Nearly every American industry and business sector has been impacted by the COVID-19 pandemic, and subsequent lockdown.  The collections/receivables industry is no exception. But now, as the country slowly, and cautiously, emerges from nearly two months of isolation, questions persist as to what life (business and personal) will look like in a post-COVID world.

With this as a backdrop, on Wednesday, May 6, Receivables Management Association International (RMAI) hosted a webinar entitled:

Preparing for the Post-COVID-19 Regulatory Reckoning

The webinars featured speakers were:
David Anthony, Troutman Sanders, LLP
Missy Meggison, FFAM360

This blog post will summarize the essential learning from the webinar

IMPORTANT NOTE: This post is not intended to be legal advice and may not be used as legal advice Legal advice must be tailored to the specific circumstances of each case.

POTENTIAL SCOPE OF POST-COVID AUDITS

The theme of the webinar, played out in every section, is simple: if and when regulators come to your door for an audit, will you be prepared to show them that your organization took every step possible to address the unprecedented disruption caused by COVID-19? If simply won’t suffice to say you did little or nothing to adapt to the current environment.

In this regard, you need to be asking a number of essential questions about your organization moving forward:

  • Implementation of COVID Rules/Relaxations: we know that rules and regulations in our industry are changing at a furious rate, both nationally and at a state level. To that end:
    • How did your organization react to setting up new rules and regulations? Was it done through a dedicated team, or handled scattershot?
    • How did your organization get buy-in and sign-off on all new rules at the most senior levels?
  • Reaction of Organization. Once new COVID-19 rules were in place:
    • How did your organization follow the new rules and guidelines? 
    • How were the new rules/guidelines disseminated to your organization, especially within the reality of work-from-home (WFH) challenges?
    • Regulators will be very interested in timelines: from the moment new regulations were put into place, how long did it take for the relevant players in your organization to get up-to-speed?
  • Effect of Work-From-Home. Considering that many states were in lockdown, forcing businesses into WFH mode:
    • How did WFH impact activation and execution of new regulations?
    • What is your organization doing to monitor employees who are working from home?
    • How are WFH employees being monitored-were your organizations standard auditing procedures adequate OR did you need to create new auditing procedures in light of COVID-19?
  • Consumer Protection. As we covered in previous posts, our industry is taking great pains to ensure we are protecting consumers. In this regard:
    • What, if anything, have you done to strengthen your consumer protection rules and guidelines to address the current environment? 
  • Preparation for Future Events. It’s possible that we will experience cycles of lock-downs and start-ups in the coming years.
    • Are your new policies and procedures flexible enough to consider future events? 
    • If you were slow in addressing this initial crisis period, have you moved quickly to put new procedures into place for future events?
  • Compliance with State Orders. In our previous post, we covered some of the rules being put into place at the state level:
    • How are you staying on top of multiple state orders as those orders impact not only your employees but also consumers
    • How do state orders intersect with Federal rules changes?
    • What process have you created to track what is a fluid process when it comes to both state and Federal rules changes? 
  • Litigation Regarding COVID:
    • Regulators will want to know how much, and what type, of litigation did your organization see as a result of new rules and regulations? 

Again, these are some of the basic areas regulators will dig into at some point in the future. They’ll want to know what your organization did to cope with the realities of COVID-19. They’ll want to know what you did during and after the worst of the lock-down. These are some of the basic things we can expect regulators to dig into:

TRACKING NEW REGULATIONS

It’s probably fair to say that most organizations did not have policies in place to address something as calamitous as a pandemic. Very few of us, for example, could have envisioned an environment in which all employees would be working from home for months!  

While regulators may understand and appreciate these unprecedented realities, at the end of the day, they are going to want to know that you had a plan in place.

  • Be vigilant in tracking and reviewing your existing policies so you have something to use as a benchmark when showing regulators updated procedures in the face of COVID-19.
  • Be equally vigilant in documenting new procedures so you have a written record to review with regulators. 
    • On a practical level, make sure your new procedures are easily accessible so you don’t have to spend time digging through files.  It helps in showing you have your story together.
    • Smaller organizations should identify an individual with responsibility for keeping the documentation current and readily available.
  • As we mentioned in the previous section, speed and timing are critical to regulators. In this regard, compliance needs to be a priority, especially for senior management. Regulators will hold senior managers accountable for any lapses in compliance.
  • Given how rapidly things are changing, be cognizant of the Rule of Lenity:  
    • Despite how well-intentioned new regulations might be, ambiguous language can create issues as different regulators might bring a different perspective to certain language.
    • If you identify language you find ambiguous, get the best advice possible as to how to interpret the wording.  Then, have your explanation in writing in order to address questions from a regulator.
  • It is important to recognize that regulations and expectations can come from a variety of sources:Federal regulations, legislation, CFPB, FTC, FCC, states attorneys general and local governments. As such, it’s possible to have conflicting information on a range of topics and issues. Do your due diligence to address potential conflicts with regard to interpreting regulations.  There are a lot of resources to help in such interpretation, among them:

