The FCA’s Consumer Credit Sourcebook is now on its 23rd iteration and indeed fourth change since August 2017. Keeping on top of these changes and negotiating some of the ambiguity can be a tricky process. It is a balancing act between ensuring compliance and not strangling the agility of the business.
Robust policies, procedures and strategy reviews
As a first step it is critical that within Collections and Recoveries there is a robust set of policies and procedures. These can come in various guises from level 5 detailed process maps to more simplified policy documents; however, ensuring these are holistic and referenceable is key to form a solid foundation for future work.
In addition, regular Collections Strategy reviews are also important, not just from a business optimisation view point, but also to review through a regulatory lens. The FCA have carried out desk-based reviews of documentation including firms’ policies, procedures, contact strategies and management information [the Thematic Review of “Early Arrears Management in Unsecured Lending” being a recent example] and we suggest having this documentation also available, with relevant change control and governance.
Documenting evidence
With good documented policy, procedures and strategy, the next step is to be able to provide evidence of compliance. This should be complete and be able to be collated with ease, should the regulator arrive on the doorstep.
Having documentary evidence readily to hand, referenced by regulatory area, is highly beneficial both in terms of having the ability to respond to any evidence requests, but also in terms of evidencing and ensuring compliance against specific regulatory items.
The control framework
Lastly, once all of this is in place, a robust control framework needs to be implemented. There are three key areas worth highlighting.
- Preventative controls: These controls would often be systematic in their nature, such as parameters controlling access of user work lists and actions with the collections system or module.
- Detective controls: These are typically a suite of exception reports, such as breathing space parameters or ensuring that regulatory letters have been sent and at the correct point in the customer journey [in many cases QA call monitoring also falls under this category]
- Corrective actions: Whilst not desirable, typically control exceptions do occur. Under the control framework, it is important that evidence of robust feedback loops is available. This is in order to demonstrate that when an event occurs, remediation and corrective action is taken, on a timely basis, with learnings to minimise future occurrences. Suitable evidence includes documented evidence of follow-up.
Summary
In truth, the points raised in this article only really scratch the regulatory surface. Further investment in time and resources is needed to consider each of these points.
However, the FCA is here to stay, and now with 2018 well underway it’s an opportune time to consider and review how regulatory compliance is addressed, controlled and evidenced.
Whether it’s CONC or any other industry regulator such as Ofcom, Ofwat or Ofgem, get in touch if you’d like our help at Arum with regulatory compliance issues.