2 Key Steps to Fix Policy and Procedure Gaps
- July 21, 2022
- Category: Compliance Management
Since the arrival of Reg F, accounts receivable management organizations have been tasked with making faster, better-informed decisions to fix compliance blind spots in accordance to the rule. To discuss what role auditing and improving your existing policy and procedures play in maintaining a low- risk profile, Research Assistant by insideARM hosted a webinar with Sara Woggerman (Executive Director of iA Research Assistant and President of ARM Compliance Business Solutions) and Missy Meggison (General Counsel and Executive Editor at insideARM and Executive Director of the Consumer Relations Consortium).
Based on the conversation, which was sponsored by Provana, we’ve extracted two key steps to help you audit your existing regulatory policy and procedures for optimal Reg F compliance. Going through this exercise internally will also help you be better prepared for any client audit(s).
Step 1: Audit your existing policy and procedures
Before you start with any assessment, ensure your policies and procedures (P&P’s) are logged and categorized properly. As you prepare for their assessment, pull up the CFPB exam manual, major cases, and state regulations as reference material. Next, decide whether you will gather P&P’s and then review them. Or will you review them as you go? Decide what will make the most sense for you. Also, decide the order in which you will look at your policies. Will you review applicable policies by titles or code sections? Develop your review plan (and stick with it).
To review your existing policies, put them in a template that has tabs such as “Policy Log,” “Applicable Laws,” and “Gaps.” “The Policy Log” tab should list out policy serial number (to gauge the number of policies being audited), policy titles, and link(s) to policies. The “Applicable Laws” tab should have “Requirements” (from CFPB exam manual, regulation, case law, etc.; “Source” (such as case name, regulation number), “Main Topic” (such as FDCPA, FCRA, etc.) and “What should P&P cover to be compliant” sections.
Segment focus time for each tab and read each P&P carefully. In the “applicable laws” tab, capture sections which are not covered and should move to “Gaps” tab. As you fill up the “Gaps” tab, go back to “policy log” tab to record “effective date,” “revision date,” ” last review date,” and “last revision date” for each policy. Tracking these dates will ensure your policies are up to date and help you review your P&P’s at least once per year.
Step 2: Amend your existing policies and add missing elements
As a logical next step, assign someone to start drafting missing elements in policies and procedures to remediate any significant deficiencies in your current compliance profile. As you work on your policies, make sure they cover applicable laws, clear policy statements, definitions, procedures, titles from the responsible department(s) (without mentioning specific names), audit controls, cross reference to training material (if applicable), forms, and work instructions, other than anything worth mentioning. Remember – one policy and procedure might apply to different legal requirements. Hence, it makes sense to cross reference policies if there are overlaps between laws.
In the post-Reg F regulatory environment, different words may have different contexts. For instance, the difference between “validation” and “verification” can easily be misunderstood by agents. Hence, make sure you are defining definitions clearly in your policies. It makes sense to have all acronyms explained and all definitions mentioned in the footnotes as well as appendix. Try to make sure all policies follow the same document format and are version controlled as well.