Best Business Practices, Part VIII

Information Security Policy

“Security is not a product, but a process.” –Bruce Schneier

Any business or company that deals in goods, services or information should have a thorough and well-documented information security policy. This policy should fundamentally explain and detail how data is obtained, stored and protected, limit or eliminate potential legal liability and preserve and protect confidential information.

Information security can encompass a variety of topics, including data restoration in the event of a disaster or emergency, computer data, telephone procedures (such as recording for quality assurance), data organization, third party risk management, confidentiality, visitor access, media, passwords, encryption, e-mail, Internet, software, audits, access and ethics.

As Bruce Schneier said, a good security policy is a process that will grow and change as your company grows and changes. With each new client, employee or update in software, you may have to make changes, additions and corrections to your security policy. In the area of debt collection, information security is essential, because collections deals in sensitive information such as addresses, phone numbers, social security numbers, income and banking information.

Like anything significant, developing an effective security policy takes time and tends to happen in stages. Development, enactment, enforcement, monitoring and maintenance are all crucial steps in making sure your information is guarded. Depending on the type of company, developing this procedure could be as simple as enforcing policy on cell phone and social media usage or as complex as obtaining offsite backups in the event of data loss or local disaster.


An information security policy is primarily to manage potential exposure to loss or harm. It is vital that you communicate your policy to clients and train your employees.

This concludes our series on Better Business Practices. Stop by next week for brand new content!


Best Business Practices, Part VII

Continuing Training Policy

As the old saying goes, “Check, re-check and then check again.”

And so it goes in the seventh installment of our series on best practices in the legal debt collection industry. This week we discuss the need for a continuing training policy.

As with any job, an employee will have certain training at the outset of employment. We all too often leave the employee after that with only on-the-job experience.

Bussiness meeting

 But just like the machines that your business will use need tune-ups and computers need new software, your employees need reminded of their initial training and formally trained on new skills and techniques. Therefore, your continuing training policy should consider the following questions:

  1. In which areas of our business should our employees be trained periodically?

Certain jobs require no re-training—they are obvious. But there are other matters, typically the issues that arise in security, compliance or regulatory training, that require re-training, as a person is bound to forget the details of a policy or a procedure over time unless it is re-read or rehearsed.

Ask yourself this important question:  What policies exist in this business that if an employee were to forget it or forget the complete details of it, could cause my business or client harm?

For example, employees at Atkins & Ogle Law Offices, LC learn about a federal law known as the Fair Debt Collections Practices Act at the outset of their employment. It is essential knowledge in our industry, and failure to adhere to this act could prove damaging to a consumer, which could also prove costly to our clients and ultimately this firm. This is an example of something that we have chosen to periodically re-train.

  1. Can we categorize these areas of our business and train them together periodically?

Above, we mentioned as examples the likely categories of:

  1. Security: Physical Plant, Data
  2. Compliance: Cease & Desist, Out-of-Statute, Compliant Handling, etc.
  3. Regulatory: FDCPA, Bankruptcy, other federal, state and local laws

Consider whether you should keep as many subject matters together as possible (for continuity) or whether spreading your training out and testing more often and more consistently would be better for your staff.

  1. How should we train and what will be our standard for determining whether an employee passes or fails training?

What is the best method for training or re-training your material?  Should you design tests, have teaching sessions or try on-line training?

Assuming you have some method for evaluation, such as testing your employees on their knowledge, will you require your employees to receive a mere passing grade? A 90 percent? A perfect score? Consider the question raised above. Given the particular topic, what level of failure is acceptable to your customers and your business?

  1. Who is able to train, test and evaluate our employees, and should this change depending on the task?

Perhaps you have a person in your business solely responsible for all employee training. Or, perhaps this responsibility will always fall on the owner or managing partner.  Consider, however, that different tasks bring different challenges and there will naturally exist in your business various individuals or job titles better suited for those training duties.

The appropriate question to ask when assigning training duty is, if you truly need your employees to understand this information and you need to be ready to explain how you prepared this employee to have this information, then who is the best equipped or most logical person to be tasked with training?

Remember, whatever you decide, make sure it is always documented in a written policy.

