – now Cabana Crawl – 0networking event. VeriFacts has set the standard for hosting a suite and, in the past two years, a cabana for Cabana Crawl.

As CEO of VeriFacts since 2017, Stephanie is responsible for the vision of the company and the oversight of strategy execution over the entire organization.  She is always willing to take risks and innovate, and RMAI’s Annual Conference would not be the same without the enthusiasm that she and her team bring to the event.

2021 brought the financial services industry new requirements to add to their Risk Management Framework. I’d be hard-pressed to find a creditor who wasn’t aware of the CFPB’s Regulation F, and the additional monitoring and auditing responsibilities that are required when forwarding accounts to third-party collection agencies.

Additionally, the Federal Reserve, FDIC and OCC have proposed new Risk Management Guidance for banking organizations for managing risk associated with third-party relationships, including relationships with vendors. This proposed guidance would combine the three agencies’ current guidelines into one streamlined risk management guidance document. But this has yet to be posted in the Federal Register.

However, in September 2021, the CFPB also updated their exam procedures to include additional requirements related to Information Technology. And that update didn’t get nearly the press that Reg F or the combined agency guidance did. 

The CFPB’s Exam Procedures Compliance Management Review – Information Technology (CMR-IT) is an additional exam procedure specifically related to Information Technology and IT controls within a covered entity. When comparing it side-by-side with the CFPB’s Exam Procedures (CMR) (last updated August 2017), it appears that much of the introduction and explanatory sections are an exact duplicate of the CMR.

However, an additional paragraph has been added to the introduction that helps explain what the CFPB is looking for:

“Institutions often use information technology (IT) that could impact compliance with Federal consumer financial laws. As part of its overall CMS assessment, the CFPB may evaluate the technology controls of an institution and its service providers. The CFPB may also evaluate an institution’s IT as it relates to compliance with Federal consumer financial laws.”

It’s also important to point out the CFPB’s expectations of a covered entity relating to compliance management in general: “Institutions are expected to manage relationships with service providers to ensure that service providers effectively manage compliance with Federal consumer financial laws applicable to the product or service being provided.”

This is a good reminder to add this additional checkpoint to your regular audits of your service providers, and other third parties you engage with.

There are five Modules in the CFPB’s Exam Procedures for IT. The Module section names are the same as in the CMR, as are the explanations of each module and the examination objectives.

However, the differences come in the actual exam procedures and the requirements of what the examiners are looking for. In the new CMR-IT, the procedures that will be reviewed relate to IT function, IT controls, IT organizational structures, etc.

Let’s break down the five Modules and take a look at the new examination procedures.

Module 1: Board and Management Oversight

Overview: The CFPB reminds us: “… the board of directors is ultimately responsible for developing and administering a compliance management system that ensures compliance with Federal consumer financial laws and addresses and minimizes associated risks of harm to consumers.” In the absence of a formal board of directors, companies should have a group or team that is responsible for these tasks. This is the group the CFPB will look to for the information needed to complete this section of the exam. Exam 

Objectives:

• Does the board demonstrate their commitment to the CMS? Do they provide resources, including capital that are in line with their institution’s size, complexity, and risk profile? Is the staff knowledgeable of Federal consumer financial laws, and are they empowered to comply and are they held accountable? Does the board conduct ongoing due diligence and oversight of service providers including review of policies & procedures, internal controls, and training?

• Does the board respond promptly to changes in the applicable Federal consumer financial laws and determine if changes need to be made across their business?

• Does the board comprehend and identify compliance risks? Do they engage in managing the risks? Are the potential risks and harm to consumers by the institution addressed as products are developed, marketed and administered?

• Are issues proactively identified? Once issues are identified, are they promptly responded to and remediated?

Examiner Procedure: Examiners will request documentation, including board meeting minutes, organizational reporting structure and duties, information security program, IT risk management process, policies and procedures, risk assessment program, IT strategic plan, SDLC controls, change management process, business continuity plan, IT system reporting, and other documents as necessary to determine compliance.

Module 2: Compliance Program

The CFPB expects your compliance program to be a formal written document, administered by your chief compliance officer. They require the compliance program to contain four components: Policies & Procedures, Training, Monitoring/Audit and Consumer Complaint Response. The examiners have varying objectives and procedures for each component.

1. Policies & Procedures (Board Approved):

Overview: An institution’s policies & procedures should follow the policy enacted by the board of directors.

Objectives:

• Ensure policies & procedures are designed to effectively manage IT controls and compliance risk in the products, services & activities of the institution.

• Ensure they are consistent with board-approved compliance policies.

• Do they address compliance with applicable Federal consumer financial laws and are they designed to minimize violations, and detect and minimize risks to harm to consumers?

