· Web viewAll emails are monitored If you receive any phishing emails or attachments do not open them. You must inform IT immediately. If you open an attachment or phishing email

Annual Training 2017

Human Resources pg.2-3

-Dress Code-Cell Phone Usage-Timecard

Security pg.4-15

-Reliant Security-Cyber Security-Incident Response

Policy Review pg.16-19

-Red Flag Rules

Procedure Review pg 22-25

-Dispute-Bankruptcy-Documentation

1 | P a g e


Dress Code

Employees have the option of choosing to wear traditional business attire or casual clothing. Casual does not mean sloppy. Clothing should be clean, pressed, wrinkle-free and without holes or frayed. Shoes (no flip-flops) are required on the premises at all times. Shorts are permissible if appropriate in length (location specific: Columbus/yes; Buffalo/no). The wearing of sweat pants, gym attire, formfitting stretch clothing (i.e., spandex, lycra, etc.), jogging suits, warm-up suits, mini-skirts/dresses, halter/tank tops, cropped tops, spaghetti strap and belly shirts, tee-shirts with inappropriate sayings, jeans with holes, hats, caps, sweat bandannas are not permitted. Hats/caps may be only worn on Friday and Saturday. If leggings are worn, the accompanying shirt must reach mid-thigh; leggings are not to be worn as pants.

At certain times, such as specific customer visits, business attire for employees will be required. Examples of appropriate attire are khaki slacks, dress slacks, golf shirts, blouses, sweaters, skirts, and Capri slacks.

Clothing that may be suggestive, offensive or fails to exemplify appropriate professional standards should not be worn.

Reliant team leads/managers will inform individuals whose dress is not in conformance with these guidelines. Individuals who dress in a manner inconsistent with these guidelines will be sent home to change (unpaid).

Personal Cell Phones

All Personal Mobile Devices need to be kept on silent mode during business hours. Personal Mobile Devices must not be accessed while working on the collection floor or in restricted areas. Employees with a company-provided cell phone must follow all local and state laws regarding use while driving. For privacy and personal safety, Cell Phones and Mobile Devices are not to be used in the restrooms.

This policy is applicable to all Reliant employees and visitors unless otherwise specified in client contracts, regulatory or state specific guidelines, or in another Reliant policy.

All Reliant employees and visitors must adhere to this policy to ensure safety and client standards.

2 | P a g e


If an employee violates the Personal Cell Phone or Mobile Device Policy, the employee will be counseled and will be sent home for the day (unpaid). If the behavior does not immediately improve, further disciplinary will be taken up to and including termination of employment

POL-HR-002-Cell Phones & Mobile Devices_1.2

Timekeeping

All employees must clock in and out at the beginning and end of each work day as well as for all breaks (two 15 minute breaks per 8 hour shift) and lunch/ dinner (30 to 60 minutes in duration) breaks. Employees who clock in three (3) minutes or more after the start of the work day or after return from lunch or dinner break will be considered late (and subject to attendance discipline). Employees returning more than three (3) minutes late from a break will have the entire break (for whatever duration) deducted from their pay. All employees are required to regularly check their online time card for accuracy and report any inconsistencies to their manager/team lead. Employees are required to review and approve their time card at the conclusion of each pay period (prior to their departing for the day – every other Friday). Managers are required to approve each of their employee’s time card on the following Monday, prior to 11am. If the employee has not approved their time card and are not available to do so, the manager will approve (based on what is presented at that time) and forward the timecard to HR for processing. Should any error(s) be discovered ‘after’ the payroll is processed, adjustments will be made the following pay.

3 | P a g e


SECURITY

4 | P a g e


General SecurityBuilding Access:

a. Sharing of key cards is strictly prohibited.b. If you forget your key card you must sign in and out when entering and exiting

the building.c. If you lose your key card you must report it to I.T. immediately for a replacement.d. You must enter the building with your own key card, piggy backing is strictly

prohibited.e. If there are unfamiliar or unauthorized person(s) in the building promptly inform

management. f. Do not enter areas where you are not authorized or without permission.g. Picture badges must be worn and visible at all times.h. Doors are not to be propped open. If a door is not functioning inform a member

of management.