Drop by next week for the final installment of Better Business Practices on information security policies.

“A man, though wise, should never be ashamed of learning more and must unbend his mind.” – Sophocles, Antigone

Best Business Practices, Part VI

Call Monitoring Procedure

In our best business practices series, we have discussed general business practices as the well as the more collection industry-specific area of the skip trace waterfall. If the purpose of the skip trace is to get your collectors in touch with the correct person, this week’s discussion is on how to make sure your trained collectors are continuing to communicate with consumers in a meaningful, professional and legally compliant manner. This is accomplished by call monitoring.

Call monitoring is the process by which a supervisor listens to a collector’s call with a consumer without interference, scores the call (as discussed below) and then reviews the call with the collector for potential improvement.

Businessman on Phone While Using Computer

Generally, the law allows you to monitor the calls made by employees for quality assurance (laws vary by state).  If you can afford it, the best method is to utilize technology that will record 100 percent of your telephone conversations so a supervisor can listen to any call at any time.

Side-by-side call monitoring is also commonly utilized by supervisors looking to give immediate feedback to their collectors. To design and implement a quality call monitoring procedure, you must have the following:

  1. A written procedure detailing the purpose, methodology and steps of your monitoring
  1. A written score sheet detailing your expectations of your collectors.

Generally, the score sheets will fall into the following categories:

  • Consumer Identification, Disclosures, Mini-Miranda statements
  • Professionalism
  • Meaningful dialogue, i.e. moving toward resolution and/or information
  • Handling of complaints or “red flags”
  • Compliance with federal and state law
  1. A schedule of monitoring, strictly kept by the supervisor
  1. And finally, a log recording the score sheets on each call.  These may be categorized by collector, by client, by month, or by any combination of the three.

A consistent and robust call monitoring program will aid your collectors in continuous training for a better bottom line, but it will also save you from unwanted violations.

Drop by next week for Better Business Practices, Part VII on continuing training policy.


Best Business Practices, Part VI

Internal Audit Procedure


If you’ll think back to the beginning of our discussion on best business practices, you’ll remember that we summarized the two key elements as great effort and a successful formula.

Just as a business develops a formula and expends great effort on serving its clients, top businesses also develop a formula and expend great effort to constantly improve internally. An internal audit is a key element in this equation.

While continuously updating your methods for collecting data (or in our case, collecting money from debtors), you need a way to make sure these methods are working effectively and efficiently. By auditing your company annually, you can ensure your processes and procedures are operating as such.

In the same way a disaster recovery plan is necessary in planning for outside forces, an internal auditing plan is necessary to accurately and comprehensively assess all internal forces. Nobody knows your business processes better than you, so rather than outsourcing this critical task, draft a procedure and perform it in house. Internal audits will not only save you money and help to prepare you for inevitable external audits, but they will allow you another measure of data security and the flexibility of doing so when production will be impacted the least.

There are several steps to develop and perfect an internal auditing procedure.

Decide what you are measuring

Use your processes and procedures manual or job description files to make a detailed list of what you are auditing.

Write a procedure

This procedure should be systematic, disciplined and replicable. The audit should be able to be performed by any member of your team to control for bias and make it time-efficient.

Conduct an audit and capture findings  

Once you have drafted a procedure, conduct an audit based on what you have. When you actually go through the auditing process, you find things that you missed when developing your methods and writing the audit procedure.

Share the findings with your staff and make changes

Discuss the issues and inefficient practices with your employees and brainstorm on ways to improve these practices. Use standard criteria to measure findings and apply changes.   Make sure your team understands why the procedure is being changed and how it will help efficiency.   Once changes have been implemented, follow-up on the reported findings regularly to ensure the best results.

Consistently update (as your processes change)

Once you have implemented changes, you will need to change your internal audit procedure to reflect that so that you will be measuring the success of your new procedures during the next audit. Make sure you keep the results from each internal audit so you can compare them and see how your changes have made a difference.


Internal auditing is a process that should be repeated annually or semi-annually.

Remember, by constantly updating your methods and driving your company toward improving their success, you will achieve your ultimate goal of providing the best service to your customers in the most efficient manner possible.




