An essential part of running an accounts receivable business is keeping up with trends that will impact the industry and your agency. With the recent changes caused by coronavirus, new regulations and emerging technology, it’s important to understand the risks your company faces. Just as important, you must know the latest risk management strategies to keep issues to a minimum.

In a recent webinar, Performant Corporate Counsel Lauren Valenzuela and Finexus Insurance Agency CEO Katie Zugsay outlined operational risk management in accounts receivable, including the risks and liabilities to look out for, and basic ways to manage these risks.

Working from home and socially distanced office work during the pandemic have created unforeseen risks that have never been a concern before. If you aren’t clear, concise and thoughtful about remote work and office safety policies, you may be at risk for a wide variety of claims.

A few examples of risks you may face are:

• Workers’ compensation claims for at-home injuries
• Negligence and even wrongful death claims due to covid infection in the workplace
• HIPAA and privacy issues upon accidental disclosure of covid-positive staff

The best way to protect your business from risk is through prevention. A strong call center training program, current policies and procedures and a good complaint system (both for internal and external feedback) can catch potential issues before they get out of hand.

For unavoidable risks, there are still measures you can take to be prepared. Be sure you fully understand the contracts you have with vendors and clients, so you know what you are responsible for when situations arise. Also become familiar with your insurance coverage. Are you covered in the areas you most need? Are there new areas of risk you should get covered?

After understanding what risks your company faces – and the basic ways to prevent or shift these risks – Valenzuela and Zugsay suggest you identify specific areas of improvement. Look for new risk management strategies within your organization that you may not have considered before. Here are some of the most recent areas to focus your attention.

Look to existing and future contracts for protection from unforeseen events. Written agreements with both vendors and clients can help your organization manage risks as they arise. Early termination of a contract or early termination of your services may cause disruptions to your business or daily operations. Consider adding early termination penalties into the contracts you use, protecting your agency in the event of a broken contract.

“If you are a collection agency, you may want to think about crafting some provision about limits on any suspension of work that a client may have or require in the future,” says Valenzuela. If work is suspended for a prolonged period, requiring a fee from the client can help you maintain your business during that time.

Requiring vendors to have minimum insurance limits before entering a contract may also be helpful. However, ask your vendors ahead of signing these contracts how many other clients they have. Is the minimum limit they are covered for enough to help all applicable clients if the insurance is needed?

Right now, with special guidance surrounding some debt collection practices, Valenzuela says suspending certain risky activities – like credit reporting – may be beneficial.

She suggests performing a cost benefit analysis of credit reporting in your agency. Does the benefit of this (and other risky activities) outweigh the risks they may create? For credit reporting, consider:

• Costs of dispute handling
• Increase in complaints
• Lawsuit/defense costs
• Do clients require it?

“With Covid impacting many aspects of our businesses, you may want to consider creating Covid-related audits, training, policies and procedures as part of your risk mitigation strategy,” says Valenzuela.

Working from home due to covid has created unique challenges in managing remote workers. You may experience payroll or staffing issues if you don’t create guidelines up front for employees. Create and communicate diligent timekeeping rules for remote hourly workers and create an effective monitoring program.

In states like California, where wage laws are especially strict, it’s essential to be accurate. Ensure you can prove that employees are taking breaks and lunches and are clocking in and out at the appropriate times.

OSHA and WHO have both released physical workplace safety protocols your business must follow. In addition, the state you operate in may have further guidelines you are required to follow to keep workers safe.

Because Covid infection is an ongoing concern, you may find there are special emergency orders in your area aimed at preventing workplace outbreaks. Some actions you may be required to take into consideration are:

• Creating a written, site-specific plan that includes preventative protocols
• Additional safety training for employees
• Airflow assessments for indoor spaces
• Documented proof of safety inspections
• In the event of an outbreak, free covid testing for staff
• Employer-provided masks for on-site personnel

Check for both your insurance policy and your vendors’ policies for exclusions. If you don’t understand what may be excluded from your policy or aren’t familiar with what you may need in the event of a data breach, you may be in for a shock when you are trying to use that coverage. Some exclusions to watch out for, if they are in your policy or your vendors’ policies, are:

• Notifications – Make sure this is not excluded from your vendor’s policy, even though coverage is likely also to be found in your company’s policy if the law in your area obligates you to notify relevant parties of a data breach. There are real risks involved in missing notification deadlines and also risks to your company’s reputation for over-notifying. It is usually best to let the insurance company’s assigned counsel handle notification to ensure it is properly done.

• Software updates - Failure to update your software may negate your coverage. Know your company’s obligations ahead of time and be sure all updates are being performed in a timely manner. This may also be found under the Conditions section of your policy.

• Forensics - Forensics refers to the post-breach investigation that may shed light on where things went wrong. This coverage may apply in your policy only if the breach is in your system.

• Bricking - In the event of a data breach, you may need to replace compromised hardware or upgrade to newer, more secure hardware. If bricking is not covered in your policy, you may find your company solely responsible for these replacement costs.

If you are included as an Additional Insured in a vendor’s policy, look for the condition of indemnity in the vendor’s contract before coverage is triggered.

Again, waiting until a crisis has already occurred can leave you with even more to handle, at the worst possible time. Decide what types of coverage are important to your agency before you enter any agreements. Remember, you have the most leverage to negotiate before you’ve signed a contract. Use this to your advantage by creating contracts and insurance policies that will provide you with the best protection possible.

In the webinar this article was based on, Zugsay also discussed the anatomy of an insurance policy, how to understand claims, and examined common pitfalls agencies should avoid. To be notified when this final article in the series is published, and for more educational AR content, subscribe to the PDCflow blog: