Financial institutions and creditors such as banks fall directly under the radar of the new regulations on identity theft. Sections 114 and 315 of the FACTA have direct implications. Section 114 had a compliance deadline of November 1, 2008, and the deadline for Section 315 has been moved forward to afford banks and financial institutions more time. The new rules and guidelines require the following primary components:
- Development, implementation and enforcement of an Identity Theft Prevention Program.
- Performance of on-going and comprehensive risk assessments.
- Development of specific policies, procedures and practices to combat identity theft issues.
- Training for entity personnel.
- Oversight of service providers.
- Management and oversight of the program.
Regulators are expected to enforce this regulation just as vigorously as they have enforced regulations issued under other statutes concerned with privacy, such as the Gramm-Leach-Bliley Act (GLBA).
First published on BankersOnline.com 3/16/09