Email Use:

a. Employees will not use their work email address to sign-up for non-work related activities.

b. If there is a need to send an email outside the office please forward the information to your Manager or Supervisor.

c. All emails are monitoredd. If you receive any phishing emails or attachments do not open them. You must

inform IT immediately. If you open an attachment or phishing email DO NOT WAIT. Inform IT immediately.

e. Do not send emails containing Sensitive or Personally Identifying Information.

Internet Use:

a. Most internet use is blocked except for work related sites.b. If you are aware of a website that may be useful for business purposes you can

send the link request to your manager for evaluation. c. All web use is monitored.d. Pop ups or data intrusions must be reported to IT immediately.

Equipment use:

5 | P a g e


a. Everyone has assigned equipment. If any equipment is damaged or broken please inform I.T. immediately so that it can be repaired or replaced.

b. Do not move any equipment except your headset.c. Lost equipment must be reported to I.T. immediately.d. You must lock your computer any time that you step away from your desk. If you

notice that someone neglected to lock their computer you must inform management immediately.

e. You must log off your computer at the end of your shift.f. You must log off your phone at the end of your shift or if you are away from your

phone for an extended amount of time.g. All passwords should be stored on and not shared nor should they be visible to

anyone.

Personal Belongings:

a. Purses, Backpacks, Lunch boxes and Bags must be kept closed and not accessed while in the workstation. If you want items like hand lotion or hand sanitizer, place it on your desk. Cosmetics, etc… are not to be applied while at the workstation. Personal medications should also be taken off the floor. Lockers may be requested or issued if this policy is violated.

b. Electronic Devices (Cell phones, cameras, MP3 players, iPods, lap tops, tablets etc…) are not to be used or visible on the collection floor or any restricted areas at any time or for any reason. (POL-HR-002-Cell Phones & Mobile Devices_1.2)

Sensitive and or Confidential Documents and Data:

a. Any and ALL sensitive information written down on paper for note taking purposes must be immediately documented and disseminated appropriately then destroyed by placing the note paper or document in a secure shredding bin.

b. If you notice any type of storage or media device left unattended (CD, Thumb drive, Lap top, Cell Phone etc…) in the office you must notify management immediately.

6 | P a g e


Incident Response:

If in the result any of the above policies are breeched it is your responsibility to report the incident to your manager immediately. From there management will take the proper steps to resolve the issue.

Failure to Comply:

Failure to comply with this policy can result in unpaid suspension for the current shift and/or suspension for the next full shift. Reliant Capital Solutions reserves the right to take further disciplinary action for violations of this policy including termination.

7 | P a g e


Cyber SecurityPersonally Identifiable Information (PII)

• PII is defined as all personal information associated with an individual and includes everything from their name to their Social Security number.

In general, all types of PII require at least some level of protection.

As an employee or contractor, you are responsible for protecting this data

Sensitive PII

• Requires more protection because its improper release could result in harm, embarrassment, inconvenience, or unfairness to the individual whose name or identity is linked to the information.

What is a Data Breach?

• PII is lost, stolen, disclosed, or otherwise exposed to unauthorized people and/or for unauthorized purposes

• May be caused by improper:

− Storage

− Transmission

− Processing

Protect PII & Prevent Data Breaches

• Minimize information collection

• Store information securely

• Dispose of PII Properly

If You Suspect a PII Breach

• Notify your Information System Security Officer (ISSO) as soon as possible.

8 | P a g e


Phishing/Spear Phishing/WhalingText Messages & Social Media

• Delete unsolicited messages that ask you to confirm or provide personal or Department information; legitimate companies don’t ask for information like your account numbers or passwords by email, text or social media.

• Don’t click on links provided a text message or social media comment.

• Don’t provide personal or Department information in response to a text message or social media request.

