Skip to content
BOL Conferences
Thread Options
#1598588 - 08/31/11 02:37 PM -ID Theft Program and Policy??
Kay Offline
100 Club
Joined: Mar 2004
Posts: 248
Midwest
We are having a discussion at our Bank - we currently have both an ID Theft Policy and an ID Theft Program document - they both are very similar in content - Recommendation by the Compliance Officer has been to have only one document - the ID Theft Program.

What are other banks doing?

The understanding is that the regulation requires bank's to establish an ID Theft Program, report annually to the Board and review the ID Theft Risk assessment at least annually.

Return to Top
#1598598 - 08/31/11 02:47 PM Re: -ID Theft Program and Policy?? Kay
Dan Persfull Offline
10K Club
Dan Persfull
Joined: Aug 2002
Posts: 47,517
Bloomington, IN
Quote:
The understanding is that the regulation requires bank's to establish an ID Theft Program, report annually to the Board and review the ID Theft Risk assessment at least annually.


We had an ID Theft policy before the Red Flag program requirement came along. We incorporated the Red Flag requirements in the ID Theft Program.
_________________________
The opinions expressed are mine and they are not to be taken as legal advice.

Return to Top
#1598615 - 08/31/11 03:02 PM Re: -ID Theft Program and Policy?? Dan Persfull
Kay Offline
100 Club
Joined: Mar 2004
Posts: 248
Midwest
Just to clarify - You are using the term "policy" and "program" interchangeably (?) - Bank has only one document - An ID Theft Program?

Return to Top
#1598692 - 08/31/11 04:24 PM Re: -ID Theft Program and Policy?? Kay
Dan Persfull Offline
10K Club
Dan Persfull
Joined: Aug 2002
Posts: 47,517
Bloomington, IN
Quote:
You are using the term "policy" and "program" interchangeably (?)


Yes.
_________________________
The opinions expressed are mine and they are not to be taken as legal advice.

Return to Top
#1598844 - 08/31/11 07:44 PM Re: -ID Theft Program and Policy?? Kay
Deena Offline
Power Poster
Deena
Joined: Nov 2000
Posts: 2,701
PA
We have one document (called Identity Theft Prevention Program) but it includes both a policy and the program. We generally set up most of our program documents that way (e.g., BSA, privacy, compliance, etc.). We can break the policy piece out if we need to but it's part of the overall program.
_________________________
Opinions expressed are mine and not necessarily those of my employer.

Return to Top
#1598922 - 08/31/11 09:22 PM Re: -ID Theft Program and Policy?? Deena
Kay Offline
100 Club
Joined: Mar 2004
Posts: 248
Midwest
Is the policy piece more general/broad while the program is more detailed?

I struggle with terms in this area - such as differing between policy; program; procedure.

Return to Top
#1598999 - 09/01/11 12:26 PM Re: -ID Theft Program and Policy?? Kay
Deena Offline
Power Poster
Deena
Joined: Nov 2000
Posts: 2,701
PA
For us, the policy is very broad and essentially says we will do what the reg requires us to do. The program is more specific and includes each area required to be addressed by the reg (e.g., develop a program, train, report to board, record retention, etc.). The actual procedures are much more granular and those are in each department. So, the program might say a particular department is responsible for training and then that department's procedures would say how the training is done, etc.

I know that's probably not clear, but I hope it helps.
_________________________
Opinions expressed are mine and not necessarily those of my employer.

Return to Top
#1599314 - 09/01/11 06:56 PM Re: -ID Theft Program and Policy?? Deena
DEL Offline
Platinum Poster
Joined: Oct 2002
Posts: 730
Maine
Our's is similar to what Deena describes.

Return to Top