On What do Red Flag Examiners Focus?
On What do Red Flag Examiners Focus ?
Question: The Red Flag Rule is comprehensive, what are the key areas examiners will focus on during the initial examination?
Answer: Examiners will verify that the financial institution periodically identifies covered accounts it offers or maintains, and that the institution has conducted a risk assessment to identify any accounts that pose a reasonably foreseeable risk of identity theft, taking into consideration the methods used to open and access accounts, and the institution's previous experiences with identity theft. Examiners will also review examination findings in other areas (e.g. Bank Secrecy Act, Customer Identification Program and Customer Information Security Program) to assess whether there are deficiencies adversely affecting the financial institution's ability to comply with the Identity Theft Red Flags Rules. Reports, such as audit reports and annual reports prepared by staff for the board of directors will be examined to determine whether management adequately addressed any deficiencies.
Comprehensive Program -- Examiners will verify the financial institution has developed and implemented a comprehensive written program that is designed to detect, prevent, and mitigate identity theft. The program must be appropriate to the size and complexity of the financial institution and the nature and scope of its activities.
Staff training-- Examiners will verify that the financial institution trains appropriate staff to effectively implement and administer the Program.
Vendor Management -- Examiners will determine whether the financial institution exercises appropriate and effective oversight of service providers that perform activities related to covered accounts. Secure Identity Systems is the only company in the U.S. that offers the end-to-end solution for Red Flag compliance including: Initial Risk Assessment, Policies and Procedures Manual, New Account Authentication, Change of Address Verification, Identity Theft Protection with fully managed recovery, On-site Staff Training, and an Anti-Phishing Program. For additional information, please call (615) 377-7661, or e-mail: firstname.lastname@example.org.
First published on BankersOnline.com 10/13/08
First published on 10/13/2008