• Do they cover the full life cycle of all IT products and/or services offered?

• Are they maintained and modified to remain current?

Examiner Procedure: Examiners will require access to your IT policies & procedures so they can review how your program is structured and how it interacts with your IT functions. The examiners will also require information on who created the policies & procedures, when they were created and who maintains them. They will review your SLDC to see how your IT policies & procedures fit into it. Additionally, they will require access to your records retention and destruction timeframes. If you have more than one office, they will need to review the policies & procedures for each location to determine if they are consistent with the applicable corporate-level policies.

Educating your entire staff, from the board on down, is essential to maintaining an effective CMS.

2. Training

Overview: Educating your entire staff, from the board on down, is essential to maintaining an effective CMS. The CFPB expects that training should be sufficient to cover the duties of the individual. Training should not just cover your policies & procedures, but also the regulations relating to Federal consumer financial laws, including unlawful discrimination and Unfair Deceptive Abusive Acts and Practices (UDAAP).

Objectives:

• Ensure training is comprehensive, timely and specifically tailored to the responsibilities of the staff receiving it.
• Is the training program updated proactively in advance of the rollout of new or changed products?
• Is the training consistent with policies & procedures?
• Do the compliance and IT professionals have access to training?

Examiner Procedure: Examiners will need an explanation of how your board or management is involved in training, and how training is selected for each group of employees. Examiners will require access to your IT training materials as well as your schedule of training and records of completion as well as any follow-up, escalation or enforcement that comes out of the training program. They will also require access to any IT training you have provided for your service providers, along with schedule and documentation of completion. They will also need to see your plan for new training that will be rolled out in the next 12 months.

3. Monitoring and/or Audit

Overview: Monitoring is essential to identify your CMS’s weaknesses through the prompt identification of such weakness. Monitoring is generally done more often than auditing, and auditing is generally a more formal process, and likely carried out by an audit department or outside contracted party. IT and compliance audits provide the board of directors with crucial information to ensure the company is in compliance with regulations, consumer laws and policies & procedures that have been established by the board.

Objectives:

• Ensure the institution’s compliance monitoring, management information systems, reporting, auditing and internal control systems, including IT controls, are comprehensive, timely and successful at identifying and measuring compliance risk throughout the institution

• Ensure programs are monitored proactively to identify weaknesses and mitigate regulatory violations.

• Ensure all consumer engagements supported by IT systems are handled according to the entity’s policies & procedures.

• Ensure monitoring considers the results of risk assessments and that findings resulting from monitoring are properly escalated.

• Ensure the audit program is independent and reports to the board. Ensure appropriate compliance and business unit managers receive copies of audit reports in a timely manner.

• Does the program address compliance with all applicable Federal consumer financial laws?

• Ensure the schedule and coverage of the audit activities is appropriate for the institution’s size, complexity, and risk profile.

Examiner Procedure: Examiners will require access to monitoring and audit documentation, including; Quality Assurance and Quality Control procedures and the schedule of these procedures, policies & procedures pertaining to IT audits, any other documentation related to monitoring and audit. Additionally, the examiners will require proof of the independence of the monitoring/audit functions, and how well it identifies and reports weaknesses. They will also need to review auditor expertise and training to ensure it is sufficient for the complexity of the IT functions of the institution. If your auditing is performed by a third-party, the examiners will need to review the applicable policy, contracts, etc. you have with that auditor for the review period. The examiner will also need to see that the monitoring/audit coverage includes assessment of IT system capabilities and compliance with Federal consumer financial laws, and that it addresses access restrictions and unauthorized access. They will also check to ensure the board of director’s risk assessment process is being properly executed, that the board is receiving reports of the monitoring and audits and that any findings are being properly remediated.

4. Consumer Complaint Response 

Overview: The CFPB expects that you will not only have a consumer complaint process in place, but that you will also gather information from consumer interactions in an organized fashion, that the information be retained, and that it be used as a part of your CMS. Additionally, the CFPB requires that companies make a deliberate and good faith effort to resolve each consumer complaint.

Objectives:

• Are the processes and procedures for addressing consumer complaints appropriate?

• Are the investigations and responses reasonable?

• Are the complaints appropriately recorded, categorized, addressed, and resolved promptly?

• Are complaints that may raise legal issues appropriately categorized and escalated?

• Are complaints monitored by management to identify risks of potential consumer harm, and to see if a CMS deficiency or IT issue has caused the complaint?

• Is corrective action being taken when appropriate?

• Note the number of consumer complaints received by the entity during the exam time period.