POLICY AND PROCEDURE CHANGES 

We are in a period of rapid and fluid change with regard to how the industry, and our organizations, are responding to changes necessitate by COVID-19. Some things to consider in this regard:

  • Do you have policies and procedures in place by which you develop future policies and procedures? If so, are they readily available if you are asked to produce them?
    • In an ideal world, you don’t want to recreate all of your policies, but just be able to answer questions about policies directly related to COVID-19.
  • Do you update existing policies and procedures OR create new policies that address the unique dynamics of a COVID-19 environment?
  • Do your policies allow for continued changes?
    • For example, is there a policy for locations where you cannot call, or locations where you cannot garnish?
  • Do your new policies and procedures consider how the consumer will be impacted?
    • For example, if there are gray areas, how does your new policies address those areas and are you addressing them in a way that is considered friendly to the consumer?
  • How are you training and distributing in real time? Typically, there is ramp-up time to train people on new regulations that are enacted. But, in the current time, we are having to disseminate and train in real time. 
    • Can you show regulators, in writing, that you had procedures in place to train your employees in real time? In other words, were you being proactive and current?

The main point here, of course, is that an audit will likely be focused on how you handled new and existing policies and procedures during this extremely disruptive period.

DEMONSTRATING COMPLIANCE

In this section, we look at compliance through the lens of an audit.  If someone comes to you with questions about your compliance over the past year, it’s safe to say a significant number of these questions will deal with how you handled the COVID-19 situation:

  • Hardship policies: Most companies have hardship policies in place. However, it’s safe to assume that few, if any, companies had hardship policies related to a pandemic, in general, or COVID-19 in particular.
    • RMAI has drafted guidance in hardship policies.  Here is a LINK to our recent post outlining those suggested hardship policies. 
    • For example, do you suspend collection activities when a consumer can verify hardship related to COVID-19?
  • Have you articulated policies with regard to collecting from stimulus checks? While this is likely a short-term issue, you need to have policies and procedures in place in case the question is asked in an audit.
  • Have you considered clients with multiple accounts with the same consumer? Be mindful that, when a consumer calls, you make sure you are capturing all of the accounts.
  • Respect the fluid nature of the industry response to COVID-19. Some changes will be permanent, others temporary.  But the temporary changes can be very temporary or could change within the month. 
  • Capturing and documenting results. It’s always better to have something in writing somewhere, so it doesn’t seem like you’re making things up on the fly. Generally speaking, from a legal perspective, a document created at the time holds more credibility than an oral argument presented after the fact. Be conscious of those areas where you could be most vulnerable and have written policies in place to handle those situations.
  • Remediation. Be mindful of what you’re doing, how you fixed a particular problem, how you got to the root cause of the problem.
    • For example, if it involves fixing credit report, make sure it doesn’t reappear on the credit report because, perhaps, your system overrides the correction. 
  • Be aware, that in certain situations, involving a lawyer does not automatically assume you will enjoy attorney-client privilege.
    • When remediation is involved, seek either in-house or external counsel for guidance on how to document, or not document, things, because this often requires subtlety.
  • Do you have something in place that shows you are exercising good faith efforts?
    • For example, CFPB, has said it will take into consideration good faith efforts when reviewing companies in the credit reporting space. 

MANAGING VENDORS

  • What are you doing to monitor your vendors’ policies? Remember, your vendors are going through the same thing you are, so you need to understand their policies and that they are staying compliant.  
  • Has anything related to COVID-19 policy changes impacted contractual obligations?  
  • Have there been any changes to your vendor’s insurance coverage?
  • Have the frequency of vendor audits changed and how are you showing auditors you are on top of things with regard to monitoring your vendors?
    • Given that onsite visits can’t happen right now, how do you prove to an examiner that you’ve covered everything that would normally happen during onsite visits.
  • You need to be cognizant of the potential for vicarious liability.
    • Through CFPB examinations and enforcement actions, over half have been associated with some type of vendor management issue. 
    • Remember that vendors are part of your risk portfolio. How you manage them will be part of what a regulator or examiner will look at.  Just as your story is about what you did, it also has to be about what you did to best manage you vendors.

Our next post in this series will cover Returning to Work in the Post COVID-19 Environment.

SIGN UP FOR BLOG