Steps to Create A Compliance Management System

Steps to Create a Compliance Management System

The CFPB expects all debt collection agencies to have a compliance management system (CMS) in place during operation. Courtney Reynaud, President of Credit Bureau USA, and the other California Association of Collectors Collection Boot Camp panelists, understand how overwhelming creating a compliant collection agency can be.

“With everything else we have to do to run a successful business, compliance is probably one of the largest business expenses,” says Reynaud.

It can be hard to dive into such a costly and important part of running an agency. By understanding what makes up a compliance management program, agencies can streamline day-to-day tasks and keep agent training on track.

This makes implementing a compliance management system easier and keeps your business healthy, minimizing risks of litigation.

What is a Compliance Management System?

How a business or institution:

  • Learns about its compliance responsibilities
  • Ensures employees understand these responsibilities
  • Ensures that compliance requirements are incorporated into business processes
  • Review operations to ensure responsibilities are carried out and requirements are met.
  • Takes corrective action and updates policies and procedures as necessary.

What is a Compliance Program?

A compliance program should incorporate a compliance management system, as mandated by the Consumer Financial Protection Bureau (CFPB), and proper writing and development of policies, procedures, and work instructions.

It is a living document that is updated and maintained on a regular basis as new rules, regulations, laws, and advisory opinions are updated by the governing bodies that provide oversight on consumer payments.

The second half of ensuring compliance requirements are met relies on your employees. Invest time and effort into training programs so employees know how they should perform their jobs and adhere to the rules of the industry.

Identify underperformance, noncompliance or under-trained employees through compliance monitoring and corrective action.

[Webinar] Your Compliance Management Plan

Key Components of a Compliance Management System

The CFPB expects collection agencies of all sizes to have an effective compliance management system.

As the CFPB moves on from rulemaking and enters a new stage of supervision and enforcement of its policies, debt collectors and businesses collecting on consumer payments must adjust as well.

Compliance measures for Regulation F are now in place and new regulations and investigations are emerging from the Federal Trade Commission, Health and Human Services, and the Department of Veteran Affairs.

Businesses should focus on the creation, tracking, and maintenance of compliance management systems to protect them in the event of an audit or other enforcement action.

Make sure your compliance management program:

  • Establishes its compliance responsibilities
  • Communicates those responsibilities to employees
  • Ensures that your policies and procedures meet legal requirements and are also incorporated into your normal business practices
  • Reviews operations to ensure the responsibilities are carried out and legal requirements are met
  • Takes corrective action and updates tools, systems, and materials as necessary

CFPB Compliance Management System Recommendations

The CFPB has outlined these components of compliance they expect companies to maintain. A comprehensive compliance management system, as stated by the CFPB, should consist of:

Board of Directors and Management Oversight of CMS – Establish a board of directors, highest governing body or committee within the organization to make compliance decisions, etc.

Policies and Procedures Establishing a Compliance Program/Employee Training – Create a formal policies and procedures document or update existing materials that are in line with Regulation F and other compliance rules. Document everything and extend proper training of these guidelines to everyone in your company.

Monitoring and Corrective Action– Testing and monitoring your CMS is essential. This helps you identify problems, retrain staff and fill in gaps in your processes.

A Consumer Complaint Management Program – Gather, track and trend all complaints in-house. This eases the burden of monitoring complaints logged through the CFPB and gives you insight into recurring issues that may require further policy and procedure changes.

Independent and Internal Compliance Audits – Testing and monitoring your CMS is essential. This helps you identify problems, retrain staff, and fill in gaps in your processes.

Complaint Portal and Public Complaint Database – Updates tools, systems and materials as needed – aside from managing complaints received directly from consumers, an effective CMS must also address complaints received from other parties (ex. CFPB, BBB, AG, etc.)

Leslie Bender Quote on CFPB Complaints

What are Policies, Procedures and Work Instructions?

Policies, procedures and work instructions are important for any business, but are vital to collection agency compliance management programs.

Without a compliant framework for how to run the office, you risk violating regulations and exposing your agency to litigation. However, understanding the difference between these three terms can be confusing, and make it hard to know if you’re going about things the right way.

Reynaud suggests anyone who is unsure of where to begin, or who is simply interested in tightening day-to-day operations of their agency should attend the Professional Practice Management System (PPMS) course offered through ACA International.

The class is a certification program designed to teach you how to create and maintain functional office processes. The curriculum, designed for smoothing out daily issues and cutting down on errors, helps maximize compliance management in your debt collection agency.

“It is definitely worth your while, even if you don’t want to become a PPMS agency,” says Reynaud. “It still provides value.”

To help collection agencies get started without the PPMS course, the Collection Boot Camp panel provided a simplified explanation for each of these processes.

Here’s how you can understand the difference between policies, procedures and work instructions:

What is a Policy?

Think “Big Picture.” Your company policy usually applies to all staff and is generally not specific to debt collection. Examples would be a Company Policy or a Data Security Policy.


Procedures are the processes organized in conjunction with elements of the PPMS. If the PPMS is not in use, procedures may relate to the departments or processes within your agency. Examples would be “Client Issues” or “Client Services Department.”