Examiner Procedure: The examiner will review any IT related consumer complaints, including any that are received at the institutions service providers. They will require access to policies and procedures relating to consumer complaints. Examiners will also review any responses, corrective actions, analysis and categorization of any IT complaints, and determine whether correct corrective action was taken.

Consumer complaints and inquiries should be an integral part of an institution’s compliance management system.

Module 3: Service Provider Oversight

Overview: While the CFPB acknowledges third-party service providers may be a necessary part of doing business, they also state that engaging with a service provider does not negate the institution’s responsibility to comply with Federal consumer financial laws. Service providers must be familiar with any legal requirements applicable to the products being offered and must have processes in place to ensure consumer protections. Legal responsibility may lie not only with the service provider, but also the institution if there is consumer harm.

Objectives:

• Review the Risk Management Program for Service Providers to determine appropriateness based on size, scope, complexity, importance and potential for consumer harm.

• Does the Service Provider Risk Management Program include initial and ongoing due diligence reviews to ensure compliance with Federal consumer financial laws?

• Does the institution ensure each service provider conducts proper training and oversight of employees?

• Does the contract with the service provider include clear expectations relating to compliance and appropriate and enforceable consequences for violation?

• Has the institution established internal controls and ongoing monitoring to determine compliance with Federal consumer financial laws?

• Does the institution take prompt action to address any problems or violations identified through the monitoring process?

Examiner Procedure: The examiner will require a list of the institution’s service providers as well as a description of the services each service provider provides for the institution, and what IT functions the service provider may support. They will also require access to documentation relating to service providers including the institution’s risk management program for service providers that support IT functions that could have consumer compliance implications, policies & procedures, contracts, audits, monitoring and tests performed, and the results. Additionally, if service providers have access to sensitive consumer information, the examiner will also need access to the service provider’s written information security programs.

Creditors may be held liable for the actions of their service providers.

Module 4: Violations of Law and Consumer Harm

Overview:  Throughout the exam process, the examiner will be looking for violations of law and consumer harm. If a violation is found, the examiner will determine if the institution’s CMS identified the violation, and if so, what remediation resulted. If a CMS is not appropriate for the institution’s size, complexity and risk profile of the institution’s business, it may not be suited to catch violations. The CFBP views self-identification and subsequent corrective action as evidence of an institution’s commitment to responsibility and consumer protection.

Self-identification and correction of violations of law reflect strengths in an institution’s CMS.

Objectives: In the event an examiner identifies a violation of Federal consumer financial law, they consider the following factors:

• What was the root cause of the violation? Was a weakness in the CMS a contributing factor?

• The severity of consumer harm and type of harm resulting from the violation.

• The duration of the violation.

• The pervasiveness of the violations.

Examiner Procedure: If an examiner determines there has been a violation of law that has resulted in consumer harm, they must review the conclusions drawn from the previous Modules in the exam that were identified as the root cause of the violation. They must then determine if the institution self-identified the violation, and review the documentation related to the identification and any corrective action taken as a result of the violation, including management’s awareness, and length of time it took to resolve. The examiner must determine the level of weakness in the institution’s CMS, and how critical they were to the violation. They must then determine the extent of consumer harm as a result of the violation, including financial harm and non-financial harm. Lastly, they must determine how pervasive the violation was by determining the number of consumers impacted.

Module 5: Examiner Conclusions and Wrap-Up

Overview: This module is the written summary of the previous four Modules. The examiner will provide their conclusions on the effectiveness of the institution’s Compliance Management System in relation to their IT functions.

Examiner Procedure: The examiner must now summarize their findings, supervisory concerns and conclusions for each module completed. They must identify any action needed to correct weaknesses in the institution’s CMS. The examiner will discuss their findings with the institution’s management, and, if necessary, obtain a commitment for corrective action. Finally, the examiner must report their findings back to the CFPB via their official system of record.

Conclusion

While the new exam procedures for compliance management review for IT will only be used by the CFPB when they are examining a company, and while your company may not (yet) be on the list of company’s the CFPB is looking to examine, it is still considered a best practice to follow the CFPB’s guidelines and be prepared.

When the risk of consumer harm is at stake, financial services companies can never be too careful. And those who use outside service providers have an additional level of risk to their customers. The strength of your compliance management system will help enormously when and if the CFPB comes knocking on your door. Will you be ready?

——

Linda Straub Jones is a Sr. Account Executive with NeuAnalytics. She has over 30 years of experience in the credit/collections industry and has worked as a collector, skip tracer, paralegal, and a data specialist for bankruptcy, deceased, and compliance data.

