Skip to content
BOL Conferences Top Gun 23
Thread Options
#864959 - 12/03/07 06:02 PM Identity Theft/Information Security
Golfer9 Offline
100 Club
Joined: Sep 2007
Posts: 199
How do the requirements for an [b]Identity Theft Policy fit with the requirement to have an Infromation Security Policy? It seems that the Identity Theft Policy would now incorporate the bank's information security policy. Do these need to remain separate?

Return to Top
#866120 - 12/04/07 09:18 PM Re: Identity Theft/Information Security Golfer9
A D Virr Offline
Gold Star
Joined: Oct 2000
Posts: 398
Derry, NH
Yes, they need to remain separate. They are established for entirely different reasons. When you are doing your risk assessment for Identity Theft Prevention Policy (ITPP), it would be helpful to put your information security risk assessment and your BSA risk assessment into the mix. Some issues will be very similar, others may augment the ITPP.
Allan D. Virr, CRCM,CRP
Compliance Audit Solutions, LLC

Return to Top
#869522 - 12/09/07 02:42 AM Re: Identity Theft/Information Security A D Virr
complianceman Offline
Platinum Poster
Joined: Mar 2005
Posts: 687
New Albany, IN
Your identity theft policy could be incorporated into your bank's Security Program. Since the security program ties to the overall operation of the financial institution, you can add a separate section on identity theft/consumer fraud. That is what I am going to do and based on discussions with regulators, they are fine with it as the security officer will be responsible for program monitoring.
The opinion stated here is what it is, My Opinion.

Return to Top