Menu Close

Compliance

Licensure & Compliance

Brown & Joseph sets the highest standard in licensure, compliance, insurance and bonding that exceed state and federal mandates.

SSAE Type II SOC 1

An SSAE 18 audit examines the collection agency’s operating guidelines and activities, controls, policies and personnel. When the collection agency meets the quality, security, confidentiality, compliance and safety requirements, they would receive the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements. Certification is a significant achievement and distinguishes the agency within the collections industry.

PCI DSS

We are PCI DSS compliant, meaning that we adhere to a framework of specifications, tools, measurements and support resources to ensure the safeguarding of confidential cardholder information at every level. Compliance with the PCI Data Security Standard is imperative to ensure that debtor payment card data is secure and proves we are committed to the highest identity and security standards to protect our clients.​

Insurance Bonding

Brown & Joseph carries the highest amount of insurance bonding and coverages to protect our business operations, assets, personnel, as well as our clients and their financial interests. Copies of our respective Certificates of Insurance and/or policy declarations pages are readily available upon request.​

Debt Collection Laws & Regulations

Brown & Joseph is compliant with the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA) and the Telephone Consumer Protection Act (TCPA).

Quality Control Process

Each of Brown & Joseph’s business disciplines have quantitative and qualitative key performance indicators (KPI) that are monitored daily, weekly, and monthly. This structure is built around recovering premium for our clients, ensuring a favorable customer experience for our customers and policyholders while protecting our client’s brand as an extension of their business process.

Our internal audit organization is continuous cycle for improvement that propels Brown & Joseph’s performance for our customers.

Our Quality Control Supervisor conducts ongoing performance audits of each recovery specialist to ensure compliance with:

  • Laws and Regulations
  • Company Rules & Procedure
  • Financial Requirements

Additionally, the Brown & Joseph I.T. department conducts technological audits on each employee computer with software called Netwrix Auditor to ensure compliance with company policy and U.S. laws and regulations.

Ongoing audits conducted on Brown & Joseph by external government agencies include:

  • PCI DSS
  • SSAE Type II SOC 1

DEFINE

Define performance expectations and regulations.

MEASURE

Measure recovery performance and accounts uncollected.

ANALYZE

Analyze contributors and inhibitors to collection performance.

IMPROVE

Use predictive analytics to prioritize cases and advise on uncollectible accounts.

MAINTAIN

Maintain speed of dollars collected and overall recovery performance.

I.T. Security & Safeguards

Information security is a top priority for Brown & Joseph. With advancements in technology and ability to readily exchange information across channels, implementing safeguards and countermeasures to eliminate vulnerabilities is critical.

Our Security Incident Response/Review Team (SIRT) carries out the actions and responsibilities of key members starting with technology to production with each job discipline in between to ensure continuous levels of production for our client and security safeguards of the information are upheld to perform collection services.

Our Compliance Manager and Chief Information Officer work with several companies to ensure security standards are tested and certified. Our Security Program Manual details procedures for security measures: physical, information, computer, logical, data, access, internet usage, back up & recovery and incident response procedures.

Administrative Safeguards

  • Security management process to prevent, detect, contain and remedy security violations
  • Designated security officer develops and administers the data security policy
  • Information security awareness and training is conducted for all appropriate employees
  • Security incident procedures for handling breaches of data security
  • Business continuity plans
  • Business plans are tested and evaluated on a periodic basis

Technical Safeguards

  • Data integrity managed through security access and controls and with critical business data backed up daily (onsite and maintained offsite)
  • Secured network and workstation with individual sign-ons
  • Technical architecture controlled by network and firewalls

Physical Safeguards

  • Access Controls – security software that denies or permits electronic application or data access such as security desk, monitored entrances, door locks/card reader access only, visitor credentials
  • Protective Devices – Surveillance cameras, fire detection system, afterhours motion alerts
  • Flood Management – Water sensor contained in data center
  • Event Monitoring – Access, admin activities, use of privileged accounts, changes to controls, suspicious patterns of activity, attempts to access sensitive files, rejected attempts at accessing resources, etc.

Penetration Testing

Penetration Testing (pentesting) is the process of testing our applications for vulnerabilities. The purpose of a penetration test is to identify any key weaknesses in our systems and applications and to determine how to best allocate resources to improve the security of our organization as a whole. In addition to pentesting being regularly performed by our Chief Technology Officer, further pentesting involves a team of skilled hackers. We purposefully ensure that the hackers do not have access to any source code and ask them to try to gain access to our systems.

Penetration tests are carried out on IP address ranges, individual applications or our company name. All of our I.T. security and safeguard certifications are readily available to qualified inquiries.

Associations & Certifications

Staying true to our mission of continuous improvement, Brown & Joseph partners with several industry associations to stay up-to-date on current events and challenges our clients may be facing. 

Contact Us

Send us a message using the contact form below and we will get back to you within one business day.

Headquarters

One Pierce Place
Suite 1225W
Itasca, IL 60143

Call

(847) 758-3000

Email

info@brownandjoseph.com
marketing@brownandjoseph.com

Your Name (required)

Your Email (required)

Subject

Your Message

error: Content is protected