Would you have a sample identity theft (red flag) risk assessment you could share with me?
Question: Can BSA/AML programs satisfy Red Flags compliance?
Under Red Flag regulations, our bank uses credit reports to make loan decisions, but doesn't report to the credit bureau. Are we required to provide a notice of address discrepancy to CRA?
If a bank relies on an automated ID verification system for both CIP and red flags compliance and there are red flags associated with the name, date of birth, or social security number that go unresolved, are these CIP violations as well as violations of the bank's identity theft program? We only use the system to verify the identity of customer’s who are new to the bank.
I was at a seminar presented by Jack Holzknecht regarding implementing the new Identity Theft Red Flag and Address Reconcilement Rules. Do we need to monitor each and every address change or be able to sample a number of them and monitor that way?
What are the highest risk customers for money laundering and what are the specific red flags for unusual transactions within that customer group?
Among credit risk, market risk and operational risk, developing a good operational risk management program seems to be the most challenging. Can't our existing compliance processes (e.g., AML, Red Flags, GLBA, etc.) contribute to operational risk management?
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?