Governance alignment (six layers)
A standardised DCA governance framework typically uses six layers so onboarding, delegation, reporting, issues, cadence, and escalation stay consistent across agencies.
Full canonical pack: Policy-grade HTML for all six layers, appendix, samples, and implementation plan live in DCA Governance (canonical).
Governance is not the same as controls
Governance sets oversight rhythm, decision rights, escalation, and evidence expectations. It asks whether the programme remains within appetite and whether issues are owned. Controls are the mechanisms that execute policy every day: reconciliations, recall stop work, placement rules, bureau alignment, approval limits. You can have a perfect meeting calendar and still fail customers if controls are weak. Conversely, strong controls with no governance can hide systemic underinvestment until an incident forces attention.
This pack separates the ideas deliberately. Read the full control domains in Controls framework. Governance oversees controls; controls execute in operations and systems.
What governance checks versus what controls do
| Theme | Controls (execution) | Governance (oversight) |
|---|---|---|
| Balances and placement | Dual-state reconciliation, authoritative CP feeds, exception queues | Monthly review of break ageing, vendor remediation, materiality thresholds |
| Recall | Stop work SLAs, dialler suppression, recall reason codes in CP systems | Trend review of recall volumes and failures to stop; escalation triggers |
| Credit reporting | Submission rules tied to CP SoR; pre-submission checks | Thematic review of disputes, correction backlogs, conduct metrics |
| Conduct | Hardship flags, complaint holds, QA sampling | Attestation, second line testing, regulatory reporting decisions |
Where recall failures appear
If recall is broken, governance should see it in complaints (contact after hardship), reconciliation (vendor still “active”), Layer 3 (cohort counts wrong), and issues logs. Do not treat recall as a file-only topic. Operational narrative: Recall and reassignment.
Where credit reporting issues appear
Bureau problems surface as customer disputes, regulatory questions, and mismatch between CP closure and external listing. Governance should require evidence that reporting controls are owned, not only that marketing promised good conduct.
COF maturity and governance rhythm
Where a Control Orchestration Framework is mature, more obligations become prevented by construction rather than caught in monthly review. Governance then shifts toward validation: sampling traces, reviewing parameter changes, testing simulations after rule updates, and overseeing exceptions rather than firefighting routine breaches. See COF for DCA. This does not remove governance; it changes the meeting content from “did we breach?” to “did the engine perform as designed, and what exceptions prove we need a policy change?”
| Layer | Focus | You should know |
|---|---|---|
| 1 Policy | Layer 1 | Delegation, incentives, hardship, credit reporting |
| 2 Contract and SLA | Layer 2 | Performance and conduct SLAs, disclosure control |
| 3 Reporting | Layer 3 | Monthly pack structure |
| 4 Issues | Layer 4 | Categories A to D |
| 5 Cadence | Layer 5 | Weekly through annual rhythm |
| 6 Escalation | Layer 6 | Triggers and actions |
Policy (Layer 1)
Policy sets non-negotiables: who can approve settlements, how hardship is treated, what channels are allowed, how credit reporting is handled, and how incentives align with conduct. Good policy is short on ideology and long on decision rights. If policy is silent on R2 placement criteria, operations will invent one locally.
Contract and SLA (Layer 2)
The contract operationalises policy into measurable minimums: file SLAs, recall times, monthly pack contents, fee mechanics, and audit cooperation. SLAs should match what Layer 3 measures. A mismatch here is worse than no SLA: it invites false assurance.
Reporting (Layer 3)
Standard monthly pack structure, definitions, and attestation. The detailed section and field tables match the Qurioux specification STD-DCA-REPORT-001 (see docs/DCA-Governance/Layer3-Standard-Monthly-Reporting-Pack.md). This is where CP-controlled data should dominate; see Reporting and Reporting data lineage. Layer 3 should be supported by the controls framework (reconciliation, recall evidence, bureau alignment), not only by meeting discipline: Controls framework.
Issues (Layer 4)
Issues need categories, owners, ageing, and escalation rules. Use Issue taxonomy for A to D framing. The output of a healthy issues layer is not “more meetings,” but fewer repeat defects.
Cadence (Layer 5)
Rhythm makes accountability real. Below is what each band should actually achieve, not only that it exists on a calendar.
Weekly governance
Clear prior-week breaks in reconciliation, open recalls, SLA misses on files, and complaint triage into vendor fix plans. Output: dated owners, population scope for any hold, and confirmation that conduct-sensitive items did not wait for monthly forum.
Monthly governance
Interpret Layer 3 trends, not only table updates. Ask whether misses are clustered by segment or vendor batch. Output: decisions on strategy tweaks, escalations to risk if conduct thresholds breached, and signed narrative for finance on material recoveries movements.
Quarterly governance
Attestation-style review: are controls working as designed? Sample recalls and settlements. Output: second line challenge points, remediation themes, and updates to incentive design if perverse patterns appear.
Annual review
Contract fee refresh, panel composition, exit readiness, and lessons from incidents. Output: amendments or RFP triggers, updated data retention positions, and training refresh for both CP and DCA staff.
Escalation (Layer 6)
Escalation triggers should be written, not cultural. Examples: two consecutive monthly SLA misses on first contact; any disclosure breach confirmed; reconciliation breaks above monetary threshold for more than N days; sudden spike in hardship referrals; legal hold failure after recall.
Each trigger should name who is notified, by when, and what interim containment is (for example pause placements).
Evidence to retain
- Monthly packs with submission timestamps and named preparers.
- Issue logs with closure evidence for Category B and above.
- Recall and placement extracts for sampled accounts.
- Attestation emails or workflow records for quarterly reviews.
What good looks like
Good governance feels boring: the same definitions everywhere, the same pack sections, issues that shrink quarter on quarter because root causes are fixed. Bad governance feels exciting: heroics, manual spreadsheets, and “we fixed it on the call.”
Questions this model forces you to answer
- Who may approve a settlement above the delegated band?
- What happens after two consecutive months of SLA miss?
- How is a disclosure breach escalated the same day?
If you cannot answer these from live contracts, treat it as a governance gap, not training alone.
Related: OKRs for DCA programmes (objectives and key results alongside SLAs and Layer 3).