Operational Risk Management in Financial Services

Operational Risk Management for Financial Services

Operational risk management in the workplace has always been a concern for business owners and managers. However, the changing workplace environments of the last year has created more risks and liabilities for organizations than ever before.

Performant Corporate Counsel Lauren Valenzuela and Finexus Insurance Agency CEO Katie Zugsay discussed these evolving risks in a recent CAC webinar, Smarter Risk Management for 2021.

Katie Zugsay
Katie Zugsay Esq.


Lauren Valenzuela
Lauren Valenzuela


Risks and Liabilities to Manage as Part of Your Operations

The continued efforts to keep workers safe during coronavirus have brought up new considerations for managers. Even familiar scenarios have begun to present unique risks. Here are a few examples Valenzuela presented that you should consider when creating your 2021 risk management plans.

Workers’ Compensation
Workers’ compensation claims have always been a reality, but there are new complications added for companies with remote workers. Do you have a plan for employees who are injured at home during their workday? Does your workers’ compensation insurance cover these claims? If you aren’t sure, now is the time to find out.

Coronavirus can open your agency to claims of negligence if you are not following proper protocols. “What if you have employees who are still at an office and get covid at work?” Valenzuela asks. “If an employer does not have sufficient preventative protocols in place, an employee’s attorney may try to make a claim that the employer was negligent.”

Wrongful Death
Covid-19 also opens businesses up to the possibility of wrongful death claims. If your employees are exposed to coronavirus in the workplace, they run the risk of spreading the illness to elderly or at-risk relatives they live with. If these relatives then pass away, it is conceivable a business could face a wrongful death claim.

New Debt Collection and Licensing Regulations

There have been several new debt collection regulations released in the past year. There are many new items to be familiar with from all levels of government from city and state-wide requirements to the CFPB’s new federal debt collection rule, Regulation F.

Portions of these regulations – especially those providing temporary at home work orders – may be vague, or even appear to contradict each other at times. It’s important to consult your agency attorneys to comply as thoroughly as possible to mitigate your risk.

There’s No Place Like Home: HIPAA, Pandemics, & Cybercrime

Data Breach
Data security has become a bigger concern in the past year than ever before. With so many people working from home since the beginning of the pandemic, there has been a massive increase in cybercrime. You must assess how your employees are complying with PCI, HIPAA and other data protection rules to ensure that sensitive consumer information is safe.

FCRA Claims and Cyber Risks
There could be consequences for your agency if you don’t ensure employees are adhering to the Fair Credit Reporting Act. Proper reporting of debt affected by Covid is essential. Also take into account how your business is handling disputes with a remote workforce or through automated channels. Any process should be timely, secure and accurate.

Business Interruption
You may encounter clients and vendors who are suspending services due to the pandemic. Keep close communication with clients to make sure you are not performing collection activities they don’t approve of. You may also speak to vendors to make sure you are not left without essential services without advanced notice or a backup plan.

Employment (EPLI) Claims
Wage and hour issues associated with employee timekeeping may also pose a risk. Set clear policies for your remote staff as far as breaks, lunches and other timekeeping measures are concerned. Have mechanisms in place to monitor and enforce compliance with your policies as well. Also be aware of certain exceptions that may apply due to Covid to avoid any wrongful termination claims.

Privacy and HIPAA
You may also find yourself in trouble if an employee’s personal health information is disclosed in the workplace. If they do not wish their health conditions, such as a diagnosis of coronavirus, to be disclosed in the office, be careful to maintain employee privacy.
FLOW Technology for Operational Risk Management

Operational Risk Management

After identifying the newest risks within your workplace, you must work with your team to create plans for operational risk management. There are two basic ways risk mitigation is usually handled – prevention, and risk shifting.

The best way to maintain a well-functioning office is to prevent as much risk as possible. According to Valenzuela and Zugsay, these are some of the most impactful areas to create risk-prevention strategies in your agency.
“Training is a very powerful preventative tool.”Lauren Valenzuela
  • Training - a healthy call center training program is essential to ensure your agents are following company guidelines. Your training should include following call scripts and other rules that keep you compliant with debt collection. However, adding training on data security procedures as well as training to mitigate other risks (e.g., timekeeping training to avoid wage and hour issues, training on remote work policies, training on Covid safety protocols, etc.) can prevent many personnel issues later on.
  • Policies and procedures - “Having documented, accurate, relevant policies and procedures is another risk mitigation strategy,” says Valenzuela. “Don’t wait until risks appear in order to have a policy or documented procedure.” This means anticipating situations before they arise and performing routine maintenance to keep these policies and procedures up to date.
  • Testing, auditing and remediation - after policies and procedures are created you should also be testing them to make sure they hold up. It’s important to identify gaps before a problem arises rather than finding gaps because your plan failed. Of course, if you do identify issues, fix them right away.
  • Complaint response – making it easy for consumers to bring complaints directly to your company is essential for risk mitigation since complaints help you detect and correct risk. If you aren’t open about receiving feedback from consumers, you are likely to end up with surprise BBB or CFPB complaints. Receiving and analyzing complaints gives you a chance to fix problems before they get out of hand.
“It’s not only the right thing to do for consumers, it’s a way you can mitigate risks that you detect through that complaint process.”Lauren Valenzuela
  • Open-door policy - creating a culture in your agency where employees feel comfortable sharing concerns is helpful for productivity and creates a positive work environment. It can also serve as a risk detection and mitigation tool. When staff feel comfortable sharing situations before they become serious, you can prevent more internal risks.

Risk-shifting (for risks you can’t prevent)
Unfortunately, there are times when you can’t avoid risk. For these situations, your operational risk management strategy should contain risk-shifting strategies that can help minimize damage and cost.

Contractual Indemnification

You can add clauses into your contracts to shift risk to other parties such as vendors and clients. It’s important to also review contracts to know when others are shifting their risks to you.

“It really pays off to fully negotiate terms before you sign a contract,” says Valenzuela. “Even ones that seem boilerplate. Take your time to read it, understand it and to negotiate any terms with vendors and clients before you agree to something.”

Insurance Program and Coverage

You can shift the risks you can’t prevent by understanding the coverage you and your vendors have. If you are an additional insured on a higher-risk vendor, be sure to understand what coverages you’re getting under their policies. Valenzuela says a strong vendor or service provider oversight program can help you understand vendor risk prevention and insurance programs to understand how you may benefit.

Remember, it is much easier to negotiate before signing a contract. If you have questions or concerns, address them before entering into any agreements to ensure you and your vendors are all on the same page regarding risk and liability concerns.

Valenzuela and Zugsay covered much more about risk and liability during their presentation. To learn more about risk mitigation, navigating your company’s insurance policy to manage unpreventable risks – and more educational topics – subscribe to the PDCflow blog:

Subscribe to the PDCflow blog
Share this post!
Hannah Huerta - PDCflow Marketing Specialist
Hannah Huerta, Marketing Specialist

Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.

LinkedIn - Hannah Huerta

Related Articles
Compliance and Risk Management is the Secret to a Successful Debt Collection Agency
Tips to Run a Compliance Management Program In a Small to Mid-Sized Collection Agency