Best Business Practices, Part III

Vendor Management Program

200412016-001

Outsourcing is a helpful, often times necessary expenditure of your time and resources.

More accurately, it can equate to a savings of your time and resources.  Depending on the service provided, outsourcing some of your needs can also lead you to the procuring of services that you would not otherwise have available to your in-house staff.

We refer to all of these outsourced service providers as vendors.

It stands to reason that as you and your employees are bound by the standards of the Fair Debt Collections Practices Act and the Consumer Financial Protection Bureau that any company or service provider working for you and given access to your client’s data would be subject to those same regulations.

So, you must build and maintain a Vendor Management Program.

It should contain the following features:

– Your due diligence checklist for determining your vendors’ ability to comply with federal consumer financial laws

– Your policy to request and review the vendors’ policies, procedures, internal controls and training materials

– Copies of contracts with each Vendor, which should contain provisions for clear, enforceable expectations for compliance, including consequences for violations

– Your policy for on-going monitoring of the vendor for the purpose of determining compliance with federal consumer financial law

– Your policy for the timely addressing if problems identified through the monitoring process, including possible termination of the vendor relationship when necessary

A quality vendor management program can be cumbersome to develop and implement at first. However, once running smoothly, a single in-house employee can keep it operational with relative ease. After that, it becomes clear that the gain is worth the work.

An ounce of prevention is worth a pound of cure.

Drop by next week for Better Business Practices, Part IV on skip trace waterfall procedures.

 

Best business practices, Part II

Disaster Recovery Plan

“Life is what happens to you while you’re busy making other plans.” – John Lennon

sky diving

A Disaster Recovery Plan (sometimes referred to as a Business Continuity Plan) is a necessary element of any business.

The purpose of such a plan is to prepare your business, staff and infrastructure for the event of a major disruption of business and getting back on track as quickly and effectively as possible.

Having an effective and meaningful business continuity plan is particularly important in a business controlling data or funds of clients.

Any worthwhile plan will be written, thorough and tested. 

Best practices teaches us that if your plan is not written down, then it does not exist. It is that simple. Actually writing the steps of your plan down will help highlight holes or flaws.

Above all, the plan must be thorough.

In his article, 12 Attributes of a Successful Business Continuity Plan, Michael J. Corby emphasizes that a business continuity plan is one of the four basic components of an organizations’ risk management strategy.

While a business continuity plan used to be as simple as deciding where to set up shop if there were a fire or flood in the brick and mortar structure, there is a much higher standard now—as there should be. Considerations include all manner of disaster or coincidental occurrence, from area blizzard or flood, bombing, electrical failure, to the death of a key employee. After all manner of risks have been assessed, then all manner of critical business functions must be identified.

Finally, a written plan and contingencies for each possible incident must be identified for carrying out all critical business functions.

The entire plan can be complicated, as it works as one long “if – then” statement. Ultimately no plan matters unless personnel understand it, and that only happens upon periodic review and testing.

Unfortunately, testing can be time consuming and costly.   It will usually cause some disruption in business. Nevertheless, aspects of a business continuity plan should be tested and reviewed each year, with records kept on the results.

This does not just apply to debt collection practices. Many of the best known data companies, such as AT&T, have well-documented industry briefs on their business continuity plans.

To borrow the line, and paraphrase:  Much like a parachute, a disaster recovery plan is one of the only mechanisms in your office that you should work diligently to keep in perfect working condition, only to hope you never have to pull it out of the package.

Drop by next week for Better Business Practices, Part III on vendor management!