top of page
  • Robert Bell

5 Steps to Risk Management in Debt Collection

The Financial Conduct Authority's (FCA) consultation on the extension of the Senior Management and Certification Regime (SM&CR) to all firms regulated by the FCA is due, making this an opportune moment to review your risk management systems.

SM&CR should be the catalyst for your firm to review its actions in a number of areas, including:

  • The roles and responsibilities of senior managers

  • Division of roles between departments

  • Training and competence throughout the organisation

  • Your level of compliance

  • How you manage risk

In this article we are going to focus on the final two bullet points - to learn more about the steps you need to undertake to become SM&CR compliant you should visit our Compliance Insights page where you can easily search for the latest on SM&CR.

Senior Managers in Office SMCR risk management

Why does SM&CR mean you should assess your level of compliance and risk?

The Regime brings a sharper focus on the actions of regulated firms with the Financial Conduct Authority not only gaining increased powers to investigate and punish poor practices by firms / individuals, but a clearer method of achieving the same.

In other words, the FCA will have a better idea when we are not acting in a compliant manner than they currently do under the Approved Persons Regime. Also there is no longer an opportunity for senior managers to avoid responsibility through blaming others within the firm, the responsibility is now clearly that of the senior manager.

As a result, senior managers have a vested interest in ensuring the firm remains compliant and risk management is the most effective method of maintaining compliance with finite resource.

5 Steps to Risk Management – Debt Collection

We are lucky to audit multiple firms in the regulated debt collection environment where we get to see what is great in the industry and, conversely, what needs to improve. One area that needs improvement is risk management processes which, often, are underdeveloped or misunderstood.

With SM&CR, not to mention GDPR, on the horizon it is the time to make sure you are managing your risk effectively in order to protect your firm and yourself from regulatory action. We thought it would be handy to point out the main 5 steps your firm should be taking to manage its risk:

Step 1: Install an effective risk management system

Many firms still use spreadsheets or poorly designed in-house solutions to record their risk actions. Spreadsheets can be useful to an extent as they provide a register for you to record risks, rate them, then list the actions which should be taken. What they fail to do is provide an audit trail, automatic workflows off the back of agreed mitigating actions nor do they provide a bird’s eye view of the risks, incidents and actions taken to mitigate. Time has come to invest in systems which allow your risk manager to allocate tasks to individuals within the firm and the system takes over notification, scheduling and reminding the action owner.

Step 2: Identify risks

Risk identification is the life-blood of any risk management system - we have seen firms list each and every compliance rule that must be followed or simply rely on staff to complete a risk identification report. Neither approach is effective. For example, one or two members of staff, usually with vested interests in the risk management of the firm, will raise most of your risks leaving the register biased and incomplete.

Instead, focus on risk review meetings where your risk manager / department holds a series of risk identification meetings with departments. This way you focus the minds of the individuals who are best placed to identify risks. It’s a good idea to also leave a process in place which allows individuals to raise risks at any time but it shouldn’t be solely relied upon. You might also look to build an objective around identifying and highlighting risks into the objectives set for management level staff.

Step 3: Record risks

This is a simple step we are all quite familiar with - the risks must be recorded in the risk log or the risk management system. The one piece of advice we would give at this point is to ensure you factor in customer detriment to your risk rating scoring; feel free to ask us if you would like more advice on this.

Step 4: Risk treatment

Your risk process then needs to provide for the treatment of the risk to be considered, agreed, recorded, delegated and completed. Great advice on risk treatment can be found on the Simplicable website.

Step 5: Review and report

Risk management doesn’t stop once you have created your risk treatment plans - you need to continually review the actions taken by owners to ensure that the risk treatment is occurring and you need to review whether it is successful. Equally, you need to ensure your senior managers have oversight of your entire risk management process, strong governance and reporting structures are essential here.

Throughout it is important to remember the expectations of the FCA when dealing with risk.

What next?

If you are interested in our free demo of a fantastic risk management system which has been specifically designed for the consumer credit industry and covers all aspects in this article please Contact Us and I will be pleased to set up an online demo.

Conduct Rules Training.png
Corporate Compliance Training

Our online compliance training platform is specially designed for firms looking to book a number of learners on our courses

Stacked Books
Compliance Resources

Our online compliance resources provide all the information you need to know in relation to compliance hot topics.

bottom of page