what is the purpose for designating an individual at senior management level for oversight of identity theft prevention program?
Some banks tend to put this off on staff that does not have that level of authority. Years ago, I saw an article that had a reasonable explanation, but now I can find it. Management may need reminding and with a more logical explanation than I can verbalize.
Any ideas?
Thanks

The reason behind it is that the reg requires a designated ID theft program manager (see #2):

From Section 222.90:

(e) Administration of the Program. Each financial institution or creditor that is required to implement a Program must provide for the continued administration of the Program and must:
(1) Obtain approval of the initial written Program from either its board of directors or an appropriate committee of the board of directors;
(2) Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program;
(3) Train staff, as necessary, to effectively implement the Program; and
(4) Exercise appropriate and effective oversight of service provider arrangements.

So the reason that the designated employee can't be a guy in the mail room and has to be "at the level of senior management" is because they have to "effectively" "exercise" "oversight".
Without actually putting it in plain English, the designated employee must have senior management authority to ensure things get done.
If, my assumption is correct, what advice would one give to a person that has discovered management has purposely designation a person that does not (by title or duty) have such implied authority. (i.e., this has happened before, noted and corrected by the board) only to happen again.

Do you know why they are purposely designating someone without the appropraite authority level? What happened to the person that was running it before (after it was fixed the first time)?