Compliance Snap-Shot

Licensed in all required states, ISO Security Protocols, HIPAA Compliant, FDCPA, FCRA, and PCI.

Licensed & insured to collect & manage insurance audit customers in all 50 states with locations nationwide.

Licensing & Bonding

Not every state requires third-party debt collection agencies to be licensed or carry additional Errors & Omissions and Liability coverage. However, as part of our commitment to operate with integrity and meet state compliance standards, we are licensed and bonded in every state where it is required. Operational capabilities also include U.S. territories. License, bond, and insurance documents are available upon request.


Subrogation Collections exceeds the proper consumer insurance, including Errors and Omission (Professional Liability), General Liability, Workers’ Compensation, and Commercial Crime.

Regulatory Standards

Every aspect of our business from technology systems, account processing, customer service training, monitoring of collection and support personnel meets or exceeds federal regulatory standards. Internal compliance officers who are expert in federal statutes, oversee relevant compliance performance standards regulated by federal agencies: Federal Trade Commission and Bureau of Consumer Protection.


Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (FCRA) is a federal law that details how consumer credit information can be collected, given out, and used. Under the FCRA, consumers have a right to view information in their credit file and dispute inaccurate information.

Fair Debt Collection Practices Act (FDCPA)

The Fair Debt Collection Practices Act, often referred to as the FDCPA, was passed by Congress in response to abusive conduct by collection agencies, and concern that the abuses were causing an increase in the filings of personal bankruptcies. The purpose of the Act is to provide guidelines for collection agencies which are seeking to collect legitimate debts, while providing protection and remedies for debtors.

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

Red Flags Rule (RFR)

The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs  – or red flags – of identity theft in their day-to-day operations.

Consumer Financial Protection Bureau (CFPB)

The Consumer Financial Protection Bureau (CFPB) is an independent federal agency that holds primary responsibility for regulating consumer protection with regard to financial products and services in the United States. The CFPB was created in 2011 after its conception was included as part of the Dodd–Frank Wall Street Reform and Consumer Protection Act, which passed as a response to the financial crisis of 2007–08 that played a significant role in creating the Great Recession and was signed into law by President Barack Obama.


Bond Requirements

ACA requires us to maintain a statutory bond, and the amount of the bond is dictated by state statute. The bond is on file with the state with your various licenses and is used in the event you fail to remit funds back to your creditor clients. A bond is different from insurance considering the owner of the company agrees to pay back any losses arising from claims against the bond. In addition, you may be required to carry a Client Contract Bond, which applies to a specific contract you have in place.


Insurance Requirements

ACA requires us to carry proper insurance, including Errors and Omissions (Professional Liability), General Liability (usually purchased as a part of a Business Owners’ Package that will also include property insurance), Workers’ Compensation (statutory coverage required by all but a few states), and Commercial Crime (Employee Dishonesty). These insurance policies make up the basic commercial insurance portfolio needed by a collection agency. 

Subrogation Collections adherers to the ACA Bond Requirements, and maintains a statutory bond and carries a Client Contract Bond which applies to specific contracts.


ISO/IEC 27001

ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. By meeting and complying with this certification’s standards, we seek to: • Demonstrate the independent assurance of our internal controls while meeting corporate governance and business continuity requirements.

  • Independently demonstrate that applicable laws and regulations are observed.
  • Meet contractual requirements and demonstrate to you that the security of your information is paramount.
  • Verify that your organizational risks are properly identified, assessed, and managed while formalizing information security processes, procedures, and documentation.
  • Through regular assessment, continually monitor our performance and find ways to improve.


Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was finalized by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in January 2010.  SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011. SSAE 16 was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard – ISAE 3402.


The Payment Card Industry Data Security Standard (PCI DSS) represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.

In security terms, it means our business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means we are playing our role to make sure customers’ payment card data is kept safe throughout every transaction.

PCI DSS compliance is an ongoing process, not a one-time event. We continuously assess our operations, fix any identified vulnerabilities, and make the required reports to the acquiring bank and card brands with which we do business.


Every call center is equipped with camera surveillance, card access entries and call recording systems. Support personnel are trained and monitored to adhere to bookkeeping, accounting and customer service procedures. 

Insurance Security - Eliminate Risks

Information and on-site security is critical to managing the personal insurance information and your financial returns.  Subrogation Collections is the only Nationally Licensed Insurance Audit Collection Agency serving the insurance industry to earn the international ISO/IEC 27001 certification for Information Security Management Systems, the coveted SSAE 16certification for meeting, auditing, and internal control standards and the Payment Card Industry Data Security Standard – PCI DSS – for the safe handling of sensitive information.


Save With Outsourcing


Subrogation Collections is a
division of Vinton Moss

A. 1459 Powell St, San Francisco, CA 94133
P 707.484.2181
F 714.845.1900

Follow Us


Thank you for subscribing to Subrogation Collections.

Copyright © 2020 Vinton Moss, D.B.A, Subrogation Collections


+880 322448500 Beverly Boulevard Los Angeles