Many accounts receivable management companies perform cybersecurity and IT compliance audits, including SOC audits. The primary function of an accounts receivable management company is to pursue and try to collect on the outstanding debt of businesses and individuals. Many times, an accounts receivable management company will act as a third-party agent of the creditor and is paid based on a fee or based off the total amount owed or collected. Prior to a company contracting with a third-party agent to perform collection duties, the company will want assurances the collections agency is in compliance with laws and regulations, such as the Fair Debt Collection Practices Act (FDCPA).
In terms of internal controls, the contracting company will want to see the processes around receiving placements, processing collections, receipt of payments, reconciliation of receipts, and reporting of debts collected. Implementing a robust compliance program can be used as a competitive advantage. Increasingly, accounts receivable management companies are asked to implement and maintain a compliance program that demonstrates their commitment to a strong system of internal controls. Control frameworks (such as SOC 1, SOC 2, ISO 27001, etc.) are widely accepted and help accounts receivable management companies differentiate themselves from their competitors by demonstrating their commitment to maintaining a strong IT compliance program.