Monday, 15 December 2014

Compliant? Prove it.

The debt sale market in the UK is entering a new phase as sellers and purchasers all come under the regulation of the FCA. Are you ready?

There have been many regulatory changes over the years. However, the wave of change to come under the regulation of the FCA is set to be the biggest so far for our industry.

Historically, before and following a sale, there was limited interaction between seller and purchaser. The contract stated what the purchaser could and couldn’t do and it was left at that. Over time, sellers – banks in particular – have stepped up the level of oversight. It is now common for audits before and after a sale, as creditors, either for regulatory or reputational reasons, maintain some ownership of the customer post-sale.

So what impact will the FCA have on debt sale? The key difference this time is that the change affects all participants in the market. As with the FSA before them, the FCA takes a principle based approach to regulation. A result of this is that firms have some latitude in how they choose to interpret the requirements.

What is clear is that it’s not enough to have processes and systems in place – you need to evidence that they’re working. Sellers and purchasers are going to have to work even more closely both pre and post-sale to ensure that both parties can gather the evidence needed to satisfy the regulator. For the financial services sellers, this is an incremental change on top of what they have been doing historically to satisfy the Lending Code and the FSA. For others, who are now falling under FCA regulation for the first time a bigger step change will be needed.

Consistency in approach will be everything from a purchaser’s perspective – they interact with a large number of creditors so for efficiency, a market standard would make sense. For all of us who wish to see the currently buoyant debt sale market continue to thrive, our call to action to all parties in the market must be that we work together to look at how we can work collectively to create consistent, high quality information around customer journey post-sale.

By Andy Taylor, Product and Proposition Manager, Debt Sale

Tuesday, 21 October 2014

Ensuring those who can contribute, do contribute

The levels of unplanned, unwanted indebtedness in the UK are increasing. Ongoing welfare reform and continued decreases in real income for the least well-off in society means that a growing number are struggling to meet their financial commitments.

I have been reviewing data captured by TIX, our insolvency management platform which has visibility of over 90% of all personal insolvencies; it reveals that in the first quarter 2010 only 9.2% of IVA proposals were from consumers with more than 50% of their income coming from benefits and pensions. By 2014 this had more than doubled to 23.6%.*

As a result of this financial pressure, consumers are increasingly making tough decisions about which of their debts they can service and we are seeing a prioritisation of private debts over local government debts, due to the perception that private companies, such as banks, will pursue debts with much greater intensity. 

However, in the current climate, local authorities are also having to make their own ‘tough-decisions’ as they try to deal with on-going budget cuts. With the percentage of debt owed to government on the increase, the sooner Authorities address the challenge, the better.

Council tax

Although average in-year council tax collection rates in England are at an impressive 97.4%, the value of the unpaid 2.6% is, however, over £600million per year. The process for recovering this debt has traditionally been an almost exclusive reliance on third party Enforcement Agents (bailiffs). The effectiveness and fairness of the bailiff approach is the subject of much debate and it remains to be seen whether the recently introduced regulatory changes go anyway to address concerns. What is clear is that many of the innovative collection strategies widely adopted across the private sector are not utilised. When we benchmarked council tax collection performance, against that of the private sector, we found that 16 of the top 100 local authorities in England were potentially underperforming in terms of council tax collections when compared to the private sector ranking for their area. Within that 16, five of the top 10 largest local authorities by population had relatively poor actual in-year collections performance relative to their private-sector collections ranking.**

Service lines at a disadvantage

But what about those areas where the use of Enforcement Agents isn’t available? Our experience is that areas such as sundry debt, adult social care, and overpaid benefits are often reliant on internal legal service teams who do not have the resource to pursue all cases. As a result, in many areas, those owing money have learned to prioritise other debts over those owed to the council. Letters are often left unopened and council collectors have little re-course with those who are deliberately avoiding payment. In an environment where creditors are becoming increasingly sophisticated in the ways they compete for every pound, this leaves local authorities at a distinct disadvantage.

Three tips

The work our consultants have done with local authorities who are seeking to improve collection performance in order to meet growing budgetary pressures has found there are immediate and straight-forward improvements which can be made. Our top three tips are:

1. Agencies can unlock value - If your existing collections processes aren’t yielding results, don’t let the debt become old and unworked – think about engaging a debt collection agency, or a panel of agencies. You will have to spend some money, but there will be a net benefit.
2. Bureaux reporting is a proven deterrent - Consider providing credit reference agencies with data about your service users who owe you money. We have found that this alone deters those who can pay but are making an active decision to deprioritise your debt.
3. A full view of the service user and what they owe will transform your approach -   Individuals are often in debt to multiple service lines – a review we conduced of one council’s arrears revealed that 30% of its service users had debts across multiple revenue lines. By working together you can share knowledge and benefit from streamlined approaches. You can also make the experience of dealing with your council more positive in that service users can talk to one person or department about all of their debt.
Paul Fielder, Strategic Account Director, TDX Group

* TIX Q1 2014
** Analysis conducted by TDX Group in August 2013

Tuesday, 14 October 2014

The ‘right price’

Recently I was asked by a seller what the right price for their debt was; they wanted to know how many pence in the pound they would get. This got me thinking about how much this concept has changed over time – not only the value but also the definition of ‘right’ price. I am not going to go into the reasons that different debts are worth different prices i.e quality of origination, current debtor situation mix, how hard it has been worked to date etc., I want to comment on the ‘evolution’ of debt sale.
Over the years I have seen three broad definitions for ‘right’ price. Almost eight years ago when I started out in this industry, the ‘right price’ equated for what is the most I can get for my debt? This era was typified by limited data being made available to purchasers and often the debts would be window dressed for sale. High turnover of purchaser panels was common place, with buyers often being ‘stung’ on price (it still is in some of the developing markets). In this era, sellers got to a position where it was difficult to sell debt for two reasons:
  1. Purchasers no longer trusted the seller or the quality of the debt.
  2. Those purchasers that did come back offered more realistic prices, but creditor expectations were still at the old, unrealistic, prices. 
During the middle ages, ‘right price’ was the price that can be achieved for my debt on a repeatable basis. This era was typified by more data being made available to buyers so they could build confidence in their pricing. As a result, large relatively stable panels were common place with buyers coming back for more debt at similar prices. In this period purchasers evolved the most – using more and more data to enable them to price accurately, reducing their desired rate of returns as the move towards transparency reduced their risk and they invested heavily in operational capability to improve returns.
Right now, ‘right price’ is the price that will ensure that my customers will be treated fairly. No longer is it purely about price maximisation. As a seller who now retains responsibility for accounts sold, if you seek too high a price it could drive a whole host of activities that wouldn’t fit your wider customer-centric philosophy.
In summary, the industry has moved from limited data exchange, to pre-sale openness, to transparency across the whole life of the customer. Creditors now want to not only know how their customers will be treated, but want evidence to prove they are being treated fairly.
I am not sure that everyone’s expectation of the right price has caught up with the times. But this is where we are most definitely headed.
By Nick Georgiades, Director of Advisory Services TDX Group

Monday, 6 October 2014

Third party oversight

Recent results of LSB review of subscribers’ handling of customers in financial difficulties.

