Folks:
From a previous post . . .
--------------
I don't know about a "rule" -- but if your customer only "mentions" that his/her identity has been compromised, I don't believe you should file a SAR. If your customer reports an identity theft to you, however, that's much different. You should develop a policy that mandates that:
- A bank employee must accept such a report if a customer wants to file it;
- The customer will furnish the bank employee with a copy of the local law enforcement report(s) relating to the event;
- The bank will use the FTC's Identity Theft Affidavit (http://www.consumer.gov/idtheft/) to gather the information;
- That the report will be forwarded to the Security Officer immediately for further investigation; and
- That the Security Officer will file a SAR.