This article was originally published at the NeuAnalyics Blog and is reprinted here with permission. NeuAnalytics provides the only comprehensive compliance management system built for financial institutions to monitor their third-party service provider’s daily activities for performance and compliance risk. ISP is purpose-built for CFPB compliance, including early warning of possible consumer harm and management reporting.

Coming this year from insideARM’s Research Assistant, a comprehensive, practical deep-dive into risk and gap assessments and CFPB expectations, section-by-section – including the IT controls. Get the practical insight you need to implement your own assessment with Research Assistant, insideARM’s resource and roundtable for practical, how-to industry legal and compliance insight.

Since the 11^th Circuit ruling in Hunstein v. Preferred in April 2021, consumer attorneys filed hundreds of “copycat” lawsuits against debt collectors in Courts across the country, asserting that the use of a letter vendor by a debt collector somehow violates the FDCPA.  While the 11^th Circuit will hear arguments on standing in the case later this year, debt collectors need a robust strategy now to minimize the business disruption caused by these Hunstein cases with the ultimate goal of obtaining summary judgment dismissing the claims.  

In this episode of the Debt Collection Drill videocast, Moss & Barnett attorneys John Rossman and Mike Poncin discuss the best strategies for defeating Hunstein lawsuits and also considerations regarding insurance coverage and choice of counsel.  

[article_ad]

On February 3, 2022, the Nevada Financial Institutions Division announced that on January 2, 2022, it began transitioning non-depository licenses to the Nationwide MultistateLicensing System (NMLS). All current licensees must transition their license to NMLS no later than June 30, 2022.

Other important points in the announcement:

• Paper forms will only be accepted until March 31, 2022
• On April 1, 2022, current collection agency and manager licensees can begin to transition their licenses to NMLS (see the announcement for the process)
• Licenses not transitioned to NMLS by June 30, 2022, will expire and not be eligible for reinstatement
• companies that submit for a transition will not need to submit a paper renewal during the June 2022 renewal period. 
• Renewal dates will change after the transition to NMLS

Contact information for both NMLS and the Nevada Financial Institutions Division are in the announcement. 

LAS VEGAS, Nev. — Provana,
provider of the industry’s first unified platform for compliance and
performance management, today announced collaboration with BedardLaw Group, P.C. (BLG), to bring 360-degree compliance to the Accounts Receivable
Management (ARM) market. The new solution combines BLG360 services with
Provana’s comprehensive compliance management suite. BLG360 is an on-demand
subscription service to BLG’s expert attorneys, while Provana’s GRC technology
platform is tailored specifically to CFPB requirements.

Announced at RMAi’s 25^th
Annual Conference in Las Vegas, the solution comes at a pivotal moment as the
ARM industry continues to grapple with Regulation F compliance. The only such combination available today, this new
offering provides an unbeatable and intelligent solution for managing policies,
audits, training, remediation, certification, complaints, and all aspects of
CFPB compliance.

John H. Bedard, Jr., Managing Partner of BLG, noted, “I have seen the use Provana’s products and services growing within our client base for many years. This is a perfect opportunity to deliver the unique value of BLG360 as part of greater service offering of sophisticated compliance management system software to more fully meet the needs of the modern debt collector.”.” 

“We are excited to work with
one of the preeminent compliance firms in ARM to enrich our compliance
management capabilities for customers,” said Sean Clark, Provana’s SVP of
Platforms. “Adding BLG360 as part of our compliance solutions provides a level
of intelligence and support unparalleled in ARM, enabling collection entities
drive higher revenues with less risk.”

To learn more about the
benefits Provana and BLG360, specifically in the context of Regulation F, register for the webinar, where the companies will share a complete overview
of new, foreclosure-specific solutions and services.

About Provana

Provana’s SaaS-based digital
operating platform is the first of its kind, giving leaders control over
process-intensive operations. We serve law firms, insurance companies, accounts
receivable agencies and networked enterprises in the US market that are tightly
regulated by the CFPB and other authorities. Built on decades of experience in
machine learning, natural language processing and business process management,
Provana helps customers manage sensitive interactions,
analyze unstructured data, process personal information, and ensure compliance.
Provana is backed by a NYC-based Fintech PE, most recently raising funds in
November 2020. Learn more at www.provana.com.

 

About BLG
Bedard Law Group, P.C. is a full-service
law firm serving the credit and the collection industries. Founded in 2009, the
firm delivers superior service, sound advice, and unparalleled value to all of its
clients. The firm’s services include Defense Litigation, Compliance Advice,
Collection Letter Review, On-Site Compliance Auditing, Nationwide Litigation
Management, General Corporate Counselling, Policies and Procedures and BLG
Insight Speech Analytics. To learn more about its suite of products and
services online at https://bedardlawgroup.com/.