Why One Leader Says CTS Just Makes Sense

In this Q&A, TRAKAmerica’s president, Matt Russel, shares how the CTS program will help vendors prove compliance and reduce redundancy, and why it’s worth your attention.

As NCBA continues to roll out the Committed to Security (CTS) program, we’re hearing directly from early participants about why they’ve chosen to engage and what the program could mean for the broader creditors rights community.

In this Q&A, Matt Russell, President of TRAKAmerica, offers his perspective on the need for stronger, standardized security oversight, and how CTS provides value not just for clients, but for law firms and vendors as well. He shares how TRAK and its affiliated companies view the program as a strategic tool for reducing audit fatigue, supporting vendor oversight, and staying aligned with rising industry expectations.

Q 1. Why do you think the CTS program is so valuable for law firms and clients alike?

Answer: Data security protocols have quickly escalated to “paramount” in the financial services industry.  We see that small and medium-sized businesses are targeted with increased frequency, and too often fall prey to malicious actors.  Having a consistent set of tested and certified data security standards aligned with PCI and other recognized programs will help create confidence that law firms and their suppliers will be able to withstand the inevitable attack that will come from these bad actors.  Of course this doesn’t mean there is zero risk, and we will all need to stay vigilant with our staff and continue to invest, but this is a critical step. 

Q 2. Why does TRAKAmerica encourage law firms to use the CTS program?

Answer: Many of the law firms in our network are medium-sized businesses.  For those firms, it can be very difficult to make the proper investments to oversee the suppliers with whom they pass high risk personally identifiable information.  As an example, TRAK has over 100 associates whose sole responsibilities are managing the law firms from a compliance and security perspective.  I do not expect that law firms can make similar investments to oversee their process servers, BPOs, etc.  But the data breach risk is no different than what we are trying to mitigate each day.  Leveraging the CTS program for law firm suppliers will provide clients like TRAK and our clients the confidence that the oversight is meeting the very high (and growing) standards that are required to operate in this space. 

Q 3. How confident are you that CTS meets the majority of client due diligence needs?

Answer: I can only speak for TRAKAmerica and the standards that we require, that are directly aligned with our clients.  And our clients are some of the most risk-intolerant banks in the nation.  We have had our SVP of IT review the program extensively and do a gap assessment to ensure we are aligned.  TRAK feels comfortable that the current standards meet the very high bar we have set.  Further, we are confident that the CTS program is able to flex and grow to ever-changing standards and future investments that will be required both by law firms and their supply chain. 

Q 4. Why was it a no-brainer to have KnovaOne, a TRAKAmerica Company, participate in the CTS program? And why should other vendors participate?

Answer: Well first, we believe in the program and what better way to show that than participating and having another tool (CTS) to validate the strength of the KnovaOne (KO) environment.  KO has their own SOC, plus our TRAK IT conducts oversight and now CTS is another layer of protection.  As importantly, we understand how difficult it is to manage the never-ending series of audits from our clients.  And KO faces the same challenge.  Having an agreed upon set of standards, tested and validated, not only reduces risk, but significantly reduces the time investment by the KO team, answering essentially the same questions repeatedly, through the tedious and low-value questionnaire process.