An essential part of running an accounts receivable business is keeping up with trends that will impact the industry and your agency. With the changes caused by the coronavirus pandemic, new regulations, and emerging technology, it’s important to understand the risks your company faces.
Just as important, you must know the latest risk management strategies to keep issues to a minimum.
Operational Risk Management
Risks and Liabilities
Working from home created unforeseen risks that have never been a concern before. If you aren’t clear, concise, and thoughtful about remote work and office safety policies, you may be at risk for a wide variety of claims.
A few examples of risks you may face are:
- Workers’ compensation claims for at-home injuries
- Negligence and even wrongful death claim in the workplace
- HIPAA and privacy issues upon accidental disclosure of staff health information
Risk Prevention and Risk Shifting
The best way to protect your business from risk is through prevention. A strong call center training program, current policies and procedures, and a good compliance management system (both for internal and external feedback) can catch potential issues before they get out of hand.
For unavoidable risks, there are still measures you can take to be prepared. Be sure you fully understand the contracts you have with vendors and clients, so you know what you are responsible for when situations arise.
Also, become familiar with your insurance coverage.
- Are you covered in the areas you most need?
- Are there new areas of risk identification you should get covered?
- Fully understand vendor and client contracts
- Be familiar with insurance coverage
- Suspend credit reporting
- Review and update work from policies
- Review and update workplace safety protocols
When and Where to Consider New Risk Management Strategies
After understanding what risks your company faces – and the basic ways to prevent or shift these risks – Valenzuela and Zugsay suggest you identify specific areas of improvement.
Look for new risk management strategies within your organization that you may not have considered before. Here are some risk avoidance areas to focus your attention on.
Contracts With Clients and Vendors
Look to existing and future contracts for protection from unforeseen events. Written agreements with both vendors and clients can help your organization manage risks as they arise.
Early termination of a contract or early termination of your services may cause disruptions to your business or daily operations. Consider adding early termination penalties into the contracts you use, protecting your agency in the event of a broken contract.
“If you are a collection agency, you may want to think about crafting some provision about limits on any suspension of work that a client may have or require in the future,” says Valenzuela. If work is suspended for a prolonged period, requiring a fee from the client can help you maintain your business during that time.
Requiring vendors to have minimum insurance limits before entering a contract may also be helpful. However, ask your vendors ahead of signing these contracts how many other clients they have. Is the minimum limit they are covered for enough to help all applicable clients if the insurance is needed?
Credit Reporting Suspension
Valenzuela suggests performing a cost-benefit analysis of credit reporting in your agency. Does the benefit of this (and other risky activities) outweigh the risks they may create? For credit reporting, consider:
- Costs of dispute handling
- Increase in complaints
- Lawsuit/defense costs
- Do clients require it?
Risk Mitigation for Public Health Emergencies
With the impact that the Covid-19 pandemic had on many aspects of doing business, operations leaders should consider creating policies and procedures around the potential impact of future pandemics or public health emergencies.
Working from home due to the Covid-19 pandemic created unique challenges in managing remote workers. You may experience payroll or staffing issues if you don’t create guidelines up front for employees. Create and communicate diligent timekeeping rules for remote hourly workers and create an effective monitoring program.
In states like California, where wage laws are especially strict, it’s essential to be accurate. Ensure you can prove that employees are taking breaks and lunches and are clocking in and out at the appropriate times.
OSHA and WHO Safety Protocols
OSHA and WHO released physical workplace safety protocols businesses had to follow during the pandemic. In addition, the state you operate in had further guidelines to follow to keep workers safe.
Adding this type of information and related resources into your policies and procedures for future reference should be a part of your risk management process.
A Major Type of Risk: Cybersecurity
According to Zugsay, beginning in March of 2020, many collection agencies had to send more data than they ever wanted to outside vendors and work-from-home employees, and had to figure it out on the fly.
Since then, more people than ever are doing work remotely. This increased digital activity has also caused more cybersecurity concerns than ever before.
Zugsay says there are some previously untapped ways your agency can approach this major type of risk to protect your business, employees, and consumers.
New Safeguards for Information Accessible Remotely
In the past, knowing the limits to cyber coverage was all you needed. With the rise in cyber risk, however, a basic knowledge of policy limits isn’t enough.
Zugsay suggests looking at your company’s insurance policy for dependent business interruption if your vendor is at fault for a data breach, and to understand their policies in general to know what to expect if a breach occurs.
Now that cyber risks are higher than ever, Zugsay suggests becoming familiar with the specific terms of your vendors’ policies. If you’re an Additional Insured on a vendor’s policy, this alone may not be enough to protect you if the coverage terms aren’t adequate.
Training to Detect and Prevent “Social Engineering” Fraud
One of the best ways to protect your company from a cyber attack is through a robust employee training program. Make sure the program includes awareness of current social engineering and phishing tactics, wherein a scammer might trick an employee into giving away money or private information.
Because vendors may also be the source of a data breach, another preventative measure you may take is requiring multi-factor authentication before they can access important data from your company.
When these extra measures are in place, let your insurance carrier know. Being up-front about the actions you are taking to prevent data breaches may have an impact on your policy.
- Review insurance policy for exclusions
- Understand vendors' policies on a data breach
- Employee training
Check Insurance Policy Exclusions
Check for both your insurance policy and your vendors’ policies for exclusions. If you don’t understand what may be excluded from your policy or aren’t familiar with what you may need in the event of a data breach, you may be in for a shock when you are trying to use that coverage.
Some exclusions to watch out for, if they are in your policy or your vendors’ policies, are:
- Notifications – Make sure this is not excluded from your vendor’s policy, even though coverage is likely also to be found in your company’s policy if the law in your area obligates you to notify relevant parties of a data breach.
There are real risks involved in missing notification deadlines and also risks to your company’s reputation for over-notifying. It is usually best to let the insurance company’s assigned counsel handle notification to ensure it is properly done.
- Software updates - Failure to update your software may negate your coverage. Know your company’s obligations ahead of time and be sure all updates are being performed in a timely manner. This may also be found under the Conditions section of your policy.
- Forensics - Forensics refers to the post-breach investigation that may shed light on where things went wrong. This coverage may apply in your policy only if the breach is in your system.
- Bricking - In the event of a data breach, you may need to replace compromised hardware or upgrade to newer, more secure hardware. If bricking is not covered in your policy, you may find your company solely r
If you are included as an Additional Insured in a vendor’s policy, look for the condition of indemnity in the vendor’s contract before coverage is triggered.
Again, waiting until a crisis has already occurred can leave you with even more to handle, at the worst possible time. Decide what types of coverage are important to your agency before you enter any agreements.
Remember, you have the most leverage to negotiate before you’ve signed a contract. Use this to your advantage by creating contracts and insurance policies that will provide you with the best protection possible.
Subscribe for weekly email updates or our monthly newsletter for more resources, tactics, and strategies to improve business operations.
Subscribe:
Want to know more about PDCflow Software?
Press ▶️ to watch our explainer video
ONE-STEP PROCESS
- ABOUT THE AUTHOR -
Hannah Huerta, Marketing Specialist
Hannah Huerta is a Marketing Specialist at PDCflow. She creates content for the accounts receivable and payment industry.
Related Articles
