FACTA Red Flage an Address Disc.

In this final rule it refers to an Identify Theft Prevention Program. I have two questions. First, should I assume that there is to be a separate program titled Identify Theft Prevention Program or is this something that is to be built into the CIP? Second, isn't this just for lending areas?

Identity theft affects all areas of the bank. According to the regulation I believe the Identity Theft Red Flag rules can be incorporated into your Information Security Program.

Does anyone know what the regulators will look for? Must this be a program on it's own or can it be in the Info. Security program, AML/CIP or a program for FCRA or another policy?

I'm going to construct a seperate ID Theft program, but it will link to the Information Security program, BSA/AML & our FACTA policy and procedures.

I sat in on a FACTA webinar 10/25/07 and the Speaker said he was pretty sure that this was going to beef up our CIP programs as well as BSA/AML. But he would be having an other seminar when he knows a little bit more.

Our ID Theft procedures are incorporated into our FACT Act policy. I did double check with our FDIC contact and was told that we DID NOT need a separate policy just for ID Theft.