• Review your cell phone bill for unauthorized charges.

Identifying- Phishing/Spear Phishing/Whaling

9 | P a g e


Identifying Phishing/Spear Phishing/Whaling

You don’t know the sender The sender’s email address match the “friendly” name displayed The email is not similar to what you have received from the sender in the in the

past Includes a link Contains an attachment you weren’t expecting or that is out of context for the

sender Includes information that may have been found on social media or refers to a

current news event Immediate action is required Requests you provide sensitive information about yourself or the Department Contains poor grammar, misspellings and punctuation errors

Tips to Stay Out of the Phishing Net

Never give out your password, to anyone, not even Help Desk staff.

Never give out information about the Department, or personal or financial information through email, regardless of who sends it.

Do not access the web by selecting links in emails or pop-up messages, especially if they ask for personal or financial information.

Check email links by hovering over them with your mouse. The true link destination should appear.

Be mindful of suspicious attachments, especially those that include extensions such as .exe, .com, .bat.

If you have doubts about the authenticity of an email message, contact the sender by phone or some other means before opening an attachment or clicking a link.

Notify your Information System Security Officer (ISSO) as soon as possible if you believe you have fallen victim to a phishing or other social engineering attack that may have caused you to reveal sensitive information about the Department.

10 | P a g e


Mobile Computing Devices• Mobile computing devices can do almost anything a larger computer can do

• Their size makes them vulnerable to theft and loss

• Be extra vigilant when storing data on these devices

11 | P a g e


Dangers of Public or “Free” Wi-Fi

Connections to public Wi-Fi networks can place your laptop, smart phone, or tablet at risk and could expose your sensitive information to identity thieves

Dangers of public Wi-Fi include:

Lack of encryption

Rogue access points posing as legitimate networks

Malware

Unauthorized access to sensitive data

12 | P a g e


Malware & Ransomware

If your computer starts to behave strangely or you experience one or more of the following, you may have malware installed on your computer.

Sluggish response System crashes Recurring pop-up advertisements or error messages Changes in browser settings or toolbars Inability to run programs or open files Antivirus program disabled Onscreen threats or demands for payment

Ethical Internet Use

Don’t

View or download pornography;

Gamble on the Internet;

Conduct private business/money-making ventures;

Load personal/unauthorized software;

Make unauthorized configuration changes;

Play games;

Download unauthorized software like: webcam software, photo editing and sharing software, video editing and sharing software, and cell phone software

13 | P a g e


Incident ResponseThe purpose of this policy is to establish a protocol to guide a response to a computer or system incident or event impacting Reliant Capital Solutions personnel, equipment, network or components.

Incident definitions include:

• Data Theft

• Cyber Security

• Theft

• Unauthorized Use-

• Unauthorized Person(s)

• Damage

• Misuse

• Unusual Behavior

• Intrusion

• Threat

• Weather

Communication

Communicate the incident with Management Team

• Inform the urgency of the situation

14 | P a g e


Be Aware

If You See Something…Say Something

15 | P a g e


POLICY

16 | P a g e


Red Flag RulesReliant Capital Solutions Red Flag Rules Policy & Procedures

PurposeTo establish an Identity Theft Prevention Program (“Program”) designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide continued administration of the Program in compliance with 16 C.F.R. Part 681.

This Program enables Reliant Capital Solutions to protect existing consumers, reduce risk from identity fraud, and minimize potential damage to Reliant Capital Solutions from fraudulent new accounts. The Program will help Reliant Capital Solutions:

A. Identify risks that signify potentially fraudulent activity within new or existing covered accounts;B. Detect risks when they occur in covered accounts;C. Respond to risks to determine if fraudulent activity has occurred and act if fraud has been attempted or committed; andD. Update the Program periodically, including reviewing the accounts that are covered and the identified risks that are part of the Program.

Definitions:

Identity theft-

Fraud committed or attempted using the identifying information of another person without authority.

Covered account-

An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts; and

Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customer s or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.

