© insideARM LLC Session 5: Vendor Audits

Vendor Audits

Driving Meaningful Change Together

© insideARM LLC Session 5: Vendor Audits

Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must be tailored to the specific circumstances of each case. Every effort has been made to assure this information is up-to-date. It is not intended to be a full and exhaustive explanation of the law in any area, however, nor should it be used to replace the advice of your own legal counsel.

“THREE LINES OF DEFENSE” CONCEPT

3

First Line of Defense Second Line of Defense Third Line of Defense

LINES OF DEFENSE

Business Unit / Operations

Corporate Legal

Compliance

Enterprise Risk Management (ERM)

Internal Audit

OVERVIEW OF COMPLIANCE – OWNED BY THE BUSINESS AND EXECUTED COLLABORATIVELY

• Primary owner of compliance • Establishes clear expectations regarding importance of compliance • Incorporates risk and compliance into business strategy and operations • Monitors business operations against company policies and standards

Business

• Monitors laws and regulations that may impact a company’s business model

• Advocates with lawmakers, regulators, and the media • Notifies Business, Legal, and Compliance of changing regulations

Government Affairs

• Interprets new and existing legislation for business applicability • Advises business on new initiatives and products

Legal

• Partners with the Business to design and implement new processes • Recommends and tracks process improvements • Provides assistance during remediation efforts

Compliance

4

Board and Management

Oversight

Compliance Program -Policies & Procedures

Compliance Program -Training

Compliance Program

-Monitoring and Corrective

Action

Response to Consumer Complaints

Compliance Audit

WHAT DOES A COMPLIANCE MANAGEMENT SYSTEM (CMS) LOOK LIKE?

5

ALONG WITH A ROBUST SECOND LINE OF DEFENSE, THE COMPANY CONTINUES TO ENHANCE ITS THIRD LINE OF DEFENSE

6

Enterprise Risk Management

Internal Audit Vendor Compliance Audit

• Independent control assessment

• Operational, financial, IT, and compliance audits

• Process improvement reviews • SOX administration – Domestic • SOX implementation and

consulting – International

• On-site audit of legal firms and agencies

• Audit focus on: • Firm Manual compliance • Regulatory, financial, and

IT compliance • Proactive approach to educate

firms and agencies on best practices

BEST PRACTICES FOR LAW FIRMS: THE CLIENT PERSPECTIVE KEY AREAS OF FOCUS FOR 2016

7 Proprietary and Confidential

Policy and Procedures

Third-Party Vendor Oversight

Employee Training and Management

Internal Legal Oversight

• Documented internal controls over legal work product

• Management has clear insight into the suit and letter review processes

• Process Server oversight, controls, and quality assurance review/audit

• Appearance counsel oversight, controls, and review of work product. Training on client standards

• Robust policies and procedures that describe each aspect of their practice

• Documented policies and procedures, as well as HR manuals and employee guides are well-organized and easily accessible to appropriate personnel

• Well-documented training materials and testing

• Client standards are disseminated to all applicable employees at hire and on an annual basis thereafter

KEY FOCUS AREAS FOR 2016 AUDITS : INTERNAL LEGAL CONTROLS

8 Proprietary and Confidential

Meaningful Review: Letters

Meaningful Review: Suit Approval/Suit Filing

Meaningful Review: Pleading Preparation and Filing

Internal Legal Oversight

KEY FOCUS AREAS FOR 2016 AUDITS : THIRD PARTY VENDOR MANAGEMENT - TRENDS FOR 2016 (AUDIT)

9 Proprietary and Confidential

• Documented on-boarding process and annual review • Training – have appearance attorneys been trained on client

standards? • Documented controls – how is their output reviewed by the Firm,

and how often?

Appearance Counsel

• Documented on-boarding process and annual review • Training – have process service agents been trained on client

standards, such as the Code of Conduct. • Documented complaint logs/issue tracking/remediation

Process Servers

• Payment processing vendors are obvious, but what about letter and mail vendors – does the Firm maintain adequate controls over quality of output?

• Documentation of oversight and controls, as well as remediation of identified issues, if applicable, is critical.

Critical Vendor Identification

KEY FOCUS AREAS FOR 2016 AUDITS : EMPLOYEE TRAINING/TESTING (AUDIT)

10 Proprietary and Confidential

Ensure employees on trained on all primary legal requirements. A general rule of thumb is to train employees as to all regulations with an impact to the consumer collections space.

Ensure employees on trained on all client requirements: Most clients have their own requirements for employee training; ensure employees are well-versed in individual client mandates.

Ensure training is conducted at hire and annually thereafter. Things change, and so should your training. Make sure training is updated on an annual basis and that documented retraining of all affected personnel is conducted to address changes in specific client requirements.

Documentation is key!

KEY FOCUS AREAS FOR 2016 AUDITS : DOCUMENTED POLICIES AND PROCEDURES

11 Proprietary and Confidential

Legal Processes: i.e., scrubs, legal review and oversight, statute of limitations review and oversight, fully-documented notary/affidavit processes/procedures

Financial Processes: payment processing requirements, consumer overpayment, refunds, application of court costs.

Compliance Processes: third-party inquiry response documentation, tracking and escalation documentation; controls for daily firm operations.

While the focus on documented policies and procedures is nothing new, Firms should maintain their focus on ensuring that extant policies and procedures are regularly updated and maintained. General areas of focus include:

© insideARM LLC Webinar Title

This webinar was co-produced by

This webinar was co-produced by the Compliance Professionals Forum, an educational membership organization created by insideARM. Members receive: • clearly explained, up-to-the-

minute compliance insight • how-to guidance and tools • help from a network of peers

who can walk you through compliance challenges

generously supported by

compliancepf.com