Example Procedure Format

1.0 PURPOSE (WHY) – Briefly state why the procedure is necessary.

2.0 SCOPE (WHEN/WHERE) – Describe the areas the procedure will impact or influence.

3.0 DEPARTMENTS RESPONSIBLE FOR IMPLEMENTATION (WHO) – Index the responsible functions.

4.0 GENERAL (WHAT) – General description of how the Company Policy (CP) will impact the company.

5.0 PROCEDURE (HOW) – Describe steps necessary to accomplish the task set for in the CP, following a logical sequence. The responsible parties should be identified for each step.

6.0 RECORDS – Identify where the records are to be maintained.

7.0 FORMS – Identify any forms to be used in accomplishing the CP requirements.

8.0 DEFINITIONS – Define any unusual terms.


A work instruction is the step-by-step guide for how to do a specific task. An example would be a new client onboarding instruction.


Example Work Instruction

WORK INSTRUCTION: Name of the work instruction.

DESCRIPTION: State in detail the purpose of this work instruction. Why do you have it? Describe what is going to occur during this process and the outcome you expect.

SCOPE: Who it involves. Is this work instruction limited to only a portion of the work? If so, state what this work instruction is going to entail.

SYSTEM USED: Indicate the systems used to execute this.

WHO IS RESPONSIBLE: Primary person, job title or area responsible for following these instructions.

FREQUENCY OF WORK: How frequently will this work instruction need to be executed?

REPORT: If this is a work instruction used for a report – indicate the report name.

STEPS: Name the steps in chronological order and number them. Describe in detail how this work instruction is to be performed. All details need to be included.

Creating Policies, Procedures and Work Instructions

Creating policies, procedures, and work instructions is “one of the most difficult and time-consuming parts of developing your compliance management system,” says Reynaud. She cautions that it can be overwhelming, and you may not know where to begin.

Her advice for getting started is to review current compliance management systems that your agency may already have in place. Check them to make sure they are current, accurate, and still being used.

This can provide a starting point to create a comprehensive and up-to-date version that will help your Compliance Management System succeed.

Rather than sitting down in one day to overhaul your system, Reynaud says the best time to create or tweak a policy is right after an issue in your office, using a root cause analysis.

If a policy, procedure, or work instruction you already have in place would have solved the problem, take time to share it with staff and train them on proper implementation.

If you find the policy you have in place contains gaps, or is out of date, that could be why you had a problem. Fix and update your existing framework to create a new policy, procedure, or work instruction.

If you find that you have nothing existing to address the issue, write a rule from scratch. As always, make sure to communicate with your staff after creation so everyone is on the same page. A system won’t function if no one knows about it.

Reynaud suggests using a shared document management program to store all documents in one place and make them accessible to all employees. A few suggestions are:

  • Cast IMS
  • Google Docs
  • Through your collection software (some systems offer CMS programs)

Finally, make sure to use one standard format for all policies, procedures and work instructions. Consistency will help you write rules and help staff understand and adhere to training and maintain compliance.

The Importance of Compliance Training for Employees

A large part of employee training is proper call monitoring and corrective action. Monitoring agent calls can be done through a speech analytics program, or through random monitoring of collection calls throughout your call center.

To maintain compliance when call monitoring is done via recordings, agents must tell consumers they are on a monitored and recorded line. If the call may be subject to live monitoring, this must be noted to consumers as well.

Be sure when monitoring calls, you do so using a uniform system like a scoresheet. If you want all agents to perform their tasks with proficiency, you must judge every employee using the same rubric.

A scoresheet is especially helpful in reminding you what items are expected during a call, prompting you to listen for them while you monitor.

Ready to start using email and text to collect payments from consumers?
PDCflow can help. Use email and SMS to engage consumers. Send letters, statements, settlement agreements, and payment schedules digitally. Have peace of mind that you are meeting CFPB requirements.
👉  Learn More

Monitoring Staff for Regulatory Compliance

Kelly Parsons O’Brien pointed out that some agencies, such as Credit Bureau Associates where she is the President, do monitoring of whole accounts instead of individual calls. An agent’s performance in handling their accounts, and how well they adhere to compliance regulations, will determine a portion of their bonus.

“We’ve found that this does increase policy and procedure compliance,” says Parsons O’Brien. “Everything has improved with per-account work.”

If a process does fail in your agency, Reynaud recommends you have a plan in place to address and correct it. The key to taking proper action is defining what she calls a non-conformity, or, “non-fulfillment of a specified requirement.”

This can be anything from an agent not following procedures to an agency-wide issue, like a collection letter sent to debtors missing the back page text. Being able to identify these occurrences helps agencies to know when and how to report them.

PDCflow resource center is a central source for billing and payment strategies. Get actionable insights, tactics and expert advice to improve the payment experience for your customers and create a better cash flow for your business. Sign up for weekly updates or for our monthly newsletter today.

Sign Up:

Want to know more about PDCflow Software?

Press ▶️ to watch our explainer video

See how our Flow Technology can reduce risk for your agency and speed up your digital payment collections with secure email and text. Book a demo today.
Book Demo

Verify right party contact and keep all sensitive data secure. Eliminate the need for multiple software vendors. Send all your business transactions in one Flow smart request.
Explore Flow Technology
Share this post!
Hannah Huerta - PDCflow Marketing Specialist
Hannah Huerta, Marketing Specialist

Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.

LinkedIn - Hannah Huerta

Related Articles
Compliance Roadmap: FDCPA Laws & Regulation F