I read with interest the recently published summary findings of the Lending Standards Boards’ (LSB) review of how subscribers to The Lending Code handled customers in financial difficulties.

For those not familiar with the detail, the LSB re-ran a set of monitoring first initiated in 2013. The review focused on the extent to which subscribers and their DCAs are handling customers in financial difficulties with a focus on the policies, processes and controls in place - including areas such as staff training, incentive schemes and complaint root cause analysis. Additionally, the review also assessed subscribers’ due diligence processes when selecting a third party for contingent collections or debt purchase and the oversight processes in place.

The LSB examined the governance frameworks and processes used by a sample of nine code subscribers and either a DCA or debt purchase firm used by each of them.

The results made for interesting reading. In summary, the reviews resulted in one ‘green’ rating, six ‘amber ’ and two ‘red’ ratings for the nine organisations assessed.

The report highlighted general weaknesses in a number of the firms reviewed including the adequacy of training of agents to deal with customers in financial difficulty and the completion of affordability assessments and the questioning of customers in financial difficulty. The report indicated, however, that the factors driving the red-rated and weaker amber reports were largely in relation to ineffective oversight by the subscriber over its outsourced activity and, in one case, inadequate due diligence conducted prior to the subscriber selling debt.

I think the report is interesting for a number of reasons:
  1. At a time when there is a lot of ‘noise’ around the requirement for financial service organisations to focus on FCA readiness it is a timely reminder that the FCA is only one part of a wider regulatory/compliance regime.
  2. It supports the need for creditors to learn from their peers and to benchmark their organisation against good/best practice from across the industry.  Whilst the report is critical of certain organisations practices it also calls out a number of examples of good practices and rates one organisation ‘green’ (a potential exemplar for their peers?).
  3. Finally, with lending levels set to increase as market conditions improve, there is likely to be increased demand for both DCAs and debt purchasers to help creditors manage their debt books as they grow. 
It is clear from the report that it is critical that all creditors ‘get their houses in order’ now, particularly with regard to ensuring there is an appropriate level of oversight and due diligence of third parties.

By Charlie Horner, Lead Consultant - Debt Sale and Advisory, TDX Group

Monday, 29 September 2014

So what exactly is a Product Manager?

I’ve been at TDX Group for six years this month. I know I look older, but that’s actually over half of my post-university working life. I’ve spent most of that time working within our Debt Sale business, focused mainly on the delivery of a service to our clients and becoming a subject matter expert on debt sale.

More recently, I started a project along with various internal teams on developing our new debt sale platform, VENDO. Then I got a chance for an internal move, into our Products department to formally take ownership of VENDO along with some of our Industry Solutions products. It’s a great opportunity: a chance to apply what I’ve learned over the last six years in a different way, whilst learning some new skills.

So having become a Product Manager, I thought I should be proactive and do some independent reading on product management practices. I started by looking online and Google took me to a website which was nice and clear, concise and talked about product management with a little venn diagram. It simply described a product manager as an intersection between Business, Technology and User Experience. It recommended a book which I duly bought and downloaded onto my Kindle.
I eagerly opened the book and scanned through the contents pages. 40 chapters spread over 220 pages. None of the chapters said ‘Summary’ or ‘Top three things you need to know’ or anything like that, so I put it down and thought I’d have a read later.

To appeal to someone like me, the book needs a nice summary; something to hook me in and help me to decide I want to read it. I guess it’s too late now that I’ve bought it but of course I won’t recommend it to anyone until I’ve read it and decided if it’s any good.

So I did learn one valuable lesson about Product Management from the book. You must think about your end user. I’m fairly sure I’m not unique in my desire for the five minute summary yet the author, editors and publisher failed to consider me when they created the product. They’ve missed out on appealing to a whole group of users.

I might get round to reading the book at some point. Thankfully I have a team of experienced colleagues around me who can help me learn more about good product management. But I certainly know that a good product needs to meet the needs of a range of users and that should be central to its design.

By Andy Taylor, Product Manager - Debt Sale, TDX Group

Friday, 18 July 2014

Why do we need Software Testing?

This is an excellent question, and one that regularly gets asked in organisations that have to deliver projects and software. Why can’t the developers just test it? Why can’t the end users test it? Surely anyone can test?

The growth of Software Testing as an industry over the last 20 years is a clear indication of the importance that large and small businesses place on having workable, easy to use software. It is no coincidence that this growth has accelerated as we now use software in everything we do – surfing the internet, in our cars, on our tablets and mobile devices, even typing this blog! So we, as users, should know what good looks like, and what bad looks like…..
We have all had moments when a programme crashes mid-use, data goes missing or when you’re trying to book a holiday and the web site illogically asks you to re-enter all your details again! So, by using these programmes - does this make you a software tester?
Being a software tester is  like being a food critic really – I, personally, have no idea how to make a chocolate soufflé or a fricassee of mung beans and samphire, but I do know whether or not I like the taste. However, food critics have an advanced knowledge of food combinations, an objective and consistent opinion and tend to advocate high quality food. Software Testers are similar – they may not necessarily know how to develop the next Windows or Mac operating system but they will definitely know whether it’s good or not, and their opinion in the market place affects the view of whether it is a successful and popular product or not. It can make or break a version, product or even a company. 
However, even software testing skills are changing. Testers are becoming even more highly skilled and are bridging the gap between development and testing by learning coding techniques. This allows for more automated testing and makes the testing even more efficient and effective. With software becoming ever more sophisticated, the number of test scenarios that can arise from a seemingly simple piece of functionality can be mind boggling and reach the millions - it would take a human tester years to cover every scenario, and even a risk based approach would eat resource and not cover every possible outcome. As a consequence the work of software testers is becoming much more about using clever programmes and a variety of tools to cover as much ground as possible.
We know that we can never test every possible variable - it’s impossible, why else do Microsoft and Apple need updates? Things change and change needs testing. We can however, reduce risk – recent high profile cases in the press like Amazon, highlight the fact that even the slightest mistake can cost a company millions. Data is now one of the main currencies in the world and the Data Protection Act and privacy laws mean that breaches caused by software errors are treated with the highest level of severity and mistakes are not tolerated. Cloud computing, multiple access points and internet forums are all threats to a company’s reputation and balance sheet.
So back to the question – why do we need software testing? The answer is to reduce the risk of external failure. Internal failure such as a defect is fine as we can fix it and deal with it, however if software has an external failure then the world knows and it’s too late. Testers are a different breed, some say pedantic (and they are right) but without them who will check that a button on a website does what it should do and that it doesn’t do what it shouldn’t to the nth degree?
Here at TDX Group we strive to ensure that all our software is tested following industry best practice, the tools we use are cutting edge and the testers we hire are multi-skilled. We reduce risk and think of our customers – they don’t want 300 buttons when one will do! And we will continue to do so because we build our reputation on quality. We strive to reach the impossible goal and dream of the day we can say – you know what? We have managed to test everything. So next time you use a website and you click the submit button think of how much data has been validated, stored, organised, processed and actioned to get that button to work. And of the thousands of tests that will have checked that your date of birth entered is valid and correct, your password and username combination satisfies the criteria and everything just works – that’s because we checked it all.

