Designing and implementing strong internal controls are important to the ARM industry but how about physical controls? Recently, we had a discussion with a debt collection agency that was designing a more secure facility. They asked about some of the steps they could take to safeguard their data, assets, and of course, their employees. There are a number of controls that can be instituted, some more involved than others.
Exterior of the building
Let’s start with the outside of debt collection agency’s facility and then move inside. Many companies protect themselves from unwanted attention by refraining from placing their name on the building. Those in the ARM industry typically use other means in order to advertise their services.
To protect the entrance to a debt collection agency, a company may install steel fences or security bollards (barrier posts). The barrier posts protect the building and prevent a vehicle from reaching the entrances or otherwise damaging the property. They are particularly useful if entrance to the building is near a road.
The walls of a secure building should consist of concrete blocks or equally strong concrete material. In recent years, some commercial buildings in the United States have been constructed using cross-laminated timber (CLT). Surprisingly, this engineered wood material is load-bearing and due to its charring properties it provides excellent fire resistance which is key to protecting the people and assets inside any property.
Security cameras should be installed outside the building to record any trespassers. Along with cameras, motion activated lighting should be mounted near entrances to the building as well as other areas of the building where people could gain access to the interior.
The main entrance should allow access to a vestibule which contains tempered glass requiring someone at the reception desk to electronically unlock the doors providing access to the reception area. For added protection, the vestibule may consist of an automatic mantrap that contains bulletproof glass and requires the outside door to close before allowing the inside door to open. Larger office buildings sometimes install turnstiles or similar devices to prevent individuals from “tagging along”. Other exterior doors to the facility should be made of steel or equally strong material and should be locked.
Interior of the building
Once inside the reception area, the receptionist should be behind bulletproof glass that allows both communication and the ability to pass documents back and forth to visitors. The receptionist should maintain a log book to track the movement of visitors. The receptionist should also take a photo of visitors and they should be issued a badge and be escorted throughout the building.
The doors in the reception area should be locked and require badge/card access or allow the receptionist to buzz in visitors. For additional protection, security cameras should be installed in the reception area to record movement.
The interior of a debt collection agency should include walls that extend from the floor past the drop ceiling to the next floor. This design will prevent thieves from gaining access to rooms with confidential and valuable assets.
All doors to server rooms and rooms storing other sensitive equipment should be locked with badge access granted to authorized personnel only. The appropriate personnel should follow backup and recovery schedules to safeguard sensitive electronic data.
The accounting staff should store highly sensitive information, checkbooks and any cash on hand in safes. Less sensitive information should still be protected by using fireproof cabinets throughout the office.
Finally, some facilities invite local police in for a tour of the building. In the event they are needed due to threats or an emergency situation, it will be helpful if the police understand the layout of the facility.
These are a few of the basic physical controls a debt collection agency may wish to consider when designing a facility.
About Baker Tilly
Baker Tilly is 12th largest accounting & advisory firm in the US, with 2,500 professionals and offices in many major cities.
Services for the ARM Industry:
- CFPB and other Reg Exam Preparation
- SOC 1 & 2 reports
- Financial statement audits/reviews
- Corporate tax preparation and advocacy services