Skip to content
BOL Conferences
Thread Options
#1731517 - 08/16/12 11:34 AM ID Red Flag Training
Tocomply Offline
Platinum Poster
Joined: Nov 2004
Posts: 650
Is there a requirement that all employees must be trained annually on ID Red flags?

Return to Top
#1731583 - 08/16/12 01:42 PM Re: ID Red Flag Training Tocomply
Ted Dreyer Offline
Diamond Poster
Ted Dreyer
Joined: Apr 2001
Posts: 2,245
The reg says that you must "Train staff, as necessary, to effectively implement the Program". So, the word "annual" is not specified.

Return to Top
#1731590 - 08/16/12 01:52 PM Re: ID Red Flag Training Tocomply
Russ Horn Offline
100 Club
Russ Horn
Joined: May 2008
Posts: 139
The final rule states: "(e) Administration of the Program, (3) Train staff, as necessary, to effectively implement the Program..."

However, if you read the responses from the agencies to commentators that was released with the final rule as a supplement, it states:
"Section (e)(3) of the final rules provides that a covered entity must train staff, as necessary, to effectively implement the Program. There is no corresponding section of the guidelines.
The Agencies continue to believe proper training will enable staff to address the risk of identity theft. However, this provision requires training of only relevant staff. In addition, staff that has already been trained, for example, as a part of the anti-fraud prevention efforts of the financial institution or creditor, do not need to be re-trained except ‘as necessary.’"

Hope this helps some.

Thanks,
Russ
_________________________
Russ Horn, CISA, CISSP, CRISC
CoNetrix
rhorn@conetrix.com

Return to Top