Skip to content

Red Flag Program -- Service Provider Arrangements

by Russ Horn, CISA, CISSP, CoNetrix

Question: Under the Red Flag rules, I am required to "exercise appropriate and effective oversight of service provider arrangements", but what does that mean, and what is the definition of a service provider?

Answer: The term "service provider" used in the final ruling was based upon the definition of "service provider" in the Information Security Standards: "service provider means a person that provides a service directly to the financial institution or creditor."

The greatest risk is associated with service providers that perform activities in connection with one or more of your institutions covered accounts. For example, a service provider that is opening loan or lending accounts on your behalf. Many financial institutions are simply managing the service providers through contractual requirements; however, some financial institutions are going so far as to audit the service providers to ensure Identity Theft is monitored and customer data is protected.

First published on 9/01/08

First published on 09/01/2008

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics