Compliance Officer Interview Series: Nancy Ciresi

With the constantly evolving regulatory landscape, organizations are faced with an uphill task to manage the various compliance risks that arise. Clients not only measure a company’s recovery performance, yet also evaluate the company’s compliance profile.  Due to this, much emphasis is placed on the role of the Compliance Officer to help the organization succeed.

This is the first in a series of interviews with Compliance Officers from leading ARM industry organizations. We aim to bring insight on the responsibilities and challenges faced by Compliance Officers in managing the variety of compliance risks.

In this edition, we interview Nancy Ciresi, Compliance Director for Fenton & McGarvey Law Firm, based in Louisville, Kentucky.  Nancy Ciresi has worked in the ARM industry for 16 years.  For the majority of those years, Nancy has served in leadership roles designing and implementing operational strategies to maximize net income.  In response to the increased compliance and regulatory requirements of the industry, Nancy is serving in a new leadership role as the Compliance Director for Fenton & McGarvey.

Provana: Nancy, thank you for taking out time from your busy schedule and volunteering to be the first of our interviews in this series. We imagine you must be engrossed in managing numerous activities. Where do you see the majority of your time being occupied in your day to day work?

Nancy Ciresi: I spend the majority of my time evaluating our compliance metrics and ensuring our audit program is structurally sound and has all the features required to deliver optimum levels of client satisfaction.

Provana: Right, and in order to ensure that your compliance metrics and audit program meet the regulatory guidelines, you would need to keep yourself current with all the changes in the regulations. How do you keep yourself up to date with the constantly evolving regulatory environment?

Nancy Ciresi: I subscribe to various industry related newsletters, the CFPB Newsroom alert program, several trade organization alerts, and participate in all client conversations and/or directives resulting from regulatory changes in our industry.

Provana: We assume that all the updated information you get from these sources, as well as the constant updates from your clients, need to be translated into your Firm’s documentation. In doing so, what are the challenges you face in keeping your policies and procedures current on regulatory, client, and internal process changes?

Nancy Ciresi: We have encountered challenges with orchestrating the optimal model for effectively implementing updates throughout the company as quickly as I’d like.  The structure to facilitate this process exists today so now we’re fine tuning the final phase to ensure proper accountability and visibility is created to drive adherence to all updates.

Provana:  And then how do you communicate and enforce changes that are imposed by clients and changes in regulations?

Nancy Ciresi: We communicate and enforce changes through our management team and compliance software.  Our sophisticated compliance software houses and catalogues all our policies and procedures while our management team evaluates the necessary changes required to comply with the new directives and updates.

Provana: While documented policies and procedures are needed for audit purposes, in what other ways do you find them as a useful tool for your organization?

Nancy Ciresi: Documented policies and procedures are a useful tool for our organization because they effectively serve as a playbook for how we do business.  Our policies describe our company stance on various topics while the procedures provide all employees with a keystroke level instruction for how to complete their specific tasks.  Ultimately, having both in place and fully utilized on a daily basis creates a more confident workforce who can produce a top quality product every day.

Compliance Management System – A Policy and Procedure Perspective

The CFPB Supervisory Highlights Report, released in winter 2015, clearly emphasizes the need for a sound Compliance Management System (CMS) that is proportionate to the size and complexity of an organization.

According to the CFPB – “The board of directors and senior management should, among other things, adopt clear policy statements concerning consumer compliance, establish a compliance function to set policies and procedures…”. In the most recent Compliance Bulletin released on February 3, 2016, the CFPB again stressed the requirement to establish and implement reasonable written policies and procedures and additionally, have a periodic review in place to ensure continued effectiveness.

Apart from the requirements set forth by the CFPB, having well documented policies and procedures ensures business continuity, standardizes processes, and reduces training time for new employees. Although, only having documented policies and procedures is not the solution. Management must ensure proper implementation and supervision. An effective CMS institutes compliance obligations, communicates them to company employees, binds them with daily responsibilities, and ensures they are adhered to through frequent reviews.

Below are components that a CMS should have, from a policies and procedures perspective:


All policies and related procedures must be easily accessible by all employees. Employees should only have access to the most recent versions of the documents to ensure the staff is following the latest process standards. Employees should be discouraged from maintaining desk copies which may become stale and not contain the latest updates.

Segregation of Policies and Procedures

Policies define the guidelines (the “why”) of the company. Procedures explain how and when to adhere to those guidelines. Generally, policies are more long term and have less frequent changes. Procedures are prone to more frequent updates due to internal process or client-imposed changes. The best practice is to maintain policies separate from procedures with links between related documents. Clients want to see how policies communicate the company’s guidelines while procedures document the steps needed to complete work in accordance with their requirements.

Ownership and Control

Clear ownership of policy and procedure content should be assigned to individuals within the company. Assigned individuals are responsible for recommending and authorizing changes to their assigned documents. All changes must follow a defined approval channel. Maintain a clear version history for all documents including a summary of each change, what prompted the change, who authorized the change, and who and when the document was approved and released in production.


Policies govern the entire company and should be available to all employees. Procedures document defined tasks, with assignments to staff members based on their span of responsibility. Making sure the right procedures get in the right hands will help foster accountability and understanding of an employee’s responsibilities within the company. Proper communication of assignments and changes can be tracked through staff acknowledgments of procedures.

Well-documented policies and procedures can help mitigate business risk, achieve audit objectives, and ensure the organization is clear on expectations and roles.