Are you in the process of developing policies for your organization? Are you unsure about what needs to be included in your company’s policies? In this webinar, you’ll hear from Mike Haubenstock, Vice President and Chief Risk and Compliance Officer for Encore Capital, as he provides an overview of the importance of establishing policies for your organization and how to go about doing so in the most efficient way.

What Are Policies?

Often policies, procedures, and guidelines are mistaken as synonymous terms, but they mean different things. Procedures are instructions on how to execute a task or a process, whereas guidelines are best practices. When drafting policies for your organization, then, they are:

  • What employees must do or not do
  • Directives, limits, principles, and related rules
  • Guides for employee decision making and actions
  • Risk management processes
  • Legal or regulatory requirements and our interpretation of them
  • Mandatory rules that are enforced

Having established policies is crucial for all organizations in their attempt to meet their compliance objectives. Policies help define rules, control risk, create a common understanding and language, assist in training employees, and most importantly, help ensure compliance.

What Do I Include When Drafting a Policy?

When you begin drafting your organization’s policies, they should include:

  • Rules
  • Acceptable versus unacceptable behavior
  • Risk appetite or limits
  • Approval authorities
  • Exceptions and required authorization
  • Consequences for non-compliance
  • Governance/oversight
  • Roles and responsibilities

These policies should be written in a clear, concise format that utilizes active voice in the present tense. By organizing your policies in a way that is easy to navigate, understand, and implement, your employees will be more likely to comply with them.

For more information about policy development, contact us today.

For more information about how KirkpatrickPrice can assist you in meeting your compliance objectives, contact us today.

Are you looking for a deeper overview of the scope of the CFPB? Are you unsure of what defines UDAAPs? Do you want to learn more about CFPB guidance, expectations, and enforcement trends?

What are UDAAPs?

According to the CFPB, under the Dodd-Frank Act, “all covered persons or service providers are legally required to refrain from committing unfair, deceptive, or abusive acts or practices (collectively, UDAAPs) in violation of the Act.” When collecting consumer debts, UDAAPs have detrimental implications, such as:

  • Significant financial injury to consumers
  • Eroding consumer confidence
  • Undermining fair competition in the financial marketplace

What Defines UDAAPs?

UDAAPs can be defined as…

  • Unfair: An act or practice is unfair when: (1) It causes or is likely to cause substantial injury to consumers; (2) The injury is not reasonably avoidable by consumers; and (3) The injury is not outweighed by countervailing benefits to consumers or to competition.
  • Deceptive: An act or practice is deceptive when: (1) The act or practice misleads or is likely to mislead the consumer; (2) The consumer’s interpretation is reasonable under the circumstances; and (3) The misleading act or practice is material.
  • Abusive: An act or practice is abusive when it: (1) Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) Takes unreasonable advantage of – (A) a consumer’s lack of understanding of the material risks, costs, or conditions of the product or service; (B) a consumer’s inability to protect his or her interests in selecting or using a consumer financial product or service; or (C) a consumer’s reasonable reliance on a covered person to act in his or her interests.

For more information about how KirkpatrickPrice can assist you in meeting your compliance objectives, contact us today.

The purpose of this webinar is to assist you in understanding the updates that have been made to the GLBA’s Regulation P and the importance of establishing a privacy policy and a written information security program for your organization. Hear our speaker, Joseph Kirkpatrick, President of KirkpatrickPrice, dive into the intricacies of this specific regulation and demonstrate why privacy policies are essential to achieving and maintaining your organization’s compliance objectives.

What is the GLBA and Regulation P?

Established in 1999, the GLBA is the Gramm-Leach-Bliley Act, which regulates the ways in which financial institutions use the private information of individuals and mandates protection of PHI. Regulation P, according to the Federal Reserve, “governs the treatment of nonpublic personal information about consumers by financial institutions.” Such nonpublic personal information can be defined as social security numbers, credit card numbers, or account numbers. The privacy requirements determined within the updated Regulation P are:

  • Notifying clients about privacy policies and consumer rights
  • Providing an initial privacy notice upon establishing a relationship with a customer
  • Distributing an annual privacy notice to consumers
  • Establishing the type of information to be included in notices
  • Making consumers aware of opt out methods via opt out notices
  • Sending revised privacy policy notices
  • Determining limits on disclosure to nonaffiliated third parties, redisclosure and reuse of information, and sharing account numbers for use in marketing purposes
  • Creating an exception to opt out requirements for service providers and joint marketing personnel as well as for processing and servicing transactions

How Can I Make an Effective Written Information Security Program?

To better safeguard your consumers’ nonpublic personal information and ensure that it is kept private and secure, establishing a written information security program is key. To do so, your program should include the following characteristics:

  • Approved and overseen by the Board of Directors
  • Properly trained employees
  • Designated employee(s) to coordinate safeguards
  • Identified and assessed risks to customer information
  • Implemented controls to safeguard and monitor risks
  • Overseen service providers
  • Evaluated every year and make needed adjustments to the controls

To learn more about CFPB compliance, contact us today.