By Paul Sibley, Software Testing Manager, TDX Group

Thursday, 10 July 2014

Cake, cake, cake

Working at TDX Group can be a challenge, and one of the biggest I’ve faced since joining the TDX Group team is all the goodies that are so regularly on offer to celebrate our success!

June saw the final round of the TDX Group cake bake off – the show-stopper round, and the celebratory afternoon tea. Now, I’m all for celebrating but it comes at a price; my diet app doesn’t like it!

Over the past 10 years I’ve been a slave to my weight. Like many people I’ve been on a range of diets, some successful and some not.  I’m under no illusion and realise that the main blocker to my success is usually me, after all, most diets are simply a controlled way of restricting calorie intake while promoting exercise. The similarity I’d like to draw between dietary habits and information security is that applying them both successful is a tricky balance between control and manageability.

During periods of over-indulgence, I’m without restriction and, quite frankly, anything can happen… Imagine a world where nothing is controlled, colleagues are left to get on with their day without security controls or restrictions. No content filtering to slow down progress, no anti-spam software to get in the way of legitimate emails that sometimes get blocked, no policies, procedural controls or anti-virus, etc. Viruses would quickly and easily get into the network, information would soon get lost or become compromised and our business would fall over; the weight gets piled on.

At the other end of the scale you could imagine something from Mission Impossible; security through ultimate control.  To access a system you enter a fort by passing through a guarded barrier with a photo ID proximity pass, you move on to another secure door with retina or fingerprint scanning, and then through a final secure door with a key-coded lock. Once inside you access a standalone system with no internet or network connectivity and use multi-factor authentication to log on to a PC which doesn’t permit removable media.  Nice and secure and there are no ways for a virus to get in, or data to get out, but the day job is impossible and the user will soon start to look for cheats and workarounds. Those 500 calorie a day diets have such strict controls in place that it seems impossible to stick to them while retaining your sanity; losing weight is guaranteed, but it’s unfeasible as a long term solution.

So, we apply a risk managed approach which compares what colleagues want to do against the long term risk of them doing it; too much control and they can’t work effectively and look for insecure alternatives, too little and things start to fall over…

My best dieting successes have come from a blend of control and balance; everything in moderation.  Losing control and having that big slice of cake won’t help with weight loss, and watching everyone eat while you stay in ultimate control may well send you crazy, but just a small slice will keep you happy and is unlikely to scupper the long term plan.

By Vicky Clayton – Information Security Officer, TDX Group

Wednesday, 2 July 2014

Looking good? The importance of design in Management Information

I have already talked about the principles behind making great Management Information (MI) but there is one final area that is often overlooked, despite being the most obvious: design. Truly great MI has to be well designed in order to have a real impact and to be really appreciated within a business.
Nowadays there is an ever-evolving love affair with data visualisation. Some see it as an opportunity to bring data and analysis to a wider audience through more relatable visuals whilst others see it as an art form in itself. However, data visualisation for me should do one of two things, either tell a story or bring a complex data set to life.

You will probably have seen infographics that tell a story, usually breaking down a topic to its key facts and broader implications to make for an engaging read, such as this gem on ‘Documents’. Infographics do have their use within a business however they are most powerful as marketing tools and a way of engaging with clients both new and existing. Turning complex data into a visual that makes instant sense is a difficult thing to do, as anyone who has ever tried to represent a large data set in Excel will know. Take for example this chart which shows the connections and activity of Facebook users across the globe . By transposing the data onto a familiar image (the earth) and representing activity through the neon lines we can easily relate to the data and instantly pick out interesting talking points such as China, South America and Africa. Not only is it functional, it is also beautiful, and I am a great believer in spending time on designing charts to both look good and be useful, it makes explaining them much easier.

In my time as a Consultant and as an Analyst at TDX Group I have put together many reports and MI dashboards, and have always been willing to put the extra time and effort in to making their appearance as good as their content. In a recent project I presented some example MI in the client’s branding, which enabled them to relate to the examples in a more meaningful way. Then the discussion could focus more on the concepts of building an MI suite as opposed to focussing on explaining unfamiliar examples.

I have also found that spending the time to make a chart look right has a great impact on how it is received. The biggest challenge is usually finding the best way to represent the relationships between data points and how they affect one another - the message is often lost when each point has its own visual but when combined into one chart it can change the conversation.

To me the design elements are just as crucial as getting the KPIs and the data correct. The design is often what will enable your MI to be read and understood on a wider scale. A well-designed MI suite reflects a knowledge and understanding of the business that gives confidence to those who rely on it on a daily basis.
By Stephen Hallam, Consultant, TDX Group

Tuesday, 24 June 2014

Head in the clouds

I recently read an article on the BBC news site about wastage in local government. The statistic that really stood out to me was that of the £440 million spent by councils on IT in 2012-2013 only £385,000 was spent via G-Cloud – the government’s digital marketplace for procurement of IT systems and services. That’s less than 0.1% of spending, a staggeringly small proportion in a period of widespread cuts and on-going efficiency drives.