17 | P a g e


Red Flag-

A pattern, practice or specific activity that indicates the possible existence of identity theft.

Personally Identifiable Information (PII)- includes the following items whether stored in electronic or printed format:

i. Consumer’sa. First, middle, or last nameb. Date of birthc. Addressd. Telephone or wireless numberse. Social Security numberf. Government-issued identification numberg. Maiden nameh. Account number

ii. Credit card information, including any of the following:a. Credit card number (in whole or in part)b. Credit card expiration datec. Cardholder named. Cardholder address

iii. Medical information for any customer, including but notlimited to:

a. Doctor names and claimsb. Insurance claimsc. Prescriptionsd. Treatment or diagnosese. Any related personal medical information

Responding to Red FlagsThe Program shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft. The response shall be commensurate with the degree of risk posed.

Once potentially fraudulent activity is detected, an employee must act quickly as a rapid appropriate response can protect customers and Reliant Capital Solutions from damages and loss. The employee must gather all related documentation and write a description of the situation. This information must be presented to the designated authority for determination. The designated authority will complete additional authentication to determine whether the attempted transaction was fraudulent or authentic.

18 | P a g e


Physical Security of Personal Identifying Information Is Protected

Employees will not leave sensitive papers out on their desks when they are away from their workstations.

At the end of the day, employees will put files away, log off their computers, and lock their file cabinets and office doors.

Security of Electronic Records

Passwords will not be shared or posted near workstations.

Disposal of Personal Identifying Information

When documents contain personal identifying information are discarded, they will be placed inside a locked shred bin

19 | P a g e


PROCEDURES

20 | P a g e


Disputes: Duties of Debt Collectors under the FDCPA and FCRA

Consumers have specific rights when it comes to disputing a delinquent debt. These rights are outlined under the Fair Debt Collection Practices Act (FDCPA).

FDCPAUnder the FDCPA, consumers may dispute a debt verbally or in writing. If a consumer only disputes a debt verbally the debt collector is not obligated to provide the consumer verification of the debt. However, the debt must be marked as disputed in a debt collector’s records. If a consumer disputes a debt in writing and within thirty days of receiving the validation notice, a debt collector must send verification of the debt to the consumer before continuing collection activity.

In addition to the above, on accounts Reliant reports (or will report) to the credit bureaus, we also need to comply with the Fair Credit Reporting Act (FCRA).

FCRAIf a debt collector also furnishes information to CRAs, the debt collector also has important compliance obligations under the FCRA if a consumer disputes a debt. The FCRA permits a consumer to dispute information with a CRA or directly with the data furnisher. Much like the FDCPA, if a consumer disputes a debt (verbally or in writing), the FCRA requires that the reported item must be marked as disputed. In many instances a dispute will also require a furnisher to conduct a “reasonable investigation” of the disputed information. Exactly how and when the furnisher needs to respond to the dispute will depend on whether the consumer initiated the dispute with the furnisher or the CRA.

When a consumer states verbally they dispute the entire debt or any portion of the debt, and the account has or will be reported, the collector must:

o Place the account in ‘DSP’ statuso Note the dispute accordinglyo Place the account in Clerical Queue 606 and request ‘VOD’

21 | P a g e


Once you have been notified the consumer has filed bankruptcy you must immediately suspend all collection activity. Failing to do so puts you and Reliant at risk.

Follow the steps below to ensure compliance with the Reliant Bankruptcy Procedure:

1. Obtain the attorney information:

a. Nameb. Phone numberc. Document in Latitude

i. Click the “More Info” tab then select Attorney 2. Mark the number as “BAD” so no longer called and place on Hold

3. Add the account to the bankruptcy clerical queue

22 | P a g e

Bankruptcy

Once the consumer has filed bankruptcy you must immediately suspend all collection activity!


Documentation

All work on an account must be documented properly

This includes:

Right Party contacts Third Party contacts Wrong Party contacts Skip Tracing Sending Email Any action made on an account

23 | P a g e