Compliance and Security

GOVERNMENT REQUIREMENTS & STATE LICENSING


LICENSING AND BONDING

Not every state requires third-party debt collection agencies to be licensed or carry additional Errors & Omissions and Liability coverage. However, as part of our commitment to operate with integrity and meet state compliance standards, we are licensed and bonded in every state where it is required. Operational capabilities also include U.S. territories. License, bond, and insurance documents are available upon request.

LICENSED AND INSURED TO COLLECT AND MANAGE CONSUMER BANKING CUSTOMERS IN ALL 50 STATES WITH LOCATIONS NATIONWIDE

REGULARTORY STANDARDS

Every aspect of our business from technology systems, account processing, customer service training, monitoring of collection and support personnel meets or exceeds federal regulatory standards. Internal compliance officers who are expert in federal statutes, oversee relevant compliance performance standards regulated by federal agencies: Federal Trade Commission and Bureau of Consumer Protection.

FAIR CREDIT REPORTING ACT (FCRA)

The Fair Credit Reporting Act (FCRA) is a federal law that details how consumer credit information can be collected, given out, and used. Under the FCRA, consumers have a right to view information in their credit file and dispute inaccurate information.

FAIR DEBT COLLECTION PRACTICES ACT (FDCPA)

The Fair Debt Collection Practices Act, often referred to as the FDCPA, was passed by Congress in response to abusive conduct by collection agencies, and concern that the abuses were causing an increase in the filings of personal bankruptcies. The purpose of the Act is to provide guidelines for collection agencies which are seeking to collect legitimate debts, while providing protection and remedies for debtors.


GRAMM-LEACH-BLILEY ACT (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.


RED FLAGS RULE (RFR)

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs  – or red flags – of identity theft in their day-to-day operations.

CONSUMER FINANCIAL PROTECTION BUREAU (CFPB)

The Consumer Financial Protection Bureau (CFPB) is an independent federal agency that holds primary responsibility for regulating consumer protection with regard to financial products and services in the United States. The CFPB was created in 2011 after its conception was included as part of the Dodd–Frank Wall Street Reform and Consumer Protection Act, which passed as a response to the financial crisis of 2007–08 that played a significant role in creating the Great Recession and was signed into law by President Barack Obama.

 

OVERDRAFT INSURANCE

Overdraft Control exceeds the proper consumer insurance, including Errors and Omission (Professional Liability), General Liability, Workers’ Compensation, and Commercial Crime.

BOND REQUIREMENTS 

 

ACA requires us to maintain a statutory bond, and the amount of the bond is dictated by state statute. The bond is on file with the state with your various licenses and is used in the event you fail to remit funds back to your creditor clients. A bond is different from insurance considering the owner of the company agrees to pay back any losses arising from claims against the bond. In addition, you may be required to carry a Client Contract Bond, which applies to a specific contract you have in place.

 

INSURANCE REQUIREMENTS

 

ACA requires us to carry proper insurance, including Errors and Omissions (Professional Liability), General Liability (usually purchased as a part of a Business Owners’ Package that will also include property insurance), Workers’ Compensation (statutory coverage required by all but a few states), and Commercial Crime (Employee Dishonesty).These insurance policies make up the basic commercial insurance portfolio needed by a collection agency. 

 

Overdraft Control adherers to the ACA Bond Requirements, and maintains a statutory bond and carries a Client Contract Bond which applies to specific contracts.

 

OVERDRAFT SECURITY - ELIMINATE RISK WITH OVERDRAFT CONTROL

 

Information and on-site security is critical to managing the personal banking information and your financial returns.  Overdraft Control is the only Nationally Licensed Overdraft Collection Agency serving the banking industry to earn the international ISO/IEC 27001 certification for Information Security Management Systems, the coveted SSAE 16certification for meeting, auditing, and internal control standards and the Payment Card Industry Data Security Standard – PCI DSS – for the safe handling of sensitive information.

 

ISO/IEC 27001 

 

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. By meeting and complying with this certification’s standards, we seek to: • Demonstrate the independent assurance of our internal controls while meeting corporate governance and business continuity requirements.

  • Independently demonstrate that applicable laws and regulations are observed.
  • Meet contractual requirements and demonstrate to you that the security of your information is paramount.
  • Verify that your organizational risks are properly identified, assessed, and managed while formalizing information security processes, procedures, and documentation.
  • Through regular assessment, continually monitor our performance and find ways to improve.

 

SSAE 16

 

Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010.  SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011. SSAE 16 was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard – ISAE 3402.

 

PCI

 

The Payment Card Industry Data Security Standard (PCI DSS) represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.

In security terms, it means our business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means we are playing our role to make sure customers’ payment card data is kept safe throughout every transaction.

PCI DSS compliance is an ongoing process, not a one-time event. We continuously assess our operations, fix any identified vulnerabilities, and make the required reports to the acquiring bank and card brands with which we do business.

ONSITE SECURITY

Every call center is equipped with camera surveillance, card access entries and call recording systems. Support personnel are trained and monitored to adhere to bookkeeping, accounting and customer service procedures.

Sign-up Today.

Save Banking Customers.

Have questions? Ready to dive in? Contact us and an OC team member will assist you.

The banking industry's best overdraft resource.

Get in Touch

Overdraft Control

A1459 Powell Street
San Francisco, CA 94133

T530-391-6695

F714 845 1900