Drop by next week for Better Business Practices, Part VI on call monitoring procedure.

Best Business Practices, Part V

Last week we talked about skip trace waterfall procedure– how debt collectors find out where debtors live and the best way to contact them.

To recap, waterfall procedures are modeled after a software development concept and are organized by tiers of vendors that provide specific services. This week we continue our waterfall theme by discussing employment and banking waterfalls.


Employment and banking waterfall procedures utilize the same type of vendors as skip tracing but exist to search for a debtor’s place of employment and banking information. This information (often called “hits”) is necessary to move forward on accounts and execute the judgment that has been handed down by the courts, either by garnishing a debtor’s wages or performing a bank freeze.

When building a waterfall, it is important to establish contracts with multiple vendors. The vendor at the top tier of your waterfall will be the net that catches the most, for the lowest price. In other words, negotiating price with your best, most accurate vendor is the best strategy for improving your waterfall’s efficacy. Waterfall specialists must constantly be analyzing the results and effectiveness of the waterfall while continually providing feedback to vendors as to the quality of their work.

Vendors will normally charge a low rate for non-verified hits and a premium rate for verified information. Vendors understand they are competing for your business. Their goal is to be the first to receive each account, thus improving their change for success at giving you the best return on your investment. Once the first transaction (search) is complete, the accounts without any hits begin their way through the trickle-down effect that is the waterfall.

Lastly, because search information comes from data garnered by applications for jobs, credit cards, cell phones, etc., new information could present itself at any time. For this reason, it’s a good practice to resubmit accounts back through the process approximately every six months to ensure information is captured as debtor’s circumstances change.

And then, just as the back of the shampoo bottle instructs, rinse and repeat as necessary!

Drop by next week for Better Business Practices, Part VI on internal auditing procedure.








Best Business Practices, Part IV

Skip Trace Waterfall Procedure

So far in our series on best business practices, we’ve discussed disaster recovery and vendor management plans, both of which are applicable to a variety of business models. Today’s topic, skip tracing waterfall procedure, is more specific to the debt collection industry.

The bottom line is debt collectors and lawyers cannot do their jobs without being in contact with the person in debt.  Skip tracing is the process by which collectors and investigators use software to search electronic databases and online profiles. These searches can uncover information useful in the efforts of debt collection and assists collectors in ensuring they’re contacting the right individuals.


Skip tracing waterfalls combine the use of electronic information, automated lists created by the collector and the talents of skip tracing specialists to ensure that every available resource is expended.  A beneficial skip tracing waterfall procedure streamlines old skip tracing practices and makes the process of finding information more efficient.

The waterfall model itself is a process often used in software development and designed to emulate a waterfall in that the information flows from top to bottom through phases (or in our case, vendors).

Your skip tracing waterfall procedure should include building easy access lists of accounts as well as having a dependable and cost-efficient arsenal of vendors.  Once established, it’s paramount that you train your skip tracers to find the best vendors that do the best work for the best prices and then use these tools for optimum success.  This will allow you to find and contact debtors and help them to explore their options for satisfying the debt by making payments or settling the debt upon contact.

Vendors are ranked and utilized based on their capability, economics, past successes and accuracy of results.  Once these factors are determined and searches are underway, skip tracers have more time to work other projects, perform other forms of skip tracing procedures and seek new information for communicating with debtors.

The waterfall approach is considered a best business practice because it is a progressive and innovative way to reach people and is part of the successful formula that makes a collections business thrive.

Drop by next week for Better Business Practices, Part V on employment waterfall procedure.



Best Business Practices, Part III

Vendor Management Program


Outsourcing is a helpful, often times necessary expenditure of your time and resources.

More accurately, it can equate to a savings of your time and resources.  Depending on the service provided, outsourcing some of your needs can also lead you to the procuring of services that you would not otherwise have available to your in-house staff.

We refer to all of these outsourced service providers as vendors.

It stands to reason that as you and your employees are bound by the standards of the Fair Debt Collections Practices Act and the Consumer Financial Protection Bureau that any company or service provider working for you and given access to your client’s data would be subject to those same regulations.

