Red Flags

Red Flags Dashboard

In just a glance, you can track and analyze all instances of identity theft and document any mitigating action taken.

Spot Warning Signs and Meet Requirements

Red Flags rules require your institution to prevent identity theft.  These rules impose significant burdens on your bank risk management activities. You have to conduct a risk assessment to identify covered accounts; identify possibly dozens of issues that indicate a possible identity theft; develop a detection and response procedure for each; create a written program and train employees; and review its effectiveness at least once annually.

Scout makes it easy to spot the warning signs of identity theft and meet federal compliance regulations for tracking and reporting. Use the intuitive features of Scout’s web-based risk management dashboard to:

  • Record and track ID theft events
  • Spot trends and identify risk areas
  • Produce four major required annual reports

Reduce ID Theft and Meet Regulatory Requirements

The Identity Theft Red Flags Regulations are part of the Fair and Accurate Credit Transactions Act (FACTA), an amendment to the Fair Credit Reporting Act. These rules are jointly issued by the Federal Trade Commission and other regulatory agencies and became active in 2008.
Red Flags rules require creditors to take action to prevent identity theft. The rules are clearly applicable to all financial institutions and require you to do the following:

  • Conduct a risk assessment to identify covered accounts.
  • Identify issues that indicate a possible identity theft (the rules provide 26 red flags as a starting point).
  • Develop a detection and response procedure for each.
  • Create a written program that’s been approved by the board of directors.
  • Train employees in implementation.
  • Update the program as necessary.
  • Review effectiveness at least once annually.

Take Red Flags Seriously

One important area in which some institutions are falling short is identifying and tracking identify theft instances experienced by their customers, regardless of whether the institution was directly involved. If any identity theft instance is reported to your institution, you are required to track and analyze it. Many institutions are familiar with these requirements but have yet to develop processes for tracking this information. FACTA is a complex piece of legislation and this important requirement sometimes gets overlooked.

Report the Right Way

FACTA requires annual board reporting on your identity theft activities. As with other risk management activities, little guidance is available to compliance officers when it comes to the right way to do this. But a basic rule of thumb applies: Shorter is better. Don’t burden boards with eye-glazing spreadsheets and page after page of lists. Instead, provide them with a short summary of how you’ve been maintaining you identity theft program. Show them:

  • You have a process in place.
  • How you tracked accounts.
  • A summary of your analysis of all ID theft events reported by customers.
  • How you plan to reduce these events.

Read our board reporting advice for more guidelines.