Our compliance department wants branches to complete a red flag alert on every customer that disputes a debit card transaction as unauthorized. Is this really necessary?

Obviously they are concerned about someone "abusing" the system. IMHO, a more logical approach to to this type of risk management is to centralize your dispute processing and have those individuals maintain a spreadsheet on all claims that can be sorted by customer. You can then see who your repeat claimers are and determine if they are a victim of circumstance (always seem to shop at stores that have data breaches), careless (a lost/stolen card every 3 months) or attempting to defraud the bank.

A red flag alert? Really? I little over the top in my book.

we were written up in an audit for this because a debit card fraud is a type of identity theft and therefor covered by FACTA/red flags.. That's the logic.

I assume this is on claims that are found to be valid only. So it wouldn't be done until the investigation is complete.

So, in a valid claim the card is terminated. A new one may be issued. What is the point of the red flag?