So, you must build and maintain a Vendor Management Program.

It should contain the following features:

– Your due diligence checklist for determining your vendors’ ability to comply with federal consumer financial laws

– Your policy to request and review the vendors’ policies, procedures, internal controls and training materials

– Copies of contracts with each Vendor, which should contain provisions for clear, enforceable expectations for compliance, including consequences for violations

– Your policy for on-going monitoring of the vendor for the purpose of determining compliance with federal consumer financial law

– Your policy for the timely addressing if problems identified through the monitoring process, including possible termination of the vendor relationship when necessary

A quality vendor management program can be cumbersome to develop and implement at first. However, once running smoothly, a single in-house employee can keep it operational with relative ease. After that, it becomes clear that the gain is worth the work.

An ounce of prevention is worth a pound of cure.

Drop by next week for Better Business Practices, Part IV on skip trace waterfall procedures.


Best business practices, Part II

Disaster Recovery Plan

“Life is what happens to you while you’re busy making other plans.” – John Lennon

sky diving

A Disaster Recovery Plan (sometimes referred to as a Business Continuity Plan) is a necessary element of any business.

The purpose of such a plan is to prepare your business, staff and infrastructure for the event of a major disruption of business and getting back on track as quickly and effectively as possible.

Having an effective and meaningful business continuity plan is particularly important in a business controlling data or funds of clients.

Any worthwhile plan will be written, thorough and tested. 

Best practices teaches us that if your plan is not written down, then it does not exist. It is that simple. Actually writing the steps of your plan down will help highlight holes or flaws.

Above all, the plan must be thorough.

In his article, 12 Attributes of a Successful Business Continuity Plan, Michael J. Corby emphasizes that a business continuity plan is one of the four basic components of an organizations’ risk management strategy.

While a business continuity plan used to be as simple as deciding where to set up shop if there were a fire or flood in the brick and mortar structure, there is a much higher standard now—as there should be. Considerations include all manner of disaster or coincidental occurrence, from area blizzard or flood, bombing, electrical failure, to the death of a key employee. After all manner of risks have been assessed, then all manner of critical business functions must be identified.

Finally, a written plan and contingencies for each possible incident must be identified for carrying out all critical business functions.

The entire plan can be complicated, as it works as one long “if – then” statement. Ultimately no plan matters unless personnel understand it, and that only happens upon periodic review and testing.

Unfortunately, testing can be time consuming and costly.   It will usually cause some disruption in business. Nevertheless, aspects of a business continuity plan should be tested and reviewed each year, with records kept on the results.

This does not just apply to debt collection practices. Many of the best known data companies, such as AT&T, have well-documented industry briefs on their business continuity plans.

To borrow the line, and paraphrase:  Much like a parachute, a disaster recovery plan is one of the only mechanisms in your office that you should work diligently to keep in perfect working condition, only to hope you never have to pull it out of the package.

Drop by next week for Better Business Practices, Part III on vendor management!


Right on the Money: What should you be paying your collection attorney?

vector-vintage-money-graphic-c48924First things first – you don’t pay your collection attorney.

The person that owes you does— your customer/debtor.

Unless you are owed an extremely high dollar amount, you will want to be in a commission fee arrangement with your law firm. In other words, your law firm only makes money when it collects on your debt.

For most new attorney-client arrangements a 25 percent contingency fee is standard. So, if the law firm is able to collect $100 on   your behalf, it will keep $25 as its fee and remit $75 to you.

This arrangement could change if you operate a business where your clientele is exclusively other businesses (as opposed to individuals). Then, there is a more sophisticated system that is industry standard, known as the Commercial Law League of America rates. Under these rates the law firm usually receives a lower percentage.

Also, if you have continued to increase the amount of cases you send to the law firm, or if you feel that your contribution to the relationship enables the law firm to aid its bottom line in some way, you are certainly within your right to negotiate your fee arrangement at any time.

Typically, the only time a law firm would request funds from a client would be shortly after initial placement of a new claim. This means that the firm would evaluate the claim, send a required letter to the customer/debtor and advise you of the amount required to litigate the claim, as well as other possible accompanying fees.

