How should my bank respond to the Red Flags Rule requirements effective Nov. 1st?
Question:
How should my bank respond to the Red Flags Rule requirements effective Nov. 1st?
Answer: The Red Flags Rule requires financial institutions to update their identity-theft prevention programs periodically to reflect changes in risks to customers or to the enterprise's safety and soundness from identity theft.
The Red Flags Rule includes 26 illustrative examples of possible Red Flags financial institutions and creditors should consider when implementing a written Identity Theft Prevention Program. While implementation of any predetermined number of the 26 Red Flag examples is not mandatory, financial institutions and creditors should consider those that are applicable to their business processes, consumer relationships, and levels of risk.
Updates to a financial institution's program should be based on:
Its experiences with identity theft;
Changes in methods of identity theft;
Changes in methods to detect, prevent and mitigate identity theft;
Changes in the types of accounts it offers or maintains; and
Changes in business arrangements, including mergers, acquisitions, alliances, joint ventures and service provider arrangements.
As a practical matter, any identity theft incident will likely trigger an assessment of, and potential update to, an institution's program. The fact that identity theft occurred could mean there are new red flags that should be added to the program so the same or similar incident does not occur again. Alternatively, the incident may have presented red flags already identified in the program that were not detected by staff, indicating a problem with existing policies and procedures or training methods.
The methods used by identity thieves to commit their crimes will evolve over time. This may result from changes in technology, changes in the way customer information is handled, or other relevant changes in how a particular financial institution or creditor operates.
As November gets closer, financial institutions need to act now to ensure
that they are establishing effective compliance practices. They need to look at current data and practices to establish any potential compliance problems. Once financial institutions assess what information they have, they should then assess what else they need to be compliant. They may need to then seek out the necessary tools and resources to help fill in those gaps.
Many vendors are, or will be, providing automated tools to assist financial institutions and creditors in detecting red flags. At the very least, financial institutions should periodically evaluate these offerings. For more information on how your bank should respond to the Red Flags Rule requirements, please click here.
Experian Boilerplate
Experian’s Decision Analytics business combines data intelligence, analytics, software and consulting to help clients optimize profitability and improve performance. Its enterprise-wide decisioning capabilities enable clients to manage and mitigate credit risk; prevent, detect and reduce fraud; meet regulatory obligations; and gain operational efficiencies. 1 888 414 1120 or fraud.solutions@experian.com.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