The fact that councils aren’t embracing G-Cloud isn’t the biggest issue here; it’s the slow adoption of the wider concept of cloud based IT as the preferred approach. As of 2013 around 30% of councils used no cloud delivered services. The 70% embracing the cloud sounds promising, but when we dig deeper this tends to be in one or two niche areas within the council, or just email, with most local authorities continuing to spend the majority of funds on traditional on premise IT and maintaining legacy systems.
There are two main reasons I’m interested in this, the first being the most obvious one of cost. Cloud services tend to be cheaper. There is no hardware on site, meaning lower initial setup and on-going maintenance costs. This makes a big difference, as today 38% of IT budgets tend to be spent on support and maintenance.  You also avoid waste. With traditional on-site hardware a large proportion of the functionality and computing power may never be used, but with the cloud you can generally pick and mix from modular options, and the hardware itself can be shared with other users.
The second and more interesting reason though is innovation; to me the cloud means progress. Cloud services can be updated quickly with improvements rolled out to users remotely. Systems aren’t installed on site and forgotten about; they can evolve and improve, with all customers benefitting from new features and functionality. A cloud-based solution encourages the provider to work with their customers to optimise for the entire user-base, and not to have to develop bespoke solutions for every client. This drives innovation and can result in significant benefits for customers, with it being far easier to embrace new approaches and best-practice. Interestingly this comes back to my original point, sharing services between local authorities, or even between the public and private sectors doesn’t just save on IT costs, it results in better, more flexible systems which lead to improved services which are both more efficient and more effective – effectively you’re spending less and getting more.
One final thought while we’re talking about sharing. What about taking it a step further? Cloud services create the opportunity to share data and insight, not just servers and IT support. It might be a bit of a leap, particularly in the public sector, but knowing more is generally a good thing, and sharing data is a good way to get there. There may be hurdles to jump, but joining up these systems and maximising the use of data within and between local authorities whether in revenues and benefits, public transport or housing might have the potential to have a far greater impact on cost savings than the current practice of reducing household or community services
By Patrick O'Neil, Head of Pre-Sales Consulting, TDX Group 

Tuesday, 17 June 2014

The importance of solid foundations in a vendor management strategy

With an ever-growing increase in regulatory focus on the debt industry, 2014 is becoming the year where we are all focusing on creating solid foundations for growth, supported by innovative new ways of increasing performance through data, analytics and segmentation. Through analyzing what does and does not work in an Outside Collections Agency (OCA) management strategy, we can drive wide scale benefits, not least to performance.

The foundations of such a strategy fall broadly into three categories:
  • Data transfer – Is information being effectively transferred back and forth from OCAs
  • Process management – Are accounts fully reconciled and not getting stuck in any processes?
  • Portfolio visibility – Do you know exactly what suppliers are doing with each account?
We know that ineffective or broken collections foundations result in poor customer experience, for example: the need to re-supply information to agencies, delays in responding to queries or continued contact attempts to wrong numbers. These are exactly the customer challenges that are driving the current focus on the industry from regulators such as the Consumer Financial Protection Bureau (CFPB).

The good news is that resolving these issues will not only ensure adherence to regulatory guidelines but also drive significant collections uplifts as the customer experience is inextricably linked to performance.

In the 21st century it is important that all industry participants have an effective data transfer mechanism to and, just as importantly, from agencies, as this ensures data accuracy. Accurate data not only prevents incorrect contact attempts, but also supports agencies in the collections process. In addition, a fast turnaround of disputes not only improves the customer experience but also drives uplifts in resultant performance on these accounts by over 40%*.

Finally, having account level visibility of supplier activity not only meets regulatory requirements around supplier monitoring but also helps to fundamentally change the performance management discussions of vendor managers.

There are many more examples which demonstrate the importance of focusing on, and improving, the basic foundations of an OCA management strategy. This importance is becoming ever increasingly critical given the onset of growing regulatory requirements in third party supplier management. But the benefits of getting this right are far wider reaching; reducing wasted resource and driving significant performance uplifts – something which I’m sure all industry participants would welcome.
*source TDX Group data 2014

By Chris Smith, TDX Group

Wednesday, 11 June 2014

TDX moves down under

With TDX celebrating its 10th birthday this year, there's a lot of opportunity to look back at the history and evolution of the company; a small business created in a barn to meet a need in an evolving market has now become an expert in the industry.

Over my two years with TDX I've seen the rise of a number of exciting projects that are changing the market's landscape – not just in the UK but also overseas. This is why I am so excited about being a part of TDX's Australian (ad)venture! Last year we launched with Telstra, our flagship Australian client, and we are currently working together to deliver some fantastic results (and we’re already in talks about how we could revitalise their portfolio again) and we’ve recently taken on our second client.

It's easy to rest on our laurels and talk about the performance and compliance benefits that are realised within the first few months of taking on a new client or a new portfolio; but for those who are looking to the future, creating a rich data asset to be mined over the coming years is what makes the real difference. This is how we provide our clients with insight into their customer base post-acquisition which can be utilised not just to boost recoveries and collections, but also to ensure that all customers receive the right treatment depending on their circumstances.

It should come as no surprise that when an individual defaults with a telco, utility or line of credit with a financial institution, other defaults soon follow, as the root cause is often financial difficulty at the customer level. Having a single view of that customer outside of a one client portfolio allows you to ensure that you control the flow of activity to that customer and enables you to make sure that they are treated fairly - protecting your brand whilst also leveraging the customer’s recent contact and income and expenditure information to make the appropriate decision.

This isn’t just relevant to the UK or the Australian market; across the globe, regulations are being tightened and net performance is being squeezed due to increased cost to collect. In this context, technology platforms are a vital asset for making collections and recoveries both cost-effective – and fair for the long-run.

Applying this forward thinking, data-driven approach is what has kept TDX ahead of the game for the past decade, and what I’m sure will lead to a positive future in the Australian market. Whilst TDX's path in Australia differs from the UK, after all the market is different - it would be remiss of us not to acknowledge that we're standing on the shoulders of giants!

By Guy Bourne, Head of Analysis, TDX Australia

Monday, 2 June 2014

Where next for debt buyers?

Over the last year, the debt purchase market in the UK has been dominated by the arrival of the large US debt buyers looking for new opportunities away from their increasingly regulated domestic market. The interesting point here is that regulation is also being stepped up in the UK, and the influx of lower cost funding into the UK market has only served to push up pricing which has further depressed IRRs for key debt buyers.

So, with the UK market, like the US, becoming increasingly competitive and more heavily regulated, debt buyers must now look to other markets to purchase assets at high IRRs. One theory behind the rapid expansion from the US to the UK is that buyers are, effectively, using the UK as a bridgehead into debt purchase in potentially more lucrative European markets.

Some of the larger UK debt buyers are already looking at the Spanish market and have started acquiring assets and, most importantly, building performance datasets. However, a more general expansion across Europe has yet to really begin. The key thing holding most debt buyers back is the lack of outcome data and liquidation curves in these new markets, which is a bit of a chicken and egg situation. It’s hard to invest without the data, but you can’t acquire data without investing and learning about the markets.

This leaves debt buyers with two choices for expansion into the European market:
  • Partner with or acquire local entities who have outcome data from previous purchasers or agency activity.
  • Seed a number of markets with low value (and preferably high account volume) purchases to develop datasets for a ramp up of purchasing in the future.
It will be interesting to see how the different purchasers approach the European expansion challenge over the next 12 months. I think the really interesting feature in all this is that whilst some European markets are attractive, it is the emerging markets on a more global scale that really offer the best long-term strategic opportunities. Debt sale as a tool is increasingly prevalent outside of the developed markets and without significant external competition, local purchasers are being created to meet demand.
The opportunity for significant global growth is there for debt buyers, but it will require much more than just a Eurocentric vision.