These fees are for court costs, not the law firm. It should be clear between you and your law firm that these funds will be returned to you upon the first receipts from your customer/debtor.

Well, there it is, short and sweet. This should help you to understand the basic costs involved in debt collection and assist you in determining the collection route you’re going to take.

5 reasons to use a professional debt collector

Do you ever day-dream that you saved the day fighting bad guys? Performed an emergency surgery and saved a life?

Who hasn’t had a dream like that?

But the truth is, without proper training, we would probably do more harm than good.  Whenever professionals are available to us, we would be wise to hand those situations over to them and spend our time doing whatever it is we do best.

The same is true in business.  Leave the things you are not trained to do well to the professionals and spend your time doing what you do best.

At Atkins & Ogle Law Offices, our specialty is legal debt collection.

If your business extends credit for your goods or services, then you will inevitably have clients (individuals or companies) that will fail to pay you. When this happens you must then decide whether to stop doing the things that you do best and become a debt collector or send it to a professional.

Here are five reasons using a professional debt collector is better than doing your own collecting:

  1. You are paying out either way.

If you have a person in your business that spends a significant portion of their time in collection efforts, you are better off sending these matters to a professional service.  Either way you are spending money— toward commission or toward payroll expenses.  With a payroll expense, your employee spends less time doing the job you hired them to do, and they are working with limited tools and power, which leads us to reason number two.  A debt collection law firm has specific tools at their disposable as well as the legal authority to pursue your money.

  1. Professionals have more tools at their disposal.

There are two general types of professional debt collection services: law firms and collection agencies.   Although this is an over-generalization, it is fair to say that you can expect both will collect your accounts on a commission basis.  While an agency will typically charge you a lesser commission, the law firm will have more tools to get better results. Obviously, each of those factors will depend on the agency and the law firm.

  1. You may end up hiring a lawyer anyway.

While it’s true that if your unpaid accounts have an average balance of $500 or less you are better off working them in-house or sending them to an agency, balances due above certain amounts ($5,000 is common) will ultimately find you in a court, which requires representation by a lawyer.

Most states have a small claims court and a large claims court.  Your business will be permitted to represent itself without an attorney in small claims court.  But the professional collection firm will likely understand the process and system so well that the commission paid the firm will be well worth the price.  Plus, you will usually be able to remain back at your business doing whatever you do best.  Additionally, when higher amounts owed force you into the large claims court, your state will require you to be represented by a licensed attorney.  You will be well served to select an attorney not only well-versed in contract law – but in debt collection.

  1. You can give them a test drive!

Many debt collection law firms will accept claims for one or two days simply for review.  If these claims fail because of conflicts, statute of limitations, document insufficiencies or other issues, the law firms are generally good to return them to you without charge and without your customer ever knowing that the claims were there.  So, when in doubt – send it out!

  1. They’re trained for the challenges.

As an original creditor, you may or may not be subject to the same debt collection laws as an actual debt collector, such as this firm.  However, any person working on your behalf is wise to understand and take note once a customer challenges the validity of your bill.  You are best at that point to consult with trained professionals.


As a debt collection law firm, of course we want to educate you on the reasons to choose us to handle your past due accounts.

However, debt collection law firms require certain legal documents to support your claim in court.  If a customer owes you on a past due account, you will need to prove that showing, at the very least, your original contract with that customer, a written account history showing all charges, credits, interest, fees and adjustments for the life of the account as well any other documents that you feel would help the lawyer show the court what has happened in the that particular case.

If you do not have those types of documents but are still owed on an account, then perhaps working with a collection agency is a better option for you.

Lastly, it’s not uncommon for a customer to avoid or delay payment, nor is it uncommon for customers to fall on hard times, financially. When this type of challenge occurs, only well trained individuals will know the right ways to maneuver through the extensive obstacles that such a challenge may present.

Therefore, while the thought of hiring a firm such as ours may seem like a drastic option, it will allow you to pass along your problems to a trained staff that will properly and professionally represent your interests, while you get back to the interests of turning (and receiving) a profit!