You Can’t Outsource Risk

April 18, 2018
By Cornerstone Staff

Since the burden of compliance flows upstream and you can no longer simply outsource risk downstream it is now imperative that credit grantors and debt buyers understand the state licensing requirements of all their downstream partners and develop a process to make sure that they remain in compliance at all times.

Before we move forward let’s make sure that we all understand the stream metaphor.  At the top of the stream is the credit grantor…the entity that originally extended credit to the consumer.  When that debt goes unpaid and the credit grantor decides to go outside its own organization to continue collection efforts, the debt flows downstream.  They may sell it downstream to a debt buyer or outsource the collection efforts downstream to a collection agency or collection attorney.  No matter the flow, the credit grantor is responsible for the downstream compliance of anyone who touches the accounts they originated.

As such, from a licensing perspective the credit grantor needs to fully understand the licensing and registration requirements of everyone downstream and have a process in place to make sure the debt buyers and agencies that handle their accounts remain licensed appropriately.  Similarly, debt buyers must also understand not only where they are required to license but if they decide to outsource any of the collection efforts downstream they are required to understand the licensing and registration requirements of their collection partners and have a process in place to make sure that their outsource partners remain licensed appropriately.

It is really quite simple; the regulators have built a framework where they are effectively pushing down the cost of making sure thousands of agencies are licensed appropriately to the credit grantors and debt buyers by holding them accountable for it.

Given the regulatory framework that has been created, the next logical question for credit grantors and debt buyers to ask and answer is:

How do I understand the licensing and registration requirements of everyone downstream and develop a process to make sure that they remain compliant?

  1. Identify all downstream service providers
    Credit grantors and debt buyers need to know who is handling collection accounts downstream, what type of agency they are (collection agency, collection law firm), what services they are providing (sending letters, making calls, suing, etc.), and a list of locations from which they will be communicating with debtors.
  2.  Develop a standard licensing matrix Once you understand who your service providers are you can begin the task of identifying what licenses and registrations they are required to maintain to service your accounts.  Developing a licensing matrix that becomes the standard by which to measure statutory compliance is critical to managing a review process designed to mitigate exposure.
  3. Perform an initial licensing audit Using the standard licensing matrix as a baseline, now you can identify where a service provider is licensed and conversely any gaps that may exist.  All licensing information is public and can be obtained directly from the states.  In our experience, it is not advisable to rely on copies of licenses or other data provided by your downstream service providers.
  4. Remedy any gaps identified
    Once you have performed the initial assessment and identified gaps it is important that you not let your downstream service providers continue to work accounts in the jurisdictions where they are not appropriately licensed.  Make sure that the license is obtained and you have verified its existence before sending accounts back.  It should be noted that the general condition of an organizations licensing tends to reflect their overall entity compliance and can often be used as a proxy to measure risk associated with that particular organization.
  5. Ongoing licensing audits
    Independently audit the licensing and registration of all downstream providers on a regular basis.  Most license and registrations expire on a regular basis.  It is generally sufficient to make sure that a downstream service provider renews each license on a timely basis and only do another full audit in the event something is uncovered during your ongoing reviews that make it prudent to do so.
  6. Monitoring legislative changes and regulatory opinions
    Remember that it is very important that you monitor legislative changes and regulatory opinions that may affect your standard licensing matrix.

No matter the scope of your oversight program there is no way to mitigate the exposure related to using a downstream provider that is not appropriately licensed.  To account for this risk, most credit grantors and debt buyers require their downstream service providers to maintain a certain level of professional liability (E&O) insurance.  To verify that this requirement is met it is customary for the credit grantor to request a certificate of insurance.  While a certificate of insurance does validate (if not fraudulent) the existence of a policy (carrier, coverage amount, deductible, expiration date), it provides no information on the underlying policy.  Insurance companies have varying policy forms that do not always provide the appropriate language to effectively minimize risk for specific niche industries (many policies may specifically exclude FDCPA violations, TCPA violations or even client coverage designed to protect the creditors they represent).

Insurance companies also have varying financial ratings (AM Best rating).  These ratings are an important indicator/predictor of a company’s ability to handle financial obligations.  Insurance agents do not always understand the risks specific to the collection industry and may unknowingly recommend a policy with inadequate coverage.  Collection agencies many times rely on the experience of their insurance agent and do not always read their policy in its entirety and do not understand what specifically is covered and conversely what is not.  Don’t just check the box and make sure that your downstream service providers have insurance.  Make sure the insurance they have protects both you and them from any risks associated with the services you are asking them to provide on our behalf.

We know our industry does not operate in a static regulatory environment. Requirements, rules and regulations are changing all the time. Ensure that you and any agencies you work with are licensed appropriately, be certain that the changes are reflected in your organization’s licensing and insurance strategy. Though it can seem overwhelming, just remember you have the resources and the knowledge to ask the tough questions and maintain your compliance.


Cornerstone Staff

| Cornerstone
Free yourself from the burden of licensing