By Stuart Bungay, Managing Director - International Expansion, TDX Group.

Thursday, 1 May 2014

Avoiding the pothole

Information Security and Data Protection can be dry subjects; it’s not uncommon to see someone rolling their eyes when they crop up as they can be perceived as blockers towards innovation. Security specialists have historically been seen as ‘no’ people but, honestly, we’re actually people  who prefer to say, "yes, but maybe not like that”.

Information Security is much more effective when considered early and embedded into the foundations of any product or process than if it’s bolted on as an afterthought later. Effective controls can then work to enhance features and provide additional layers of protection. If a road surface is cracked or damaged it’s much more effective to the long-term solution to resurface the entire road than to patch it; one good freeze or downpour will cause potholes and inevitably the damage gets worse.

The same can be said for awareness and training. We have an obligation to the success of our business, and to our customers, to ensure all colleagues have a basic awareness of Information Security and Data Protection principles and we therefore provide computer based training for all colleagues at induction and then annually.  But, is an annual training course enough? An ongoing programme of awareness is much more likely to turn compliance into habit.

It’s also reasonable to expect that telling people they must do something won’t quite get the same level of enthusiasm as them choosing to do it.  That’s why, at TDX, we incentivised this year’s annual information security training by entering everyone who completed it by an early deadline into a prize draw, resulting in a much higher early completion rate than we could otherwise have achieved.  It’s too soon to gauge whether this approach will have a better impact on individual understanding, but we believe that if the majority of people complete it of their own volition rather than with their manager standing over them it will make a difference.

Awareness campaigns shouldn’t be about ticking a box or patching that pothole, we should be much more interested in the foundations of our business and by providing regular, consistent messages we can achieve real behavioural change and seek to embed those positive habits.

By Vicky Clayton, Information Security Officer, TDX Group

Tuesday, 1 April 2014

Why does Amazon know more about our customers than the collections industry?

In the current age of big data, organizations are becoming ever-increasingly sophisticated in their ability to understand and react to their customers’ needs and requirements. B2C companies like Amazon know exactly what I want to buy as soon as I log in, while Google regularly displays adverts for products similar to those I have recently been researching. Even across our industries, suppliers gain a detailed picture of my circumstances whenever I apply for credit or a utility supply. Why is it then, that as we progress customers through the billing and collections lifecycle, our understanding of a customer’s circumstances actually declines?

We all know that a critical aspect of any collections activity is building an understanding of an individual’s circumstances. This enables the optimal strategy to be deployed on the account and also informs discussions with that individual, which is of growing importance given the increased focus on ensuring the fair treatment of customers; surely this can only be achieved if we truly understand each customer’s individual requirements?

We must not forget that our industry has one huge advantage over other organizations - we actually engage in direct dialogue with our customers throughout the process. We continually have the opportunity to build a really clear picture of the individual throughout the collections process, whether that be through capturing Income & Expenditure details, understanding the root cause of financial distress or just understanding a customer’s overall ability to pay. Unfortunately this data is currently not always captured effectively, let alone shared between collector and creditor, as accounts flow through the process.

Unsurprisingly, this disjointed sharing of information can also drive a disjointed customer experience; examples of which include:

• A customer being required to complete the same I&E process multiple times with multiple agencies as accounts are recycled through the process.

• A customer communicating and agreeing a resolution relating to their short-term financial challenge, only for the account to then be passed to a new agency with no visibility of this discussion.

Building on the capture and utilization of this data, rather than placing new information in a silo and requesting the same data multiple times from the customer, can only be a positive move forward.

As our industry continues to focus on improving the customer experience, understanding the circumstances and requirements of the customers we serve is critical. We already have access to a large amount of the data required to enable this from the interactions we have with our customers. By working closer together and using existing technology creditors and agencies can share new information with each other, which will ultimately enable agencies to have more informed discussions, and truly improve the resultant customer experience. Furthermore, this will also allow creditors to improve their overall collections strategy – a win for all concerned!


By Chris Smith, TDX Group

Tuesday, 25 March 2014

How can the debt industry reduce waste?

I’ve been thinking about waste.

As you probably know, the debt collection industry largely operates on a “no win no fee” basis, meaning creditors typically pay debt collection agencies a % commission when they collect money. This results in much talk about the “cost-to-collect” - but I’m left wondering about the cost to not collect. What about the costs incurred on all those accounts which don’t pay?

The truth is that the accounts that do pay, end up paying for those that don’t.

So, how does that work?

Debt collection agencies work out how much cost they will incur in working a portfolio of accounts, for letters, outbound dial attempts, inbound calls, payment processing and so on. On top of this an agency will add their profit margin. This is then divided by the number of accounts in the portfolio to get to an agency yield per account.

The agency will then calculate the likely total amount of collections and divide this by the number of accounts to arrive at a forecasted gross cash collection per account.
Divide forecast gross cash collections per account by the agency yield per account and you get the % commission

Here’s an illustration:

Agency yield per account       Agency commission          Gross collections per acct.
Agency costs £2.80                   Agency yield £4.00               Ave. balance £350.00
Agency margin £1.20                Colls per acct. £35.00           Liquidation 10%
Total  £4.00                               Commission rate 11%          Colls per acct. £35.00

So back to waste … I’ve been wondering just how much spend is wasted on accounts which don’t pay? Wouldn’t it be valuable to reduce the work on these accounts (fewer letters or dial attempts), or reinvest those costs on accounts more likely to pay? After all, we know all about the ‘low hanging fruit’ - accounts that pay fairly easily, but what about the fruit hanging halfway up the tree that, with a little extra shaking, will liquidate too?  If we invested extra activity on those accounts, which is funded by the reduction of spend on what is basically a rotten apple, could we shake more off the tree?  I think so.

So, how do we reduce waste?

Take customer queries for example. Queries are a prime area of wastage in the collections process.  Swift resolution of simple queries is known to deliver an uplift in cash collections, but queries are expensive to manage, delay resolution and are unhelpful to the customer.  By taking a close look at the query process – finding out the root-cause of the queries or understanding why the same queries re-occur – it is often possible to reduce the number of unnecessary customer queries being raised. Fewer queries mean lower costs.

I’ve realised that reducing waste and investing those savings in more productive activities is the key to more effective collections. All activity is becoming more expensive, and in some areas arguably less effective, so we need to look at how we uplift net collections (that’s after costs have been deducted) in a more intelligent way.  I believe that means understanding even more about the customer by using the data at our fingertips.  We know that Equifax understand this notion and use propensity scoring to eliminate waste.  They take a batch of accounts, and, using the vast amount of data that they hold, can pinpoint the accounts that will bear fruit and identify the rotten apples.  When we combine this information with TDX scorecards and segmentation we can offer our agencies an even fuller picture of their customers, which allows them to better tailor their strategies to the type of customer they have.

