Layer 6 - Escalation Framework
Consistent triggers and actions for all DCA engagements
Executive summary
This document defines consistent escalation triggers and actions for all DCA engagements. Same trigger = same type of response, regardless of which DCA is involved. This creates clarity and comparability and ensures risk is addressed in a timely way. Every escalation must be logged (e.g. in Issue Log, Layer 4) with trigger, date, action taken, and owner.
1. Escalation trigger matrix
| Trigger | Escalation action | Owner | Timing |
|---|---|---|---|
| SLA miss > 2 months | Formal remediation plan required; DCA must submit plan; bank approves and tracks; possible service credit per contract | Collections (lead); Risk (oversight) | Within 10 business days of second consecutive miss |
| Conduct breach | Immediate escalation to Risk; suspend relevant activity if needed; investigate; remediate; consider service credit / suspension of authority / termination | Risk (lead); Compliance; Collections | Immediate (same day) |
| Delegated authority breach | Suspension of (relevant) delegated authority until root cause fixed and controls verified; no new settlements/waivers in suspended area; log as Category B | Collections + Risk | Immediate |
| Repeated hardship delay | Independent review of DCA process and incentives; possible suspension of new assignments until process and training remediated | Risk (lead); Compliance; Collections | Within 5 business days of pattern identification |
| Material privacy issue | CRO escalation; Legal and Compliance notified; consider regulatory notification; possible termination and customer remediation | Risk (CRO); Legal; Compliance | Immediate |
| Category A issue (other) | Escalate to Risk; log in Issue Log; investigate and remediate; report in next Risk Committee | Risk; Collections | Within 1 business day |
| Category B issue | Log; assess scope; suspend authority if breach; remediate; report in Monthly and Quarterly review | Collections; Risk | Within 1 business day |
| Persistent reporting failure | Service credit per contract; escalation to Risk Committee; possible reduction in volume or termination if unresolved | Collections; Risk | After 2 consecutive late/invalid packs |
| Attestation qualified or not received | Escalate to Risk; DCA may not be deemed "in good standing" until attestation received; report to Risk Committee | Risk | By next Quarterly review |
2. Escalation paths (summary)
Operational issue (e.g. SLA, reporting)
→ Collections lead
→ If repeated: Risk + formal remediation plan
→ If persistent: Risk Committee
Conduct / regulatory (Category A)
→ Risk (immediate)
→ Compliance
→ Risk Committee (material)
→ CRO (material privacy / severe conduct)
Delegated authority breach (Category B)
→ Collections + Risk (immediate)
→ Suspend authority
→ Remediate
→ Risk Committee (if material or repeated)
Hardship delay (repeated)
→ Risk (lead)
→ Independent review
→ Possible suspension of new assignments
Material privacy
→ CRO
→ Legal / Compliance
→ Regulatory notification if required
3. Actions by trigger (detail)
3.1 SLA miss > 2 months
Definition: Same performance or operational SLA missed for two consecutive months. Action: (1) Collections requests formal remediation plan from DCA; (2) Bank reviews and approves plan; (3) Progress tracked in weekly/monthly reviews; (4) Service credit may be applied per contract; (5) If SLA still missed after agreed remediation period, escalate to Risk Committee (volume reduction, termination, or extended plan).
3.2 Conduct breach
Definition: Any breach of conduct standards (contact hours/frequency, disclosure, misleading statement, harassment, coercion, unconscionable conduct, hardship delay, privacy). Action: (1) Immediate escalation to Risk (and Compliance); (2) Assess whether to suspend specific activity or authority; (3) Investigate; log as Category A; (4) Remediate; (5) Consider service credit, suspension of authority, or termination; (6) Report to Risk Committee if material.
3.3 Delegated authority breach
Definition: DCA exercised authority outside the Delegated Authority Schedule. Action: (1) Immediate notification to Collections and Risk; (2) Suspension of the relevant authority; (3) Log as Category B; investigate root cause; (4) DCA to confirm controls and training; bank to verify before reinstating; (5) Consider service credit or contract consequence; (6) Report in Monthly and Quarterly review; Risk Committee if material or repeated.
3.4 Repeated hardship delay
Definition: Pattern of late or missed hardship referrals. Action: (1) Escalate to Risk (lead) and Compliance; (2) Independent review of DCA process, scripts, training, and incentives; (3) DCA to implement corrective actions; bank to verify; (4) Consider suspension of new assignments until remediated; (5) Report to Risk Committee.
3.5 Material privacy issue
Definition: Unauthorised disclosure of personal information; data breach; use of data outside permitted purpose; loss of data affecting customers. Action: (1) Immediate escalation to CRO (and Legal, Compliance); (2) Assess regulatory notification (Privacy Act, RBNZ if applicable); (3) Customer remediation and communication as required; (4) Consider termination of DCA and transition plan; (5) Report to Board / Risk Committee per incident management policy.
4. Documentation and reporting
Every escalation must be logged with trigger, date, action taken, and owner. Risk Committee receives summary of: escalations in the period; open remediation plans; suspensions; material conduct or privacy issues. Quarterly attestations should confirm that the escalation framework has been followed for any trigger that occurred.