For What do Red Flag Examiners Look?
Question: What would an examiner look for?
Answer: Covered Accounts -- Examiners will verify the financial institution periodically identifies covered accounts it offers or maintains. As part of this initial procedure in the examination, examiners will verify that the financial institution:
- included accounts for personal, family and household purposes, that permit multiple payments or transactions;
- conducted a risk assessment to identify any other accounts that pose a reasonably foreseeable risk of identity theft, taking into consideration the methods used to open and access accounts, and the institution's previous experiences with identity theft.
Other Regulations -- Examiners will review examination findings in other areas (e.g. Bank Secrecy Act, Customer Identification Program and Customer Information Security Program) to assess whether there are deficiencies adversely affecting the financial institution's ability to comply with the Identity Theft Red Flags Rules (Red Flag Rules).
Management Oversight -- Examiners will review reports, such as audit reports and annual reports prepared by staff for the board of directors (or an appropriate committee thereof or a designated senior management employee) on compliance with the Red Flag Rules. Examiners will determine whether management adequately addressed any deficiencies.
Comprehensive Program -- Examiners will verify the financial institution has developed and implemented a comprehensive written Program that is designed to detect, prevent, and mitigate identity theft. The Program must be appropriate to the size and complexity of the financial institution and the nature and scope of its activities.
Trained Staff -- Examiners will verify that the financial institution trains appropriate staff to effectively implement and administer the Program. Specifically, Henley says one of the things OTS examiners will look for "is a coordinated effort between the different areas of the institution." The training should be provided to entire enterprise and have clear support and direction from board of directors. "The board doesn't have to develop the program, but needs to show their participation and support of it," Henley says.
Vendor Management -- Examiners will determine whether the financial institution exercises appropriate and effective oversight of service providers that perform activities related to covered accounts. Secure Identity Systems is the only company in the U.S. that offers the end-to-end solution for Red Flag compliance including: Initial Risk Assessment, Policies and Procedures Manual, New Account Authentication, Change of Address Verification, Identity Theft Protection with fully managed recovery, On-site Staff Training, and an Anti-Phishing Program. For additional information, please call (615) 377-7661, or e-mail: firstname.lastname@example.org.
First published on BankersOnline.com 10/06/08
First published on 10/06/2008