I’m also convinced this will also lead to a better experience for the customer  - a win all round!

By Charlotte Mather, Senior Insight Consultant, TDX Group

Thursday, 20 March 2014

Embracing regulatory change – and reaping the performance benefits

The past year has seen regulators place their focus firmly on the debt collection industry, specifically on the latter stages of the collection process involving third party suppliers such as collection agencies and debt buyers. It is clear that this part of the process faces greater challenges as a result of the added complexity from having multiple parties involved in collections activity, and the inevitable reduction in control from the utilization of third parties. This is best evidenced through the five-fold increase in consumer complaints originating from third party activity, rather than internal collections, - this identifies the key reason for the interest from regulators.

The industry’s reactive approach towards regulatory change has resulted in a lack of preparation, driving creditors to make performance-damaging decisions. An example of this includes wide-scale reductions in the sizes of agency and buyer panels, even, in some cases, to the extent of a total withdrawal from the market. These behaviors come at a heavy cost; in some cases driving a reduction in collections of over 35% which is unlikely to be sustainable.

However, this trade-off between regulatory adherence and collections’ performance does not have to be a key theme for the industry. As a positive customer experience is inextricably linked to underlying collections’ performance; then regulatory adherence can be utilized to drive collections’ uplifts.

One of the key requirements identified through a variety of regulatory publications, including the OCC’s best practice guidelines for debt sale, focuses upon the need for ongoing monitoring of suppliers. A robust, systematic monitoring solution will immediately identify any compliance breaches by suppliers which can then be effectively managed and mitigated. Furthermore, this monitoring can immediately identify any process exceptions which impact collections, and the subsequent increased visibility can be utilized to align the suppliers’ collection strategies to the wider collections process, i.e. why re-call an account that has just promised to pay.

Another key focus of the regulatory guidelines focuses upon the response to customers’ queries and disputes. Implementing an efficient process and systems to timely respond to queries and disputes will reduce response times, which clearly improves the customer experience. Less well recognized are the performance benefits that this improvement drives; reducing query response times from 21 days to 3 days drives a staggering 40% uplift in resultant collections from these queried accounts.

Our view is that over the next 12 months leaders across the industry will start to realize this vision of improving both compliance and performance, achieved through implementing a pro-active approach towards changing regulation. Companies which do  not just ensure adherence to regulatory requirements, but place their customers’ interests at the center of their third party collections processes and strategies will benefit most, whereas those creditors who continue to simply react to the market will continue to trade off performance against compliance.

Those companies that apply a proactive approach and accept that regulation is changing, will not only demonstrate best practices in regulatory adherence, but also drive significant improvements in their collections’ performance.

By Chris Smith, TDX Group

Tuesday, 4 March 2014

Are your KPIs measuring the right things?

I recently watched Moneyball, a film based on the real life story of the Oakland As baseball team, who in 2002 were struggling to compete with larger, and richer, baseball teams like the New York Yankees. In order to level the playing field, whilst not obliterating their comparatively small budget for building a team, they focused on statistics, utilising analysis to identify the figures which best predicted a winning team. Rather than focusing on a handful of ‘Major Stars’, they built a team of ‘average’ players, with consistent performance results. This approach enabled them to reach the playoffs for the famous World Series. 

By understanding the Key Performance Indicators for your business you can become more competitive and more confident in your capabilities. The first step of understanding your KPIs is making sure they are set up correctly. Even if your KPIs are established, there is room for reviewing and refreshing them as your business changes.

1. Ensure your KPIs remain aligned to strategy – This may sound straightforward, but is easier said than done. As a company grows the strategy may shift from, for example, pure cash collections towards reducing complaints. However, in our experience, this may be an area your KPIs are missing, as getting a true view of compliance and complaints is often a difficult process and very rarely reported through standardised KPIs.

2. Reflect Business as Usual operations – KPIs are an essential method for monitoring your day- to-day-business. For example, a call centre operation has its Service Level Agreements (SLAs) to meet, but having the KPIs that drive them, e.g. average handling time, peak/off peak answer times etc., will enable you to not only manage SLAs effectively, but make them work for you and drive performance.

3. Measure the right things – Not everything is easy to measure, but everything is measurable. It’s not practical to measure every possible factor of your business, but it is negligent to not measure something that is important to your business. For example, if your current KPIs tell you how long an agent is on a call for, but your focus is currently on customer satisfaction, have you set up a method by which customers can air their praise, or grievances?

Just like the Oakland As and their stats approach to winning baseball games, KPIs are the key details you need to find the winning formula. They enable you to play the averages on the core business, rather than relying on the occasional star performance to save the day.

So, are your KPIs really telling you everything you need to know?

By Stephen Hallam , Consultant at TDX Group

Tuesday, 18 February 2014

A summary of TDX Group’s response to the CFPB’s ANPR

Like most of the industry, TDX has recently been reviewing the CFPB’s Advanced Notice of Proposed Rulemaking  (ANPR) and collating our thoughts to help the industry provide a rounded response to the questions laid out by the regulator. Going through this process provided us with a great platform to consolidate our thoughts on a number of the key issues currently faced by the debt industry.

One of the interesting questions repeatedly raised throughout the ANPR is the impact that regulatory changes will have on the industry, both in terms of cost and collections’ performance. In other markets increased regulation can have a detrimental impact on underlying performance; our view is that this is not the case across the debt industry as customer experience is inextricably linked to collections’ performance. By targeting industry inefficiencies the CFPB is not only driving creditors to improve their customer experience but is also helping them to enhance their collections’ strategies and, as such, improve collections.

A number of the challenges faced by the debt industry with regards to the management of third party suppliers, such as collection agencies and debt buyers, can be linked back to two underlying root causes; inefficient systems and lack of overall visibility.

The first fundamental challenge when managing third party vendors is a lack of account level visibility while accounts are being managed externally. There may be little value in clarifying precisely what activity is allowed (by either creditors or regulators) if exceptions to these regulations are not immediately and robustly identified, managed and mitigated. Once this level of visibility is achieved, through either systematic or sampled audit activity, then the guidelines currently in place, around areas such as excessive calling, should not require further definition, as creditors can develop and manage against their own internal policies.

Secondly, challenges relating to information transfer of data, media and information are often rooted in systems utilized to manage third party interactions which are not designed to manage this process. This places constraints or delays on the transfer of information, furthermore, the manual workarounds often put in place often increase the likelihood of errors; both of which can impact the resultant customer experience.

