Building Trust in your Brand: Stoneleigh Recovery Associates’ Commitment to Compliance through SOC Audits

by Sarah Harvey / November 28th, 2016

Stoneleigh Recovery Associates, a third-party debt collection company, continues to show their commitment to compliance and their brand by the recent completion of their SOC 1 Type II and SOC 2 Type II audits. Headquartered in Lombard Illinois, Stoneleigh has been in business since 2007 and has been receiving third-party audits on their compliance since 2010.

Understanding the importance of compliance as a critical business function has given Stoneleigh a strong competitive advantage in the accounts receivables industry. This focus has enabled the company to watch the business and its operations grow and mature over the last decade.

Taking a Proactive Approach to Compliance

Although some of their clients now require SOC compliance, Stoneleigh has been receiving third-party SOC compliance validation long before they were being asked for it. Why take a proactive approach? Stoneleigh Recovery Associates sought to demonstrate to their clients that they have had an independent third-party review verifying that the policies and processes they say they have in place are in place and are functioning effectively.

Thanks to the annual completion of their SOC 1 Type II and SOC 2 Type II audits, Stoneleigh is able to proactively address client requirements and win business over other companies who have not built in compliance as a foundational aspect of everyday business operations.

Benefits of SOC 1 and SOC 2 Compliance

Throughout the years of undergoing regular third-party SOC audits, Stoneleigh has been able to continuously fine-tune their policies and procedures, proving to be the most notable benefit of SOC compliance. Stoneleigh’s policies have become much more detailed, clear, and robust, offering them and their stakeholders a sense of security and confidence that they are delivering secure, compliant, high-quality services to their clients. This mentality has driven all of the members of the executive management team to think critically about the types of issues covered in their policies and procedures and how they can keep them top of the line.

Stoneleigh’s policies and procedures are reviewed and updated on a regular basis to constantly reflect industry trends, and have become a living, breathing document, rather than a static, untouched, and outdated set of processes. As any successful compliance management program should, Stoneleigh’s compliance journey has been a cumulative effort. This program has brought members of all departments (e.g. IT, Compliance, and Operations) together to focus on how they can manage their processes effectively in a way that won’t hinder productivity, but rather enhance security and confidence in the way they’re doing things. Stoneleigh’s policies and procedures clearly indicate who is responsible, who they apply to, and who they are reviewed and approved by, providing clear direction and instruction for all necessary personnel. Nikki Noyes, Stoneleigh’s Director of Compliance, commented, “Since working with KirkpatrickPrice, we have controls we have put in place to be more effective and we have learned to continually mature and improve our processes.”

Understanding the Importance of “Tone from the Top”

For Stoneleigh, executive level buy-in has been key. The executive management team lives by the company’s policies and procedures and are thinking critically and communicating regularly with all departments about changes necessary to further ensure compliance. This approach helps to set a culture of compliance that permeates throughout the entire organization. Because executive management is engaged in the entire process, this culture trickles down, even to the collector level, giving all employees an understanding of the importance of compliance. Stoneleigh’s open line of communication and thorough understanding of the importance of the tone from the top has helped make compliance and security a daily part of their operations.

Advice to Other Companies in the ARM Industry

Nikki Noyes has some advice for other companies in the ARM industry when it comes to documentation: “If you do it, document it.”

This is excellent advice. If you say you’re doing something, but it isn’t documented in your policies and procedures, then you aren’t doing it. All practices must be included in your policies and procedures in order to see any gaps and deficiencies you may have in your processes. When it comes to developing your policies and procedures it’s okay to start simple and add on as you go.

KirkpatrickPrice is thankful to have committed clients like Stoneleigh who can share their successes through working with our company.

“We are forever grateful for our partnership with KirkpatrickPrice and the guidance they’ve provided,” commented Nikki Noyes.

Learn more about Stoneleigh Recovery Associates, here.

More Resources

Combining SOC 1 and SOC 2 Audits

Will I Pass or Fail the SOC 1 Audit?

Top Mistakes C-Level Execs Make When It Comes to Security and Compliance