Compliance management isn’t exactly known for being very Zen. For most companies, it’s chaotic, stressful, confusing and full of frustrating requirements that don’t make sense. That was true for Phoenix Financial Services, too…for a while. But Phoenix Financial breathes easy, now. They’ve found a way to manage compliance requirements without all the craziness.
Phoenix Financial Services is an accounts receivable management agency that primarily collects self-pay medical debt, student loan, automotive and credit debt. A few years ago, Phoenix Financial was onboarding a customer that required them to certify as being PCI-compliant. As they grew, the compliance demands increased and became unwieldy. That’s when they engaged with TCT.
Phoenix Financial has been using TCT Portal for two years, and we asked them about their experience with compliance management. We spoke with CIO Jamie Hefty and Kim England, Phoenix Financial’s Chief Compliance Officer.
Handpicked related content: How One Cloud Provider Mastered Compliance Audits
Finding Sanity in Compliance Management
TCT: What compliance regulations do you need to meet?
Kim England: Besides PCI, HIPAA is a big one for medical clients. While we don’t have to have specific certifications, we do have to stay compliant with HIPAA. With student loans, there are various regulations we need to stay compliant with. And with banking and financial services, information privacy is important.
TCT: As your company was growing, how did your compliance demands increase? What was it like?
Jamie Hefty: It was absolutely overwhelming.
Kim: Having just two or three people to manage that process, in addition to what we do every day anyway—just to read all the different pieces we needed was overwhelming. Let alone trying to get them into place.
TCT: What was it like trying to manage compliance day-to-day?
Kim: We had to read the guidelines, translate what they were asking for, and figure out how to pull from our system some kind of documentation to prove that we were meeting those guidelines. The guidelines don’t say what kind of documentation suffices, but the auditors know what it is. The auditors don’t tell you what it is, though—you have to figure that out on your own. And you usually do that by failing an audit.
Just trying to figure out if we had what we needed was too much.
Jamie: It felt like I was reading a book, and after every page I wrote a book report. Then I’d turn the page and realize the book report was wrong and I had to rewrite it. But with TCT, they’ve seen the finish line, and they knew exactly how to get there. They had the benefit of hindsight that we never would have had.
TCT: What are some specific ways TCT Portal has made your compliance life easier?
Jamie: The portal is built in a way that directs you logically through the process, so there isn’t a lot of rework. And often when I answer one question and provide evidence, I also answer four or five other questions.
Kim: There’s a lot of functionality for teams working on questions and documents at the same time. We can all be in the same document and look at it. You have the option to assign it to people, to make comments, to bounce things back and forth between people and ask questions and get answers.
Jamie: Project management is huge in the portal. For example, there’s a nudge function. I could write an answer, and the internal auditor could review it and say, “No, that’s not good enough—I need this proof or this explanation.” And he could hit the Nudge button and I’d get an email that told me I had something to review. And if I didn’t have the answer, I could assign it to Kim and she would get a notification.
TCT: What’s your favorite thing in the TCT Portal?
Jamie: There’s a filter that lets you see just your requirements that are coming due or are overdue. I don’t have to scroll through 700 questions, I can go right to the things that are outstanding or coming due. And once those are done and I refresh that filter and there’s nothing there, I know that I’m up to date and I haven’t missed anything.
TCT: How has TCT Portal affected the culture at your company?
Jamie: It’s affected some of the relationships with our vendors. For example, I have a managed services company, and I can assign them duties through the TCT Portal. And my relationship with them has changed a bit, because now all of these things that I used to have to go sleuth out and bug people about, I can assign it in the portal and they go and answer the question, and I know that it’s done. There’s a culture of accountability for the outside vendors, and I don’t spend my time babysitting them.
TCT: What stands out about TCT’s customer service?
Jamie: Before we switched to TCT I was leaving the house at 9 am and getting home at 1 or 2 in the morning, five to six days a week. It went on for about 60 days. The client we were onboarding said, “You’re not onboarding us until that attestation of compliance is signed off on.” And the TCT team took that deadline to heart and they worked probably as many if not more hours helping us get through it. They jumped right in with a shovel and helped me dig that hole.
TCT: What advice do you have for other companies struggling with certification?
Kim: You don’t have to build a solution from the ground up by yourself. You don’t have to try to come up with something on your own to make it work – it’s already been designed and perfected.
Master Your Compliance Processes
Still trying to juggle the mess of audit documentation and struggling to know the status on evidence gathering? There really is a better way. TCT makes your compliance tracking clear and hassle-free. Schedule your personalized demo today.