It is clear that 2013 saw the debt industry passing an inflexion point with regards to its priorities; a shift away from performance and firmly towards adherence to regulatory requirements, there is, however, further room for the market to progress. Based upon our experiences across the globe, we see that markets which focus upon the principles of the fair treatment of consumers, and not just on meeting regulatory requirements, are those which drive optimal behaviors. The challenge currently faced by the US debt market is how to move away from merely satisfying the changing regulations, towards driving best practices which ensure the optimal treatment of customers, which will, in turn, drive improved performance.

By John Telford, CEO North America, TDX Group

Friday, 14 February 2014

Transforming data into information?

Data, big, small, local, global, no matter its form, is one of the most sought after assets in modern business. There is an assumption that data is the be-all and end-all when it comes to knowing about your field, but data on its own is limited, whereas information can be invaluable.

Former US President Theodore Roosevelt has more quotes and facts attributed to him than almost any other political figure in history, but one thing I find fascinating about him was his constant quest for information and knowledge. It is said that he would read a book with breakfast and at least two more before he went to bed. Not everyone can boast similar speed reading skills, but what was even more impressive is how he managed to focus his concentration and retain such vast pieces of information.  As one biographer wrote, “his occupation for the moment was to the exclusion of everything else; if he were reading, the house might fall about his head, he could not be diverted.” Roosevelt was notably able to apply what he read to his thought process and problem solving - from the autobiographies of his mentors and historical accounts, all the way to poetry and Greek mythology, he was convinced everything he read had something valuable to teach him about life.

But how does it affect what we do day-in day-out? As a consultant I have come across both sides of the coin such as companies with limited data who have assimilated it into as much actual information as they can, and continue to focus and dedicate their analytics to find new ways of understanding their data asset.  Conversely, I have seen companies who have mountains of data, but have never stopped to turn it into information. You may guess correctly that the company with lots of information from limited data often performs better than the company which has masses of data but limited information. I believe the difference is what Teddy Roosevelt called ‘concentration’, or, in our world, analysis.

Analysis should be focused on turning data into information, sometimes it may mean following an avenue that doesn’t lead to an immediate result, but the process of getting there can glean useful insight and enhance an analyst’s understanding for future projects. We often see analytical resource deployed to ensure that the business continues to run smoothly, or to find a work-around in a crisis. Whilst this is unavoidable to an extent, a conscious effort should be made to allow analysts time for research and development and not just use them to firefight or continuously maintain systems.  

We know this because as consultants at TDX we are in a unique position of being able to step back from the day-to-day business on behalf of our clients, and to concentrate solely on a particular area of the business or a unique set of data. We are able to apply the information we have gained from previous engagements to deliver solutions that may not have been considered previously, particularly by an in-house team. Because of this position, we can see that companies who truly excel at turning data into information make the effort to give their analysts this time for ‘reading’ and creative thinking. We’re fortunate - as consultants we have the luxury of this every day.

By Stephen Hallam, Consultant, TDX Advisory Services

Wednesday, 5 February 2014

The changing landscape of supplier audits – policy and process audits alone are no longer acceptable

One of the key outputs of the US debt industry focus on compliance and regulatory adherence is the increased rigor around policy and process audits conducted on suppliers such as collection agencies and debt buyers. In the current regulatory landscape, however, creditors need to question whether this approach is enough to satisfy regulators who have been doling out fines, not because of a lack of monitoring of the policies and processes, but as a result of suppliers not adhering to these policies and processes. As such, we believe that the audit landscape will change significantly over the coming year, examples of which will include:

• Supplier audits will not only ensure that policies and processes exist, but will also focus on validating that they are adhered to.
• Creditors will use systemized solutions to provide greater visibility of their suppliers which will become critical in executing the above audit activity.

A commonly accepted phrase across the industry highlights how “a fundamental objective of the CFPB is for the industry to self-identify, manage and mitigate UDAAP or other regulatory breaches”. This illustrates that the aim of the CFPB is for the industry to identify and resolve issues on its own, rather than awaiting a raft of complaints from consumers to the regulators. To achieve this, creditors need to ensure that the agreed policies and processes are being adhered to, through either sampled account level auditing or the utilization of systematic tools.

The fundamental concept behind account level auditing is to monitor the activity completed on accounts; this can be conducted through reviewing accounts on the vendors’ systems or even through mystery shopper activity. These techniques are critical to ensuring that both pre-agreed strategies are being executed and to identify any process flaws which damage the customer experience, e.g. delays in payment processing or the uncertified application of fees.

In the current environment the frequency of this activity needs to be increased to monthly, at minimum, to enable the identification of any process exceptions.

One key aspect of this activity is call listening which ensures that vendors are interacting with customers in a manner which aligns both to regulatory requirements, and to the creditor’s own standards. TDX Groups’ call listening activity on over 1,000 calls per month initially identifies that in excess of 5% of agency calls fail to meet regulatory guidelines with over 20% providing an insufficient customer experience. The identification of these issues, however, enables robust action plans to be put in place so that agencies can significantly reduce these numbers.

As the industry slowly moves towards robust account level auditing, those currently applying best practice regulatory adherence with respect to vendor monitoring are now applying systematic solutions. The systematic solution to account level auditing captures account level agency activity data to enable the immediate identification of any process exceptions, such as excessive or out of hours calling. Likewise, call listening activity is now moving towards systematic solutions, at its simplest using the above account level activity data to select calls to review. The latest revolution utilizes automated voice recognition software to enable creditors to “listen” into a greater proportion of calls and better identify those that require human review and potential intervention.

In summary, although the vendor auditing landscape has evolved throughout the past year, we anticipate a fundamental change in the activity conducted throughout the forthcoming year. Although the presence of policies and processes will remain of vital importance, the focus of creditors will shift towards ensuring that these policies and processes are being adhered to. Those creditors at the forefront of the industry will begin to deploy systematic solutions to satisfy the CFPB’s desire for the industry to immediately identify, manage and mitigate and breaches against industry codes such as UDAAP and TCPA.


By Chris Smith, TDX Group

Tuesday, 21 January 2014

Where next for compliance?

As we all know, the compliance landscape for debt recovery has changed dramatically over the past decade.  Regulators have gradually been stepping up the expectations of our industry, principally since the Office of Fair Trading’s (OFT) first release of debt collection guidelines in 2003.

Initially the industry tried to carry on with existing practices and just tick the compliance boxes.  In recent years though, there has been a shift in thought, with many in the industry genuinely embracing the intent of the regulators to treat indebted customers better.  

My own view is that many DCAs have now improved their contact approach with customers to the point where the majority of calls and interactions with that DCA are dealt with well.  For example, when call listening it’s rare now to hear aggressive agents, railroading of the customer and other such practices. In a nutshell, whilst there are still gaps, many DCAs are now doing a pretty good job with the debt they are given.  

So, if this is true, where does the regulator go next?  Or do they even need to go anywhere next? To answer this, the question needs reframing from “are collections operations doing as good a job as they can” to “is there any remaining material customer detriment?”

I believe there is, and one example is the blunt instrument of recycling. Recycling non-payers from first placement DCA to next placement is industry standard practice and, in itself, is not inappropriate.

The problem comes with the way recycling operates in our industry. The standard practice is to recycle after a set number of days (typically between 90 and 180) with no payment. The assumption being that if a consumer has not paid within this timeframe, they are not going to pay and the agency has no reason to maintain interactions with that consumer.

The truth is often more nuanced. What happens if the DCA has just managed to achieve a first right party contact (RPC) with that customer, or just reached a payment arrangement, only to have the account whipped away from them by the arbitrary application of the placement expiry?  True, agencies can request that an account is not closed, or request information from the previous agency.   But how often does this really happen?

In addition, when accounts are recycled, the quality of information passed from the first agency to the second is often poor. The vast majority of accounts are returned simply as ‘efforts exhausted’ or ‘unable to collect.  In reality, the first DCA has much more information that could help the second agency to have a more empathetic and informed conversation with the customer. For instance, has a conversation with the customer taken place?  Was an arrangement reached but broken? Did the customer say they were in financial difficulty?  Does the customer have certain special circumstances that are understood?  We have all heard the impacts of this when we listen to second and third placement calls; ‘I’ve explained all this to the last company’, ‘what about the issues I raised over 2 months ago’, and other similar interactions with customers.

It is my belief that one area regulators will start to explore next (to some degree they have already started) is the transition of accounts between parties, including the originating creditor.  We need to understand more about how this transition impacts the customer, and the quality of information that is passed between those parties to ensure that, even though the debt is changing hands, the customer at least feels like some kind of joined-up thinking is going on.

Taking a more holistic view, I believe it won’t just be good enough for each party to do the best job they can for the customer within their part of the process. What will matter next is the overall customer treatment from cradle to grave. This will require originating creditors to work with their vendor network to ensure the customer experience is fluid and connected through all stages, placements and vendors.  Key to this will be provision of more and accurate information as debts are passed on through each stage in the collections and recoveries process.  

To summarise, I see two likely directions for future regulatory oversight:
  • The Financial Conduct Authority (FCA) regulatory oversight is likely to be more rigorous in terms of identifying discrepancies versus the existing requirements.
  • New requirements will look at the cradle-to-grave experience, particularly information continuity between parties dealing with the customer.

By Rob Barrett, Director of Debt Recovery, TDX Group

Tuesday, 14 January 2014

How proposed EU data protection changes could impact your business in 2014 – part 2

In the first instalment of this two-part update, we looked at some of the most striking changes in the proposed EU Data Protection Regulation and how these might affect UK business. The highest profile change is the increase in monetary penalties from the current £500,000 to a staggering €100m or 5% of global turnover, whichever is higher – but other changes may have a more immediate impact on your business.

The benefits of certifying your compliance
Organisations will be protected from the €100m monetary penalty in the event of a security breach (unless the breach is due to negligence) if they are audited against a new EU-sponsored data protection standard. The new standard may also provide a commercial advantage against competitors who do not hold the certification, if it becomes a trusted “kitemark” for data protection.

The scheme will also be available to non-EU companies as a method of providing a legal basis for international data sharing (or offshoring). This is particularly important as most of the current provisions for non-EU data transfers will expire either five years after the regulation comes into force (for the current “whitelist” of non-EU countries, including the USA’s Safe Harbor) or after two years (for agreements which use binding corporate rules, most commonly used by multinationals).

The right to be forgotten
Now referred to as the “right to erasure”, this provision allows individuals to request the deletion of personal data. The personal data must not be related to an ongoing transaction or contract, and must no longer be required for the original purpose of processing. You may also be obliged to delete data if you rely on the customer’s consent for processing (e.g. if no formal contract is in place, such as with free services or marketing lists) as consent can be withdrawn at any time.

Deleting all of someone’s personal data (including anything which could identify them as an individual, such as contact details down to postcode level) requires knowledge of every location where the data is stored and processed. Even organisations with mature data management processes may struggle to replicate that capability throughout their supply chain, and companies should also be aware of their contract terms with third parties.  If a supplier charges for each manual deletion of personal data, this could rapidly become an unreasonably expensive process.

Introduction of a mandatory timeline for notification of data breaches
The regulation mandates that data breaches are notified to the Information Commissioner and to data subjects “without undue delay” – an improvement on a previous draft which gave a strict 24-hour timeline for reporting. According to a leading data breach report (1), around two-thirds of breaches take months or even years to discover; having 24 hours to provide details of personal records affected by a breach, several months after the attack occurred, seems unachievable. Even just providing out-of-hours cover for security staff can lead to disproportionate additional expense.

Restricting consent
The draft EU regulation protects the customer from being forced to accept “unnecessary” processing which isn’t required by the offered service (for example where companies use personal data for  marketing or behavioural profiling in addition to providing the core service). Consent will only support the processing of personal data when it is freely given, and is for a specified core purpose.
This could also affect employers, as the draft regulation states that organisations can no longer rely on consent for processing personal data when the individual is not in a position to deny consent. The main example of this relationship is that of the employer and employee - if an employer decides to record the nature of an absence-related illness (thereby processing sensitive personal data), consent is unlikely to be seen as freely given as the employee does not have the power to refuse.

While the majority of media attention has focussed on the headline-grabbing €100m penalty for security breaches, the day-to-day impact of less dramatic changes such as the “right to be forgotten” may have a more significant long-term impact on UK businesses. Small businesses in particular may need to adopt different working practices, including increased documentation of their systems and processes, in order to avoid increased costs or reliance on third party knowledge for compliance. 

All companies can prepare for the change in legislation by:
  • Avoiding complete reliance on customer consent (which can be withdrawn at any time).
  • Schedule 2 of the Act contains a list of valid reasons for processing personal data.
  • Implementing retention periods for data so that personal data is deleted or anonymised once it is no longer required. Not only will this minimise storage costs and reduce risk, but it will also provide an automated and repeatable process for the “right to be forgotten”.
  • Putting systems in place for early detection of potential data breaches and to respond appropriately. Security incidents are increasingly a “when, not if” scenario which can be addressed in the same way as business continuity and disaster recovery.
If the regulations are delayed, which is possible due to forthcoming European elections, taking these steps (and those in the first blog post) will still improve an organisation’s resilience and may provide a competitive edge. Large organisations are increasingly focussing on managing risk throughout their supply chain and a modern business which can boast of its data management and security practices will be well equipped to win new business, and to cope with future regulatory change.

(1) – Verizon data breach report, 2013.

David Rimmer, Head of Information Security, TDX Group